Mercurial > hg > nginx-quic

comparison src/event/ngx_event_openssl.c @ 7645:7ee1ada04c8a quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Generic function for HKDF expansion.
author Vladimir Homutov <vl@nginx.com>
date Wed, 26 Feb 2020 16:56:47 +0300
parents a9ff4392ecde
children 01dc595de244
comparison
equal deleted inserted replaced
7644:a9ff4392ecde 7645:7ee1ada04c8a
151 151
152 } else { 152 } else {
153 return 0; 153 return 0;
154 } 154 }
155 155
156 size_t hkdfl_len, llen;
157 uint8_t hkdfl[20];
158 uint8_t *p;
159 const char *label;
160 #if (NGX_DEBUG)
161 u_char buf[512];
162 size_t m;
163 #endif
164
165 ngx_str_t *client_key, *client_iv, *client_hp; 156 ngx_str_t *client_key, *client_iv, *client_hp;
166 ngx_str_t *server_key, *server_iv, *server_hp; 157 ngx_str_t *server_key, *server_iv, *server_hp;
167 158
168 switch (level) { 159 switch (level) {
169 160
217 return 0; 208 return 0;
218 } 209 }
219 210
220 ngx_memcpy(*wsec, write_secret, secret_len); 211 ngx_memcpy(*wsec, write_secret, secret_len);
221 212
222 // client keys
223
224 #ifdef OPENSSL_IS_BORINGSSL 213 #ifdef OPENSSL_IS_BORINGSSL
225 client_key->len = EVP_AEAD_key_length(evp); 214 client_key->len = EVP_AEAD_key_length(evp);
215 server_key->len = EVP_AEAD_key_length(evp);
216
217 client_iv->len = EVP_AEAD_nonce_length(evp);
218 server_iv->len = EVP_AEAD_nonce_length(evp);
219
220 client_hp->len = EVP_AEAD_key_length(evp);
221 server_hp->len = EVP_AEAD_key_length(evp);
226 #else 222 #else
227 client_key->len = EVP_CIPHER_key_length(evp); 223 client_key->len = EVP_CIPHER_key_length(evp);
228 #endif 224 server_key->len = EVP_CIPHER_key_length(evp);
229 client_key->data = ngx_pnalloc(c->pool, client_key->len); 225
230 if (client_key->data == NULL) {
231 return 0;
232 }
233
234 label = "tls13 quic key";
235 llen = sizeof("tls13 quic key") - 1;
236 hkdfl_len = 2 + 1 + llen + 1;
237 hkdfl[0] = client_key->len / 256;
238 hkdfl[1] = client_key->len % 256;
239 hkdfl[2] = llen;
240 p = ngx_cpymem(&hkdfl[3], label, llen);
241 *p = '\0';
242
243 if (ngx_hkdf_expand(client_key->data, client_key->len,
244 digest, *rsec, *rlen, hkdfl, hkdfl_len)
245 != NGX_OK)
246 {
247 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
248 "ngx_hkdf_expand(client_key) failed");
249 return 0;
250 }
251
252 m = ngx_hex_dump(buf, client_key->data, client_key->len) - buf;
253 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
254 "quic client key: %*s, len: %uz, level: %d",
255 m, buf, client_key->len, level);
256 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
257 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
258 "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
259
260
261 #ifdef OPENSSL_IS_BORINGSSL
262 client_iv->len = EVP_AEAD_nonce_length(evp);
263 #else
264 client_iv->len = EVP_CIPHER_iv_length(evp); 226 client_iv->len = EVP_CIPHER_iv_length(evp);
265 #endif 227 server_iv->len = EVP_CIPHER_iv_length(evp);
266 client_iv->data = ngx_pnalloc(c->pool, client_iv->len); 228
267 if (client_iv->data == NULL) {
268 return 0;
269 }
270
271 label = "tls13 quic iv";
272 llen = sizeof("tls13 quic iv") - 1;
273 hkdfl_len = 2 + 1 + llen + 1;
274 hkdfl[0] = client_iv->len / 256;
275 hkdfl[1] = client_iv->len % 256;
276 hkdfl[2] = llen;
277 p = ngx_cpymem(&hkdfl[3], label, llen);
278 *p = '\0';
279
280 if (ngx_hkdf_expand(client_iv->data, client_iv->len,
281 digest, *rsec, *rlen, hkdfl, hkdfl_len)
282 != NGX_OK)
283 {
284 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
285 "ngx_hkdf_expand(client_iv) failed");
286 return 0;
287 }
288
289 m = ngx_hex_dump(buf, client_iv->data, client_iv->len) - buf;
290 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
291 "quic client iv: %*s, len: %uz, level: %d",
292 m, buf, client_iv->len, level);
293 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
294 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
295 "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
296
297
298 #ifdef OPENSSL_IS_BORINGSSL
299 client_hp->len = EVP_AEAD_key_length(evp);
300 #else
301 client_hp->len = EVP_CIPHER_key_length(evp); 229 client_hp->len = EVP_CIPHER_key_length(evp);
302 #endif
303 client_hp->data = ngx_pnalloc(c->pool, client_hp->len);
304 if (client_hp->data == NULL) {
305 return 0;
306 }
307
308 label = "tls13 quic hp";
309 llen = sizeof("tls13 quic hp") - 1;
310 hkdfl_len = 2 + 1 + llen + 1;
311 hkdfl[0] = client_hp->len / 256;
312 hkdfl[1] = client_hp->len % 256;
313 hkdfl[2] = llen;
314 p = ngx_cpymem(&hkdfl[3], label, llen);
315 *p = '\0';
316
317 if (ngx_hkdf_expand(client_hp->data, client_hp->len,
318 digest, *rsec, *rlen, hkdfl, hkdfl_len)
319 != NGX_OK)
320 {
321 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
322 "ngx_hkdf_expand(client_hp) failed");
323 return 0;
324 }
325
326 m = ngx_hex_dump(buf, client_hp->data, client_hp->len) - buf;
327 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
328 "quic client hp: %*s, len: %uz, level: %d",
329 m, buf, client_hp->len, level);
330 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
331 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
332 "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
333
334
335 // server keys
336
337 #ifdef OPENSSL_IS_BORINGSSL
338 server_key->len = EVP_AEAD_key_length(evp);
339 #else
340 server_key->len = EVP_CIPHER_key_length(evp);
341 #endif
342 server_key->data = ngx_pnalloc(c->pool, server_key->len);
343 if (server_key->data == NULL) {
344 return 0;
345 }
346
347 label = "tls13 quic key";
348 llen = sizeof("tls13 quic key") - 1;
349 hkdfl_len = 2 + 1 + llen + 1;
350 hkdfl[0] = server_key->len / 256;
351 hkdfl[1] = server_key->len % 256;
352 hkdfl[2] = llen;
353 p = ngx_cpymem(&hkdfl[3], label, llen);
354 *p = '\0';
355
356 if (ngx_hkdf_expand(server_key->data, server_key->len,
357 digest, *wsec, *wlen, hkdfl, hkdfl_len)
358 != NGX_OK)
359 {
360 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
361 "ngx_hkdf_expand(server_key) failed");
362 return 0;
363 }
364
365 m = ngx_hex_dump(buf, server_key->data, server_key->len) - buf;
366 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
367 "quic server key: %*s, len: %uz, level: %d",
368 m, buf, server_key->len, level);
369 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
370 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
371 "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
372
373
374 #ifdef OPENSSL_IS_BORINGSSL
375 server_iv->len = EVP_AEAD_nonce_length(evp);
376 #else
377 server_iv->len = EVP_CIPHER_iv_length(evp);
378 #endif
379 server_iv->data = ngx_pnalloc(c->pool, server_iv->len);
380 if (server_iv->data == NULL) {
381 return 0;
382 }
383
384 label = "tls13 quic iv";
385 llen = sizeof("tls13 quic iv") - 1;
386 hkdfl_len = 2 + 1 + llen + 1;
387 hkdfl[0] = server_iv->len / 256;
388 hkdfl[1] = server_iv->len % 256;
389 hkdfl[2] = llen;
390 p = ngx_cpymem(&hkdfl[3], label, llen);
391 *p = '\0';
392
393 if (ngx_hkdf_expand(server_iv->data, server_iv->len,
394 digest, *wsec, *wlen, hkdfl, hkdfl_len)
395 != NGX_OK)
396 {
397 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
398 "ngx_hkdf_expand(server_iv) failed");
399 return 0;
400 }
401
402 m = ngx_hex_dump(buf, server_iv->data, server_iv->len) - buf;
403 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
404 "quic server iv: %*s, len: %uz, level: %d",
405 m, buf, server_iv->len, level);
406 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
407 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
408 "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
409
410
411 #ifdef OPENSSL_IS_BORINGSSL
412 server_hp->len = EVP_AEAD_key_length(evp);
413 #else
414 server_hp->len = EVP_CIPHER_key_length(evp); 230 server_hp->len = EVP_CIPHER_key_length(evp);
415 #endif 231 #endif
416 server_hp->data = ngx_pnalloc(c->pool, server_hp->len); 232
417 if (server_hp->data == NULL) { 233 ngx_str_t rss = {
418 return 0; 234 .data = *rsec,
419 } 235 .len = *rlen
420 236 };
421 label = "tls13 quic hp"; 237
422 llen = sizeof("tls13 quic hp") - 1; 238 ngx_str_t wss = {
423 hkdfl_len = 2 + 1 + llen + 1; 239 .data = *wsec,
424 hkdfl[0] = server_hp->len / 256; 240 .len = *wlen
425 hkdfl[1] = server_hp->len % 256; 241 };
426 hkdfl[2] = llen; 242
427 p = ngx_cpymem(&hkdfl[3], label, llen); 243 struct {
428 *p = '\0'; 244 ngx_str_t id;
429 245 ngx_str_t *in;
430 if (ngx_hkdf_expand(server_hp->data, server_hp->len, 246 ngx_str_t *prk;
431 digest, *wsec, *wlen, hkdfl, hkdfl_len) 247 } seq[] = {
432 != NGX_OK) 248 { ngx_string("tls13 quic key"), client_key, &rss },
433 { 249 { ngx_string("tls13 quic iv"), client_iv, &rss },
434 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, 250 { ngx_string("tls13 quic hp"), client_hp, &rss },
435 "ngx_hkdf_expand(server_hp) failed"); 251 { ngx_string("tls13 quic key"), server_key, &wss },
436 return 0; 252 { ngx_string("tls13 quic iv"), server_iv, &wss },
437 } 253 { ngx_string("tls13 quic hp"), server_hp, &wss },
438 254 };
439 m = ngx_hex_dump(buf, server_hp->data, server_hp->len) - buf; 255
440 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, 256 ngx_uint_t i;
441 "quic server hp: %*s, len: %uz, level: %d", 257
442 m, buf, server_hp->len, level); 258 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
443 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; 259
444 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, 260 if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1)
445 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); 261 != NGX_OK)
262 {
263 return 0;
264 }
265 }
446 266
447 return 1; 267 return 1;
448 } 268 }
449 269
450 270