Implement ChaCha20_Poly1305 cipher suite (#675)

* Allow ciphersuite to be chosen on commandline in dial_selfsign example

* chacha20 support for webrtc-dtls

* support cipher suite for chacha20, but don't prefer it

Author: wdouglass

Cargo.lock

@@ -52,6 +52,7 @@ log = "0.4"
 thiserror = "1"
 pem = { version = "3", optional = true }
 portable-atomic = "1.6"
+chacha20poly1305 = "0.10.1"
 
 [dev-dependencies]
 tokio-test = "0.4"

dtls/Cargo.toml

@@ -46,6 +46,12 @@ async fn main() -> Result<(), Error> {
                 .default_value("127.0.0.1:4444")
                 .long("server")
                 .help("DTLS Server name."),
+        )
+        .arg(
+            Arg::with_name("ciphersuite")
+                .takes_value(true)
+                .long("ciphersuite")
+                .help("Force a single ciphersuite."),
         );
 
     let matches = app.clone().get_matches();
@@ -68,6 +74,11 @@ async fn main() -> Result<(), Error> {
         certificates: vec![certificate],
         insecure_skip_verify: true,
         extended_master_secret: ExtendedMasterSecretType::Require,
+        cipher_suites: if matches.is_present("ciphersuite") {
+            vec![matches.value_of("ciphersuite").unwrap().into()]
+        } else {
+            vec![]
+        },
         ..Default::default()
     };
     let dtls_conn: Arc<dyn Conn + Send + Sync> =

dtls/examples/dial/selfsign/dial_selfsign.rs

@@ -0,0 +1,116 @@
+use super::*;
+use crate::crypto::crypto_chacha20::*;
+use crate::prf::*;
+
+#[derive(Clone)]
+pub struct CipherSuiteChaCha20Poly1305Sha256 {
+    rsa: bool,
+    cipher: Option<CryptoChaCha20>,
+}
+
+impl CipherSuiteChaCha20Poly1305Sha256 {
+    const PRF_MAC_LEN: usize = 0;
+    const PRF_KEY_LEN: usize = 32;
+    const PRF_IV_LEN: usize = 12;
+
+    pub fn new(rsa: bool) -> Self {
+        CipherSuiteChaCha20Poly1305Sha256 {
+            rsa: rsa,
+            cipher: None,
+        }
+    }
+}
+
+impl CipherSuite for CipherSuiteChaCha20Poly1305Sha256 {
+    fn to_string(&self) -> String {
+        if self.rsa {
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256".to_owned()
+        } else {
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256".to_owned()
+        }
+    }
+
+    fn id(&self) -> CipherSuiteId {
+        if self.rsa {
+            CipherSuiteId::Tls_Ecdhe_Rsa_With_ChaCha20_Poly1305_Sha256
+        } else {
+            CipherSuiteId::Tls_Ecdhe_Ecdsa_With_ChaCha20_Poly1305_Sha256
+        }
+    }
+
+    fn certificate_type(&self) -> ClientCertificateType {
+        if self.rsa {
+            ClientCertificateType::RsaSign
+        } else {
+            ClientCertificateType::EcdsaSign
+        }
+    }
+
+    fn hash_func(&self) -> CipherSuiteHash {
+        CipherSuiteHash::Sha256
+    }
+
+    fn is_psk(&self) -> bool {
+        false
+    }
+
+    fn is_initialized(&self) -> bool {
+        self.cipher.is_some()
+    }
+
+    fn init(
+        &mut self,
+        master_secret: &[u8],
+        client_random: &[u8],
+        server_random: &[u8],
+        is_client: bool,
+    ) -> Result<()> {
+        let keys = prf_encryption_keys(
+            master_secret,
+            client_random,
+            server_random,
+            CipherSuiteChaCha20Poly1305Sha256::PRF_MAC_LEN,
+            CipherSuiteChaCha20Poly1305Sha256::PRF_KEY_LEN,
+            CipherSuiteChaCha20Poly1305Sha256::PRF_IV_LEN,
+            self.hash_func(),
+        )?;
+
+        if is_client {
+            self.cipher = Some(CryptoChaCha20::new(
+                &keys.client_write_key,
+                &keys.client_write_iv,
+                &keys.server_write_key,
+                &keys.server_write_iv,
+            ));
+        } else {
+            self.cipher = Some(CryptoChaCha20::new(
+                &keys.server_write_key,
+                &keys.server_write_iv,
+                &keys.client_write_key,
+                &keys.client_write_iv,
+            ));
+        }
+
+        Ok(())
+    }
+
+    fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>> {
+        if let Some(cg) = &self.cipher {
+            cg.encrypt(pkt_rlh, raw)
+        } else {
+            Err(Error::Other(
+                "CipherSuite has not been initialized, unable to encrypt".to_owned(),
+            ))
+        }
+    }
+
+    fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>> {
+        if let Some(cg) = &self.cipher {
+            cg.decrypt(input)
+        } else {
+            Err(Error::Other(
+                "CipherSuite has not been initialized, unable to decrypt".to_owned(),
+            ))
+        }
+    }
+}

dtls/src/cipher_suite/cipher_suite_chacha20_poly1305_sha256.rs

@@ -1,6 +1,7 @@
 pub mod cipher_suite_aes_128_ccm;
 pub mod cipher_suite_aes_128_gcm_sha256;
 pub mod cipher_suite_aes_256_cbc_sha;
+pub mod cipher_suite_chacha20_poly1305_sha256;
 pub mod cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm;
 pub mod cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8;
 pub mod cipher_suite_tls_psk_with_aes_128_ccm;
@@ -12,6 +13,7 @@ use std::marker::{Send, Sync};
 
 use cipher_suite_aes_128_gcm_sha256::*;
 use cipher_suite_aes_256_cbc_sha::*;
+use cipher_suite_chacha20_poly1305_sha256::*;
 use cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm::*;
 use cipher_suite_tls_ecdhe_ecdsa_with_aes_128_ccm8::*;
 use cipher_suite_tls_psk_with_aes_128_ccm::*;
@@ -43,6 +45,10 @@ pub enum CipherSuiteId {
     Tls_Psk_With_Aes_128_Ccm_8 = 0xc0a8,
     Tls_Psk_With_Aes_128_Gcm_Sha256 = 0x00a8,
 
+    // CHACHA20_POLY1305_SHA256
+    Tls_Ecdhe_Rsa_With_ChaCha20_Poly1305_Sha256 = 0xcca8,
+    Tls_Ecdhe_Ecdsa_With_ChaCha20_Poly1305_Sha256 = 0xcca9,
+
     Unsupported,
 }
 
@@ -72,6 +78,13 @@ impl fmt::Display for CipherSuiteId {
             CipherSuiteId::Tls_Psk_With_Aes_128_Gcm_Sha256 => {
                 write!(f, "TLS_PSK_WITH_AES_128_GCM_SHA256")
             }
+            CipherSuiteId::Tls_Ecdhe_Rsa_With_ChaCha20_Poly1305_Sha256 => {
+                write!(f, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256")
+            }
+            CipherSuiteId::Tls_Ecdhe_Ecdsa_With_ChaCha20_Poly1305_Sha256 => {
+                write!(f, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256")
+            }
+
             _ => write!(f, "Unsupported CipherSuiteID"),
         }
     }
@@ -96,6 +109,43 @@ impl From<u16> for CipherSuiteId {
             0xc0a8 => CipherSuiteId::Tls_Psk_With_Aes_128_Ccm_8,
             0x00a8 => CipherSuiteId::Tls_Psk_With_Aes_128_Gcm_Sha256,
 
+            // CHACHA20_POLY1305_SHA256
+            0xcca8 => CipherSuiteId::Tls_Ecdhe_Rsa_With_ChaCha20_Poly1305_Sha256,
+            0xcca9 => CipherSuiteId::Tls_Ecdhe_Ecdsa_With_ChaCha20_Poly1305_Sha256,
+
+            _ => CipherSuiteId::Unsupported,
+        }
+    }
+}
+
+impl From<&str> for CipherSuiteId {
+    fn from(val: &str) -> Self {
+        match val {
+            "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" => CipherSuiteId::Tls_Ecdhe_Ecdsa_With_Aes_128_Ccm,
+            "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" => {
+                CipherSuiteId::Tls_Ecdhe_Ecdsa_With_Aes_128_Ccm_8
+            }
+            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" => {
+                CipherSuiteId::Tls_Ecdhe_Ecdsa_With_Aes_128_Gcm_Sha256
+            }
+            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" => {
+                CipherSuiteId::Tls_Ecdhe_Rsa_With_Aes_128_Gcm_Sha256
+            }
+            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" => {
+                CipherSuiteId::Tls_Ecdhe_Ecdsa_With_Aes_256_Cbc_Sha
+            }
+            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" => {
+                CipherSuiteId::Tls_Ecdhe_Rsa_With_Aes_256_Cbc_Sha
+            }
+            "TLS_PSK_WITH_AES_128_CCM" => CipherSuiteId::Tls_Psk_With_Aes_128_Ccm,
+            "TLS_PSK_WITH_AES_128_CCM_8" => CipherSuiteId::Tls_Psk_With_Aes_128_Ccm_8,
+            "TLS_PSK_WITH_AES_128_GCM_SHA256" => CipherSuiteId::Tls_Psk_With_Aes_128_Gcm_Sha256,
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" => {
+                CipherSuiteId::Tls_Ecdhe_Rsa_With_ChaCha20_Poly1305_Sha256
+            }
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" => {
+                CipherSuiteId::Tls_Ecdhe_Ecdsa_With_ChaCha20_Poly1305_Sha256
+            }
             _ => CipherSuiteId::Unsupported,
         }
     }
@@ -167,6 +217,13 @@ pub fn cipher_suite_for_id(id: CipherSuiteId) -> Result<Box<dyn CipherSuite + Se
         CipherSuiteId::Tls_Psk_With_Aes_128_Gcm_Sha256 => {
             Ok(Box::<CipherSuiteTlsPskWithAes128GcmSha256>::default())
         }
+        CipherSuiteId::Tls_Ecdhe_Rsa_With_ChaCha20_Poly1305_Sha256 => {
+            Ok(Box::new(CipherSuiteChaCha20Poly1305Sha256::new(true)))
+        }
+        CipherSuiteId::Tls_Ecdhe_Ecdsa_With_ChaCha20_Poly1305_Sha256 => {
+            Ok(Box::new(CipherSuiteChaCha20Poly1305Sha256::new(false)))
+        }
+
         _ => Err(Error::ErrInvalidCipherSuite),
     }
 }
@@ -178,6 +235,7 @@ pub(crate) fn default_cipher_suites() -> Vec<Box<dyn CipherSuite + Send + Sync>>
         Box::new(CipherSuiteAes256CbcSha::new(false)),
         Box::new(CipherSuiteAes128GcmSha256::new(true)),
         Box::new(CipherSuiteAes256CbcSha::new(true)),
+        Box::new(CipherSuiteChaCha20Poly1305Sha256::new(false)),
     ]
 }
 
@@ -192,6 +250,8 @@ fn all_cipher_suites() -> Vec<Box<dyn CipherSuite + Send + Sync>> {
         Box::new(new_cipher_suite_tls_psk_with_aes_128_ccm()),
         Box::new(new_cipher_suite_tls_psk_with_aes_128_ccm8()),
         Box::<CipherSuiteTlsPskWithAes128GcmSha256>::default(),
+        Box::new(CipherSuiteChaCha20Poly1305Sha256::new(false)),
+        Box::new(CipherSuiteChaCha20Poly1305Sha256::new(true)),
     ]
 }