Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_tokens.c @ 8502:2029a30863e2 quic
QUIC: using compile time block/iv length for tokens.
Reference values can be found in RFC 3602, 2.1, 2.4.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 16 Jun 2021 18:03:33 +0300 |
parents | 4117aa7fa38e |
children | 75daac63f798 |
comparison
equal
deleted
inserted
replaced
8501:e617d0ba387a | 8502:2029a30863e2 |
---|---|
12 | 12 |
13 | 13 |
14 #define NGX_QUIC_MAX_TOKEN_SIZE 64 | 14 #define NGX_QUIC_MAX_TOKEN_SIZE 64 |
15 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ | 15 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ |
16 | 16 |
17 /* RFC 3602, 2.1 and 2.4 for AES-CBC block size and IV length */ | |
18 #define NGX_QUIC_AES_256_CBC_IV_LEN 16 | |
19 #define NGX_QUIC_AES_256_CBC_BLOCK_SIZE 16 | |
20 | |
17 | 21 |
18 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, | 22 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen, |
19 ngx_uint_t no_port, u_char buf[20]); | 23 ngx_uint_t no_port, u_char buf[20]); |
20 | 24 |
21 | 25 |
74 } | 78 } |
75 | 79 |
76 len = p - in; | 80 len = p - in; |
77 | 81 |
78 cipher = EVP_aes_256_cbc(); | 82 cipher = EVP_aes_256_cbc(); |
79 iv_len = EVP_CIPHER_iv_length(cipher); | 83 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN; |
80 | 84 |
81 token->len = iv_len + len + EVP_CIPHER_block_size(cipher); | 85 token->len = iv_len + len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE; |
82 token->data = ngx_pnalloc(c->pool, token->len); | 86 token->data = ngx_pnalloc(c->pool, token->len); |
83 if (token->data == NULL) { | 87 if (token->data == NULL) { |
84 return NGX_ERROR; | 88 return NGX_ERROR; |
85 } | 89 } |
86 | 90 |
186 | 190 |
187 /* Retry token or NEW_TOKEN in a previous connection */ | 191 /* Retry token or NEW_TOKEN in a previous connection */ |
188 | 192 |
189 cipher = EVP_aes_256_cbc(); | 193 cipher = EVP_aes_256_cbc(); |
190 iv = pkt->token.data; | 194 iv = pkt->token.data; |
191 iv_len = EVP_CIPHER_iv_length(cipher); | 195 iv_len = NGX_QUIC_AES_256_CBC_IV_LEN; |
192 | 196 |
193 /* sanity checks */ | 197 /* sanity checks */ |
194 | 198 |
195 if (pkt->token.len < (size_t) iv_len + EVP_CIPHER_block_size(cipher)) { | 199 if (pkt->token.len < (size_t) iv_len + NGX_QUIC_AES_256_CBC_BLOCK_SIZE) { |
196 goto garbage; | 200 goto garbage; |
197 } | 201 } |
198 | 202 |
199 if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE) { | 203 if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE) { |
200 goto garbage; | 204 goto garbage; |