Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1698419 - ECH -10 updates, r=bbeurdouche
The main changes here are:

* an update to HPKE -08
* a move to the single-byte configuration ID
* reordering of ECHConfig

The addition of the explicit configuration ID means that the API for
constructing ECHConfig(List) needs to change.  That means a name change,
unfortunately.  I took the opportunity to make further changes to the arguments.

Differential Revision: https://phabricator.services.mozilla.com/D108392

--HG--
extra : rebase_source : e66ae86be746afbadc6c444d0debcc5aaabd2eb5
  • Loading branch information
martinthomson committed Mar 17, 2021
1 parent a441315 commit b1b1577
Show file tree
Hide file tree
Showing 15 changed files with 500 additions and 470 deletions.
11 changes: 11 additions & 0 deletions automation/abi-check/expected-report-libssl3.so.txt
@@ -0,0 +1,11 @@

1 function with some indirect sub-type change:

[C]'function SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc*, SSLExtensionType, PRBool*)' at sslreveal.c:72:1 has some indirect sub-type changes:
parameter 2 of type 'typedef SSLExtensionType' has sub-type changes:
underlying type 'enum __anonymous_enum__' at sslt.h:519:1 changed:
type size hasn't changed
1 enumerator change:
'__anonymous_enum__::ssl_tls13_encrypted_client_hello_xtn' from value '65033' to '65034' at sslt.h:519:1


22 changes: 15 additions & 7 deletions cmd/selfserv/selfserv.c
Expand Up @@ -1894,16 +1894,23 @@ configureEchWithPublicName(PRFileDesc *model_sock, const char *public_name)
SECKEYPrivateKey *privKey = NULL;
SECOidData *oidData;
char *echConfigBase64 = NULL;
PRUint8 configId = 0;
PRUint8 configBuf[1000];
unsigned int len = 0;
unsigned int echCipherSuite = ((unsigned int)HpkeKdfHkdfSha256 << 16) |
HpkeAeadChaCha20Poly1305;
HpkeSymmetricSuite echCipherSuite = { HpkeKdfHkdfSha256,
HpkeAeadChaCha20Poly1305 };

PK11SlotInfo *slot = PK11_GetInternalKeySlot();
if (!slot) {
errWarn("PK11_GetInternalKeySlot failed");
return SECFailure;
}

if (PK11_GenerateRandom(&configId, sizeof(configId)) != SECSuccess) {
errWarn("Failed to generate random configId");
goto loser;
}

oidData = SECOID_FindOIDByTag(SEC_OID_CURVE25519);
if (oidData && (2 + oidData->oid.len) < sizeof(paramBuf)) {
ecParams.data[0] = SEC_ASN1_OBJECT_ID;
Expand All @@ -1916,16 +1923,17 @@ configureEchWithPublicName(PRFileDesc *model_sock, const char *public_name)
}
privKey = PK11_GenerateKeyPair(slot, CKM_EC_KEY_PAIR_GEN, &ecParams,
&pubKey, PR_FALSE, PR_FALSE, NULL);

if (!privKey || !pubKey) {
errWarn("Failed to generate ECH keypair");
goto loser;
}
rv = SSL_EncodeEchConfig(echParamsStr, &echCipherSuite, 1,
HpkeDhKemX25519Sha256, pubKey, 50,
configBuf, &len, sizeof(configBuf));

rv = SSL_EncodeEchConfigId(configId, echParamsStr, 100,
HpkeDhKemX25519Sha256, pubKey,
&echCipherSuite, 1,
configBuf, &len, sizeof(configBuf));
if (rv != SECSuccess) {
errWarn("SSL_EncodeEchConfig failed");
errWarn("SSL_EncodeEchConfigId failed");
goto loser;
}

Expand Down
21 changes: 0 additions & 21 deletions gtests/ssl_gtest/libssl_internals.c
Expand Up @@ -497,24 +497,3 @@ SECStatus SSLInt_SetRawEchConfigForRetry(PRFileDesc *fd, const uint8_t *buf,
PORT_Memcpy(cfg->raw.data, buf, len);
return SECSuccess;
}

// Zero the echConfig.config_id for all configured echConfigs.
// This mimics a collision on the 8B config ID so that we can
// test trial decryption.
SECStatus SSLInt_ZeroEchConfigIds(PRFileDesc *fd) {
if (!fd) {
return SECFailure;
}
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
return SECFailure;
}

for (PRCList *cur_p = PR_LIST_HEAD(&ss->echConfigs); cur_p != &ss->echConfigs;
cur_p = PR_NEXT_LINK(cur_p)) {
PORT_Memset(((sslEchConfig *)cur_p)->configId, 0,
sizeof(((sslEchConfig *)cur_p)->configId));
}

return SECSuccess;
}
1 change: 0 additions & 1 deletion gtests/ssl_gtest/libssl_internals.h
Expand Up @@ -51,5 +51,4 @@ SECStatus SSLInt_SetDCAdvertisedSigSchemes(PRFileDesc *fd,
SECStatus SSLInt_RemoveServerCertificates(PRFileDesc *fd);
SECStatus SSLInt_SetRawEchConfigForRetry(PRFileDesc *fd, const uint8_t *buf,
size_t len);
SECStatus SSLInt_ZeroEchConfigIds(PRFileDesc *fd);
#endif // ifndef libssl_internals_h_
15 changes: 7 additions & 8 deletions gtests/ssl_gtest/tls_connect.cc
Expand Up @@ -262,7 +262,7 @@ void TlsConnectTestBase::MakeEcKeyParams(SECItem* params, SSLNamedGroup group) {
}

void TlsConnectTestBase::GenerateEchConfig(
HpkeKemId kem_id, const std::vector<uint32_t>& cipher_suites,
HpkeKemId kem_id, const std::vector<HpkeSymmetricSuite>& cipher_suites,
const std::string& public_name, uint16_t max_name_len, DataBuffer& record,
ScopedSECKEYPublicKey& pubKey, ScopedSECKEYPrivateKey& privKey) {
bool gen_keys = !pubKey && !privKey;
Expand All @@ -282,9 +282,9 @@ void TlsConnectTestBase::GenerateEchConfig(
SECITEM_FreeItem(&ecParams, PR_FALSE);
PRUint8 encoded[1024];
unsigned int encoded_len = 0;
SECStatus rv = SSL_EncodeEchConfig(
public_name.c_str(), cipher_suites.data(), cipher_suites.size(), kem_id,
pub, max_name_len, encoded, &encoded_len, sizeof(encoded));
SECStatus rv = SSL_EncodeEchConfigId(
77, public_name.c_str(), max_name_len, kem_id, pub, cipher_suites.data(),
cipher_suites.size(), encoded, &encoded_len, sizeof(encoded));
EXPECT_EQ(SECSuccess, rv);
EXPECT_GT(encoded_len, 0U);

Expand All @@ -305,10 +305,9 @@ void TlsConnectTestBase::SetupEch(std::shared_ptr<TlsAgent>& client,
ScopedSECKEYPublicKey pub;
ScopedSECKEYPrivateKey priv;
DataBuffer record;
static const std::vector<uint32_t> kDefaultSuites = {
(static_cast<uint16_t>(HpkeKdfHkdfSha256) << 16) |
HpkeAeadChaCha20Poly1305,
(static_cast<uint16_t>(HpkeKdfHkdfSha256) << 16) | HpkeAeadAes128Gcm};
static const std::vector<HpkeSymmetricSuite> kDefaultSuites = {
{HpkeKdfHkdfSha256, HpkeAeadChaCha20Poly1305},
{HpkeKdfHkdfSha256, HpkeAeadAes128Gcm}};

GenerateEchConfig(kem_id, kDefaultSuites, "public.name", 100, record, pub,
priv);
Expand Down
10 changes: 4 additions & 6 deletions gtests/ssl_gtest/tls_connect.h
Expand Up @@ -147,12 +147,10 @@ class TlsConnectTestBase : public ::testing::Test {
void RestoreAlgorithmPolicy();

static void MakeEcKeyParams(SECItem* params, SSLNamedGroup group);
static void GenerateEchConfig(HpkeKemId kem_id,
const std::vector<uint32_t>& cipher_suites,
const std::string& public_name,
uint16_t max_name_len, DataBuffer& record,
ScopedSECKEYPublicKey& pubKey,
ScopedSECKEYPrivateKey& privKey);
static void GenerateEchConfig(
HpkeKemId kem_id, const std::vector<HpkeSymmetricSuite>& cipher_suites,
const std::string& public_name, uint16_t max_name_len, DataBuffer& record,
ScopedSECKEYPublicKey& pubKey, ScopedSECKEYPrivateKey& privKey);
void SetupEch(std::shared_ptr<TlsAgent>& client,
std::shared_ptr<TlsAgent>& server,
HpkeKemId kem_id = HpkeDhKemX25519Sha256,
Expand Down

0 comments on commit b1b1577

Please sign in to comment.