Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_protection.h @ 9046:7da4791e0264 quic
QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.
This implementation does not support 0-RTT.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 22 Feb 2023 19:16:53 +0400 |
parents | e50f77a2d0b0 |
children |
comparison
equal
deleted
inserted
replaced
9029:639fa6723700 | 9046:7da4791e0264 |
---|---|
19 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ | 19 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ |
20 #define NGX_QUIC_IV_LEN 12 | 20 #define NGX_QUIC_IV_LEN 12 |
21 | 21 |
22 /* largest hash used in TLS is SHA-384 */ | 22 /* largest hash used in TLS is SHA-384 */ |
23 #define NGX_QUIC_MAX_MD_SIZE 48 | 23 #define NGX_QUIC_MAX_MD_SIZE 48 |
24 | |
25 | |
26 #ifdef OPENSSL_IS_BORINGSSL | |
27 #define ngx_quic_cipher_t EVP_AEAD | |
28 #else | |
29 #define ngx_quic_cipher_t EVP_CIPHER | |
30 #endif | |
24 | 31 |
25 | 32 |
26 typedef struct { | 33 typedef struct { |
27 size_t len; | 34 size_t len; |
28 u_char data[NGX_QUIC_MAX_MD_SIZE]; | 35 u_char data[NGX_QUIC_MAX_MD_SIZE]; |
54 ngx_quic_secrets_t next_key; | 61 ngx_quic_secrets_t next_key; |
55 ngx_uint_t cipher; | 62 ngx_uint_t cipher; |
56 }; | 63 }; |
57 | 64 |
58 | 65 |
66 typedef struct { | |
67 const ngx_quic_cipher_t *c; | |
68 const EVP_CIPHER *hp; | |
69 const EVP_MD *d; | |
70 } ngx_quic_ciphers_t; | |
71 | |
72 | |
73 typedef struct { | |
74 size_t out_len; | |
75 u_char *out; | |
76 | |
77 size_t prk_len; | |
78 const uint8_t *prk; | |
79 | |
80 size_t label_len; | |
81 const u_char *label; | |
82 } ngx_quic_hkdf_t; | |
83 | |
84 #define ngx_quic_hkdf_set(seq, _label, _out, _prk) \ | |
85 (seq)->out_len = (_out)->len; (seq)->out = (_out)->data; \ | |
86 (seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data, \ | |
87 (seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label); | |
88 | |
89 | |
59 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, | 90 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, |
60 ngx_str_t *secret, ngx_log_t *log); | 91 ngx_str_t *secret, ngx_log_t *log); |
61 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, | 92 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, |
62 ngx_uint_t is_write, ngx_quic_keys_t *keys, | 93 ngx_uint_t is_write, ngx_quic_keys_t *keys, |
63 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 94 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
68 enum ssl_encryption_level_t level); | 99 enum ssl_encryption_level_t level); |
69 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); | 100 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
70 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); | 101 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); |
71 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); | 102 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
72 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); | 103 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
104 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); | |
105 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, | |
106 enum ssl_encryption_level_t level); | |
107 ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, | |
108 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | |
109 ngx_str_t *ad, ngx_log_t *log); | |
110 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, | |
111 ngx_log_t *log); | |
73 | 112 |
74 | 113 |
75 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ | 114 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |