less log debug

fix adata for AEAD (no chacha) and TLS 1.2 fix ECDHE-CHACHA and TLS 1.2 add CHACHA to openssl interop tests
mirleft · Jul 4, 2020 · f74f870 · f74f870
1 parent 095e3d5
commit f74f870
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 22 deletions.
diff --git a/lib/ciphersuite.ml b/lib/ciphersuite.ml
@@ -250,7 +250,8 @@ let ecc = function
   | `ECDHE_RSA_WITH_AES_128_GCM_SHA256
   | `ECDHE_RSA_WITH_AES_256_GCM_SHA384
   | `ECDHE_RSA_WITH_AES_256_CBC_SHA384
-  | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 -> true
+  | `ECDHE_RSA_WITH_AES_128_CBC_SHA256
+  | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -> true
   | _ -> false
 
 let ciphersuite_tls12_only = function

diff --git a/lib/crypto.ml b/lib/crypto.ml
@@ -161,7 +161,6 @@ let encrypt_aead (type a) ~cipher ~key ~nonce ?adata data =
     C.authenticate_encrypt ~key ~nonce ?adata data
   | State.ChaCha20_Poly1305 cipher ->
     let module C = (val cipher : AEAD with type key = a) in
-    Logs.info (fun m -> m "encrypt with nonce %d" (Cstruct.len nonce));
     C.authenticate_encrypt ~key ~nonce ?adata data
 
 let decrypt_aead (type a) ~cipher ~key ~nonce ?adata data =
@@ -174,7 +173,6 @@ let decrypt_aead (type a) ~cipher ~key ~nonce ?adata data =
      C.authenticate_decrypt ~key ~nonce ?adata data
   | State.ChaCha20_Poly1305 cipher ->
     let module C = (val cipher : AEAD with type key = a) in
-    Logs.info (fun m -> m "decrypt with nonce %d" (Cstruct.len nonce));
     C.authenticate_decrypt ~key ~nonce ?adata data
 
 let encrypt_cbc (type a) ~cipher ~key ~iv data =

diff --git a/lib/engine.ml b/lib/engine.ml
@@ -243,25 +243,28 @@ let decrypt ?(trial = false) (version : tls_version) (st : crypto_state) ty buf
               (CBC c, msg) )
 
     | AEAD c ->
-      let adata =
-        let ver = pair_of_tls_version version in
-        Crypto.pseudo_header seq ty ver (Cstruct.len buf - 16)
-      in
       match c.cipher with
       | ChaCha20_Poly1305 _ ->
         (* RFC 7905: no explicit nonce, instead TLS 1.3 construction is adapted *)
-        let nonce = Crypto.aead_nonce c.nonce seq in
+        let adata =
+          let ver = pair_of_tls_version version in
+          Crypto.pseudo_header seq ty ver (Cstruct.len buf - Crypto.tag_len c.cipher)
+        and nonce = Crypto.aead_nonce c.nonce seq
+        in
         (match Crypto.decrypt_aead ~adata ~cipher:c.cipher ~key:c.cipher_secret ~nonce buf with
          | None -> fail (`Fatal `MACMismatch)
-         | Some x ->
-           Logs.info (fun m -> m "decrypted %a" Cstruct.hexdump_pp x);
-           return (AEAD c, x))
+         | Some x -> return (AEAD c, x))
       | _ ->
-        if Cstruct.len buf < 8 then
+        let explicit_nonce_len = 8 in
+        if Cstruct.len buf < explicit_nonce_len then
           fail (`Fatal `MACUnderflow)
         else
-          let explicit_nonce, buf = Cstruct.split buf 8 in
-          let nonce = c.nonce <+> explicit_nonce in
+          let explicit_nonce, buf = Cstruct.split buf explicit_nonce_len in
+          let adata =
+            let ver = pair_of_tls_version version in
+            Crypto.pseudo_header seq ty ver (Cstruct.len buf - Crypto.tag_len c.cipher)
+          and nonce = c.nonce <+> explicit_nonce
+          in
           match Crypto.decrypt_aead ~cipher:c.cipher ~key:c.cipher_secret ~nonce ~adata buf with
           | None -> fail (`Fatal `MACMismatch)
           | Some x -> return (AEAD c, x)
@@ -285,16 +288,13 @@ let decrypt ?(trial = false) (version : tls_version) (st : crypto_state) ty buf
         | AEAD c ->
           let nonce = Crypto.aead_nonce c.nonce ctx.sequence in
           let unpad x =
-            Logs.info (fun m -> m "decrypted %a" Cstruct.hexdump_pp x);
             let rec eat = function
               | -1 -> fail (`Fatal `MissingContentType)
               | idx -> match Cstruct.get_uint8 x idx with
                 | 0 -> eat (pred idx)
                 | n -> match Packet.int_to_content_type n with
                   | Some ct -> return (Cstruct.sub x 0 idx, ct)
-                  | None ->
-                    Logs.info (fun m -> m "here n %d" n);
-                    fail (`Fatal `MACUnderflow) (* TODO better error? *)
+                  | None -> fail (`Fatal `MACUnderflow) (* TODO better error? *)
             in
             eat (pred (Cstruct.len x))
           in

diff --git a/tests/interop-openssl-sclient.sh b/tests/interop-openssl-sclient.sh
@@ -63,7 +63,7 @@ for i in $ciphers; do
     testit
 done
 
-tls12_ciphers="DHE-RSA-AES256-SHA256 AES256-SHA256 DHE-RSA-AES128-SHA256 AES128-SHA256 AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256"
+tls12_ciphers="DHE-RSA-AES256-SHA256 AES256-SHA256 DHE-RSA-AES128-SHA256 AES128-SHA256 AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305"
 for i in $tls12_ciphers; do
     extra_args="-cipher $i"
     testit
@@ -73,7 +73,7 @@ for i in $tls12_ciphers; do
 done
 
 #add TLS_CHACHA20_POLY1305_SHA256 once we support it
-tls13_ciphers="TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256"
+tls13_ciphers="TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256"
 for i in $tls13_ciphers; do
     extra_args="-ciphersuites $i"
     testit

diff --git a/tests/interop-openssl-sserver.sh b/tests/interop-openssl-sserver.sh
@@ -55,7 +55,7 @@ for i in $ciphers; do
     testit
 done
 
-tls12_ciphers="DHE-RSA-AES256-SHA256 AES256-SHA256 DHE-RSA-AES128-SHA256 AES128-SHA256 AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256"
+tls12_ciphers="DHE-RSA-AES256-SHA256 AES256-SHA256 DHE-RSA-AES128-SHA256 AES128-SHA256 AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305"
 for i in $tls12_ciphers; do
     extra_args="-cipher $i"
     testit
@@ -65,7 +65,7 @@ for i in $tls12_ciphers; do
 done
 
 #add TLS_CHACHA20_POLY1305_SHA256 once we support it
-tls13_ciphers="TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256"
+tls13_ciphers="TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256"
 for i in $tls13_ciphers; do
     extra_args="-ciphersuites $i"
     testit