/
OpenSSLFactory.cpp
122 lines (114 loc) · 4.6 KB
/
OpenSSLFactory.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
* Copyright (c) 2018-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree.
*/
#include <fizz/protocol/CertUtils.h>
#include <fizz/protocol/OpenSSLFactory.h>
#if FIZZ_HAVE_OQS
#include <fizz/crypto/exchange/HybridKeyExchange.h>
#include <fizz/experimental/crypto/exchange/OQSKeyExchange.h>
#endif
namespace fizz {
std::unique_ptr<KeyExchange> OpenSSLFactory::makeKeyExchange(
NamedGroup group,
KeyExchangeMode mode) const {
(void)mode;
switch (group) {
case NamedGroup::secp256r1:
return std::make_unique<OpenSSLECKeyExchange<P256>>();
case NamedGroup::secp384r1:
return std::make_unique<OpenSSLECKeyExchange<P384>>();
case NamedGroup::secp521r1:
return std::make_unique<OpenSSLECKeyExchange<P521>>();
case NamedGroup::x25519:
return std::make_unique<X25519KeyExchange>();
#if FIZZ_HAVE_OQS
case NamedGroup::x25519_kyber512:
case NamedGroup::x25519_kyber512_experimental:
return std::make_unique<HybridKeyExchange>(
std::make_unique<X25519KeyExchange>(),
OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_512));
case NamedGroup::secp256r1_kyber512:
return std::make_unique<HybridKeyExchange>(
std::make_unique<OpenSSLECKeyExchange<P256>>(),
OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_512));
case NamedGroup::kyber512:
return OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_512);
case NamedGroup::x25519_kyber768_draft00:
case NamedGroup::x25519_kyber768_experimental:
return std::make_unique<HybridKeyExchange>(
std::make_unique<X25519KeyExchange>(),
OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_768));
case NamedGroup::secp256r1_kyber768_draft00:
return std::make_unique<HybridKeyExchange>(
std::make_unique<OpenSSLECKeyExchange<P256>>(),
OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_768));
case NamedGroup::secp384r1_kyber768:
return std::make_unique<HybridKeyExchange>(
std::make_unique<OpenSSLECKeyExchange<P384>>(),
OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_768));
#endif
default:
throw std::runtime_error("ke: not implemented");
}
}
std::unique_ptr<Aead> OpenSSLFactory::makeAead(CipherSuite cipher) const {
switch (cipher) {
case CipherSuite::TLS_CHACHA20_POLY1305_SHA256:
return OpenSSLEVPCipher::makeCipher<ChaCha20Poly1305>();
case CipherSuite::TLS_AES_128_GCM_SHA256:
return OpenSSLEVPCipher::makeCipher<AESGCM128>();
case CipherSuite::TLS_AES_256_GCM_SHA384:
return OpenSSLEVPCipher::makeCipher<AESGCM256>();
case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
return OpenSSLEVPCipher::makeCipher<AESOCB128>();
#if FIZZ_BUILD_AEGIS
case CipherSuite::TLS_AEGIS_256_SHA512:
return AEGIS::make256();
case CipherSuite::TLS_AEGIS_128L_SHA256:
return AEGIS::make128L();
#endif
default:
throw std::runtime_error("aead: not implemented");
}
}
std::unique_ptr<KeyDerivation> OpenSSLFactory::makeKeyDeriver(
CipherSuite cipher) const {
switch (cipher) {
case CipherSuite::TLS_CHACHA20_POLY1305_SHA256:
case CipherSuite::TLS_AES_128_GCM_SHA256:
case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
case CipherSuite::TLS_AEGIS_128L_SHA256:
return KeyDerivationImpl::make<Sha256>(getHkdfPrefix());
case CipherSuite::TLS_AES_256_GCM_SHA384:
return KeyDerivationImpl::make<Sha384>(getHkdfPrefix());
case CipherSuite::TLS_AEGIS_256_SHA512:
return KeyDerivationImpl::make<Sha512>(getHkdfPrefix());
default:
throw std::runtime_error("ks: not implemented");
}
}
std::unique_ptr<HandshakeContext> OpenSSLFactory::makeHandshakeContext(
CipherSuite cipher) const {
switch (cipher) {
case CipherSuite::TLS_CHACHA20_POLY1305_SHA256:
case CipherSuite::TLS_AES_128_GCM_SHA256:
case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
case CipherSuite::TLS_AEGIS_128L_SHA256:
return std::make_unique<HandshakeContextImpl<Sha256>>(getHkdfPrefix());
case CipherSuite::TLS_AES_256_GCM_SHA384:
case CipherSuite::TLS_AEGIS_256_SHA512:
return std::make_unique<HandshakeContextImpl<Sha384>>(getHkdfPrefix());
default:
throw std::runtime_error("hs: not implemented");
}
}
std::unique_ptr<PeerCert> OpenSSLFactory::makePeerCert(
CertificateEntry certEntry,
bool /*leaf*/) const {
return CertUtils::makePeerCert(std::move(certEntry.cert_data));
}
} // namespace fizz