Skip to content

Commit d4bf071

Browse files
alexalex
authored
Merge pull request #2386 from skmcgrail/aws-lc-follow-up
Enable additional capabilities for AWS-LC
2 parents dde9ffb + a86bf67 commit d4bf071

File tree

14 files changed

+313
-106
lines changed

14 files changed

+313
-106
lines changed

openssl/build.rs

+4
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ fn main() {
3333
println!("cargo:rustc-check-cfg=cfg(libressl382)");
3434
println!("cargo:rustc-check-cfg=cfg(libressl390)");
3535
println!("cargo:rustc-check-cfg=cfg(libressl400)");
36+
println!("cargo:rustc-check-cfg=cfg(libressl410)");
3637

3738
println!("cargo:rustc-check-cfg=cfg(ossl101)");
3839
println!("cargo:rustc-check-cfg=cfg(ossl102)");
@@ -121,6 +122,9 @@ fn main() {
121122
if version >= 0x4_00_00_00_0 {
122123
println!("cargo:rustc-cfg=libressl400");
123124
}
125+
if version >= 0x4_01_00_00_0 {
126+
println!("cargo:rustc-cfg=libressl410");
127+
}
124128
}
125129

126130
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {

openssl/src/bn.rs

+22-12
Original file line numberDiff line numberDiff line change
@@ -37,18 +37,15 @@ use crate::{cvt, cvt_n, cvt_p, LenType};
3737
use openssl_macros::corresponds;
3838

3939
cfg_if! {
40-
if #[cfg(any(ossl110, libressl350))] {
40+
if #[cfg(any(ossl110, libressl350, awslc))] {
4141
use ffi::{
42-
BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768, BN_get_rfc3526_prime_1536,
43-
BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
42+
BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096,
4443
BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192, BN_is_negative,
4544
};
46-
} else if #[cfg(any(boringssl, awslc))] {
45+
} else if #[cfg(boringssl)] {
4746
use ffi::BN_is_negative;
4847
} else {
4948
use ffi::{
50-
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
51-
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
5249
get_rfc3526_prime_1536 as BN_get_rfc3526_prime_1536,
5350
get_rfc3526_prime_2048 as BN_get_rfc3526_prime_2048,
5451
get_rfc3526_prime_3072 as BN_get_rfc3526_prime_3072,
@@ -64,6 +61,19 @@ cfg_if! {
6461
}
6562
}
6663

64+
cfg_if! {
65+
if #[cfg(any(ossl110, libressl350))] {
66+
use ffi::{
67+
BN_get_rfc2409_prime_1024, BN_get_rfc2409_prime_768
68+
};
69+
} else if #[cfg(not(any(boringssl, awslc)))] {
70+
use ffi::{
71+
get_rfc2409_prime_1024 as BN_get_rfc2409_prime_1024,
72+
get_rfc2409_prime_768 as BN_get_rfc2409_prime_768,
73+
};
74+
}
75+
}
76+
6777
/// Options for the most significant bits of a randomly generated `BigNum`.
6878
pub struct MsbOption(c_int);
6979

@@ -1014,7 +1024,7 @@ impl BigNum {
10141024
///
10151025
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
10161026
#[corresponds(BN_get_rfc3526_prime_1536)]
1017-
#[cfg(not(any(boringssl, awslc)))]
1027+
#[cfg(not(boringssl))]
10181028
pub fn get_rfc3526_prime_1536() -> Result<BigNum, ErrorStack> {
10191029
unsafe {
10201030
ffi::init();
@@ -1028,7 +1038,7 @@ impl BigNum {
10281038
///
10291039
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-3
10301040
#[corresponds(BN_get_rfc3526_prime_2048)]
1031-
#[cfg(not(any(boringssl, awslc)))]
1041+
#[cfg(not(boringssl))]
10321042
pub fn get_rfc3526_prime_2048() -> Result<BigNum, ErrorStack> {
10331043
unsafe {
10341044
ffi::init();
@@ -1042,7 +1052,7 @@ impl BigNum {
10421052
///
10431053
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
10441054
#[corresponds(BN_get_rfc3526_prime_3072)]
1045-
#[cfg(not(any(boringssl, awslc)))]
1055+
#[cfg(not(boringssl))]
10461056
pub fn get_rfc3526_prime_3072() -> Result<BigNum, ErrorStack> {
10471057
unsafe {
10481058
ffi::init();
@@ -1056,7 +1066,7 @@ impl BigNum {
10561066
///
10571067
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-4
10581068
#[corresponds(BN_get_rfc3526_prime_4096)]
1059-
#[cfg(not(any(boringssl, awslc)))]
1069+
#[cfg(not(boringssl))]
10601070
pub fn get_rfc3526_prime_4096() -> Result<BigNum, ErrorStack> {
10611071
unsafe {
10621072
ffi::init();
@@ -1070,7 +1080,7 @@ impl BigNum {
10701080
///
10711081
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
10721082
#[corresponds(BN_get_rfc3526_prime_6114)]
1073-
#[cfg(not(any(boringssl, awslc)))]
1083+
#[cfg(not(boringssl))]
10741084
pub fn get_rfc3526_prime_6144() -> Result<BigNum, ErrorStack> {
10751085
unsafe {
10761086
ffi::init();
@@ -1084,7 +1094,7 @@ impl BigNum {
10841094
///
10851095
/// [`RFC 3526`]: https://tools.ietf.org/html/rfc3526#page-6
10861096
#[corresponds(BN_get_rfc3526_prime_8192)]
1087-
#[cfg(not(any(boringssl, awslc)))]
1097+
#[cfg(not(boringssl))]
10881098
pub fn get_rfc3526_prime_8192() -> Result<BigNum, ErrorStack> {
10891099
unsafe {
10901100
ffi::init();

openssl/src/cipher.rs

+12-12
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ impl Cipher {
166166
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_xts() as *mut _) }
167167
}
168168

169-
#[cfg(not(any(boringssl, awslc)))]
169+
#[cfg(not(boringssl))]
170170
pub fn aes_256_xts() -> &'static CipherRef {
171171
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_xts() as *mut _) }
172172
}
@@ -175,17 +175,17 @@ impl Cipher {
175175
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ctr() as *mut _) }
176176
}
177177

178-
#[cfg(not(any(boringssl, awslc)))]
178+
#[cfg(not(boringssl))]
179179
pub fn aes_128_cfb1() -> &'static CipherRef {
180180
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb1() as *mut _) }
181181
}
182182

183-
#[cfg(not(any(boringssl, awslc)))]
183+
#[cfg(not(boringssl))]
184184
pub fn aes_128_cfb128() -> &'static CipherRef {
185185
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb128() as *mut _) }
186186
}
187187

188-
#[cfg(not(any(boringssl, awslc)))]
188+
#[cfg(not(boringssl))]
189189
pub fn aes_128_cfb8() -> &'static CipherRef {
190190
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_cfb8() as *mut _) }
191191
}
@@ -194,7 +194,7 @@ impl Cipher {
194194
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_gcm() as *mut _) }
195195
}
196196

197-
#[cfg(not(any(boringssl, awslc)))]
197+
#[cfg(not(boringssl))]
198198
pub fn aes_128_ccm() -> &'static CipherRef {
199199
unsafe { CipherRef::from_ptr(ffi::EVP_aes_128_ccm() as *mut _) }
200200
}
@@ -233,7 +233,7 @@ impl Cipher {
233233
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ctr() as *mut _) }
234234
}
235235

236-
#[cfg(not(any(boringssl, awslc)))]
236+
#[cfg(not(boringssl))]
237237
pub fn aes_192_cfb1() -> &'static CipherRef {
238238
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb1() as *mut _) }
239239
}
@@ -242,7 +242,7 @@ impl Cipher {
242242
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb128() as *mut _) }
243243
}
244244

245-
#[cfg(not(any(boringssl, awslc)))]
245+
#[cfg(not(boringssl))]
246246
pub fn aes_192_cfb8() -> &'static CipherRef {
247247
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_cfb8() as *mut _) }
248248
}
@@ -251,7 +251,7 @@ impl Cipher {
251251
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_gcm() as *mut _) }
252252
}
253253

254-
#[cfg(not(any(boringssl, awslc)))]
254+
#[cfg(not(boringssl))]
255255
pub fn aes_192_ccm() -> &'static CipherRef {
256256
unsafe { CipherRef::from_ptr(ffi::EVP_aes_192_ccm() as *mut _) }
257257
}
@@ -290,7 +290,7 @@ impl Cipher {
290290
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ctr() as *mut _) }
291291
}
292292

293-
#[cfg(not(any(boringssl, awslc)))]
293+
#[cfg(not(boringssl))]
294294
pub fn aes_256_cfb1() -> &'static CipherRef {
295295
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb1() as *mut _) }
296296
}
@@ -299,7 +299,7 @@ impl Cipher {
299299
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb128() as *mut _) }
300300
}
301301

302-
#[cfg(not(any(boringssl, awslc)))]
302+
#[cfg(not(boringssl))]
303303
pub fn aes_256_cfb8() -> &'static CipherRef {
304304
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_cfb8() as *mut _) }
305305
}
@@ -308,7 +308,7 @@ impl Cipher {
308308
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_gcm() as *mut _) }
309309
}
310310

311-
#[cfg(not(any(boringssl, awslc)))]
311+
#[cfg(not(boringssl))]
312312
pub fn aes_256_ccm() -> &'static CipherRef {
313313
unsafe { CipherRef::from_ptr(ffi::EVP_aes_256_ccm() as *mut _) }
314314
}
@@ -500,7 +500,7 @@ impl Cipher {
500500
unsafe { CipherRef::from_ptr(ffi::EVP_chacha20() as *mut _) }
501501
}
502502

503-
#[cfg(all(any(ossl110, libressl360), not(osslconf = "OPENSSL_NO_CHACHA")))]
503+
#[cfg(all(any(ossl110, libressl360, awslc), not(osslconf = "OPENSSL_NO_CHACHA")))]
504504
pub fn chacha20_poly1305() -> &'static CipherRef {
505505
unsafe { CipherRef::from_ptr(ffi::EVP_chacha20_poly1305() as *mut _) }
506506
}

openssl/src/cipher_ctx.rs

+165
Original file line numberDiff line numberDiff line change
@@ -809,8 +809,173 @@ mod test {
809809
aes_128_cbc(cipher);
810810
}
811811

812+
#[cfg(not(boringssl))]
813+
#[test]
814+
fn default_aes_128_ccm() {
815+
// from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
816+
let cipher = Cipher::aes_128_ccm();
817+
aes_ccm(
818+
cipher,
819+
"26511fb51fcfa75cb4b44da75a6e5a0e",
820+
"ea98ec44f5a86715014783172e",
821+
"4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10",
822+
"e4692b9f06b666c7451b146c8aeb07a6e30c629d28065c3dde5940325b14b810",
823+
"1bf0ba0ebb20d8edba59f29a9371750c9c714078f73c335d",
824+
"2f1322ac69b848b001476323aed84c47",
825+
);
826+
}
827+
828+
#[cfg(not(boringssl))]
829+
#[test]
830+
fn default_aes_192_ccm() {
831+
// from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
832+
let cipher = Cipher::aes_192_ccm();
833+
aes_ccm(
834+
cipher,
835+
"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886",
836+
"ea98ec44f5a86715014783172e",
837+
"4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10",
838+
"e4692b9f06b666c7451b146c8aeb07a6e30c629d28065c3dde5940325b14b810",
839+
"30c154c616946eccc2e241d336ad33720953e449a0e6b0f0",
840+
"dbf8e9464909bdf337e48093c082a10b",
841+
);
842+
}
843+
844+
#[cfg(not(boringssl))]
845+
#[test]
846+
fn default_aes_256_ccm() {
847+
// from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/ccmtestvectors.zip
848+
let cipher = Cipher::aes_256_ccm();
849+
aes_ccm(
850+
cipher,
851+
"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e",
852+
"3542fbe0f59a6d5f3abf619b7d",
853+
"c5b3d71312ea14f2f8fae5bd1a453192b6604a45db75c5ed",
854+
"dd4531f158a2fa3bc8a339f770595048f4a42bc1b03f2e824efc6ba4985119d8",
855+
"39c2e8f6edfe663b90963b98eb79e2d4f7f28a5053ae8881",
856+
"567a6b4426f1667136bed4a5e32a2bc1",
857+
);
858+
}
859+
860+
#[cfg(not(boringssl))]
861+
fn aes_ccm(
862+
cipher: &CipherRef,
863+
key: &'static str,
864+
iv: &'static str,
865+
pt: &'static str,
866+
aad: &'static str,
867+
ct: &'static str,
868+
tag: &'static str,
869+
) {
870+
let key = hex::decode(key).unwrap();
871+
let iv = hex::decode(iv).unwrap();
872+
let pt = hex::decode(pt).unwrap();
873+
let ct = hex::decode(ct).unwrap();
874+
let aad = hex::decode(aad).unwrap();
875+
let tag = hex::decode(tag).unwrap();
876+
877+
let mut ctx = CipherCtx::new().unwrap();
878+
879+
ctx.encrypt_init(Some(cipher), None, None).unwrap();
880+
ctx.set_iv_length(iv.len()).unwrap();
881+
ctx.set_tag_length(tag.len()).unwrap();
882+
ctx.encrypt_init(None, Some(&key), Some(&iv)).unwrap();
883+
ctx.set_data_len(pt.len()).unwrap();
884+
885+
let mut buf = vec![];
886+
ctx.cipher_update(&aad, None).unwrap();
887+
ctx.cipher_update_vec(&pt, &mut buf).unwrap();
888+
ctx.cipher_final_vec(&mut buf).unwrap();
889+
assert_eq!(buf, ct);
890+
891+
let mut out_tag = vec![0u8; tag.len()];
892+
ctx.tag(&mut out_tag).unwrap();
893+
assert_eq!(tag, out_tag);
894+
895+
ctx.decrypt_init(Some(cipher), None, None).unwrap();
896+
ctx.set_iv_length(iv.len()).unwrap();
897+
ctx.set_tag(&tag).unwrap();
898+
ctx.decrypt_init(None, Some(&key), Some(&iv)).unwrap();
899+
ctx.set_data_len(pt.len()).unwrap();
900+
901+
let mut buf = vec![];
902+
ctx.cipher_update(&aad, None).unwrap();
903+
ctx.cipher_update_vec(&ct, &mut buf).unwrap();
904+
// Some older libraries don't support calling EVP_CipherFinal/EVP_DecryptFinal for CCM
905+
// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_CCM_mode
906+
#[cfg(any(ossl111, awslc, boringssl))]
907+
ctx.cipher_final_vec(&mut buf).unwrap();
908+
909+
assert_eq!(buf, pt);
910+
}
911+
912+
#[cfg(not(any(boringssl, awslc)))]
913+
#[test]
914+
fn default_aes_128_xts() {
915+
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
916+
let cipher = Cipher::aes_128_xts();
917+
aes_xts(
918+
cipher,
919+
"a1b90cba3f06ac353b2c343876081762090923026e91771815f29dab01932f2f",
920+
"4faef7117cda59c66e4b92013e768ad5",
921+
"ebabce95b14d3c8d6fb350390790311c",
922+
"778ae8b43cb98d5a825081d5be471c63",
923+
);
924+
}
925+
926+
#[cfg(not(boringssl))]
927+
#[test]
928+
fn default_aes_256_xts() {
929+
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
930+
let cipher = Cipher::aes_256_xts();
931+
aes_xts(cipher, "1ea661c58d943a0e4801e42f4b0947149e7f9f8e3e68d0c7505210bd311a0e7cd6e13ffdf2418d8d1911c004cda58da3d619b7e2b9141e58318eea392cf41b08", "adf8d92627464ad2f0428e84a9f87564", "2eedea52cd8215e1acc647e810bbc3642e87287f8d2e57e36c0a24fbc12a202e", "cbaad0e2f6cea3f50b37f934d46a9b130b9d54f07e34f36af793e86f73c6d7db");
932+
}
933+
934+
#[cfg(not(boringssl))]
935+
fn aes_xts(
936+
cipher: &CipherRef,
937+
key: &'static str,
938+
i: &'static str,
939+
pt: &'static str,
940+
ct: &'static str,
941+
) {
942+
let key = hex::decode(key).unwrap();
943+
let i = hex::decode(i).unwrap();
944+
let pt = hex::decode(pt).unwrap();
945+
let ct = hex::decode(ct).unwrap();
946+
947+
let mut ctx = CipherCtx::new().unwrap();
948+
ctx.encrypt_init(Some(cipher), Some(&key), Some(&i))
949+
.unwrap();
950+
let mut buf = vec![];
951+
ctx.cipher_update_vec(&pt, &mut buf).unwrap();
952+
ctx.cipher_final_vec(&mut buf).unwrap();
953+
954+
assert_eq!(ct, buf);
955+
956+
ctx.decrypt_init(Some(cipher), Some(&key), Some(&i))
957+
.unwrap();
958+
let mut buf = vec![];
959+
ctx.cipher_update_vec(&ct, &mut buf).unwrap();
960+
ctx.cipher_final_vec(&mut buf).unwrap();
961+
962+
assert_eq!(pt, buf);
963+
}
964+
812965
#[test]
813966
fn test_stream_ciphers() {
967+
#[cfg(not(boringssl))]
968+
{
969+
test_stream_cipher(Cipher::aes_128_cfb1());
970+
test_stream_cipher(Cipher::aes_128_cfb8());
971+
test_stream_cipher(Cipher::aes_128_cfb128());
972+
test_stream_cipher(Cipher::aes_192_cfb1());
973+
test_stream_cipher(Cipher::aes_192_cfb8());
974+
test_stream_cipher(Cipher::aes_192_cfb128());
975+
test_stream_cipher(Cipher::aes_256_cfb1());
976+
test_stream_cipher(Cipher::aes_256_cfb8());
977+
test_stream_cipher(Cipher::aes_256_cfb128());
978+
}
814979
test_stream_cipher(Cipher::aes_192_ctr());
815980
test_stream_cipher(Cipher::aes_256_ctr());
816981
}

0 commit comments

Comments
 (0)