Replace the TLS_AEGIS_256_SHA384 ciphersuite with TLS_AEGIS_256_SHA512 (

#104)

Summary:
The latest AEGIS draft, as well as the IANA TLS registry [1] have been updated to replace `TLS_AEGIS_256_SHA384` with `TLS_AEGIS_256_SHA512`.

This follows the recommendations from [2] for new cipher suites.

[1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
[2] https://eprint.iacr.org/2023/913.pdf

Pull Request resolved: #104

Differential Revision: D51794472

Pulled By: mingtaoy

fbshipit-source-id: 4e2b9f0d374a08d1d40348f2f049c0f7b03f1616

fizz/crypto/aead/test/EVPCipherTest.cpp

@@ -1040,7 +1040,7 @@ INSTANTIATE_TEST_SUITE_P(
             "5d6691271eb1b2261d1b34fa7560e274b83373343c2e49b2b6a82bc0f20cee85cd608d195c1a16679d720441c95fae86631f3f2cd27f38f71cedc79aaca7fdddbd4da4eeb97632366db65ca21acd85b41fd1a9de688bddff433a4757eb084e6816dbc8ff93f5995804",
             "0943a3e659b86e267ffea969ddd6d6d63aa35d1a1f31fb6f47205104b132da65799cc64cc9f66ffa5ec479550c2c5dfa006f827ef02e3ab4dae3446bf93ccb5c17e1ec0393f161fca94f2944d041f162e9c964558b6b57d3bb393b9743b1f8338ff878a154800fd16c6eacac942353072bdeb9fcf85e5b6c04",
             true,
-            CipherSuite::TLS_AEGIS_256_SHA384},
+            CipherSuite::TLS_AEGIS_256_SHA512},
         CipherParams{
             "c88bb05b2aec1218e1a5026511e6d44de7bd502588e9e2a01591b39c5ead76ff",
             "4a485f226a73f0c4e16242e8234841cdf6af1771eb278e7f35428d03eb5b4cf0",
@@ -1049,7 +1049,7 @@ INSTANTIATE_TEST_SUITE_P(
             "2a4c06941ec356390542d7d7833fd68fc85a00c0452281f87dee6f10180d02182791232c7007fde35dfd5a901afa896296f9f344db717994d078fbd3a4cec8d782d2bdc205f3709827b776fd5c863a952fea97a14a6c2ee3f20432b8baa084470179078bd6a83597478b2fd9ae00ecb424822cb0d61e9a55a4",
             "b8565db06c2fa493e09b6764f4d09296422095eb6e9890f606654713bfee6f362a123688b61f254f315f18b20bcc5ed8b0b4f2224de9f498e3ef03532a8bcddb361f5ace8ff491bab8b3d06550496501264f9f48ebad277e7492146789d0fc1a3b1e3e81598370a4183683d1fee25a9a1fe359c836932746b983d01767ad4b9b3d70cc917fe57e41e0",
             true,
-            CipherSuite::TLS_AEGIS_256_SHA384},
+            CipherSuite::TLS_AEGIS_256_SHA512},
         CipherParams{
             "77b473865175ebd5ddf9c382bac227029c25bdb836e683a138e4618cc964488b",
             "f183d8de1e6dd4ccefa79fe22fabfda58e68dd29116d13408042f0713a4ee5f8",
@@ -1058,7 +1058,7 @@ INSTANTIATE_TEST_SUITE_P(
             "9888b8ee03c3217a777b7558a31e331909570ea196f02c8cffad2c8dc6499b8125363c06a71c057842666bfb5c6acc937d2eecd960330c2361abdd88a4b191557ddf5102de75ddc7e09aee9862f32e24f1db3847a5f5b379fb32e2ef7ffb0d3a60",
             "3464d835302583ade6ed99e23333e865d3308f31a6cb65bcefdc9a1b9b4d0e0f75513188480dac4a64922af4441324ce7de74eb9f7f4e414f6177a4814edc96313694b99ff8dd36b2f7f79c7ecd70ec475abe1c1909238767f172fd6b95e92c025b1f8c9704d7b845964e14ccb333f0d4b",
             true,
-            CipherSuite::TLS_AEGIS_256_SHA384},
+            CipherSuite::TLS_AEGIS_256_SHA512},
         CipherParams{
             "b8c6e8cea59ca9fd2922530ee61911c1ed1c5af98be8fb03cbb449adcea0ed83",
             "af5bc1abe7bafadee790390277874cdfcc1ac1955f249d1131555d345832f555",
@@ -1067,7 +1067,7 @@ INSTANTIATE_TEST_SUITE_P(
             "b6c15f560be043d06aa27e15d8c901af6b19db7a15e1",
             "4c8496dfa6c419ef3c4867769a9014bd17118c22eef5f0f7ed5cb9ba59df21310c274cf9a585",
             true,
-            CipherSuite::TLS_AEGIS_256_SHA384},
+            CipherSuite::TLS_AEGIS_256_SHA512},
         CipherParams{
             "0000000000000000000000000000000000000000000000000000000000000000",
             "0000000000000000000000000000000000000000000000000000000000000000",
@@ -1076,7 +1076,7 @@ INSTANTIATE_TEST_SUITE_P(
             "dc5180954df0c3391a60b44cbf70aee72b7dbb2addc90a0bf2ceac6113287eb501fe1ea9f4c51822664b82fe0279b039f4",
             "c8a7d9131cebfa5388003cc30deac523aa9b09d148affff06ba40400e09ca900db770e07cedf5cd0647f6723c810ffcb596cac51edd6f49cd7be0010a3ac29e704",
             false,
-            CipherSuite::TLS_AEGIS_256_SHA384}));
+            CipherSuite::TLS_AEGIS_256_SHA512}));
 #endif
 } // namespace test
 } // namespace fizz

fizz/crypto/test/TestUtil.cpp

@@ -99,7 +99,7 @@ std::unique_ptr<Aead> getCipher(CipherSuite suite) {
     case CipherSuite::TLS_AEGIS_128L_SHA256:
       cipher = AEGISCipher::make128L();
       break;
-    case CipherSuite::TLS_AEGIS_256_SHA384:
+    case CipherSuite::TLS_AEGIS_256_SHA512:
       cipher = AEGISCipher::make256();
       break;
 #endif

fizz/protocol/OpenSSLFactory.cpp

@@ -40,7 +40,7 @@ std::unique_ptr<Aead> OpenSSLFactory::makeAead(CipherSuite cipher) const {
     case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
       return OpenSSLEVPCipher::makeCipher<AESOCB128>();
 #if FIZZ_BUILD_AEGIS
-    case CipherSuite::TLS_AEGIS_256_SHA384:
+    case CipherSuite::TLS_AEGIS_256_SHA512:
       return AEGISCipher::make256();
     case CipherSuite::TLS_AEGIS_128L_SHA256:
       return AEGISCipher::make128L();
@@ -59,8 +59,9 @@ std::unique_ptr<KeyDerivation> OpenSSLFactory::makeKeyDeriver(
     case CipherSuite::TLS_AEGIS_128L_SHA256:
       return KeyDerivationImpl::make<Sha256>(getHkdfPrefix());
     case CipherSuite::TLS_AES_256_GCM_SHA384:
-    case CipherSuite::TLS_AEGIS_256_SHA384:
       return KeyDerivationImpl::make<Sha384>(getHkdfPrefix());
+    case CipherSuite::TLS_AEGIS_256_SHA512:
+      return KeyDerivationImpl::make<Sha512>(getHkdfPrefix());
     default:
       throw std::runtime_error("ks: not implemented");
   }
@@ -75,7 +76,7 @@ std::unique_ptr<HandshakeContext> OpenSSLFactory::makeHandshakeContext(
     case CipherSuite::TLS_AEGIS_128L_SHA256:
       return std::make_unique<HandshakeContextImpl<Sha256>>(getHkdfPrefix());
     case CipherSuite::TLS_AES_256_GCM_SHA384:
-    case CipherSuite::TLS_AEGIS_256_SHA384:
+    case CipherSuite::TLS_AEGIS_256_SHA512:
       return std::make_unique<HandshakeContextImpl<Sha384>>(getHkdfPrefix());
     default:
       throw std::runtime_error("hs: not implemented");

fizz/protocol/OpenSSLFactory.h

@@ -10,6 +10,7 @@
 
 #include <fizz/crypto/Sha256.h>
 #include <fizz/crypto/Sha384.h>
+#include <fizz/crypto/Sha512.h>
 #include <fizz/crypto/aead/AEGISCipher.h>
 #include <fizz/crypto/aead/AESGCM128.h>
 #include <fizz/crypto/aead/AESGCM256.h>

fizz/protocol/Types.cpp

@@ -17,9 +17,10 @@ HashFunction getHashFunction(CipherSuite cipher) {
     case CipherSuite::TLS_CHACHA20_POLY1305_SHA256:
     case CipherSuite::TLS_AEGIS_128L_SHA256:
       return HashFunction::Sha256;
-    case CipherSuite::TLS_AEGIS_256_SHA384:
     case CipherSuite::TLS_AES_256_GCM_SHA384:
       return HashFunction::Sha384;
+    case CipherSuite::TLS_AEGIS_256_SHA512:
+      return HashFunction::Sha512;
   }
   throw std::runtime_error("unknown cipher suite");
 }

fizz/record/Types.cpp

@@ -187,8 +187,8 @@ std::string toString(CipherSuite cipher) {
       return "TLS_CHACHA20_POLY1305_SHA256";
     case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
       return "TLS_AES_128_OCB_SHA256_EXPERIMENTAL";
-    case CipherSuite::TLS_AEGIS_256_SHA384:
-      return "TLS_AEGIS_256_SHA384";
+    case CipherSuite::TLS_AEGIS_256_SHA512:
+      return "TLS_AEGIS_256_SHA512";
     case CipherSuite::TLS_AEGIS_128L_SHA256:
       return "TLS_AEGIS_128L_SHA256";
   }

fizz/record/Types.h

@@ -157,7 +157,7 @@ enum class CipherSuite : uint16_t {
   TLS_AES_128_GCM_SHA256 = 0x1301,
   TLS_AES_256_GCM_SHA384 = 0x1302,
   TLS_CHACHA20_POLY1305_SHA256 = 0x1303,
-  TLS_AEGIS_256_SHA384 = 0x1306,
+  TLS_AEGIS_256_SHA512 = 0x1306,
   TLS_AEGIS_128L_SHA256 = 0x1307,
   // experimental cipher suites
   TLS_AES_128_OCB_SHA256_EXPERIMENTAL = 0xFF01,

fizz/util/Parse-inl.h

@@ -20,7 +20,7 @@ inline CipherSuite parse(folly::StringPiece s) {
       {"TLS_AES_128_OCB_SHA256_EXPERIMENTAL",
        CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL},
       {"TLS_AEGIS_128L_SHA256", CipherSuite::TLS_AEGIS_128L_SHA256},
-      {"TLS_AEGIS_256_SHA384", CipherSuite::TLS_AEGIS_256_SHA384}};
+      {"TLS_AEGIS_256_SHA512", CipherSuite::TLS_AEGIS_256_SHA512}};
 
   auto location = stringToCiphers.find(s);
   if (location != stringToCiphers.end()) {