Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_protection.h @ 9046:7da4791e0264 quic
QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.
This implementation does not support 0-RTT.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 22 Feb 2023 19:16:53 +0400 |
| parents | e50f77a2d0b0 |
| children |
comparison
equal
deleted
inserted
replaced
| 9029:639fa6723700 | 9046:7da4791e0264 |
|---|---|
| 19 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ | 19 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ |
| 20 #define NGX_QUIC_IV_LEN 12 | 20 #define NGX_QUIC_IV_LEN 12 |
| 21 | 21 |
| 22 /* largest hash used in TLS is SHA-384 */ | 22 /* largest hash used in TLS is SHA-384 */ |
| 23 #define NGX_QUIC_MAX_MD_SIZE 48 | 23 #define NGX_QUIC_MAX_MD_SIZE 48 |
| 24 | |
| 25 | |
| 26 #ifdef OPENSSL_IS_BORINGSSL | |
| 27 #define ngx_quic_cipher_t EVP_AEAD | |
| 28 #else | |
| 29 #define ngx_quic_cipher_t EVP_CIPHER | |
| 30 #endif | |
| 24 | 31 |
| 25 | 32 |
| 26 typedef struct { | 33 typedef struct { |
| 27 size_t len; | 34 size_t len; |
| 28 u_char data[NGX_QUIC_MAX_MD_SIZE]; | 35 u_char data[NGX_QUIC_MAX_MD_SIZE]; |
| 54 ngx_quic_secrets_t next_key; | 61 ngx_quic_secrets_t next_key; |
| 55 ngx_uint_t cipher; | 62 ngx_uint_t cipher; |
| 56 }; | 63 }; |
| 57 | 64 |
| 58 | 65 |
| 66 typedef struct { | |
| 67 const ngx_quic_cipher_t *c; | |
| 68 const EVP_CIPHER *hp; | |
| 69 const EVP_MD *d; | |
| 70 } ngx_quic_ciphers_t; | |
| 71 | |
| 72 | |
| 73 typedef struct { | |
| 74 size_t out_len; | |
| 75 u_char *out; | |
| 76 | |
| 77 size_t prk_len; | |
| 78 const uint8_t *prk; | |
| 79 | |
| 80 size_t label_len; | |
| 81 const u_char *label; | |
| 82 } ngx_quic_hkdf_t; | |
| 83 | |
| 84 #define ngx_quic_hkdf_set(seq, _label, _out, _prk) \ | |
| 85 (seq)->out_len = (_out)->len; (seq)->out = (_out)->data; \ | |
| 86 (seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data, \ | |
| 87 (seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label); | |
| 88 | |
| 89 | |
| 59 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, | 90 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, |
| 60 ngx_str_t *secret, ngx_log_t *log); | 91 ngx_str_t *secret, ngx_log_t *log); |
| 61 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, | 92 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log, |
| 62 ngx_uint_t is_write, ngx_quic_keys_t *keys, | 93 ngx_uint_t is_write, ngx_quic_keys_t *keys, |
| 63 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 94 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 68 enum ssl_encryption_level_t level); | 99 enum ssl_encryption_level_t level); |
| 69 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); | 100 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
| 70 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); | 101 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); |
| 71 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); | 102 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
| 72 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); | 103 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
| 104 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); | |
| 105 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, | |
| 106 enum ssl_encryption_level_t level); | |
| 107 ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, | |
| 108 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | |
| 109 ngx_str_t *ad, ngx_log_t *log); | |
| 110 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, | |
| 111 ngx_log_t *log); | |
| 73 | 112 |
| 74 | 113 |
| 75 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ | 114 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |