commit 271777f5ac6c7f7d1aaf95b91c5a5bef86da6363
author Brian Smith <brian@briansmith.org> Sat Oct 03 13:53:33 2015 -1000
committer Adam Langley <alangley@gmail.com> Tue Oct 27 01:01:42 2015 +0000
tree dcba9025f07ba4d5fa83be6acd0f109b8fa42d4a
parent 3e23e4cb58b4aef45f51b9fabb7953fa4aac9f26

Refactor ChaCha20-Poly1305 AEAD nonce handling.

This change reduces unnecessary copying and makes the pre-RFC-7539
nonces 96 bits just like the AES-GCM, AES-CCM, and RFC 7539
ChaCha20-Poly1305 cipher suites. Also, all the symbols related to
the pre-RFC-7539 cipher suites now have "_OLD" appended, in
preparation for adding the RFC 7539 variants.

Change-Id: I1f85bd825b383c3134df0b6214266069ded029ae
Reviewed-on: https://boringssl-review.googlesource.com/6103
Reviewed-by: Adam Langley <alangley@gmail.com>

ssl/ssl_cipher.c

diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 737eb35..9c7f493 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -452,17 +452,17 @@
     /* ChaCha20-Poly1305 cipher suites. */
 
     {
-     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-     TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,
-     SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
+     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
+     TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aRSA,
+     SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256,
      256, 256,
     },
 
     {
-     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-     TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA,
-     SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
+     TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aECDSA,
+     SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256,
      256, 256,
     },
@@ -543,7 +543,7 @@
     {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, ~0u},
     {"AES", ~0u, ~0u, SSL_AES, ~0u, ~0u, ~0u},
     {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, ~0u},
-    {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u},
+    {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, ~0u},
 
     /* MAC aliases */
     {"MD5", ~0u, ~0u, ~0u, SSL_MD5, ~0u, ~0u},
@@ -612,7 +612,7 @@
       return 1;
 
 #if !defined(BORINGSSL_ANDROID_SYSTEM)
-    case SSL_CHACHA20POLY1305:
+    case SSL_CHACHA20POLY1305_OLD:
       *out_aead = EVP_aead_chacha20_poly1305_old();
       *out_fixed_iv_len = 0;
       return 1;
@@ -1236,10 +1236,10 @@
                           -1, 0, &head, &tail);
     ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, ~0u, CIPHER_ADD,
                           -1, 0, &head, &tail);
-    ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u,
+    ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, ~0u,
                           CIPHER_ADD, -1, 0, &head, &tail);
   } else {
-    ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u,
+    ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, ~0u,
                           CIPHER_ADD, -1, 0, &head, &tail);
     ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, ~0u, CIPHER_ADD,
                           -1, 0, &head, &tail);
@@ -1388,8 +1388,8 @@
   return (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) != 0;
 }
 
-int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher) {
-  return (cipher->algorithm_enc & SSL_CHACHA20POLY1305) != 0;
+int SSL_CIPHER_is_CHACHA20POLY1305_OLD(const SSL_CIPHER *cipher) {
+  return (cipher->algorithm_enc & SSL_CHACHA20POLY1305_OLD) != 0;
 }
 
 int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher) {
@@ -1470,7 +1470,7 @@
       return "AES_128_GCM";
     case SSL_AES256GCM:
       return "AES_256_GCM";
-    case SSL_CHACHA20POLY1305:
+    case SSL_CHACHA20POLY1305_OLD:
       return "CHACHA20_POLY1305";
       break;
     default:
@@ -1626,7 +1626,7 @@
       enc = "AESGCM(256)";
       break;
 
-    case SSL_CHACHA20POLY1305:
+    case SSL_CHACHA20POLY1305_OLD:
       enc = "ChaCha20-Poly1305";
       break;