Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(195)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/chacha20poly1305.patch

Issue 23619044: net: add ChaCha20+Poly1305 support to libssl. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressing wtc's comments. Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 index 8be517c..53c29f0 100644
3 --- a/nss/lib/ssl/ssl3con.c
4 +++ b/nss/lib/ssl/ssl3con.c
5 @@ -40,6 +40,21 @@
6 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
7 #endif
8
9 +/* This is a bodge to allow this code to be compiled against older NSS
10 + * headers. */
11 +#ifndef CKM_NSS_CHACHA20_POLY1305
12 +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 25)
13 +
14 +typedef struct CK_AEAD_PARAMS {
15 + CK_BYTE_PTR pIv; /* This is the nonce. */
16 + CK_ULONG ulIvLen;
17 + CK_BYTE_PTR pAAD;
18 + CK_ULONG ulAADLen;
19 + CK_ULONG ulTagBits;
20 +} CK_AEAD_PARAMS;
21 +
22 +#endif
23 +
24 #include <stdio.h>
25 #ifdef NSS_ENABLE_ZLIB
26 #include "zlib.h"
27 @@ -100,6 +115,8 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PR Bool doDecrypt,
28 static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
29 /* cipher_suite policy enabled is_present* /
30 #ifdef NSS_ENABLE_ECC
31 + { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
32 + { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
33 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
34 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
35 #endif /* NSS_ENABLE_ECC */
36 @@ -273,6 +290,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
37 {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
38 {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
39 {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
40 + {cipher_chacha20, calg_chacha20, 32,32, type_aead, 0, 0,16, 0},
41 {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
42 };
43
44 @@ -399,6 +417,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
45 {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
46 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_e cdhe_rsa},
47 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea _ecdhe_ecdsa},
48 + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe _rsa},
49 + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecd he_ecdsa},
50
51 #ifdef NSS_ENABLE_ECC
52 {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa} ,
53 @@ -464,6 +484,7 @@ static const SSLCipher2Mech alg2Mech[] = {
54 { calg_camellia , CKM_CAMELLIA_CBC },
55 { calg_seed , CKM_SEED_CBC },
56 { calg_aes_gcm , CKM_AES_GCM },
57 + { calg_chacha20 , CKM_NSS_CHACHA20_POLY1305 },
58 /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
59 };
60
61 @@ -2020,6 +2041,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
62 }
63 #endif
64
65 +static SECStatus
66 +ssl3_ChaCha20Poly1305(
67 + ssl3KeyMaterial *keys,
68 + PRBool doDecrypt,
69 + unsigned char *out,
70 + int *outlen,
71 + int maxout,
72 + const unsigned char *in,
73 + int inlen,
74 + const unsigned char *additionalData,
75 + int additionalDataLen)
76 +{
77 + SECItem param;
78 + SECStatus rv = SECFailure;
79 + unsigned int uOutLen;
80 + CK_AEAD_PARAMS aeadParams;
81 + static const int tagSize = 16;
82 +
83 + param.type = siBuffer;
84 + param.len = sizeof(aeadParams);
85 + param.data = (unsigned char *) &aeadParams;
86 + memset(&aeadParams, 0, sizeof(CK_AEAD_PARAMS));
87 + aeadParams.pIv = (unsigned char *) additionalData;
88 + aeadParams.ulIvLen = 8;
89 + aeadParams.pAAD = (unsigned char *) additionalData;
90 + aeadParams.ulAADLen = additionalDataLen;
91 + aeadParams.ulTagBits = tagSize * 8;
92 +
93 + if (doDecrypt) {
94 + rv = pk11_decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
95 + out, &uOutLen, maxout, in, inlen);
96 + } else {
97 + rv = pk11_encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
98 + out, &uOutLen, maxout, in, inlen);
99 + }
100 + *outlen = (int) uOutLen;
101 +
102 + return rv;
103 +}
104 +
105 /* Initialize encryption and MAC contexts for pending spec.
106 * Master Secret already is derived.
107 * Caller holds Spec write lock.
108 @@ -2053,13 +2114,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
109 pwSpec->client.write_mac_context = NULL;
110 pwSpec->server.write_mac_context = NULL;
111
112 - if (calg == calg_aes_gcm) {
113 + if (calg == calg_aes_gcm || calg == calg_chacha20) {
114 pwSpec->encode = NULL;
115 pwSpec->decode = NULL;
116 pwSpec->destroy = NULL;
117 pwSpec->encodeContext = NULL;
118 pwSpec->decodeContext = NULL;
119 - pwSpec->aead = ssl3_AESGCM;
120 + if (calg == calg_aes_gcm) {
121 + pwSpec->aead = ssl3_AESGCM;
122 + } else {
123 + pwSpec->aead = ssl3_ChaCha20Poly1305;
124 + }
125 return SECSuccess;
126 }
127
128 diff --git a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
129 index a3638e7..21a5e05 100644
130 --- a/nss/lib/ssl/ssl3ecc.c
131 +++ b/nss/lib/ssl/ssl3ecc.c
132 @@ -913,6 +913,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
133 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
134 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
135 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
136 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
137 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
138 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
139 0 /* end of list marker */
140 @@ -924,6 +925,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
141 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
142 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
143 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
144 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
145 TLS_ECDHE_RSA_WITH_NULL_SHA,
146 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
147 0 /* end of list marker */
148 @@ -936,6 +938,7 @@ static const ssl3CipherSuite ecSuites[] = {
149 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
150 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
151 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
152 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
153 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
154 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
155 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
156 @@ -943,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = {
157 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
158 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
159 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
160 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
161 TLS_ECDHE_RSA_WITH_NULL_SHA,
162 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
163 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
164 diff --git a/nss/lib/ssl/sslenum.c b/nss/lib/ssl/sslenum.c
165 index 597ec07..fc6b854 100644
166 --- a/nss/lib/ssl/sslenum.c
167 +++ b/nss/lib/ssl/sslenum.c
168 @@ -31,6 +31,8 @@
169 const PRUint16 SSL_ImplementedCiphers[] = {
170 /* AES-GCM */
171 #ifdef NSS_ENABLE_ECC
172 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
173 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
174 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
175 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
176 #endif /* NSS_ENABLE_ECC */
177 diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
178 index 0fe12d0..e3ae9ce 100644
179 --- a/nss/lib/ssl/sslimpl.h
180 +++ b/nss/lib/ssl/sslimpl.h
181 @@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType;
182 #define calg_camellia ssl_calg_camellia
183 #define calg_seed ssl_calg_seed
184 #define calg_aes_gcm ssl_calg_aes_gcm
185 +#define calg_chacha20 ssl_calg_chacha20
186
187 #define mac_null ssl_mac_null
188 #define mac_md5 ssl_mac_md5
189 @@ -292,7 +293,7 @@ typedef struct {
190 } ssl3CipherSuiteCfg;
191
192 #ifdef NSS_ENABLE_ECC
193 -#define ssl_V3_SUITES_IMPLEMENTED 61
194 +#define ssl_V3_SUITES_IMPLEMENTED 63
195 #else
196 #define ssl_V3_SUITES_IMPLEMENTED 37
197 #endif /* NSS_ENABLE_ECC */
198 @@ -474,6 +475,7 @@ typedef enum {
199 cipher_camellia_256,
200 cipher_seed,
201 cipher_aes_128_gcm,
202 + cipher_chacha20,
203 cipher_missing /* reserved for no such supported cipher */
204 /* This enum must match ssl3_cipherName[] in ssl3con.c. */
205 } SSL3BulkCipher;
206 diff --git a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
207 index 9597209..bfc1676 100644
208 --- a/nss/lib/ssl/sslinfo.c
209 +++ b/nss/lib/ssl/sslinfo.c
210 @@ -118,6 +118,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRU intn len)
211 #define C_NULL "NULL", calg_null
212 #define C_SJ "SKIPJACK", calg_sj
213 #define C_AESGCM "AES-GCM", calg_aes_gcm
214 +#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20
215
216 #define B_256 256, 256, 256
217 #define B_128 128, 128, 128
218 @@ -196,12 +197,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
219 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M _SHA, 1, 0, 0, },
220 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
221 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M _SHA, 1, 0, 0, },
222 +{0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305),S_ECDSA,K_ECDHE,C_CHACHA20,B_256, M_AEAD_128,0, 0, 0, },
223
224 {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA , 0, 0, 0, },
225 {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SH A, 0, 0, 0, },
226 {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_ SHA, 1, 0, 0, },
227 {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SH A, 1, 0, 0, },
228 {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SH A, 1, 0, 0, },
229 +{0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305), S_RSA,K_ECDHE,C_CHACHA20,B_256,M_ AEAD_128, 0, 0, 0, },
230
231 {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SH A, 0, 0, 0, },
232 {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_S HA, 0, 0, 0, },
233 diff --git a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
234 index 53bba01..6b60a28 100644
235 --- a/nss/lib/ssl/sslproto.h
236 +++ b/nss/lib/ssl/sslproto.h
237 @@ -213,6 +213,9 @@
238 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
239 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
240
241 +#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 0xCC13
242 +#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0xCC14
243 +
244 /* Netscape "experimental" cipher suites. */
245 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
246 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
247 diff --git a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
248 index c17c7a3..ffbccc6 100644
249 --- a/nss/lib/ssl/sslsock.c
250 +++ b/nss/lib/ssl/sslsock.c
251 @@ -98,6 +98,7 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
252 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
253 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
254 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
255 + { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
256 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
257 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
258 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
259 @@ -110,6 +111,7 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
260 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
261 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
262 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
263 + { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
264 #endif /* NSS_ENABLE_ECC */
265 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
266 };
267 diff --git a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
268 index b03422e..a8007d8 100644
269 --- a/nss/lib/ssl/sslt.h
270 +++ b/nss/lib/ssl/sslt.h
271 @@ -94,7 +94,8 @@ typedef enum {
272 ssl_calg_aes = 7,
273 ssl_calg_camellia = 8,
274 ssl_calg_seed = 9,
275 - ssl_calg_aes_gcm = 10
276 + ssl_calg_aes_gcm = 10,
277 + ssl_calg_chacha20 = 11
278 } SSLCipherAlgorithm;
279
280 typedef enum {
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698