Mercurial > hg > nginx-quic

comparison src/http/ngx_http_request.c @ 7641:72f632f90a17 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Introduced ngx_quic_secret_t.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents b7bbfea7a6c3
children 8964cc6ecc4a
comparison
equal deleted inserted replaced
7640:b7bbfea7a6c3 7641:72f632f90a17
829 uint8_t hkdfl[20]; 829 uint8_t hkdfl[20];
830 uint8_t *p; 830 uint8_t *p;
831 831
832 /* draft-ietf-quic-tls-23#section-5.2 */ 832 /* draft-ietf-quic-tls-23#section-5.2 */
833 833
834 qc->client_in.len = SHA256_DIGEST_LENGTH; 834 qc->client_in.secret.len = SHA256_DIGEST_LENGTH;
835 qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len); 835 qc->client_in.secret.data = ngx_pnalloc(c->pool, qc->client_in.secret.len);
836 if (qc->client_in.data == NULL) { 836 if (qc->client_in.secret.data == NULL) {
837 ngx_http_close_connection(c); 837 ngx_http_close_connection(c);
838 return; 838 return;
839 } 839 }
840 840
841 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; 841 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1;
842 bzero(hkdfl, sizeof(hkdfl)); 842 bzero(hkdfl, sizeof(hkdfl));
843 hkdfl[0] = 0; 843 hkdfl[0] = 0;
844 hkdfl[1] = qc->client_in.len; 844 hkdfl[1] = qc->client_in.secret.len;
845 hkdfl[2] = sizeof("tls13 client in") - 1; 845 hkdfl[2] = sizeof("tls13 client in") - 1;
846 p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1); 846 p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1);
847 *p = '\0'; 847 *p = '\0';
848 848
849 #if 0 849 #if 0
854 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 854 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
855 "quic initial secret hkdf: %*s, len: %uz", 855 "quic initial secret hkdf: %*s, len: %uz",
856 m, buf, sizeof(hkdfl)); 856 m, buf, sizeof(hkdfl));
857 #endif 857 #endif
858 858
859 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, 859 if (ngx_hkdf_expand(qc->client_in.secret.data, qc->client_in.secret.len,
860 digest, is, is_len, hkdfl, hkdfl_len) 860 digest, is, is_len, hkdfl, hkdfl_len)
861 != NGX_OK) 861 != NGX_OK)
862 { 862 {
863 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 863 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
864 "ngx_hkdf_expand(client_in) failed"); 864 "ngx_hkdf_expand(client_in) failed");
874 EVP_AEAD_nonce_length(cipher)); 874 EVP_AEAD_nonce_length(cipher));
875 #endif 875 #endif
876 876
877 877
878 #ifdef OPENSSL_IS_BORINGSSL 878 #ifdef OPENSSL_IS_BORINGSSL
879 qc->client_in_key.len = EVP_AEAD_key_length(cipher); 879 qc->client_in.key.len = EVP_AEAD_key_length(cipher);
880 #else 880 #else
881 qc->client_in_key.len = EVP_CIPHER_key_length(cipher); 881 qc->client_in.key.len = EVP_CIPHER_key_length(cipher);
882 #endif 882 #endif
883 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); 883 qc->client_in.key.data = ngx_pnalloc(c->pool, qc->client_in.key.len);
884 if (qc->client_in_key.data == NULL) { 884 if (qc->client_in.key.data == NULL) {
885 ngx_http_close_connection(c); 885 ngx_http_close_connection(c);
886 return; 886 return;
887 } 887 }
888 888
889 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; 889 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
890 hkdfl[1] = qc->client_in_key.len; 890 hkdfl[1] = qc->client_in.key.len;
891 hkdfl[2] = sizeof("tls13 quic key") - 1; 891 hkdfl[2] = sizeof("tls13 quic key") - 1;
892 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); 892 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
893 *p = '\0'; 893 *p = '\0';
894 894
895 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, 895 if (ngx_hkdf_expand(qc->client_in.key.data, qc->client_in.key.len,
896 digest, qc->client_in.data, qc->client_in.len, 896 digest, qc->client_in.secret.data, qc->client_in.secret.len,
897 hkdfl, hkdfl_len) 897 hkdfl, hkdfl_len)
898 != NGX_OK) 898 != NGX_OK)
899 { 899 {
900 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 900 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
901 "ngx_hkdf_expand(client_in_key) failed"); 901 "ngx_hkdf_expand(client_in.key) failed");
902 ngx_http_close_connection(c); 902 ngx_http_close_connection(c);
903 return; 903 return;
904 } 904 }
905 905
906 #ifdef OPENSSL_IS_BORINGSSL 906 #ifdef OPENSSL_IS_BORINGSSL
907 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); 907 qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher);
908 #else 908 #else
909 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); 909 qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher);
910 #endif 910 #endif
911 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); 911 qc->client_in.iv.data = ngx_pnalloc(c->pool, qc->client_in.iv.len);
912 if (qc->client_in_iv.data == NULL) { 912 if (qc->client_in.iv.data == NULL) {
913 ngx_http_close_connection(c); 913 ngx_http_close_connection(c);
914 return; 914 return;
915 } 915 }
916 916
917 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; 917 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
918 hkdfl[1] = qc->client_in_iv.len; 918 hkdfl[1] = qc->client_in.iv.len;
919 hkdfl[2] = sizeof("tls13 quic iv") - 1; 919 hkdfl[2] = sizeof("tls13 quic iv") - 1;
920 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); 920 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
921 *p = '\0'; 921 *p = '\0';
922 922
923 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, 923 if (ngx_hkdf_expand(qc->client_in.iv.data, qc->client_in.iv.len,
924 digest, qc->client_in.data, qc->client_in.len, 924 digest, qc->client_in.secret.data, qc->client_in.secret.len,
925 hkdfl, hkdfl_len) 925 hkdfl, hkdfl_len)
926 != NGX_OK) 926 != NGX_OK)
927 { 927 {
928 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 928 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
929 "ngx_hkdf_expand(client_in_iv) failed"); 929 "ngx_hkdf_expand(client_in.iv) failed");
930 ngx_http_close_connection(c); 930 ngx_http_close_connection(c);
931 return; 931 return;
932 } 932 }
933 933
934 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ 934 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
935 935
936 #ifdef OPENSSL_IS_BORINGSSL 936 #ifdef OPENSSL_IS_BORINGSSL
937 qc->client_in_hp.len = EVP_AEAD_key_length(cipher); 937 qc->client_in.hp.len = EVP_AEAD_key_length(cipher);
938 #else 938 #else
939 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); 939 qc->client_in.hp.len = EVP_CIPHER_key_length(cipher);
940 #endif 940 #endif
941 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); 941 qc->client_in.hp.data = ngx_pnalloc(c->pool, qc->client_in.hp.len);
942 if (qc->client_in_hp.data == NULL) { 942 if (qc->client_in.hp.data == NULL) {
943 ngx_http_close_connection(c); 943 ngx_http_close_connection(c);
944 return; 944 return;
945 } 945 }
946 946
947 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; 947 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
948 hkdfl[1] = qc->client_in_hp.len; 948 hkdfl[1] = qc->client_in.hp.len;
949 hkdfl[2] = sizeof("tls13 quic hp") - 1; 949 hkdfl[2] = sizeof("tls13 quic hp") - 1;
950 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); 950 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
951 *p = '\0'; 951 *p = '\0';
952 952
953 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, 953 if (ngx_hkdf_expand(qc->client_in.hp.data, qc->client_in.hp.len,
954 digest, qc->client_in.data, qc->client_in.len, 954 digest, qc->client_in.secret.data, qc->client_in.secret.len,
955 hkdfl, hkdfl_len) 955 hkdfl, hkdfl_len)
956 != NGX_OK) 956 != NGX_OK)
957 { 957 {
958 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 958 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
959 "ngx_hkdf_expand(client_in_hp) failed"); 959 "ngx_hkdf_expand(client_in.hp) failed");
960 ngx_http_close_connection(c); 960 ngx_http_close_connection(c);
961 return; 961 return;
962 } 962 }
963 963
964 #if (NGX_DEBUG) 964 #if (NGX_DEBUG)
965 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 965 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
966 m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf; 966 m = ngx_hex_dump(buf, qc->client_in.secret.data, qc->client_in.secret.len) - buf;
967 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 967 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
968 "quic client initial secret: %*s, len: %uz", 968 "quic client initial secret: %*s, len: %uz",
969 m, buf, qc->client_in.len); 969 m, buf, qc->client_in.secret.len);
970 970
971 m = ngx_hex_dump(buf, qc->client_in_key.data, qc->client_in_key.len) 971 m = ngx_hex_dump(buf, qc->client_in.key.data, qc->client_in.key.len)
972 - buf; 972 - buf;
973 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 973 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
974 "quic client key: %*s, len: %uz", 974 "quic client key: %*s, len: %uz",
975 m, buf, qc->client_in_key.len); 975 m, buf, qc->client_in.key.len);
976 976
977 m = ngx_hex_dump(buf, qc->client_in_iv.data, qc->client_in_iv.len) 977 m = ngx_hex_dump(buf, qc->client_in.iv.data, qc->client_in.iv.len)
978 - buf; 978 - buf;
979 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 979 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
980 "quic client iv: %*s, len: %uz", 980 "quic client iv: %*s, len: %uz",
981 m, buf, qc->client_in_iv.len); 981 m, buf, qc->client_in.iv.len);
982 982
983 m = ngx_hex_dump(buf, qc->client_in_hp.data, qc->client_in_hp.len) 983 m = ngx_hex_dump(buf, qc->client_in.hp.data, qc->client_in.hp.len)
984 - buf; 984 - buf;
985 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 985 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
986 "quic client hp: %*s, len: %uz", 986 "quic client hp: %*s, len: %uz",
987 m, buf, qc->client_in_hp.len); 987 m, buf, qc->client_in.hp.len);
988 } 988 }
989 #endif 989 #endif
990 990
991 // server initial 991 // server initial
992 992
993 /* draft-ietf-quic-tls-23#section-5.2 */ 993 /* draft-ietf-quic-tls-23#section-5.2 */
994 994
995 qc->server_in.len = SHA256_DIGEST_LENGTH; 995 qc->server_in.secret.len = SHA256_DIGEST_LENGTH;
996 qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len); 996 qc->server_in.secret.data = ngx_pnalloc(c->pool, qc->server_in.secret.len);
997 if (qc->server_in.data == NULL) { 997 if (qc->server_in.secret.data == NULL) {
998 ngx_http_close_connection(c); 998 ngx_http_close_connection(c);
999 return; 999 return;
1000 } 1000 }
1001 1001
1002 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; 1002 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1;
1003 hkdfl[0] = 0; 1003 hkdfl[0] = 0;
1004 hkdfl[1] = qc->server_in.len; 1004 hkdfl[1] = qc->server_in.secret.len;
1005 hkdfl[2] = sizeof("tls13 server in") - 1; 1005 hkdfl[2] = sizeof("tls13 server in") - 1;
1006 p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1); 1006 p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1);
1007 *p = '\0'; 1007 *p = '\0';
1008 1008
1009 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, 1009 if (ngx_hkdf_expand(qc->server_in.secret.data, qc->server_in.secret.len,
1010 digest, is, is_len, hkdfl, hkdfl_len) 1010 digest, is, is_len, hkdfl, hkdfl_len)
1011 != NGX_OK) 1011 != NGX_OK)
1012 { 1012 {
1013 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1013 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1014 "ngx_hkdf_expand(server_in) failed"); 1014 "ngx_hkdf_expand(server_in) failed");
1017 } 1017 }
1018 1018
1019 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ 1019 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
1020 1020
1021 #ifdef OPENSSL_IS_BORINGSSL 1021 #ifdef OPENSSL_IS_BORINGSSL
1022 qc->server_in_key.len = EVP_AEAD_key_length(cipher); 1022 qc->server_in.key.len = EVP_AEAD_key_length(cipher);
1023 #else 1023 #else
1024 qc->server_in_key.len = EVP_CIPHER_key_length(cipher); 1024 qc->server_in.key.len = EVP_CIPHER_key_length(cipher);
1025 #endif 1025 #endif
1026 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); 1026 qc->server_in.key.data = ngx_pnalloc(c->pool, qc->server_in.key.len);
1027 if (qc->server_in_key.data == NULL) { 1027 if (qc->server_in.key.data == NULL) {
1028 ngx_http_close_connection(c); 1028 ngx_http_close_connection(c);
1029 return; 1029 return;
1030 } 1030 }
1031 1031
1032 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; 1032 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
1033 hkdfl[1] = qc->server_in_key.len; 1033 hkdfl[1] = qc->server_in.key.len;
1034 hkdfl[2] = sizeof("tls13 quic key") - 1; 1034 hkdfl[2] = sizeof("tls13 quic key") - 1;
1035 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); 1035 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
1036 *p = '\0'; 1036 *p = '\0';
1037 1037
1038 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, 1038 if (ngx_hkdf_expand(qc->server_in.key.data, qc->server_in.key.len,
1039 digest, qc->server_in.data, qc->server_in.len, 1039 digest, qc->server_in.secret.data, qc->server_in.secret.len,
1040 hkdfl, hkdfl_len) 1040 hkdfl, hkdfl_len)
1041 != NGX_OK) 1041 != NGX_OK)
1042 { 1042 {
1043 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1043 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1044 "ngx_hkdf_expand(server_in_key) failed"); 1044 "ngx_hkdf_expand(server_in.key) failed");
1045 ngx_http_close_connection(c); 1045 ngx_http_close_connection(c);
1046 return; 1046 return;
1047 } 1047 }
1048 1048
1049 #ifdef OPENSSL_IS_BORINGSSL 1049 #ifdef OPENSSL_IS_BORINGSSL
1050 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); 1050 qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher);
1051 #else 1051 #else
1052 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); 1052 qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher);
1053 #endif 1053 #endif
1054 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); 1054 qc->server_in.iv.data = ngx_pnalloc(c->pool, qc->server_in.iv.len);
1055 if (qc->server_in_iv.data == NULL) { 1055 if (qc->server_in.iv.data == NULL) {
1056 ngx_http_close_connection(c); 1056 ngx_http_close_connection(c);
1057 return; 1057 return;
1058 } 1058 }
1059 1059
1060 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; 1060 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
1061 hkdfl[1] = qc->server_in_iv.len; 1061 hkdfl[1] = qc->server_in.iv.len;
1062 hkdfl[2] = sizeof("tls13 quic iv") - 1; 1062 hkdfl[2] = sizeof("tls13 quic iv") - 1;
1063 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); 1063 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
1064 *p = '\0'; 1064 *p = '\0';
1065 1065
1066 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, 1066 if (ngx_hkdf_expand(qc->server_in.iv.data, qc->server_in.iv.len,
1067 digest, qc->server_in.data, qc->server_in.len, 1067 digest, qc->server_in.secret.data, qc->server_in.secret.len,
1068 hkdfl, hkdfl_len) 1068 hkdfl, hkdfl_len)
1069 != NGX_OK) 1069 != NGX_OK)
1070 { 1070 {
1071 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1071 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1072 "ngx_hkdf_expand(server_in_iv) failed"); 1072 "ngx_hkdf_expand(server_in.iv) failed");
1073 ngx_http_close_connection(c); 1073 ngx_http_close_connection(c);
1074 return; 1074 return;
1075 } 1075 }
1076 1076
1077 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ 1077 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
1078 1078
1079 #ifdef OPENSSL_IS_BORINGSSL 1079 #ifdef OPENSSL_IS_BORINGSSL
1080 qc->server_in_hp.len = EVP_AEAD_key_length(cipher); 1080 qc->server_in.hp.len = EVP_AEAD_key_length(cipher);
1081 #else 1081 #else
1082 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); 1082 qc->server_in.hp.len = EVP_CIPHER_key_length(cipher);
1083 #endif 1083 #endif
1084 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); 1084 qc->server_in.hp.data = ngx_pnalloc(c->pool, qc->server_in.hp.len);
1085 if (qc->server_in_hp.data == NULL) { 1085 if (qc->server_in.hp.data == NULL) {
1086 ngx_http_close_connection(c); 1086 ngx_http_close_connection(c);
1087 return; 1087 return;
1088 } 1088 }
1089 1089
1090 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; 1090 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
1091 hkdfl[1] = qc->server_in_hp.len; 1091 hkdfl[1] = qc->server_in.hp.len;
1092 hkdfl[2] = sizeof("tls13 quic hp") - 1; 1092 hkdfl[2] = sizeof("tls13 quic hp") - 1;
1093 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); 1093 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
1094 *p = '\0'; 1094 *p = '\0';
1095 1095
1096 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, 1096 if (ngx_hkdf_expand(qc->server_in.hp.data, qc->server_in.hp.len,
1097 digest, qc->server_in.data, qc->server_in.len, 1097 digest, qc->server_in.secret.data, qc->server_in.secret.len,
1098 hkdfl, hkdfl_len) 1098 hkdfl, hkdfl_len)
1099 != NGX_OK) 1099 != NGX_OK)
1100 { 1100 {
1101 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1101 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1102 "ngx_hkdf_expand(server_in_hp) failed"); 1102 "ngx_hkdf_expand(server_in.hp) failed");
1103 ngx_http_close_connection(c); 1103 ngx_http_close_connection(c);
1104 return; 1104 return;
1105 } 1105 }
1106 1106
1107 #if (NGX_DEBUG) 1107 #if (NGX_DEBUG)
1108 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 1108 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
1109 m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf; 1109 m = ngx_hex_dump(buf, qc->server_in.secret.data, qc->server_in.secret.len) - buf;
1110 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 1110 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
1111 "quic server initial secret: %*s, len: %uz", 1111 "quic server initial secret: %*s, len: %uz",
1112 m, buf, qc->server_in.len); 1112 m, buf, qc->server_in.secret.len);
1113 1113
1114 m = ngx_hex_dump(buf, qc->server_in_key.data, qc->server_in_key.len) 1114 m = ngx_hex_dump(buf, qc->server_in.key.data, qc->server_in.key.len)
1115 - buf; 1115 - buf;
1116 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 1116 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
1117 "quic server key: %*s, len: %uz", 1117 "quic server key: %*s, len: %uz",
1118 m, buf, qc->server_in_key.len); 1118 m, buf, qc->server_in.key.len);
1119 1119
1120 m = ngx_hex_dump(buf, qc->server_in_iv.data, qc->server_in_iv.len) 1120 m = ngx_hex_dump(buf, qc->server_in.iv.data, qc->server_in.iv.len)
1121 - buf; 1121 - buf;
1122 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 1122 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
1123 "quic server iv: %*s, len: %uz", 1123 "quic server iv: %*s, len: %uz",
1124 m, buf, qc->server_in_iv.len); 1124 m, buf, qc->server_in.iv.len);
1125 1125
1126 m = ngx_hex_dump(buf, qc->server_in_hp.data, qc->server_in_hp.len) 1126 m = ngx_hex_dump(buf, qc->server_in.hp.data, qc->server_in.hp.len)
1127 - buf; 1127 - buf;
1128 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, 1128 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
1129 "quic server hp: %*s, len: %uz", 1129 "quic server hp: %*s, len: %uz",
1130 m, buf, qc->server_in_hp.len); 1130 m, buf, qc->server_in.hp.len);
1131 } 1131 }
1132 #endif 1132 #endif
1133 1133
1134 // header protection 1134 // header protection
1135 1135
1136 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); 1136 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
1137 uint8_t mask[16]; 1137 uint8_t mask[16];
1138 int outlen; 1138 int outlen;
1139 1139
1140 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, 1140 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
1141 qc->client_in_hp.data, NULL) 1141 qc->client_in.hp.data, NULL)
1142 != 1) 1142 != 1)
1143 { 1143 {
1144 EVP_CIPHER_CTX_free(ctx); 1144 EVP_CIPHER_CTX_free(ctx);
1145 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1145 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1146 "EVP_EncryptInit_ex() failed"); 1146 "EVP_EncryptInit_ex() failed");
1193 1193
1194 ngx_memcpy(ad.data, b->start, ad.len); 1194 ngx_memcpy(ad.data, b->start, ad.len);
1195 ad.data[0] = clearflags; 1195 ad.data[0] = clearflags;
1196 ad.data[ad.len - pnl] = (u_char)pn; 1196 ad.data[ad.len - pnl] = (u_char)pn;
1197 1197
1198 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in_iv); 1198 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in.iv);
1199 nonce[11] ^= pn; 1199 nonce[11] ^= pn;
1200 1200
1201 #if (NGX_DEBUG) 1201 #if (NGX_DEBUG)
1202 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 1202 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
1203 m = ngx_hex_dump(buf, nonce, 12) - buf; 1203 m = ngx_hex_dump(buf, nonce, 12) - buf;
1213 uint8_t cleartext[1600]; 1213 uint8_t cleartext[1600];
1214 size_t cleartext_len; 1214 size_t cleartext_len;
1215 1215
1216 #ifdef OPENSSL_IS_BORINGSSL 1216 #ifdef OPENSSL_IS_BORINGSSL
1217 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, 1217 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
1218 qc->client_in_key.data, 1218 qc->client_in.key.data,
1219 qc->client_in_key.len, 1219 qc->client_in.key.len,
1220 EVP_AEAD_DEFAULT_TAG_LENGTH); 1220 EVP_AEAD_DEFAULT_TAG_LENGTH);
1221 if (aead == NULL) { 1221 if (aead == NULL) {
1222 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); 1222 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
1223 ngx_http_close_connection(c); 1223 ngx_http_close_connection(c);
1224 return; 1224 return;
1225 } 1225 }
1226 1226
1227 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), 1227 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
1228 nonce, qc->client_in_iv.len, ciphertext.data, 1228 nonce, qc->client_in.iv.len, ciphertext.data,
1229 ciphertext.len, ad.data, ad.len) 1229 ciphertext.len, ad.data, ad.len)
1230 != 1) 1230 != 1)
1231 { 1231 {
1232 EVP_AEAD_CTX_free(aead); 1232 EVP_AEAD_CTX_free(aead);
1233 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1233 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1254 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); 1254 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
1255 ngx_http_close_connection(c); 1255 ngx_http_close_connection(c);
1256 return; 1256 return;
1257 } 1257 }
1258 1258
1259 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in_iv.len, 1259 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in.iv.len,
1260 NULL) 1260 NULL)
1261 == 0) 1261 == 0)
1262 { 1262 {
1263 EVP_CIPHER_CTX_free(aead); 1263 EVP_CIPHER_CTX_free(aead);
1264 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1264 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1265 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); 1265 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
1266 ngx_http_close_connection(c); 1266 ngx_http_close_connection(c);
1267 return; 1267 return;
1268 } 1268 }
1269 1269
1270 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in_key.data, nonce) 1270 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in.key.data, nonce)
1271 != 1) 1271 != 1)
1272 { 1272 {
1273 EVP_CIPHER_CTX_free(aead); 1273 EVP_CIPHER_CTX_free(aead);
1274 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); 1274 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
1275 ngx_http_close_connection(c); 1275 ngx_http_close_connection(c);
1525 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); 1525 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
1526 uint8_t mask[16]; 1526 uint8_t mask[16];
1527 int outlen; 1527 int outlen;
1528 1528
1529 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, 1529 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
1530 qc->client_hs_hp.data, NULL) 1530 qc->client_hs.hp.data, NULL)
1531 != 1) 1531 != 1)
1532 { 1532 {
1533 EVP_CIPHER_CTX_free(ctx); 1533 EVP_CIPHER_CTX_free(ctx);
1534 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1534 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1535 "EVP_EncryptInit_ex() failed"); 1535 "EVP_EncryptInit_ex() failed");
1579 1579
1580 ngx_memcpy(ad.data, b, ad.len); 1580 ngx_memcpy(ad.data, b, ad.len);
1581 ad.data[0] = clearflags; 1581 ad.data[0] = clearflags;
1582 ad.data[ad.len - pnl] = (u_char)pn; 1582 ad.data[ad.len - pnl] = (u_char)pn;
1583 1583
1584 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs_iv); 1584 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs.iv);
1585 nonce[11] ^= pn; 1585 nonce[11] ^= pn;
1586 1586
1587 #if (NGX_DEBUG) 1587 #if (NGX_DEBUG)
1588 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 1588 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
1589 m = ngx_hex_dump(buf, nonce, 12) - buf; 1589 m = ngx_hex_dump(buf, nonce, 12) - buf;
1632 uint8_t cleartext[1600]; 1632 uint8_t cleartext[1600];
1633 size_t cleartext_len; 1633 size_t cleartext_len;
1634 1634
1635 #ifdef OPENSSL_IS_BORINGSSL 1635 #ifdef OPENSSL_IS_BORINGSSL
1636 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, 1636 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
1637 qc->client_hs_key.data, 1637 qc->client_hs.key.data,
1638 qc->client_hs_key.len, 1638 qc->client_hs.key.len,
1639 EVP_AEAD_DEFAULT_TAG_LENGTH); 1639 EVP_AEAD_DEFAULT_TAG_LENGTH);
1640 if (aead == NULL) { 1640 if (aead == NULL) {
1641 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); 1641 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
1642 ngx_http_close_connection(c); 1642 ngx_http_close_connection(c);
1643 return; 1643 return;
1644 } 1644 }
1645 1645
1646 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), 1646 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
1647 nonce, qc->client_hs_iv.len, ciphertext.data, 1647 nonce, qc->client_hs.iv.len, ciphertext.data,
1648 ciphertext.len, ad.data, ad.len) 1648 ciphertext.len, ad.data, ad.len)
1649 != 1) 1649 != 1)
1650 { 1650 {
1651 EVP_AEAD_CTX_free(aead); 1651 EVP_AEAD_CTX_free(aead);
1652 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1652 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1673 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); 1673 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
1674 ngx_http_close_connection(c); 1674 ngx_http_close_connection(c);
1675 return; 1675 return;
1676 } 1676 }
1677 1677
1678 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs_iv.len, 1678 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs.iv.len,
1679 NULL) 1679 NULL)
1680 == 0) 1680 == 0)
1681 { 1681 {
1682 EVP_CIPHER_CTX_free(aead); 1682 EVP_CIPHER_CTX_free(aead);
1683 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1683 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1684 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); 1684 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
1685 ngx_http_close_connection(c); 1685 ngx_http_close_connection(c);
1686 return; 1686 return;
1687 } 1687 }
1688 1688
1689 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs_key.data, nonce) 1689 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs.key.data, nonce)
1690 != 1) 1690 != 1)
1691 { 1691 {
1692 EVP_CIPHER_CTX_free(aead); 1692 EVP_CIPHER_CTX_free(aead);
1693 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); 1693 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed");
1694 ngx_http_close_connection(c); 1694 ngx_http_close_connection(c);