Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 7641:72f632f90a17 quic
Introduced ngx_quic_secret_t.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:52 +0300 |
parents | b7bbfea7a6c3 |
children | 8964cc6ecc4a |
comparison
equal
deleted
inserted
replaced
7640:b7bbfea7a6c3 | 7641:72f632f90a17 |
---|---|
829 uint8_t hkdfl[20]; | 829 uint8_t hkdfl[20]; |
830 uint8_t *p; | 830 uint8_t *p; |
831 | 831 |
832 /* draft-ietf-quic-tls-23#section-5.2 */ | 832 /* draft-ietf-quic-tls-23#section-5.2 */ |
833 | 833 |
834 qc->client_in.len = SHA256_DIGEST_LENGTH; | 834 qc->client_in.secret.len = SHA256_DIGEST_LENGTH; |
835 qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len); | 835 qc->client_in.secret.data = ngx_pnalloc(c->pool, qc->client_in.secret.len); |
836 if (qc->client_in.data == NULL) { | 836 if (qc->client_in.secret.data == NULL) { |
837 ngx_http_close_connection(c); | 837 ngx_http_close_connection(c); |
838 return; | 838 return; |
839 } | 839 } |
840 | 840 |
841 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; | 841 hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1; |
842 bzero(hkdfl, sizeof(hkdfl)); | 842 bzero(hkdfl, sizeof(hkdfl)); |
843 hkdfl[0] = 0; | 843 hkdfl[0] = 0; |
844 hkdfl[1] = qc->client_in.len; | 844 hkdfl[1] = qc->client_in.secret.len; |
845 hkdfl[2] = sizeof("tls13 client in") - 1; | 845 hkdfl[2] = sizeof("tls13 client in") - 1; |
846 p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1); | 846 p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1); |
847 *p = '\0'; | 847 *p = '\0'; |
848 | 848 |
849 #if 0 | 849 #if 0 |
854 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 854 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
855 "quic initial secret hkdf: %*s, len: %uz", | 855 "quic initial secret hkdf: %*s, len: %uz", |
856 m, buf, sizeof(hkdfl)); | 856 m, buf, sizeof(hkdfl)); |
857 #endif | 857 #endif |
858 | 858 |
859 if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len, | 859 if (ngx_hkdf_expand(qc->client_in.secret.data, qc->client_in.secret.len, |
860 digest, is, is_len, hkdfl, hkdfl_len) | 860 digest, is, is_len, hkdfl, hkdfl_len) |
861 != NGX_OK) | 861 != NGX_OK) |
862 { | 862 { |
863 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 863 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
864 "ngx_hkdf_expand(client_in) failed"); | 864 "ngx_hkdf_expand(client_in) failed"); |
874 EVP_AEAD_nonce_length(cipher)); | 874 EVP_AEAD_nonce_length(cipher)); |
875 #endif | 875 #endif |
876 | 876 |
877 | 877 |
878 #ifdef OPENSSL_IS_BORINGSSL | 878 #ifdef OPENSSL_IS_BORINGSSL |
879 qc->client_in_key.len = EVP_AEAD_key_length(cipher); | 879 qc->client_in.key.len = EVP_AEAD_key_length(cipher); |
880 #else | 880 #else |
881 qc->client_in_key.len = EVP_CIPHER_key_length(cipher); | 881 qc->client_in.key.len = EVP_CIPHER_key_length(cipher); |
882 #endif | 882 #endif |
883 qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len); | 883 qc->client_in.key.data = ngx_pnalloc(c->pool, qc->client_in.key.len); |
884 if (qc->client_in_key.data == NULL) { | 884 if (qc->client_in.key.data == NULL) { |
885 ngx_http_close_connection(c); | 885 ngx_http_close_connection(c); |
886 return; | 886 return; |
887 } | 887 } |
888 | 888 |
889 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; | 889 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; |
890 hkdfl[1] = qc->client_in_key.len; | 890 hkdfl[1] = qc->client_in.key.len; |
891 hkdfl[2] = sizeof("tls13 quic key") - 1; | 891 hkdfl[2] = sizeof("tls13 quic key") - 1; |
892 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); | 892 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); |
893 *p = '\0'; | 893 *p = '\0'; |
894 | 894 |
895 if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len, | 895 if (ngx_hkdf_expand(qc->client_in.key.data, qc->client_in.key.len, |
896 digest, qc->client_in.data, qc->client_in.len, | 896 digest, qc->client_in.secret.data, qc->client_in.secret.len, |
897 hkdfl, hkdfl_len) | 897 hkdfl, hkdfl_len) |
898 != NGX_OK) | 898 != NGX_OK) |
899 { | 899 { |
900 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 900 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
901 "ngx_hkdf_expand(client_in_key) failed"); | 901 "ngx_hkdf_expand(client_in.key) failed"); |
902 ngx_http_close_connection(c); | 902 ngx_http_close_connection(c); |
903 return; | 903 return; |
904 } | 904 } |
905 | 905 |
906 #ifdef OPENSSL_IS_BORINGSSL | 906 #ifdef OPENSSL_IS_BORINGSSL |
907 qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher); | 907 qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher); |
908 #else | 908 #else |
909 qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher); | 909 qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher); |
910 #endif | 910 #endif |
911 qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len); | 911 qc->client_in.iv.data = ngx_pnalloc(c->pool, qc->client_in.iv.len); |
912 if (qc->client_in_iv.data == NULL) { | 912 if (qc->client_in.iv.data == NULL) { |
913 ngx_http_close_connection(c); | 913 ngx_http_close_connection(c); |
914 return; | 914 return; |
915 } | 915 } |
916 | 916 |
917 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; | 917 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; |
918 hkdfl[1] = qc->client_in_iv.len; | 918 hkdfl[1] = qc->client_in.iv.len; |
919 hkdfl[2] = sizeof("tls13 quic iv") - 1; | 919 hkdfl[2] = sizeof("tls13 quic iv") - 1; |
920 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); | 920 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); |
921 *p = '\0'; | 921 *p = '\0'; |
922 | 922 |
923 if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len, | 923 if (ngx_hkdf_expand(qc->client_in.iv.data, qc->client_in.iv.len, |
924 digest, qc->client_in.data, qc->client_in.len, | 924 digest, qc->client_in.secret.data, qc->client_in.secret.len, |
925 hkdfl, hkdfl_len) | 925 hkdfl, hkdfl_len) |
926 != NGX_OK) | 926 != NGX_OK) |
927 { | 927 { |
928 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 928 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
929 "ngx_hkdf_expand(client_in_iv) failed"); | 929 "ngx_hkdf_expand(client_in.iv) failed"); |
930 ngx_http_close_connection(c); | 930 ngx_http_close_connection(c); |
931 return; | 931 return; |
932 } | 932 } |
933 | 933 |
934 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 934 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
935 | 935 |
936 #ifdef OPENSSL_IS_BORINGSSL | 936 #ifdef OPENSSL_IS_BORINGSSL |
937 qc->client_in_hp.len = EVP_AEAD_key_length(cipher); | 937 qc->client_in.hp.len = EVP_AEAD_key_length(cipher); |
938 #else | 938 #else |
939 qc->client_in_hp.len = EVP_CIPHER_key_length(cipher); | 939 qc->client_in.hp.len = EVP_CIPHER_key_length(cipher); |
940 #endif | 940 #endif |
941 qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len); | 941 qc->client_in.hp.data = ngx_pnalloc(c->pool, qc->client_in.hp.len); |
942 if (qc->client_in_hp.data == NULL) { | 942 if (qc->client_in.hp.data == NULL) { |
943 ngx_http_close_connection(c); | 943 ngx_http_close_connection(c); |
944 return; | 944 return; |
945 } | 945 } |
946 | 946 |
947 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; | 947 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; |
948 hkdfl[1] = qc->client_in_hp.len; | 948 hkdfl[1] = qc->client_in.hp.len; |
949 hkdfl[2] = sizeof("tls13 quic hp") - 1; | 949 hkdfl[2] = sizeof("tls13 quic hp") - 1; |
950 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); | 950 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); |
951 *p = '\0'; | 951 *p = '\0'; |
952 | 952 |
953 if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len, | 953 if (ngx_hkdf_expand(qc->client_in.hp.data, qc->client_in.hp.len, |
954 digest, qc->client_in.data, qc->client_in.len, | 954 digest, qc->client_in.secret.data, qc->client_in.secret.len, |
955 hkdfl, hkdfl_len) | 955 hkdfl, hkdfl_len) |
956 != NGX_OK) | 956 != NGX_OK) |
957 { | 957 { |
958 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 958 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
959 "ngx_hkdf_expand(client_in_hp) failed"); | 959 "ngx_hkdf_expand(client_in.hp) failed"); |
960 ngx_http_close_connection(c); | 960 ngx_http_close_connection(c); |
961 return; | 961 return; |
962 } | 962 } |
963 | 963 |
964 #if (NGX_DEBUG) | 964 #if (NGX_DEBUG) |
965 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 965 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
966 m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf; | 966 m = ngx_hex_dump(buf, qc->client_in.secret.data, qc->client_in.secret.len) - buf; |
967 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 967 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
968 "quic client initial secret: %*s, len: %uz", | 968 "quic client initial secret: %*s, len: %uz", |
969 m, buf, qc->client_in.len); | 969 m, buf, qc->client_in.secret.len); |
970 | 970 |
971 m = ngx_hex_dump(buf, qc->client_in_key.data, qc->client_in_key.len) | 971 m = ngx_hex_dump(buf, qc->client_in.key.data, qc->client_in.key.len) |
972 - buf; | 972 - buf; |
973 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 973 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
974 "quic client key: %*s, len: %uz", | 974 "quic client key: %*s, len: %uz", |
975 m, buf, qc->client_in_key.len); | 975 m, buf, qc->client_in.key.len); |
976 | 976 |
977 m = ngx_hex_dump(buf, qc->client_in_iv.data, qc->client_in_iv.len) | 977 m = ngx_hex_dump(buf, qc->client_in.iv.data, qc->client_in.iv.len) |
978 - buf; | 978 - buf; |
979 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 979 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
980 "quic client iv: %*s, len: %uz", | 980 "quic client iv: %*s, len: %uz", |
981 m, buf, qc->client_in_iv.len); | 981 m, buf, qc->client_in.iv.len); |
982 | 982 |
983 m = ngx_hex_dump(buf, qc->client_in_hp.data, qc->client_in_hp.len) | 983 m = ngx_hex_dump(buf, qc->client_in.hp.data, qc->client_in.hp.len) |
984 - buf; | 984 - buf; |
985 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 985 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
986 "quic client hp: %*s, len: %uz", | 986 "quic client hp: %*s, len: %uz", |
987 m, buf, qc->client_in_hp.len); | 987 m, buf, qc->client_in.hp.len); |
988 } | 988 } |
989 #endif | 989 #endif |
990 | 990 |
991 // server initial | 991 // server initial |
992 | 992 |
993 /* draft-ietf-quic-tls-23#section-5.2 */ | 993 /* draft-ietf-quic-tls-23#section-5.2 */ |
994 | 994 |
995 qc->server_in.len = SHA256_DIGEST_LENGTH; | 995 qc->server_in.secret.len = SHA256_DIGEST_LENGTH; |
996 qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len); | 996 qc->server_in.secret.data = ngx_pnalloc(c->pool, qc->server_in.secret.len); |
997 if (qc->server_in.data == NULL) { | 997 if (qc->server_in.secret.data == NULL) { |
998 ngx_http_close_connection(c); | 998 ngx_http_close_connection(c); |
999 return; | 999 return; |
1000 } | 1000 } |
1001 | 1001 |
1002 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; | 1002 hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1; |
1003 hkdfl[0] = 0; | 1003 hkdfl[0] = 0; |
1004 hkdfl[1] = qc->server_in.len; | 1004 hkdfl[1] = qc->server_in.secret.len; |
1005 hkdfl[2] = sizeof("tls13 server in") - 1; | 1005 hkdfl[2] = sizeof("tls13 server in") - 1; |
1006 p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1); | 1006 p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1); |
1007 *p = '\0'; | 1007 *p = '\0'; |
1008 | 1008 |
1009 if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len, | 1009 if (ngx_hkdf_expand(qc->server_in.secret.data, qc->server_in.secret.len, |
1010 digest, is, is_len, hkdfl, hkdfl_len) | 1010 digest, is, is_len, hkdfl, hkdfl_len) |
1011 != NGX_OK) | 1011 != NGX_OK) |
1012 { | 1012 { |
1013 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1013 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1014 "ngx_hkdf_expand(server_in) failed"); | 1014 "ngx_hkdf_expand(server_in) failed"); |
1017 } | 1017 } |
1018 | 1018 |
1019 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 1019 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
1020 | 1020 |
1021 #ifdef OPENSSL_IS_BORINGSSL | 1021 #ifdef OPENSSL_IS_BORINGSSL |
1022 qc->server_in_key.len = EVP_AEAD_key_length(cipher); | 1022 qc->server_in.key.len = EVP_AEAD_key_length(cipher); |
1023 #else | 1023 #else |
1024 qc->server_in_key.len = EVP_CIPHER_key_length(cipher); | 1024 qc->server_in.key.len = EVP_CIPHER_key_length(cipher); |
1025 #endif | 1025 #endif |
1026 qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len); | 1026 qc->server_in.key.data = ngx_pnalloc(c->pool, qc->server_in.key.len); |
1027 if (qc->server_in_key.data == NULL) { | 1027 if (qc->server_in.key.data == NULL) { |
1028 ngx_http_close_connection(c); | 1028 ngx_http_close_connection(c); |
1029 return; | 1029 return; |
1030 } | 1030 } |
1031 | 1031 |
1032 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; | 1032 hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1; |
1033 hkdfl[1] = qc->server_in_key.len; | 1033 hkdfl[1] = qc->server_in.key.len; |
1034 hkdfl[2] = sizeof("tls13 quic key") - 1; | 1034 hkdfl[2] = sizeof("tls13 quic key") - 1; |
1035 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); | 1035 p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1); |
1036 *p = '\0'; | 1036 *p = '\0'; |
1037 | 1037 |
1038 if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len, | 1038 if (ngx_hkdf_expand(qc->server_in.key.data, qc->server_in.key.len, |
1039 digest, qc->server_in.data, qc->server_in.len, | 1039 digest, qc->server_in.secret.data, qc->server_in.secret.len, |
1040 hkdfl, hkdfl_len) | 1040 hkdfl, hkdfl_len) |
1041 != NGX_OK) | 1041 != NGX_OK) |
1042 { | 1042 { |
1043 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1043 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1044 "ngx_hkdf_expand(server_in_key) failed"); | 1044 "ngx_hkdf_expand(server_in.key) failed"); |
1045 ngx_http_close_connection(c); | 1045 ngx_http_close_connection(c); |
1046 return; | 1046 return; |
1047 } | 1047 } |
1048 | 1048 |
1049 #ifdef OPENSSL_IS_BORINGSSL | 1049 #ifdef OPENSSL_IS_BORINGSSL |
1050 qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher); | 1050 qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher); |
1051 #else | 1051 #else |
1052 qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher); | 1052 qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher); |
1053 #endif | 1053 #endif |
1054 qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len); | 1054 qc->server_in.iv.data = ngx_pnalloc(c->pool, qc->server_in.iv.len); |
1055 if (qc->server_in_iv.data == NULL) { | 1055 if (qc->server_in.iv.data == NULL) { |
1056 ngx_http_close_connection(c); | 1056 ngx_http_close_connection(c); |
1057 return; | 1057 return; |
1058 } | 1058 } |
1059 | 1059 |
1060 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; | 1060 hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1; |
1061 hkdfl[1] = qc->server_in_iv.len; | 1061 hkdfl[1] = qc->server_in.iv.len; |
1062 hkdfl[2] = sizeof("tls13 quic iv") - 1; | 1062 hkdfl[2] = sizeof("tls13 quic iv") - 1; |
1063 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); | 1063 p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1); |
1064 *p = '\0'; | 1064 *p = '\0'; |
1065 | 1065 |
1066 if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len, | 1066 if (ngx_hkdf_expand(qc->server_in.iv.data, qc->server_in.iv.len, |
1067 digest, qc->server_in.data, qc->server_in.len, | 1067 digest, qc->server_in.secret.data, qc->server_in.secret.len, |
1068 hkdfl, hkdfl_len) | 1068 hkdfl, hkdfl_len) |
1069 != NGX_OK) | 1069 != NGX_OK) |
1070 { | 1070 { |
1071 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1071 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1072 "ngx_hkdf_expand(server_in_iv) failed"); | 1072 "ngx_hkdf_expand(server_in.iv) failed"); |
1073 ngx_http_close_connection(c); | 1073 ngx_http_close_connection(c); |
1074 return; | 1074 return; |
1075 } | 1075 } |
1076 | 1076 |
1077 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 1077 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
1078 | 1078 |
1079 #ifdef OPENSSL_IS_BORINGSSL | 1079 #ifdef OPENSSL_IS_BORINGSSL |
1080 qc->server_in_hp.len = EVP_AEAD_key_length(cipher); | 1080 qc->server_in.hp.len = EVP_AEAD_key_length(cipher); |
1081 #else | 1081 #else |
1082 qc->server_in_hp.len = EVP_CIPHER_key_length(cipher); | 1082 qc->server_in.hp.len = EVP_CIPHER_key_length(cipher); |
1083 #endif | 1083 #endif |
1084 qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len); | 1084 qc->server_in.hp.data = ngx_pnalloc(c->pool, qc->server_in.hp.len); |
1085 if (qc->server_in_hp.data == NULL) { | 1085 if (qc->server_in.hp.data == NULL) { |
1086 ngx_http_close_connection(c); | 1086 ngx_http_close_connection(c); |
1087 return; | 1087 return; |
1088 } | 1088 } |
1089 | 1089 |
1090 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; | 1090 hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1; |
1091 hkdfl[1] = qc->server_in_hp.len; | 1091 hkdfl[1] = qc->server_in.hp.len; |
1092 hkdfl[2] = sizeof("tls13 quic hp") - 1; | 1092 hkdfl[2] = sizeof("tls13 quic hp") - 1; |
1093 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); | 1093 p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1); |
1094 *p = '\0'; | 1094 *p = '\0'; |
1095 | 1095 |
1096 if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len, | 1096 if (ngx_hkdf_expand(qc->server_in.hp.data, qc->server_in.hp.len, |
1097 digest, qc->server_in.data, qc->server_in.len, | 1097 digest, qc->server_in.secret.data, qc->server_in.secret.len, |
1098 hkdfl, hkdfl_len) | 1098 hkdfl, hkdfl_len) |
1099 != NGX_OK) | 1099 != NGX_OK) |
1100 { | 1100 { |
1101 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1101 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1102 "ngx_hkdf_expand(server_in_hp) failed"); | 1102 "ngx_hkdf_expand(server_in.hp) failed"); |
1103 ngx_http_close_connection(c); | 1103 ngx_http_close_connection(c); |
1104 return; | 1104 return; |
1105 } | 1105 } |
1106 | 1106 |
1107 #if (NGX_DEBUG) | 1107 #if (NGX_DEBUG) |
1108 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 1108 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
1109 m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf; | 1109 m = ngx_hex_dump(buf, qc->server_in.secret.data, qc->server_in.secret.len) - buf; |
1110 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1110 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1111 "quic server initial secret: %*s, len: %uz", | 1111 "quic server initial secret: %*s, len: %uz", |
1112 m, buf, qc->server_in.len); | 1112 m, buf, qc->server_in.secret.len); |
1113 | 1113 |
1114 m = ngx_hex_dump(buf, qc->server_in_key.data, qc->server_in_key.len) | 1114 m = ngx_hex_dump(buf, qc->server_in.key.data, qc->server_in.key.len) |
1115 - buf; | 1115 - buf; |
1116 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1116 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1117 "quic server key: %*s, len: %uz", | 1117 "quic server key: %*s, len: %uz", |
1118 m, buf, qc->server_in_key.len); | 1118 m, buf, qc->server_in.key.len); |
1119 | 1119 |
1120 m = ngx_hex_dump(buf, qc->server_in_iv.data, qc->server_in_iv.len) | 1120 m = ngx_hex_dump(buf, qc->server_in.iv.data, qc->server_in.iv.len) |
1121 - buf; | 1121 - buf; |
1122 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1122 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1123 "quic server iv: %*s, len: %uz", | 1123 "quic server iv: %*s, len: %uz", |
1124 m, buf, qc->server_in_iv.len); | 1124 m, buf, qc->server_in.iv.len); |
1125 | 1125 |
1126 m = ngx_hex_dump(buf, qc->server_in_hp.data, qc->server_in_hp.len) | 1126 m = ngx_hex_dump(buf, qc->server_in.hp.data, qc->server_in.hp.len) |
1127 - buf; | 1127 - buf; |
1128 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 1128 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
1129 "quic server hp: %*s, len: %uz", | 1129 "quic server hp: %*s, len: %uz", |
1130 m, buf, qc->server_in_hp.len); | 1130 m, buf, qc->server_in.hp.len); |
1131 } | 1131 } |
1132 #endif | 1132 #endif |
1133 | 1133 |
1134 // header protection | 1134 // header protection |
1135 | 1135 |
1136 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); | 1136 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
1137 uint8_t mask[16]; | 1137 uint8_t mask[16]; |
1138 int outlen; | 1138 int outlen; |
1139 | 1139 |
1140 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, | 1140 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, |
1141 qc->client_in_hp.data, NULL) | 1141 qc->client_in.hp.data, NULL) |
1142 != 1) | 1142 != 1) |
1143 { | 1143 { |
1144 EVP_CIPHER_CTX_free(ctx); | 1144 EVP_CIPHER_CTX_free(ctx); |
1145 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1145 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1146 "EVP_EncryptInit_ex() failed"); | 1146 "EVP_EncryptInit_ex() failed"); |
1193 | 1193 |
1194 ngx_memcpy(ad.data, b->start, ad.len); | 1194 ngx_memcpy(ad.data, b->start, ad.len); |
1195 ad.data[0] = clearflags; | 1195 ad.data[0] = clearflags; |
1196 ad.data[ad.len - pnl] = (u_char)pn; | 1196 ad.data[ad.len - pnl] = (u_char)pn; |
1197 | 1197 |
1198 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in_iv); | 1198 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in.iv); |
1199 nonce[11] ^= pn; | 1199 nonce[11] ^= pn; |
1200 | 1200 |
1201 #if (NGX_DEBUG) | 1201 #if (NGX_DEBUG) |
1202 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 1202 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
1203 m = ngx_hex_dump(buf, nonce, 12) - buf; | 1203 m = ngx_hex_dump(buf, nonce, 12) - buf; |
1213 uint8_t cleartext[1600]; | 1213 uint8_t cleartext[1600]; |
1214 size_t cleartext_len; | 1214 size_t cleartext_len; |
1215 | 1215 |
1216 #ifdef OPENSSL_IS_BORINGSSL | 1216 #ifdef OPENSSL_IS_BORINGSSL |
1217 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, | 1217 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, |
1218 qc->client_in_key.data, | 1218 qc->client_in.key.data, |
1219 qc->client_in_key.len, | 1219 qc->client_in.key.len, |
1220 EVP_AEAD_DEFAULT_TAG_LENGTH); | 1220 EVP_AEAD_DEFAULT_TAG_LENGTH); |
1221 if (aead == NULL) { | 1221 if (aead == NULL) { |
1222 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); | 1222 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); |
1223 ngx_http_close_connection(c); | 1223 ngx_http_close_connection(c); |
1224 return; | 1224 return; |
1225 } | 1225 } |
1226 | 1226 |
1227 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), | 1227 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), |
1228 nonce, qc->client_in_iv.len, ciphertext.data, | 1228 nonce, qc->client_in.iv.len, ciphertext.data, |
1229 ciphertext.len, ad.data, ad.len) | 1229 ciphertext.len, ad.data, ad.len) |
1230 != 1) | 1230 != 1) |
1231 { | 1231 { |
1232 EVP_AEAD_CTX_free(aead); | 1232 EVP_AEAD_CTX_free(aead); |
1233 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1233 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1254 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); | 1254 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); |
1255 ngx_http_close_connection(c); | 1255 ngx_http_close_connection(c); |
1256 return; | 1256 return; |
1257 } | 1257 } |
1258 | 1258 |
1259 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in_iv.len, | 1259 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in.iv.len, |
1260 NULL) | 1260 NULL) |
1261 == 0) | 1261 == 0) |
1262 { | 1262 { |
1263 EVP_CIPHER_CTX_free(aead); | 1263 EVP_CIPHER_CTX_free(aead); |
1264 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1264 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1265 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); | 1265 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); |
1266 ngx_http_close_connection(c); | 1266 ngx_http_close_connection(c); |
1267 return; | 1267 return; |
1268 } | 1268 } |
1269 | 1269 |
1270 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in_key.data, nonce) | 1270 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in.key.data, nonce) |
1271 != 1) | 1271 != 1) |
1272 { | 1272 { |
1273 EVP_CIPHER_CTX_free(aead); | 1273 EVP_CIPHER_CTX_free(aead); |
1274 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); | 1274 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); |
1275 ngx_http_close_connection(c); | 1275 ngx_http_close_connection(c); |
1525 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); | 1525 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
1526 uint8_t mask[16]; | 1526 uint8_t mask[16]; |
1527 int outlen; | 1527 int outlen; |
1528 | 1528 |
1529 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, | 1529 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, |
1530 qc->client_hs_hp.data, NULL) | 1530 qc->client_hs.hp.data, NULL) |
1531 != 1) | 1531 != 1) |
1532 { | 1532 { |
1533 EVP_CIPHER_CTX_free(ctx); | 1533 EVP_CIPHER_CTX_free(ctx); |
1534 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1534 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1535 "EVP_EncryptInit_ex() failed"); | 1535 "EVP_EncryptInit_ex() failed"); |
1579 | 1579 |
1580 ngx_memcpy(ad.data, b, ad.len); | 1580 ngx_memcpy(ad.data, b, ad.len); |
1581 ad.data[0] = clearflags; | 1581 ad.data[0] = clearflags; |
1582 ad.data[ad.len - pnl] = (u_char)pn; | 1582 ad.data[ad.len - pnl] = (u_char)pn; |
1583 | 1583 |
1584 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs_iv); | 1584 uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs.iv); |
1585 nonce[11] ^= pn; | 1585 nonce[11] ^= pn; |
1586 | 1586 |
1587 #if (NGX_DEBUG) | 1587 #if (NGX_DEBUG) |
1588 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { | 1588 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { |
1589 m = ngx_hex_dump(buf, nonce, 12) - buf; | 1589 m = ngx_hex_dump(buf, nonce, 12) - buf; |
1632 uint8_t cleartext[1600]; | 1632 uint8_t cleartext[1600]; |
1633 size_t cleartext_len; | 1633 size_t cleartext_len; |
1634 | 1634 |
1635 #ifdef OPENSSL_IS_BORINGSSL | 1635 #ifdef OPENSSL_IS_BORINGSSL |
1636 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, | 1636 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, |
1637 qc->client_hs_key.data, | 1637 qc->client_hs.key.data, |
1638 qc->client_hs_key.len, | 1638 qc->client_hs.key.len, |
1639 EVP_AEAD_DEFAULT_TAG_LENGTH); | 1639 EVP_AEAD_DEFAULT_TAG_LENGTH); |
1640 if (aead == NULL) { | 1640 if (aead == NULL) { |
1641 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); | 1641 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed"); |
1642 ngx_http_close_connection(c); | 1642 ngx_http_close_connection(c); |
1643 return; | 1643 return; |
1644 } | 1644 } |
1645 | 1645 |
1646 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), | 1646 if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext), |
1647 nonce, qc->client_hs_iv.len, ciphertext.data, | 1647 nonce, qc->client_hs.iv.len, ciphertext.data, |
1648 ciphertext.len, ad.data, ad.len) | 1648 ciphertext.len, ad.data, ad.len) |
1649 != 1) | 1649 != 1) |
1650 { | 1650 { |
1651 EVP_AEAD_CTX_free(aead); | 1651 EVP_AEAD_CTX_free(aead); |
1652 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1652 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1673 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); | 1673 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); |
1674 ngx_http_close_connection(c); | 1674 ngx_http_close_connection(c); |
1675 return; | 1675 return; |
1676 } | 1676 } |
1677 | 1677 |
1678 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs_iv.len, | 1678 if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs.iv.len, |
1679 NULL) | 1679 NULL) |
1680 == 0) | 1680 == 0) |
1681 { | 1681 { |
1682 EVP_CIPHER_CTX_free(aead); | 1682 EVP_CIPHER_CTX_free(aead); |
1683 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1683 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, |
1684 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); | 1684 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); |
1685 ngx_http_close_connection(c); | 1685 ngx_http_close_connection(c); |
1686 return; | 1686 return; |
1687 } | 1687 } |
1688 | 1688 |
1689 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs_key.data, nonce) | 1689 if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs.key.data, nonce) |
1690 != 1) | 1690 != 1) |
1691 { | 1691 { |
1692 EVP_CIPHER_CTX_free(aead); | 1692 EVP_CIPHER_CTX_free(aead); |
1693 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); | 1693 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_DecryptInit_ex() failed"); |
1694 ngx_http_close_connection(c); | 1694 ngx_http_close_connection(c); |