From fd739853a8b088a4273d7856392a7df3f3b759b4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 5 Apr 2021 19:11:32 -0400 Subject: [PATCH] Fix the spelling of HPKE AEAD constants. AES_128_GCM is more common than AES_GCM_128 and matches the specification. Bug: 275 Change-Id: If3446a38f7bfbe0250d9646e363db29b93e4d231 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46666 Reviewed-by: David Benjamin Reviewed-by: Dan McArdle Commit-Queue: David Benjamin --- crypto/hpke/hpke.c | 4 ++-- crypto/hpke/hpke_test.cc | 32 ++++++++++++++++---------------- crypto/hpke/internal.h | 4 ++-- ssl/t1_lib.cc | 2 +- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 29f60fc52..fa44d8e4a 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -128,9 +128,9 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key, const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id) { switch (aead_id) { - case EVP_HPKE_AEAD_AES_GCM_128: + case EVP_HPKE_AEAD_AES_128_GCM: return EVP_aead_aes_128_gcm(); - case EVP_HPKE_AEAD_AES_GCM_256: + case EVP_HPKE_AEAD_AES_256_GCM: return EVP_aead_aes_256_gcm(); case EVP_HPKE_AEAD_CHACHA20POLY1305: return EVP_aead_chacha20_poly1305(); diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc index d3f841ccb..fd142a37b 100644 --- a/crypto/hpke/hpke_test.cc +++ b/crypto/hpke/hpke_test.cc @@ -262,7 +262,7 @@ TEST(HPKETest, VerifyTestVectors) { TEST(HPKETest, RoundTrip) { uint16_t kdf_ids[] = {EVP_HPKE_HKDF_SHA256, EVP_HPKE_HKDF_SHA384, EVP_HPKE_HKDF_SHA512}; - uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_GCM_128, EVP_HPKE_AEAD_AES_GCM_256, + uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_128_GCM, EVP_HPKE_AEAD_AES_256_GCM, EVP_HPKE_AEAD_CHACHA20POLY1305}; const uint8_t info_a[] = {1, 1, 2, 3, 5, 8}; @@ -342,7 +342,7 @@ TEST(HPKETest, X25519EncapSmallOrderPoint) { uint16_t kdf_ids[] = {EVP_HPKE_HKDF_SHA256, EVP_HPKE_HKDF_SHA384, EVP_HPKE_HKDF_SHA512}; - uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_GCM_128, EVP_HPKE_AEAD_AES_GCM_256, + uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_128_GCM, EVP_HPKE_AEAD_AES_256_GCM, EVP_HPKE_AEAD_CHACHA20POLY1305}; for (uint16_t kdf_id : kdf_ids) { @@ -377,7 +377,7 @@ TEST(HPKETest, ReceiverInvalidSeal) { // Set up the receiver. ScopedEVP_HPKE_CTX receiver_ctx; ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, kMockEnc, sizeof(kMockEnc), public_key_r, sizeof(public_key_r), secret_key_r, sizeof(secret_key_r), nullptr, 0)); @@ -405,7 +405,7 @@ TEST(HPKETest, SenderInvalidOpen) { uint8_t enc[X25519_PUBLIC_VALUE_LEN]; ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519( sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), nullptr, + EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr, 0)); // Call Open() on the sender. @@ -442,7 +442,7 @@ TEST(HPKETest, EmptyPSK) { ASSERT_EQ( EVP_HPKE_CTX_setup_psk_s_x25519( sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), + EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr, 0, psk.data(), psk.size(), psk_id.data(), psk_id.size()), kExpectSuccess); @@ -456,7 +456,7 @@ TEST(HPKETest, EmptyPSK) { ScopedEVP_HPKE_CTX receiver_ctx; ASSERT_EQ(EVP_HPKE_CTX_setup_psk_r_x25519( receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, kMockEnc, sizeof(kMockEnc), + EVP_HPKE_AEAD_AES_128_GCM, kMockEnc, sizeof(kMockEnc), public_key_r, sizeof(public_key_r), secret_key_r, sizeof(secret_key_r), nullptr, 0, psk.data(), psk.size(), psk_id.data(), psk_id.size()), @@ -482,7 +482,7 @@ TEST(HPKETest, SetupSenderWrongLengthEnc) { { ASSERT_FALSE(EVP_HPKE_CTX_setup_base_s_x25519( sender_ctx.get(), bogus_enc, sizeof(bogus_enc), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), nullptr, + EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr, 0)); uint32_t err = ERR_get_error(); EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); @@ -494,7 +494,7 @@ TEST(HPKETest, SetupSenderWrongLengthEnc) { const uint8_t psk_id[] = {1, 2, 3, 4}; ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_s_x25519( sender_ctx.get(), bogus_enc, sizeof(bogus_enc), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, public_key_r, sizeof(public_key_r), nullptr, + EVP_HPKE_AEAD_AES_128_GCM, public_key_r, sizeof(public_key_r), nullptr, 0, psk, sizeof(psk), psk_id, sizeof(psk_id))); uint32_t err = ERR_get_error(); EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); @@ -513,7 +513,7 @@ TEST(HPKETest, SetupReceiverWrongLengthEnc) { ScopedEVP_HPKE_CTX receiver_ctx; { ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, bogus_enc, sizeof(bogus_enc), public_key, sizeof(public_key), private_key, sizeof(private_key), nullptr, 0)); uint32_t err = ERR_get_error(); @@ -525,7 +525,7 @@ TEST(HPKETest, SetupReceiverWrongLengthEnc) { const uint8_t psk[] = {1, 2, 3, 4}; const uint8_t psk_id[] = {1, 2, 3, 4}; ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, bogus_enc, sizeof(bogus_enc), public_key, sizeof(public_key), private_key, sizeof(private_key), nullptr, 0, psk, sizeof(psk), psk_id, sizeof(psk_id))); @@ -543,7 +543,7 @@ TEST(HPKETest, SetupSenderWrongLengthPeerPublicValue) { { ASSERT_FALSE(EVP_HPKE_CTX_setup_base_s_x25519( sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, bogus_public_key_r, + EVP_HPKE_AEAD_AES_128_GCM, bogus_public_key_r, sizeof(bogus_public_key_r), nullptr, 0)); uint32_t err = ERR_get_error(); EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); @@ -556,7 +556,7 @@ TEST(HPKETest, SetupSenderWrongLengthPeerPublicValue) { ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_s_x25519( sender_ctx.get(), enc, sizeof(enc), EVP_HPKE_HKDF_SHA256, - EVP_HPKE_AEAD_AES_GCM_128, bogus_public_key_r, + EVP_HPKE_AEAD_AES_128_GCM, bogus_public_key_r, sizeof(bogus_public_key_r), nullptr, 0, psk, sizeof(psk), psk_id, sizeof(psk_id))); uint32_t err = ERR_get_error(); @@ -582,7 +582,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) { { // Test base mode with |bogus_public_key|. ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, enc, sizeof(enc), bogus_public_key, sizeof(bogus_public_key), private_key, sizeof(private_key), nullptr, 0)); uint32_t err = ERR_get_error(); @@ -593,7 +593,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) { { // Test base mode with |bogus_private_key|. ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, enc, sizeof(enc), public_key, sizeof(public_key), bogus_private_key, sizeof(bogus_private_key), nullptr, 0)); uint32_t err = ERR_get_error(); @@ -606,7 +606,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) { const uint8_t psk[] = {1, 2, 3, 4}; const uint8_t psk_id[] = {1, 2, 3, 4}; ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, enc, sizeof(enc), bogus_public_key, sizeof(bogus_public_key), private_key, sizeof(private_key), nullptr, 0, psk, sizeof(psk), psk_id, sizeof(psk_id))); @@ -620,7 +620,7 @@ TEST(HPKETest, SetupReceiverWrongLengthKeys) { const uint8_t psk[] = {1, 2, 3, 4}; const uint8_t psk_id[] = {1, 2, 3, 4}; ASSERT_FALSE(EVP_HPKE_CTX_setup_psk_r_x25519( - receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_128_GCM, enc, sizeof(enc), public_key, sizeof(public_key), bogus_private_key, sizeof(bogus_private_key), nullptr, 0, psk, sizeof(psk), psk_id, sizeof(psk_id))); diff --git a/crypto/hpke/internal.h b/crypto/hpke/internal.h index 51a33130e..5bd650860 100644 --- a/crypto/hpke/internal.h +++ b/crypto/hpke/internal.h @@ -34,8 +34,8 @@ extern "C" { // See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07. // EVP_HPKE_AEAD_* are AEAD identifiers. -#define EVP_HPKE_AEAD_AES_GCM_128 0x0001 -#define EVP_HPKE_AEAD_AES_GCM_256 0x0002 +#define EVP_HPKE_AEAD_AES_128_GCM 0x0001 +#define EVP_HPKE_AEAD_AES_256_GCM 0x0002 #define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003 // EVP_HPKE_HKDF_* are HKDF identifiers. diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 484eee9b0..155c7133e 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -620,7 +620,7 @@ static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) { constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256; const uint16_t aead_id = EVP_has_aes_hardware() - ? EVP_HPKE_AEAD_AES_GCM_128 + ? EVP_HPKE_AEAD_AES_128_GCM : EVP_HPKE_AEAD_CHACHA20POLY1305; const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id); assert(aead != nullptr);