Skip to content

Commit b3721cb

Browse files
raycollraycoll
committed
Introduce s2n_record_algorithm
This change adds a wrapper around cipher/hmac_alg in s2n_cipher_suite. Logic is also added to select an "s2n_record_algorithm" for every cipher suite during s2n_init(). What do we gain? - Selection of optimal cipher suite implementation. For example, we'll prefer to use composite ciphers for AES-CBC suites. - Seamless fallback to less performant implementations. - Disable cipher suites when no implementations are available. This allows us to add code for new suites(i.e. ChaCha20-based suites) without breaking compatibility when s2n is built with an older libcrypto. - Foundation for divorcing TLS-specific parameters from core crypto code(I'm looking at you s2n_aead_aes_gcm.c). - Foundation to add more cipher suite implementations. All of our current implementations are libcrypto-based, but this needn't always be true. What sucks? - Dynamic state(record_alg) is added and must be initialized at runtime. Previously all s2n_cipher_suite fields were basically constant. - A new layer of abstraction is added: - Compare cipher_suite->record_alg->cipher vs cipher_suite->cipher - More verbose accessors for cipher/hmac
1 parent d1b672a commit b3721cb

17 files changed

+624
-215
lines changed

tests/unit/s2n_3des_test.c

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -49,12 +49,11 @@ int main(int argc, char **argv)
4949
conn->client = &conn->secure;
5050

5151
/* test the 3des cipher with a SHA1 hash */
52-
conn->secure.cipher_suite->cipher = &s2n_3des;
53-
conn->secure.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
54-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.server_key));
55-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.client_key));
56-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_encryption_key(&conn->secure.server_key, &des3));
57-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_decryption_key(&conn->secure.client_key, &des3));
52+
conn->secure.cipher_suite->record_alg = &s2n_record_alg_3des_sha;
53+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
54+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
55+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &des3));
56+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &des3));
5857
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
5958
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
6059
conn->actual_protocol_version = S2N_TLS11;
@@ -106,8 +105,8 @@ int main(int argc, char **argv)
106105
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
107106
}
108107

109-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.server_key));
110-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.client_key));
108+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
109+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
111110
EXPECT_SUCCESS(s2n_connection_free(conn));
112111

113112
END_TEST();

tests/unit/s2n_aead_aes_test.c

Lines changed: 24 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -33,10 +33,10 @@
3333

3434
static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key)
3535
{
36-
GUARD(server_conn->initial.cipher_suite->cipher->init(&server_conn->initial.server_key));
37-
GUARD(server_conn->initial.cipher_suite->cipher->init(&server_conn->initial.client_key));
38-
GUARD(server_conn->initial.cipher_suite->cipher->set_encryption_key(&server_conn->initial.server_key, key));
39-
GUARD(server_conn->initial.cipher_suite->cipher->set_decryption_key(&server_conn->initial.client_key, key));
36+
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->init(&server_conn->initial.server_key));
37+
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->init(&server_conn->initial.client_key));
38+
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial.server_key, key));
39+
GUARD(server_conn->initial.cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial.client_key, key));
4040

4141
return 0;
4242
}
@@ -61,8 +61,7 @@ int main(int argc, char **argv)
6161
conn->client = &conn->initial;
6262

6363
/* test the AES128 cipher */
64-
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
65-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
64+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
6665
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
6766

6867
int max_fragment = S2N_SMALL_FRAGMENT_LENGTH;
@@ -76,8 +75,7 @@ int main(int argc, char **argv)
7675
conn->actual_protocol_version = S2N_TLS12;
7776
conn->server = &conn->initial;
7877
conn->client = &conn->initial;
79-
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
80-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
78+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
8179
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
8280
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
8381

@@ -90,8 +88,8 @@ int main(int argc, char **argv)
9088
}
9189

9290
uint16_t predicted_length = bytes_written;
93-
predicted_length += conn->initial.cipher_suite->cipher->io.aead.record_iv_size;
94-
predicted_length += conn->initial.cipher_suite->cipher->io.aead.tag_size;
91+
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.record_iv_size;
92+
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.tag_size;
9593

9694
EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
9795
EXPECT_EQUAL(conn->out.blob.data[1], 3);
@@ -126,8 +124,7 @@ int main(int argc, char **argv)
126124
conn->server_protocol_version = S2N_TLS12;
127125
conn->client_protocol_version = S2N_TLS12;
128126
conn->actual_protocol_version = S2N_TLS12;
129-
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
130-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
127+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
131128
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
132129
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
133130

@@ -153,8 +150,7 @@ int main(int argc, char **argv)
153150
conn->server_protocol_version = S2N_TLS12;
154151
conn->client_protocol_version = S2N_TLS12;
155152
conn->actual_protocol_version = S2N_TLS12;
156-
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
157-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
153+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
158154
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
159155
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
160156

@@ -178,8 +174,7 @@ int main(int argc, char **argv)
178174
conn->server_protocol_version = S2N_TLS12;
179175
conn->client_protocol_version = S2N_TLS12;
180176
conn->actual_protocol_version = S2N_TLS12;
181-
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
182-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
177+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
183178
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
184179
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
185180

@@ -203,8 +198,7 @@ int main(int argc, char **argv)
203198
conn->server_protocol_version = S2N_TLS12;
204199
conn->client_protocol_version = S2N_TLS12;
205200
conn->actual_protocol_version = S2N_TLS12;
206-
conn->initial.cipher_suite->cipher = &s2n_aes128_gcm;
207-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
201+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_gcm;
208202
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
209203
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
210204

@@ -222,14 +216,13 @@ int main(int argc, char **argv)
222216
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
223217
}
224218
}
225-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.server_key));
226-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.client_key));
219+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.server_key));
220+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.client_key));
227221
EXPECT_SUCCESS(s2n_connection_free(conn));
228222

229223
/* test the AES256 cipher */
230224
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
231-
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
232-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
225+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
233226
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
234227
conn->actual_protocol_version = S2N_TLS12;
235228

@@ -241,8 +234,7 @@ int main(int argc, char **argv)
241234
conn->server_protocol_version = S2N_TLS12;
242235
conn->client_protocol_version = S2N_TLS12;
243236
conn->actual_protocol_version = S2N_TLS12;
244-
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
245-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
237+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
246238
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
247239
conn->actual_protocol_version = S2N_TLS12;
248240
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
@@ -256,8 +248,8 @@ int main(int argc, char **argv)
256248
}
257249

258250
uint16_t predicted_length = bytes_written;
259-
predicted_length += conn->initial.cipher_suite->cipher->io.aead.record_iv_size;
260-
predicted_length += conn->initial.cipher_suite->cipher->io.aead.tag_size;
251+
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.record_iv_size;
252+
predicted_length += conn->initial.cipher_suite->record_alg->cipher->io.aead.tag_size;
261253

262254
EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
263255
EXPECT_EQUAL(conn->out.blob.data[1], 3);
@@ -291,8 +283,7 @@ int main(int argc, char **argv)
291283
conn->server_protocol_version = S2N_TLS12;
292284
conn->client_protocol_version = S2N_TLS12;
293285
conn->actual_protocol_version = S2N_TLS12;
294-
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
295-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
286+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
296287
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
297288
conn->actual_protocol_version = S2N_TLS12;
298289
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
@@ -319,8 +310,7 @@ int main(int argc, char **argv)
319310
conn->server_protocol_version = S2N_TLS12;
320311
conn->client_protocol_version = S2N_TLS12;
321312
conn->actual_protocol_version = S2N_TLS12;
322-
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
323-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
313+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
324314
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
325315
conn->actual_protocol_version = S2N_TLS12;
326316
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
@@ -345,8 +335,7 @@ int main(int argc, char **argv)
345335
conn->server_protocol_version = S2N_TLS12;
346336
conn->client_protocol_version = S2N_TLS12;
347337
conn->actual_protocol_version = S2N_TLS12;
348-
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
349-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
338+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
350339
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
351340
conn->actual_protocol_version = S2N_TLS12;
352341
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
@@ -371,8 +360,7 @@ int main(int argc, char **argv)
371360
conn->server_protocol_version = S2N_TLS12;
372361
conn->client_protocol_version = S2N_TLS12;
373362
conn->actual_protocol_version = S2N_TLS12;
374-
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
375-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
363+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_gcm;
376364
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
377365
conn->actual_protocol_version = S2N_TLS12;
378366
EXPECT_SUCCESS(s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
@@ -391,8 +379,8 @@ int main(int argc, char **argv)
391379
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
392380
}
393381
}
394-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.server_key));
395-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->destroy_key(&conn->initial.client_key));
382+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.server_key));
383+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->destroy_key(&conn->initial.client_key));
396384
EXPECT_SUCCESS(s2n_connection_free(conn));
397385

398386
END_TEST();

tests/unit/s2n_aes_sha_composite_test.c

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,7 @@ int main(int argc, char **argv)
6161
uint8_t proto_versions[3] = { S2N_TLS10, S2N_TLS11, S2N_TLS12 };
6262

6363
/* test the composite AES128_SHA1 cipher */
64-
conn->initial.cipher_suite->cipher = &s2n_aes128_sha;
65-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
64+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes128_sha_composite;
6665

6766
/* It's important to verify all TLS versions for the composite implementation.
6867
* There are a few gotchas with respect to explicit IV length and payload length
@@ -74,10 +73,10 @@ int main(int argc, char **argv)
7473

7574
EXPECT_SUCCESS(s2n_connection_wipe(conn));
7675

77-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_encryption_key(&conn->initial.server_key, &aes128));
78-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_decryption_key(&conn->initial.client_key, &aes128));
79-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
80-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));
76+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial.server_key, &aes128));
77+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial.client_key, &aes128));
78+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
79+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));
8180

8281
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
8382
conn->actual_protocol_version = proto_versions[j];
@@ -131,19 +130,18 @@ int main(int argc, char **argv)
131130
}
132131

133132
/* test the composite AES256_SHA1 cipher */
134-
conn->initial.cipher_suite->cipher = &s2n_aes256_sha;
135-
conn->initial.cipher_suite->hmac_alg = S2N_HMAC_NONE;
133+
conn->initial.cipher_suite->record_alg = &s2n_record_alg_aes256_sha_composite;
136134
for (int j = 0; j < 3; j++ ) {
137135
for (int i = 0; i < max_aligned_fragment; i++) {
138136
struct s2n_blob in = {.data = random_data,.size = i };
139137
int bytes_written;
140138

141139
EXPECT_SUCCESS(s2n_connection_wipe(conn));
142140

143-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_encryption_key(&conn->initial.server_key, &aes256));
144-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->set_decryption_key(&conn->initial.client_key, &aes256));
145-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
146-
EXPECT_SUCCESS(conn->initial.cipher_suite->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));
141+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial.server_key, &aes256));
142+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial.client_key, &aes256));
143+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.server_key, mac_key_sha, sizeof(mac_key_sha)));
144+
EXPECT_SUCCESS(conn->initial.cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial.client_key, mac_key_sha, sizeof(mac_key_sha)));
147145

148146
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
149147
conn->actual_protocol_version = proto_versions[j];

tests/unit/s2n_aes_test.c

Lines changed: 14 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,11 @@ int main(int argc, char **argv)
5151
conn->client = &conn->secure;
5252

5353
/* test the AES128 cipher with a SHA1 hash */
54-
conn->secure.cipher_suite->cipher = &s2n_aes128;
55-
conn->secure.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
56-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.server_key));
57-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.client_key));
58-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_encryption_key(&conn->secure.server_key, &aes128));
59-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_decryption_key(&conn->secure.client_key, &aes128));
54+
conn->secure.cipher_suite->record_alg = &s2n_record_alg_aes128_sha;
55+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
56+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
57+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &aes128));
58+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &aes128));
6059
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
6160
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
6261
conn->actual_protocol_version = S2N_TLS11;
@@ -108,20 +107,19 @@ int main(int argc, char **argv)
108107
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
109108
}
110109

111-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.server_key));
112-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.client_key));
110+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
111+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
113112
EXPECT_SUCCESS(s2n_connection_free(conn));
114113

115114
/* test the AES256 cipher with a SHA1 hash */
116115
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
117116
conn->server = &conn->secure;
118117
conn->client = &conn->secure;
119-
conn->secure.cipher_suite->cipher = &s2n_aes256;
120-
conn->secure.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
121-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.server_key));
122-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->init(&conn->secure.client_key));
123-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_encryption_key(&conn->secure.server_key, &aes256));
124-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->set_decryption_key(&conn->secure.client_key, &aes256));
118+
conn->secure.cipher_suite->record_alg = &s2n_record_alg_aes256_sha;
119+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
120+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
121+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &aes256));
122+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &aes256));
125123
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
126124
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
127125
conn->actual_protocol_version = S2N_TLS11;
@@ -173,8 +171,8 @@ int main(int argc, char **argv)
173171
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
174172
}
175173

176-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.server_key));
177-
EXPECT_SUCCESS(conn->secure.cipher_suite->cipher->destroy_key(&conn->secure.client_key));
174+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
175+
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
178176
EXPECT_SUCCESS(s2n_connection_free(conn));
179177

180178
END_TEST();

0 commit comments

Comments
 (0)