nginx-quic: src/http/ngx_http_request.c comparison

comparison src/http/ngx_http_request.c @ 7637:4daf03d2bd0a quic

OpenSSL compatibility.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Fri, 28 Feb 2020 13:09:51 +0300
parents	53a5cdbe500c
children	640a13fc0f83

comparison

equal deleted inserted replaced

-:53a5cdbe500c
+:4daf03d2bd0a
 }
 #endif
 // initial secret
-size_t          is_len;
+size_t             is_len;
-uint8_t         is[SHA256_DIGEST_LENGTH];
+uint8_t            is[SHA256_DIGEST_LENGTH];
-const EVP_MD   *digest;
+const EVP_MD      *digest;
+#ifdef OPENSSL_IS_BORINGSSL
+const EVP_AEAD    *cipher;
+#else
+const EVP_CIPHER  *cipher;
+#endif
 static const uint8_t salt[20] =
 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7"
 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02";
 digest = EVP_sha256();
-HKDF_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len, salt,
-sizeof(salt));
+/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
+#ifdef OPENSSL_IS_BORINGSSL
+cipher = EVP_aead_aes_128_gcm();
+#else
+cipher = EVP_aes_128_gcm();
+#endif
+if (ngx_hkdf_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len,
+salt, sizeof(salt))
+!= NGX_OK)
+{
+ngx_http_close_connection(c);
+return;
+}
 #if (NGX_DEBUG)
 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
 m = ngx_hex_dump(buf, (uint8_t *) salt, sizeof(salt)) - buf;
 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
 ngx_http_close_connection(c);
 return;
 }
 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1;
+bzero(hkdfl, sizeof(hkdfl));
 hkdfl[0] = 0;
 hkdfl[1] = qc->client_in.len;
 hkdfl[2] = sizeof("tls13 client in") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 client in",
 sizeof("tls13 client in") - 1);
 *p = '\0';
-if (HKDF_expand(qc->client_in.data, qc->client_in.len,
+#if 0
-digest, is, is_len, hkdfl, hkdfl_len)
+ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20);
-== 0)
+m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf;
+ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
+"quic initial secret hkdf: %*s, len: %uz",
+m, buf, sizeof(hkdfl));
+#endif
+if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len,
+digest, is, is_len, hkdfl, hkdfl_len)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(client_in) failed");
+"ngx_hkdf_expand(client_in) failed");
 ngx_http_close_connection(c);
 return;
 }
+#ifdef OPENSSL_IS_BORINGSSL
 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
 "quic EVP key:%d tag:%d nonce:%d",
-EVP_AEAD_key_length(EVP_aead_aes_128_gcm()),
+EVP_AEAD_key_length(cipher),
-EVP_AEAD_max_tag_len(EVP_aead_aes_128_gcm()),
+EVP_AEAD_max_tag_len(cipher),
-EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()));
+EVP_AEAD_nonce_length(cipher));
+#endif
-/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
-qc->client_in_key.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm());
+#ifdef OPENSSL_IS_BORINGSSL
+qc->client_in_key.len = EVP_AEAD_key_length(cipher);
+#else
+qc->client_in_key.len = EVP_CIPHER_key_length(cipher);
+#endif
 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len);
 if (qc->client_in_key.data == NULL) {
 ngx_http_close_connection(c);
 return;
 }
 hkdfl[2] = sizeof("tls13 quic key") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 quic key",
 sizeof("tls13 quic key") - 1);
 *p = '\0';
-if (HKDF_expand(qc->client_in_key.data, qc->client_in_key.len,
+if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len,
 digest, qc->client_in.data, qc->client_in.len,
 hkdfl, hkdfl_len)
-== 0)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(client_in_key) failed");
+"ngx_hkdf_expand(client_in_key) failed");
 ngx_http_close_connection(c);
 return;
 }
-qc->client_in_iv.len = EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm());
+#ifdef OPENSSL_IS_BORINGSSL
+qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher);
+#else
+qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher);
+#endif
 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len);
 if (qc->client_in_iv.data == NULL) {
 ngx_http_close_connection(c);
 return;
 }
 hkdfl[1] = qc->client_in_iv.len;
 hkdfl[2] = sizeof("tls13 quic iv") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
 *p = '\0';
-if (HKDF_expand(qc->client_in_iv.data, qc->client_in_iv.len, digest,
+if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len,
-qc->client_in.data, qc->client_in.len, hkdfl, hkdfl_len)
+digest, qc->client_in.data, qc->client_in.len,
-== 0)
+hkdfl, hkdfl_len)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(client_in_iv) failed");
+"ngx_hkdf_expand(client_in_iv) failed");
 ngx_http_close_connection(c);
 return;
 }
 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
-qc->client_in_hp.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm());
+#ifdef OPENSSL_IS_BORINGSSL
+qc->client_in_hp.len = EVP_AEAD_key_length(cipher);
+#else
+qc->client_in_hp.len = EVP_CIPHER_key_length(cipher);
+#endif
 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len);
 if (qc->client_in_hp.data == NULL) {
 ngx_http_close_connection(c);
 return;
 }
 hkdfl[1] = qc->client_in_hp.len;
 hkdfl[2] = sizeof("tls13 quic hp") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
 *p = '\0';
-if (HKDF_expand(qc->client_in_hp.data, qc->client_in_hp.len, digest,
+if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len,
-qc->client_in.data, qc->client_in.len, hkdfl, hkdfl_len)
+digest, qc->client_in.data, qc->client_in.len,
-== 0)
+hkdfl, hkdfl_len)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(client_in_hp) failed");
+"ngx_hkdf_expand(client_in_hp) failed");
 ngx_http_close_connection(c);
 return;
 }
 #if (NGX_DEBUG)
 hkdfl[2] = sizeof("tls13 server in") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 server in",
 sizeof("tls13 server in") - 1);
 *p = '\0';
-if (HKDF_expand(qc->server_in.data, qc->server_in.len,
+if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len,
 digest, is, is_len, hkdfl, hkdfl_len)
-== 0)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(server_in) failed");
+"ngx_hkdf_expand(server_in) failed");
 ngx_http_close_connection(c);
 return;
 }
 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
-qc->server_in_key.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm());
+#ifdef OPENSSL_IS_BORINGSSL
+qc->server_in_key.len = EVP_AEAD_key_length(cipher);
+#else
+qc->server_in_key.len = EVP_CIPHER_key_length(cipher);
+#endif
 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len);
 if (qc->server_in_key.data == NULL) {
 ngx_http_close_connection(c);
 return;
 }
 hkdfl[2] = sizeof("tls13 quic key") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 quic key",
 sizeof("tls13 quic key") - 1);
 *p = '\0';
-if (HKDF_expand(qc->server_in_key.data, qc->server_in_key.len,
+if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len,
 digest, qc->server_in.data, qc->server_in.len,
 hkdfl, hkdfl_len)
-== 0)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(server_in_key) failed");
+"ngx_hkdf_expand(server_in_key) failed");
 ngx_http_close_connection(c);
 return;
 }
-qc->server_in_iv.len = EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm());
+#ifdef OPENSSL_IS_BORINGSSL
+qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher);
+#else
+qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher);
+#endif
 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len);
 if (qc->server_in_iv.data == NULL) {
 ngx_http_close_connection(c);
 return;
 }
 hkdfl[1] = qc->server_in_iv.len;
 hkdfl[2] = sizeof("tls13 quic iv") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
 *p = '\0';
-if (HKDF_expand(qc->server_in_iv.data, qc->server_in_iv.len, digest,
+if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len,
-qc->server_in.data, qc->server_in.len, hkdfl, hkdfl_len)
+digest, qc->server_in.data, qc->server_in.len,
-== 0)
+hkdfl, hkdfl_len)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(server_in_iv) failed");
+"ngx_hkdf_expand(server_in_iv) failed");
 ngx_http_close_connection(c);
 return;
 }
 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
-qc->server_in_hp.len = EVP_AEAD_key_length(EVP_aead_aes_128_gcm());
+#ifdef OPENSSL_IS_BORINGSSL
+qc->server_in_hp.len = EVP_AEAD_key_length(cipher);
+#else
+qc->server_in_hp.len = EVP_CIPHER_key_length(cipher);
+#endif
 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len);
 if (qc->server_in_hp.data == NULL) {
 ngx_http_close_connection(c);
 return;
 }
 hkdfl[1] = qc->server_in_hp.len;
 hkdfl[2] = sizeof("tls13 quic hp") - 1;
 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
 *p = '\0';
-if (HKDF_expand(qc->server_in_hp.data, qc->server_in_hp.len, digest,
+if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len,
-qc->server_in.data, qc->server_in.len, hkdfl, hkdfl_len)
+digest, qc->server_in.data, qc->server_in.len,
-== 0)
+hkdfl, hkdfl_len)
+!= NGX_OK)
 {
 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
-"HKDF_expand(server_in_hp) failed");
+"ngx_hkdf_expand(server_in_hp) failed");
 ngx_http_close_connection(c);
 return;
 }
 #if (NGX_DEBUG)
 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
 "quic ad: %*s, len: %uz", m, buf, ad.len);
 }
 #endif
-EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(EVP_aead_aes_128_gcm(),
+uint8_t cleartext[1600];
+size_t cleartext_len;
+#ifdef OPENSSL_IS_BORINGSSL
+EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
 qc->client_in_key.data,
 qc->client_in_key.len,
 EVP_AEAD_DEFAULT_TAG_LENGTH);
-uint8_t cleartext[1600];
+if (aead == NULL) {
-size_t cleartext_len = sizeof(cleartext);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
+"EVP_AEAD_CTX_new() failed");
+ngx_http_close_connection(c);
+return;
+}
 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
 nonce, qc->client_in_iv.len, ciphertext.data,
 ciphertext.len, ad.data, ad.len)
 != 1)
 ngx_http_close_connection(c);
 return;
 }
 EVP_AEAD_CTX_free(aead);
+#else
+int              len;
+u_char          *tag;
+EVP_CIPHER_CTX  *aead;
+aead = EVP_CIPHER_CTX_new();
+if (aead == NULL) {
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_CIPHER_CTX_new() failed");
+ngx_http_close_connection(c);
+return;
+}
+if (EVP_DecryptInit_ex(aead, cipher, NULL, NULL, NULL) != 1) {
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
+ngx_http_close_connection(c);
+return;
+}
+if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in_iv.len,
+NULL)
+== 0)
+{
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
+"EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
+ngx_http_close_connection(c);
+return;
+}
+if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in_key.data, nonce)
+!= 1)
+{
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
+ngx_http_close_connection(c);
+return;
+}
+if (EVP_DecryptUpdate(aead, NULL, &len, ad.data, ad.len) != 1) {
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed");
+ngx_http_close_connection(c);
+return;
+}
+if (EVP_DecryptUpdate(aead, cleartext, &len, ciphertext.data,
+ciphertext.len - EVP_GCM_TLS_TAG_LEN)
+!= 1)
+{
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptUpdate() failed");
+ngx_http_close_connection(c);
+return;
+}
+cleartext_len = len;
+tag = ciphertext.data + ciphertext.len - EVP_GCM_TLS_TAG_LEN;
+if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN,
+tag)
+== 0)
+{
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
+"EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
+ngx_http_close_connection(c);
+return;
+}
+if (EVP_DecryptFinal_ex(aead, cleartext + len, &len) <= 0) {
+EVP_CIPHER_CTX_free(aead);
+ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptFinal_ex failed");
+ngx_http_close_connection(c);
+return;
+}
+cleartext_len += len;
+EVP_CIPHER_CTX_free(aead);
+#endif
 #if (NGX_DEBUG)
 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
 m = ngx_hex_dump(buf, cleartext, ngx_min(cleartext_len, 256)) - buf;
 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, rev->log, 0,

Mercurial > hg > nginx-quic

comparison src/http/ngx_http_request.c @ 7637:4daf03d2bd0a quic