Skip to content

Commit

Permalink
Introduce ptls_{openssl,minicrypto}_cipher_suites_all
Browse files Browse the repository at this point in the history
  • Loading branch information
@jedisct1
jedisct1 committed Aug 8, 2023
1 parent 6609fc5 commit 958ed1a
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 20 deletions.
1 change: 1 addition & 0 deletions include/picotls/minicrypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ extern ptls_cipher_suite_t ptls_minicrypto_aegis128lsha256;
extern ptls_cipher_suite_t ptls_minicrypto_aegis256sha384;
#endif
extern ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[];
extern ptls_cipher_suite_t *ptls_minicrypto_cipher_suites_all[];

typedef struct st_ptls_asn1_pkcs8_private_key_t {
ptls_iovec_t vec;
Expand Down
8 changes: 8 additions & 0 deletions include/picotls/openssl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ extern ptls_hash_algorithm_t ptls_openssl_sha512;
extern ptls_cipher_suite_t ptls_openssl_aes128gcmsha256;
extern ptls_cipher_suite_t ptls_openssl_aes256gcmsha384;
extern ptls_cipher_suite_t *ptls_openssl_cipher_suites[];
extern ptls_cipher_suite_t *ptls_openssl_cipher_suites_all[];
extern ptls_cipher_suite_t *ptls_openssl_tls12_cipher_suites[];

#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
Expand All @@ -93,6 +94,13 @@ extern ptls_aead_algorithm_t ptls_openssl_chacha20poly1305;
extern ptls_cipher_suite_t ptls_openssl_chacha20poly1305sha256;
#endif

#ifdef PTLS_HAVE_AEGIS
extern ptls_aead_algorithm_t ptls_openssl_aegis128l;
extern ptls_aead_algorithm_t ptls_openssl_aegis256;
extern ptls_cipher_suite_t ptls_openssl_aegis128lsha256;
extern ptls_cipher_suite_t ptls_openssl_aegis256sha384;
#endif

extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_ecdsa_aes128gcmsha256;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_aes256gcmsha384;
Expand Down
20 changes: 14 additions & 6 deletions lib/cifra.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,23 @@
#include "picotls/minicrypto.h"

ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[] = {// ciphers used with sha384 (must be first)
#ifdef PTLS_HAVE_AEGIS
&ptls_minicrypto_aegis256sha384,
#endif
&ptls_minicrypto_aes256gcmsha384,

// ciphers used with sha256
#ifdef PTLS_HAVE_AEGIS
&ptls_minicrypto_aegis128lsha256,
#endif
&ptls_minicrypto_aes128gcmsha256,
&ptls_minicrypto_chacha20poly1305sha256,
NULL};

ptls_cipher_suite_t *ptls_minicrypto_cipher_suites_all[] = {// ciphers used with sha384 (must be first)
#ifdef PTLS_HAVE_AEGIS
&ptls_minicrypto_aegis256sha384,
#endif
&ptls_minicrypto_aes256gcmsha384,

// ciphers used with sha256
#ifdef PTLS_HAVE_AEGIS
&ptls_minicrypto_aegis128lsha256,
#endif
&ptls_minicrypto_aes128gcmsha256,
&ptls_minicrypto_chacha20poly1305sha256,
NULL};
30 changes: 20 additions & 10 deletions lib/openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2167,7 +2167,7 @@ ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_ecdsa_chacha20poly1305sha256 = {


#if PTLS_HAVE_AEGIS
ptls_aead_algorithm_t ptls_libaegis_aegis128l = {
ptls_aead_algorithm_t ptls_openssl_aegis128l = {
.name = "AEGIS-128L",
.confidentiality_limit = PTLS_AEGIS128L_CONFIDENTIALITY_LIMIT,
.integrity_limit = PTLS_AEGIS128L_INTEGRITY_LIMIT,
Expand All @@ -2184,10 +2184,10 @@ ptls_aead_algorithm_t ptls_libaegis_aegis128l = {
};
ptls_cipher_suite_t ptls_openssl_aegis128lsha256 = {.id = PTLS_CIPHER_SUITE_AEGIS128L_SHA256,
.name = PTLS_CIPHER_SUITE_NAME_AEGIS128L_SHA256,
.aead = &ptls_libaegis_aegis128l,
.aead = &ptls_openssl_aegis128l,
.hash = &ptls_openssl_sha256};

ptls_aead_algorithm_t ptls_libaegis_aegis256 = {
ptls_aead_algorithm_t ptls_openssl_aegis256 = {
.name = "AEGIS-256",
.confidentiality_limit = PTLS_AEGIS256_CONFIDENTIALITY_LIMIT,
.integrity_limit = PTLS_AEGIS256_INTEGRITY_LIMIT,
Expand All @@ -2204,28 +2204,38 @@ ptls_aead_algorithm_t ptls_libaegis_aegis256 = {
};
ptls_cipher_suite_t ptls_openssl_aegis256sha384 = {.id = PTLS_CIPHER_SUITE_AEGIS256_SHA384,
.name = PTLS_CIPHER_SUITE_NAME_AEGIS256_SHA384,
.aead = &ptls_libaegis_aegis256,
.aead = &ptls_openssl_aegis256,
.hash = &ptls_openssl_sha384};
#endif



ptls_cipher_suite_t *ptls_openssl_cipher_suites[] = {// ciphers used with sha384 (must be first)
#if PTLS_HAVE_AEGIS
&ptls_openssl_aegis256sha384,
#endif
&ptls_openssl_aes256gcmsha384,

// ciphers used with sha256
#if PTLS_HAVE_AEGIS
&ptls_openssl_aegis128lsha256,
#endif
&ptls_openssl_aes128gcmsha256,
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
&ptls_openssl_chacha20poly1305sha256,
#endif
NULL};

ptls_cipher_suite_t *ptls_openssl_cipher_suites_all[] = {// ciphers used with sha384 (must be first)
#if PTLS_HAVE_AEGIS
&ptls_openssl_aegis256sha384,
#endif
&ptls_openssl_aes256gcmsha384,

// ciphers used with sha256
#if PTLS_HAVE_AEGIS
&ptls_openssl_aegis128lsha256,
#endif
&ptls_openssl_aes128gcmsha256,
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
&ptls_openssl_chacha20poly1305sha256,
#endif
NULL};

ptls_cipher_suite_t *ptls_openssl_tls12_cipher_suites[] = {&ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256,
&ptls_openssl_tls12_ecdhe_ecdsa_aes128gcmsha256,
&ptls_openssl_tls12_ecdhe_rsa_aes256gcmsha384,
Expand Down
6 changes: 5 additions & 1 deletion t/cli.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -558,6 +558,10 @@ int main(int argc, char **argv)
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
MATCH(chacha20poly1305sha256);
#endif
#if PTLS_HAVE_AEGIS
MATCH(aegis128lsha256);
MATCH(aegis256sha384);
#endif
#undef MATCH
if (cipher_suites[i] == NULL) {
fprintf(stderr, "unknown cipher-suite: %s\n", optarg);
Expand Down Expand Up @@ -635,7 +639,7 @@ int main(int argc, char **argv)
if (cipher_suites[0] == NULL) {
size_t i;
for (i = 0; ptls_openssl_cipher_suites[i] != NULL; ++i)
cipher_suites[i] = ptls_openssl_cipher_suites[i];
cipher_suites[i] = ptls_openssl_cipher_suites_all[i];
}
if (argc != 2) {
fprintf(stderr, "missing host and port\n");
Expand Down
4 changes: 2 additions & 2 deletions t/minicrypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ static void test_secp256r1_sign(void)
static void test_hrr(void)
{
ptls_key_exchange_algorithm_t *client_keyex[] = {&ptls_minicrypto_x25519, &ptls_minicrypto_secp256r1, NULL};
ptls_context_t client_ctx = {ptls_minicrypto_random_bytes, &ptls_get_time, client_keyex, ptls_minicrypto_cipher_suites};
ptls_context_t client_ctx = {ptls_minicrypto_random_bytes, &ptls_get_time, client_keyex, ptls_minicrypto_cipher_suites_all};
ptls_t *client, *server;
ptls_buffer_t cbuf, sbuf, decbuf;
uint8_t cbuf_small[16384], sbuf_small[16384], decbuf_small[16384];
Expand Down Expand Up @@ -153,7 +153,7 @@ int main(int argc, char **argv)
ptls_context_t ctxbuf = {ptls_minicrypto_random_bytes,
&ptls_get_time,
ptls_minicrypto_key_exchanges,
ptls_minicrypto_cipher_suites,
ptls_minicrypto_cipher_suites_all,
{&cert, 1},
{{NULL}},
NULL,
Expand Down
2 changes: 1 addition & 1 deletion t/openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,7 +555,7 @@ int main(int argc, char **argv)
ptls_context_t openssl_ctx = {.random_bytes = ptls_openssl_random_bytes,
.get_time = &ptls_get_time,
.key_exchanges = ptls_openssl_key_exchanges,
.cipher_suites = ptls_openssl_cipher_suites,
.cipher_suites = ptls_openssl_cipher_suites_all,
.tls12_cipher_suites = ptls_openssl_tls12_cipher_suites,
.certificates = {&cert, 1},
.ech = {.client = {.ciphers = ptls_openssl_hpke_cipher_suites, .kems = ptls_openssl_hpke_kems},
Expand Down

0 comments on commit 958ed1a

Please sign in to comment.