Fix the spelling of HPKE AEAD constants.

AES_128_GCM is more common than AES_GCM_128 and matches the specification. Bug: 275 Change-Id: If3446a38f7bfbe0250d9646e363db29b93e4d231 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46666 Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Dan McArdle <dmcardle@google.com> Commit-Queue: David Benjamin <davidben@google.com>
4 years ago · fd739853a8
parent dfde04f078
commit fd739853a8
4 changed files with 21 additions and 21 deletions
--- a/crypto/hpke/hpke.c
+++ b/crypto/hpke/hpke.c
@ -128,9 +128,9 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key,

 const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id) {
  switch (aead_id) {
-    case EVP_HPKE_AEAD_AES_GCM_128:
+    case EVP_HPKE_AEAD_AES_128_GCM:
      return EVP_aead_aes_128_gcm();
-    case EVP_HPKE_AEAD_AES_GCM_256:
+    case EVP_HPKE_AEAD_AES_256_GCM:
      return EVP_aead_aes_256_gcm();
    case EVP_HPKE_AEAD_CHACHA20POLY1305:
      return EVP_aead_chacha20_poly1305();
--- a/crypto/hpke/hpke_test.cc
+++ b/crypto/hpke/hpke_test.cc
@ -262,7 +262,7 @@ TEST(HPKETest, VerifyTestVectors) {
 TEST(HPKETest, RoundTrip) {
  uint16_t kdf_ids[] = {EVP_HPKE_HKDF_SHA256, EVP_HPKE_HKDF_SHA384,
                        EVP_HPKE_HKDF_SHA512};
-  uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_GCM_128, EVP_HPKE_AEAD_AES_GCM_256,
+  uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_128_GCM, EVP_HPKE_AEAD_AES_256_GCM,
                         EVP_HPKE_AEAD_CHACHA20POLY1305};

  const uint8_t info_a[] = {1, 1, 2, 3, 5, 8};
@ -342,7 +342,7 @@ TEST(HPKETest, X25519EncapSmallOrderPoint) {

  uint16_t kdf_ids[] = {EVP_HPKE_HKDF_SHA256, EVP_HPKE_HKDF_SHA384,
                        EVP_HPKE_HKDF_SHA512};
-  uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_GCM_128, EVP_HPKE_AEAD_AES_GCM_256,
+  uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_128_GCM, EVP_HPKE_AEAD_AES_256_GCM,
                         EVP_HPKE_AEAD_CHACHA20POLY1305};

  for (uint16_t kdf_id : kdf_ids) {
@ -377,7 +377,7 @@ TEST(HPKETest, ReceiverInvalidSeal) {
  // Set up the receiver.
  ScopedEVP_HPKE_CTX receiver_ctx;
  ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519(
-      receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+      receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
      kMockEnc, sizeof(kMockEnc), public_key_r, sizeof(public_key_r),
      secret_key_r, sizeof(secret_key_r), nullptr, 0));

@ -405,7 +405,7 @@ TEST(HPKETest, SenderInvalidOpen) {
  uint8_t enc[X25519_PUBLIC_VALUE_LEN];
  ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519(
      sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256,
-      EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), nullptr,
+      EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr,
      0));

  // Call Open() on the sender.
@ -442,7 +442,7 @@ TEST(HPKETest, EmptyPSK) {
      ASSERT_EQ(
          EVP_HPKE_CTX_setup_psk_s_x25519(
              sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256,
-              EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r),
+              EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r),
              nullptr, 0, psk.data(), psk.size(), psk_id.data(), psk_id.size()),
          kExpectSuccess);

@ -456,7 +456,7 @@ TEST(HPKETest, EmptyPSK) {
      ScopedEVP_HPKE_CTX receiver_ctx;
      ASSERT_EQ(EVP_HPKE_CTX_setup_psk_r_x25519(
                    receiver_ctx.get(), EVP_HPKE_HKDF_SHA256,
-                    EVP_HPKE_AEAD_AES_GCM_128, kMockEnc, sizeof(kMockEnc),
+                    EVP_HPKE_AEAD_AES_128_GCM, kMockEnc, sizeof(kMockEnc),
                    public_key_r, sizeof(public_key_r), secret_key_r,
                    sizeof(secret_key_r), nullptr, 0, psk.data(), psk.size(),
                    psk_id.data(), psk_id.size()),
@ -482,7 +482,7 @@ TEST(HPKETest, SetupSenderWrongLengthEnc) {
  {
    ASSERT_FALSE(EVP_HPKE_CTX_setup_base_s_x25519(
        sender_ctx.get(), bogus_enc, sizeof(bogus_enc), EVP_HPKE_HKDF_SHA256,
-        EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), nullptr,
+        EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr,
        0));
    uint32_t err = ERR_get_error();
    EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
@ -494,7 +494,7 @@ TEST(HPKETest, SetupSenderWrongLengthEnc) {
    const uint8_t psk_id[] = {1, 2, 3, 4};
    ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_s_x25519(
        sender_ctx.get(), bogus_enc, sizeof(bogus_enc), EVP_HPKE_HKDF_SHA256,
-        EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), nullptr,
+        EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr,
        0, psk, sizeof(psk), psk_id, sizeof(psk_id)));
    uint32_t err = ERR_get_error();
    EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
@ -513,7 +513,7 @@ TEST(HPKETest, SetupReceiverWrongLengthEnc) {
  ScopedEVP_HPKE_CTX receiver_ctx;
  {
    ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519(
-        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
        bogus_enc, sizeof(bogus_enc), public_key, sizeof(public_key),
        private_key, sizeof(private_key), nullptr, 0));
    uint32_t err = ERR_get_error();
@ -525,7 +525,7 @@ TEST(HPKETest, SetupReceiverWrongLengthEnc) {
    const uint8_t psk[] = {1, 2, 3, 4};
    const uint8_t psk_id[] = {1, 2, 3, 4};
    ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_r_x25519(
-        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
        bogus_enc, sizeof(bogus_enc), public_key, sizeof(public_key),
        private_key, sizeof(private_key), nullptr, 0, psk, sizeof(psk), psk_id,
        sizeof(psk_id)));
@ -543,7 +543,7 @@ TEST(HPKETest, SetupSenderWrongLengthPeerPublicValue) {
  {
    ASSERT_FALSE(EVP_HPKE_CTX_setup_base_s_x25519(
        sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256,
-        EVP_HPKE_AEAD_AES_GCM_128, bogus_public_key_r,
+        EVP_HPKE_AEAD_AES_128_GCM, bogus_public_key_r,
        sizeof(bogus_public_key_r), nullptr, 0));
    uint32_t err = ERR_get_error();
    EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err));
@ -556,7 +556,7 @@ TEST(HPKETest, SetupSenderWrongLengthPeerPublicValue) {

    ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_s_x25519(
        sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256,
-        EVP_HPKE_AEAD_AES_GCM_128, bogus_public_key_r,
+        EVP_HPKE_AEAD_AES_128_GCM, bogus_public_key_r,
        sizeof(bogus_public_key_r), nullptr, 0, psk, sizeof(psk), psk_id,
        sizeof(psk_id)));
    uint32_t err = ERR_get_error();
@ -582,7 +582,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) {
  {
    // Test base mode with |bogus_public_key|.
    ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519(
-        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
        enc, sizeof(enc), bogus_public_key, sizeof(bogus_public_key),
        private_key, sizeof(private_key), nullptr, 0));
    uint32_t err = ERR_get_error();
@ -593,7 +593,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) {
  {
    // Test base mode with |bogus_private_key|.
    ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519(
-        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
        enc, sizeof(enc), public_key, sizeof(public_key), bogus_private_key,
        sizeof(bogus_private_key), nullptr, 0));
    uint32_t err = ERR_get_error();
@ -606,7 +606,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) {
    const uint8_t psk[] = {1, 2, 3, 4};
    const uint8_t psk_id[] = {1, 2, 3, 4};
    ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_r_x25519(
-        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
        enc, sizeof(enc), bogus_public_key, sizeof(bogus_public_key),
        private_key, sizeof(private_key), nullptr, 0, psk, sizeof(psk), psk_id,
        sizeof(psk_id)));
@ -620,7 +620,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) {
    const uint8_t psk[] = {1, 2, 3, 4};
    const uint8_t psk_id[] = {1, 2, 3, 4};
    ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_r_x25519(
-        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128,
+        receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM,
        enc, sizeof(enc), public_key, sizeof(public_key), bogus_private_key,
        sizeof(bogus_private_key), nullptr, 0, psk, sizeof(psk), psk_id,
        sizeof(psk_id)));
--- a/crypto/hpke/internal.h
+++ b/crypto/hpke/internal.h
@ -34,8 +34,8 @@ extern "C" {
 // See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07.

 // EVP_HPKE_AEAD_* are AEAD identifiers.
-#define EVP_HPKE_AEAD_AES_GCM_128 0x0001
-#define EVP_HPKE_AEAD_AES_GCM_256 0x0002
+#define EVP_HPKE_AEAD_AES_128_GCM 0x0001
+#define EVP_HPKE_AEAD_AES_256_GCM 0x0002
 #define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003

 // EVP_HPKE_HKDF_* are HKDF identifiers.
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@ -620,7 +620,7 @@ static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {

  constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256;
  const uint16_t aead_id = EVP_has_aes_hardware()
-                               ? EVP_HPKE_AEAD_AES_GCM_128
+                               ? EVP_HPKE_AEAD_AES_128_GCM
                               : EVP_HPKE_AEAD_CHACHA20POLY1305;
  const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
  assert(aead != nullptr);