Add support for AEGIS to minicrypto

CMakeLists.txt

@@ -89,8 +89,13 @@ ADD_LIBRARY(picotls-core ${CORE_FILES})
 TARGET_LINK_LIBRARIES(picotls-core ${CORE_EXTRA_LIBS})
 TARGET_LINK_DIRECTORIES(picotls-core PUBLIC ${CORE_EXTRA_LIBS_DIRS})
 
+IF (WITH_AEGIS)
+    SET(MINICRYPTO_AEGIS_FILES lib/cifra/libaegis.c)
+ENDIF ()
+
 ADD_LIBRARY(picotls-minicrypto
     ${MINICRYPTO_LIBRARY_FILES}
+    ${MINICRYPTO_AEGIS_FILES}
     lib/cifra.c
     lib/cifra/x25519.c
     lib/cifra/chacha20.c
@@ -104,6 +109,7 @@ ADD_LIBRARY(picotls-minicrypto
 TARGET_LINK_LIBRARIES(picotls-minicrypto picotls-core)
 ADD_EXECUTABLE(test-minicrypto.t
     ${MINICRYPTO_LIBRARY_FILES}
+    ${MINICRYPTO_AEGIS_FILES}
     deps/picotest/picotest.c
     ${CORE_TEST_FILES}
     t/minicrypto.c
@@ -129,6 +135,7 @@ IF (WITH_AEGIS)
       MESSAGE(STATUS "Enabling AEGIS support (library found in ${aegis_DIR})")
       SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DPTLS_HAVE_AEGIS=1")
       SET(AEGIS_LIBRARIES ${aegis_LIBRARIES})
+      TARGET_LINK_LIBRARIES(test-minicrypto.t ${AEGIS_LIBRARIES})
     ELSE()
       MESSAGE(FATAL_ERROR "libaegis found, but aegis.h not found - Define AEGIS_INCLUDE_DIR accordingly")
     ENDIF()
@@ -150,6 +157,7 @@ IF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.1"))
 
     ADD_EXECUTABLE(test-openssl.t
         ${MINICRYPTO_LIBRARY_FILES}
+        ${MINICRYPTO_AEGIS_FILES}
         lib/cifra.c
         lib/cifra/x25519.c
         lib/cifra/chacha20.c

README.md

@@ -24,7 +24,7 @@ License and the cryptographic algorithms supported by the crypto bindings are as
 
 | Binding | License | Key Exchange | Certificate | AEAD cipher |
 |:-----:|:-----:|:-----:|:-----:|:-----:|
-| minicrypto | [CC0](https://github.com/ctz/cifra/) / [2-clause BSD](https://github.com/kmackay/micro-ecc) | secp256r1, x25519 | ECDSA (secp256r1)<sup>1</sup> | AES-128-GCM, chacha20-poly1305 |
+| minicrypto | [CC0](https://github.com/ctz/cifra/) / [2-clause BSD](https://github.com/kmackay/micro-ecc) | secp256r1, x25519 | ECDSA (secp256r1)<sup>1</sup> | AES-128-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis) |
 | OpenSSL | OpenSSL | secp256r1, secp384r1, secp521r1, x25519 | RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519 | AES-128-GCM, AES-256-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis) |
 
 Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.

include/picotls/minicrypto.h

@@ -47,8 +47,16 @@ extern ptls_key_exchange_algorithm_t *ptls_minicrypto_key_exchanges[];
 extern ptls_cipher_algorithm_t ptls_minicrypto_aes128ecb, ptls_minicrypto_aes256ecb, ptls_minicrypto_aes128ctr,
     ptls_minicrypto_aes256ctr, ptls_minicrypto_chacha20;
 extern ptls_aead_algorithm_t ptls_minicrypto_aes128gcm, ptls_minicrypto_aes256gcm, ptls_minicrypto_chacha20poly1305;
+#ifdef PTLS_HAVE_AEGIS
+extern ptls_aead_algorithm_t ptls_minicrypto_aegis128l;
+extern ptls_aead_algorithm_t ptls_minicrypto_aegis256;
+#endif
 extern ptls_hash_algorithm_t ptls_minicrypto_sha256, ptls_minicrypto_sha384;
 extern ptls_cipher_suite_t ptls_minicrypto_aes128gcmsha256, ptls_minicrypto_aes256gcmsha384, ptls_minicrypto_chacha20poly1305sha256;
+#ifdef PTLS_HAVE_AEGIS
+extern ptls_cipher_suite_t ptls_minicrypto_aegis128lsha256;
+extern ptls_cipher_suite_t ptls_minicrypto_aegis256sha384;
+#endif
 extern ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[];
 
 typedef struct st_ptls_asn1_pkcs8_private_key_t {

lib/cifra.c

@@ -24,4 +24,9 @@
 #include "picotls/minicrypto.h"
 
 ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_aes128gcmsha256,
-                                                        &ptls_minicrypto_chacha20poly1305sha256, NULL};
+                                                        &ptls_minicrypto_chacha20poly1305sha256,
+#ifdef PTLS_HAVE_AEGIS
+                                                        &ptls_minicrypto_aegis128lsha256,
+                                                        &ptls_minicrypto_aegis256sha384,
+#endif
+                                                        NULL};

lib/cifra/libaegis.c

@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2023 Frank Denis
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include "../libaegis.h"
+
+extern ptls_hash_algorithm_t ptls_minicrypto_sha256;
+extern ptls_hash_algorithm_t ptls_minicrypto_sha384;
+
+ptls_aead_algorithm_t ptls_minicrypto_aegis128l = {"AEGIS-128L",
+                                                   PTLS_AEGIS128L_CONFIDENTIALITY_LIMIT,
+                                                   PTLS_AEGIS128L_INTEGRITY_LIMIT,
+                                                   NULL,
+                                                   NULL,
+                                                   PTLS_AEGIS128L_KEY_SIZE,
+                                                   PTLS_AEGIS128L_IV_SIZE,
+                                                   PTLS_AEGIS128L_TAG_SIZE,
+                                                   { 0, 0 },
+                                                   0,
+                                                   0,
+                                                   sizeof(struct aegis128l_context_t),
+                                                   aegis128l_setup_crypto};
+ptls_cipher_suite_t ptls_minicrypto_aegis128lsha256 = {.id = PTLS_CIPHER_SUITE_AEGIS128L_SHA256,
+                                                       .name = PTLS_CIPHER_SUITE_NAME_AEGIS128L_SHA256,
+                                                       .aead = &ptls_minicrypto_aegis128l,
+                                                       .hash = &ptls_minicrypto_sha256};
+
+ptls_aead_algorithm_t ptls_minicrypto_aegis256 = {"AEGIS-256",
+                                                  PTLS_AEGIS256_CONFIDENTIALITY_LIMIT,
+                                                  PTLS_AEGIS256_INTEGRITY_LIMIT,
+                                                  NULL,
+                                                  NULL,
+                                                  PTLS_AEGIS256_KEY_SIZE,
+                                                  PTLS_AEGIS256_IV_SIZE,
+                                                  PTLS_AEGIS256_TAG_SIZE,
+                                                  { 0, 0 },
+                                                  0,
+                                                  0,
+                                                  sizeof(struct aegis256_context_t),
+                                                  aegis256_setup_crypto};
+ptls_cipher_suite_t ptls_minicrypto_aegis256sha384 = {.id = PTLS_CIPHER_SUITE_AEGIS256_SHA384,
+                                                      .name = PTLS_CIPHER_SUITE_NAME_AEGIS256_SHA384,
+                                                      .aead = &ptls_minicrypto_aegis256,
+                                                      .hash = &ptls_minicrypto_sha256};