From dda7105a6ef1febe6890464266df2521b84c5f67 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 18 Jan 2024 16:52:56 -0800 Subject: [PATCH] Replace the TLS_AEGIS_256_SHA384 ciphersuite with TLS_AEGIS_256_SHA512 (#104) Summary: The latest AEGIS draft, as well as the IANA TLS registry [1] have been updated to replace `TLS_AEGIS_256_SHA384` with `TLS_AEGIS_256_SHA512`. This follows the recommendations from [2] for new cipher suites. [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 [2] https://eprint.iacr.org/2023/913.pdf Pull Request resolved: https://github.com/facebookincubator/fizz/pull/104 Differential Revision: D51794472 Pulled By: mingtaoy fbshipit-source-id: 4e2b9f0d374a08d1d40348f2f049c0f7b03f1616 --- fizz/crypto/aead/test/EVPCipherTest.cpp | 10 +++++----- fizz/crypto/test/TestUtil.cpp | 2 +- fizz/protocol/OpenSSLFactory.cpp | 7 ++++--- fizz/protocol/OpenSSLFactory.h | 1 + fizz/protocol/Types.cpp | 3 ++- fizz/record/Types.cpp | 4 ++-- fizz/record/Types.h | 2 +- fizz/util/Parse-inl.h | 2 +- 8 files changed, 17 insertions(+), 14 deletions(-) diff --git a/fizz/crypto/aead/test/EVPCipherTest.cpp b/fizz/crypto/aead/test/EVPCipherTest.cpp index 42cb50c8efe..af4903ddefc 100644 --- a/fizz/crypto/aead/test/EVPCipherTest.cpp +++ b/fizz/crypto/aead/test/EVPCipherTest.cpp @@ -1040,7 +1040,7 @@ INSTANTIATE_TEST_SUITE_P( "5d6691271eb1b2261d1b34fa7560e274b83373343c2e49b2b6a82bc0f20cee85cd608d195c1a16679d720441c95fae86631f3f2cd27f38f71cedc79aaca7fdddbd4da4eeb97632366db65ca21acd85b41fd1a9de688bddff433a4757eb084e6816dbc8ff93f5995804", "0943a3e659b86e267ffea969ddd6d6d63aa35d1a1f31fb6f47205104b132da65799cc64cc9f66ffa5ec479550c2c5dfa006f827ef02e3ab4dae3446bf93ccb5c17e1ec0393f161fca94f2944d041f162e9c964558b6b57d3bb393b9743b1f8338ff878a154800fd16c6eacac942353072bdeb9fcf85e5b6c04", true, - CipherSuite::TLS_AEGIS_256_SHA384}, + CipherSuite::TLS_AEGIS_256_SHA512}, CipherParams{ "c88bb05b2aec1218e1a5026511e6d44de7bd502588e9e2a01591b39c5ead76ff", "4a485f226a73f0c4e16242e8234841cdf6af1771eb278e7f35428d03eb5b4cf0", @@ -1049,7 +1049,7 @@ INSTANTIATE_TEST_SUITE_P( "2a4c06941ec356390542d7d7833fd68fc85a00c0452281f87dee6f10180d02182791232c7007fde35dfd5a901afa896296f9f344db717994d078fbd3a4cec8d782d2bdc205f3709827b776fd5c863a952fea97a14a6c2ee3f20432b8baa084470179078bd6a83597478b2fd9ae00ecb424822cb0d61e9a55a4", "b8565db06c2fa493e09b6764f4d09296422095eb6e9890f606654713bfee6f362a123688b61f254f315f18b20bcc5ed8b0b4f2224de9f498e3ef03532a8bcddb361f5ace8ff491bab8b3d06550496501264f9f48ebad277e7492146789d0fc1a3b1e3e81598370a4183683d1fee25a9a1fe359c836932746b983d01767ad4b9b3d70cc917fe57e41e0", true, - CipherSuite::TLS_AEGIS_256_SHA384}, + CipherSuite::TLS_AEGIS_256_SHA512}, CipherParams{ "77b473865175ebd5ddf9c382bac227029c25bdb836e683a138e4618cc964488b", "f183d8de1e6dd4ccefa79fe22fabfda58e68dd29116d13408042f0713a4ee5f8", @@ -1058,7 +1058,7 @@ INSTANTIATE_TEST_SUITE_P( "9888b8ee03c3217a777b7558a31e331909570ea196f02c8cffad2c8dc6499b8125363c06a71c057842666bfb5c6acc937d2eecd960330c2361abdd88a4b191557ddf5102de75ddc7e09aee9862f32e24f1db3847a5f5b379fb32e2ef7ffb0d3a60", "3464d835302583ade6ed99e23333e865d3308f31a6cb65bcefdc9a1b9b4d0e0f75513188480dac4a64922af4441324ce7de74eb9f7f4e414f6177a4814edc96313694b99ff8dd36b2f7f79c7ecd70ec475abe1c1909238767f172fd6b95e92c025b1f8c9704d7b845964e14ccb333f0d4b", true, - CipherSuite::TLS_AEGIS_256_SHA384}, + CipherSuite::TLS_AEGIS_256_SHA512}, CipherParams{ "b8c6e8cea59ca9fd2922530ee61911c1ed1c5af98be8fb03cbb449adcea0ed83", "af5bc1abe7bafadee790390277874cdfcc1ac1955f249d1131555d345832f555", @@ -1067,7 +1067,7 @@ INSTANTIATE_TEST_SUITE_P( "b6c15f560be043d06aa27e15d8c901af6b19db7a15e1", "4c8496dfa6c419ef3c4867769a9014bd17118c22eef5f0f7ed5cb9ba59df21310c274cf9a585", true, - CipherSuite::TLS_AEGIS_256_SHA384}, + CipherSuite::TLS_AEGIS_256_SHA512}, CipherParams{ "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", @@ -1076,7 +1076,7 @@ INSTANTIATE_TEST_SUITE_P( "dc5180954df0c3391a60b44cbf70aee72b7dbb2addc90a0bf2ceac6113287eb501fe1ea9f4c51822664b82fe0279b039f4", "c8a7d9131cebfa5388003cc30deac523aa9b09d148affff06ba40400e09ca900db770e07cedf5cd0647f6723c810ffcb596cac51edd6f49cd7be0010a3ac29e704", false, - CipherSuite::TLS_AEGIS_256_SHA384})); + CipherSuite::TLS_AEGIS_256_SHA512})); #endif } // namespace test } // namespace fizz diff --git a/fizz/crypto/test/TestUtil.cpp b/fizz/crypto/test/TestUtil.cpp index c1a884f333e..fc02ee8f431 100644 --- a/fizz/crypto/test/TestUtil.cpp +++ b/fizz/crypto/test/TestUtil.cpp @@ -99,7 +99,7 @@ std::unique_ptr getCipher(CipherSuite suite) { case CipherSuite::TLS_AEGIS_128L_SHA256: cipher = AEGISCipher::make128L(); break; - case CipherSuite::TLS_AEGIS_256_SHA384: + case CipherSuite::TLS_AEGIS_256_SHA512: cipher = AEGISCipher::make256(); break; #endif diff --git a/fizz/protocol/OpenSSLFactory.cpp b/fizz/protocol/OpenSSLFactory.cpp index b1c3a7e2e61..dd16d2f25b1 100644 --- a/fizz/protocol/OpenSSLFactory.cpp +++ b/fizz/protocol/OpenSSLFactory.cpp @@ -40,7 +40,7 @@ std::unique_ptr OpenSSLFactory::makeAead(CipherSuite cipher) const { case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL: return OpenSSLEVPCipher::makeCipher(); #if FIZZ_BUILD_AEGIS - case CipherSuite::TLS_AEGIS_256_SHA384: + case CipherSuite::TLS_AEGIS_256_SHA512: return AEGISCipher::make256(); case CipherSuite::TLS_AEGIS_128L_SHA256: return AEGISCipher::make128L(); @@ -59,8 +59,9 @@ std::unique_ptr OpenSSLFactory::makeKeyDeriver( case CipherSuite::TLS_AEGIS_128L_SHA256: return KeyDerivationImpl::make(getHkdfPrefix()); case CipherSuite::TLS_AES_256_GCM_SHA384: - case CipherSuite::TLS_AEGIS_256_SHA384: return KeyDerivationImpl::make(getHkdfPrefix()); + case CipherSuite::TLS_AEGIS_256_SHA512: + return KeyDerivationImpl::make(getHkdfPrefix()); default: throw std::runtime_error("ks: not implemented"); } @@ -75,7 +76,7 @@ std::unique_ptr OpenSSLFactory::makeHandshakeContext( case CipherSuite::TLS_AEGIS_128L_SHA256: return std::make_unique>(getHkdfPrefix()); case CipherSuite::TLS_AES_256_GCM_SHA384: - case CipherSuite::TLS_AEGIS_256_SHA384: + case CipherSuite::TLS_AEGIS_256_SHA512: return std::make_unique>(getHkdfPrefix()); default: throw std::runtime_error("hs: not implemented"); diff --git a/fizz/protocol/OpenSSLFactory.h b/fizz/protocol/OpenSSLFactory.h index f2ed92a5303..6a1ff2fe548 100644 --- a/fizz/protocol/OpenSSLFactory.h +++ b/fizz/protocol/OpenSSLFactory.h @@ -10,6 +10,7 @@ #include #include +#include #include #include #include diff --git a/fizz/protocol/Types.cpp b/fizz/protocol/Types.cpp index e14ed7cf2c1..4bd7f658c48 100644 --- a/fizz/protocol/Types.cpp +++ b/fizz/protocol/Types.cpp @@ -17,9 +17,10 @@ HashFunction getHashFunction(CipherSuite cipher) { case CipherSuite::TLS_CHACHA20_POLY1305_SHA256: case CipherSuite::TLS_AEGIS_128L_SHA256: return HashFunction::Sha256; - case CipherSuite::TLS_AEGIS_256_SHA384: case CipherSuite::TLS_AES_256_GCM_SHA384: return HashFunction::Sha384; + case CipherSuite::TLS_AEGIS_256_SHA512: + return HashFunction::Sha512; } throw std::runtime_error("unknown cipher suite"); } diff --git a/fizz/record/Types.cpp b/fizz/record/Types.cpp index 9d7ffdc9b50..400c3d6c0b2 100644 --- a/fizz/record/Types.cpp +++ b/fizz/record/Types.cpp @@ -187,8 +187,8 @@ std::string toString(CipherSuite cipher) { return "TLS_CHACHA20_POLY1305_SHA256"; case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL: return "TLS_AES_128_OCB_SHA256_EXPERIMENTAL"; - case CipherSuite::TLS_AEGIS_256_SHA384: - return "TLS_AEGIS_256_SHA384"; + case CipherSuite::TLS_AEGIS_256_SHA512: + return "TLS_AEGIS_256_SHA512"; case CipherSuite::TLS_AEGIS_128L_SHA256: return "TLS_AEGIS_128L_SHA256"; } diff --git a/fizz/record/Types.h b/fizz/record/Types.h index dd83ad68203..a64b815a09b 100644 --- a/fizz/record/Types.h +++ b/fizz/record/Types.h @@ -157,7 +157,7 @@ enum class CipherSuite : uint16_t { TLS_AES_128_GCM_SHA256 = 0x1301, TLS_AES_256_GCM_SHA384 = 0x1302, TLS_CHACHA20_POLY1305_SHA256 = 0x1303, - TLS_AEGIS_256_SHA384 = 0x1306, + TLS_AEGIS_256_SHA512 = 0x1306, TLS_AEGIS_128L_SHA256 = 0x1307, // experimental cipher suites TLS_AES_128_OCB_SHA256_EXPERIMENTAL = 0xFF01, diff --git a/fizz/util/Parse-inl.h b/fizz/util/Parse-inl.h index 6b5eda1617c..9fafbe899d0 100644 --- a/fizz/util/Parse-inl.h +++ b/fizz/util/Parse-inl.h @@ -20,7 +20,7 @@ inline CipherSuite parse(folly::StringPiece s) { {"TLS_AES_128_OCB_SHA256_EXPERIMENTAL", CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL}, {"TLS_AEGIS_128L_SHA256", CipherSuite::TLS_AEGIS_128L_SHA256}, - {"TLS_AEGIS_256_SHA384", CipherSuite::TLS_AEGIS_256_SHA384}}; + {"TLS_AEGIS_256_SHA512", CipherSuite::TLS_AEGIS_256_SHA512}}; auto location = stringToCiphers.find(s); if (location != stringToCiphers.end()) {