nginx: src/event/quic/ngx_event_quic

annotate src/event/quic/ngx_event_quic_protection.c @ 9177:22d110af473c

QUIC: removed key field from ngx_quic_secret_t. It is made local as it is only needed now when creating crypto context. BoringSSL lacks EVP interface for ChaCha20, providing instead a function for one-shot encryption, thus hp is still preserved. Based on a patch by Roman Arutyunyan.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Fri, 20 Oct 2023 18:05:07 +0400
parents	8dacf87e4007
children	b74f891053c7

rev	line source
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
8755 b4e6b7049984 QUIC: normalize header inclusion. Sergey Kandaurov <pluknet@nginx.com> parents: 8739 diff changeset	10 #include <ngx_event_quic_connection.h>
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
8798 fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	13 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */
fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	14 #define NGX_QUIC_HP_LEN 5
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	15
8800 e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	16 #define NGX_QUIC_AES_128_KEY_LEN 16
e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	17
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	18 #define NGX_QUIC_INITIAL_CIPHER TLS1_3_CK_AES_128_GCM_SHA256
8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	19
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	21 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 const EVP_MD digest, const u_char prk, size_t prk_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 const u_char *info, size_t info_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 static ngx_int_t ngx_hkdf_extract(u_char out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 const EVP_MD digest, const u_char secret, size_t secret_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26 const u_char *salt, size_t salt_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	28 static uint64_t ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask,
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	29 uint64_t *largest_pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	31 static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t s, ngx_str_t out,
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	32 u_char nonce, ngx_str_t in, ngx_str_t ad, ngx_log_t log);
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	33 #ifndef OPENSSL_IS_BORINGSSL
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	34 static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t s, ngx_str_t out,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	35 u_char nonce, ngx_str_t in, ngx_str_t ad, ngx_log_t log);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	36 #endif
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	37
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	38 static ngx_int_t ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	39 ngx_quic_secret_t s, ngx_log_t log);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	40 static ngx_int_t ngx_quic_crypto_hp(ngx_quic_secret_t *s,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	41 u_char out, u_char in, ngx_log_t *log);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	42 static void ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	43
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	44 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	45 ngx_str_t *res);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	46 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt,
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	47 ngx_str_t *res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	48
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	49
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9047 diff changeset	50 ngx_int_t
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	51 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	52 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	53 ngx_int_t len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	54
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	55 switch (id) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	56
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	57 case TLS1_3_CK_AES_128_GCM_SHA256:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	58 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59 ciphers->c = EVP_aead_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 ciphers->c = EVP_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	63 ciphers->hp = EVP_aes_128_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	64 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	65 len = 16;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	66 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	68 case TLS1_3_CK_AES_256_GCM_SHA384:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70 ciphers->c = EVP_aead_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	71 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	72 ciphers->c = EVP_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	73 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	74 ciphers->hp = EVP_aes_256_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	75 ciphers->d = EVP_sha384();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	76 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	77 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	79 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	80 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	81 ciphers->c = EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	82 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	83 ciphers->c = EVP_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	87 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88 ciphers->hp = EVP_chacha20();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	94 #ifndef OPENSSL_IS_BORINGSSL
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	95 case TLS1_3_CK_AES_128_CCM_SHA256:
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	96 ciphers->c = EVP_aes_128_ccm();
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	97 ciphers->hp = EVP_aes_128_ctr();
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	98 ciphers->d = EVP_sha256();
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	99 len = 16;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	100 break;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	101 #endif
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	102
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	103 default:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	104 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	105 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	106
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	107 return len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	108 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 ngx_int_t
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	112 ngx_quic_keys_set_initial_secret(ngx_quic_keys_t keys, ngx_str_t secret,
f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	113 ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	115 size_t is_len;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	116 uint8_t is[SHA256_DIGEST_LENGTH];
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	117 ngx_str_t iss;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	118 ngx_uint_t i;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	119 const EVP_MD *digest;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	120 ngx_quic_md_t client_key, server_key;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	121 ngx_quic_hkdf_t seq[8];
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	122 ngx_quic_secret_t client, server;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	123 ngx_quic_ciphers_t ciphers;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125 static const uint8_t salt[20] =
8678 3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	126 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	127 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a";
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	128
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	129 client = &keys->secrets[ssl_encryption_initial].client;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	130 server = &keys->secrets[ssl_encryption_initial].server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	131
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	132 /*
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	133 * RFC 9001, section 5. Packet Protection
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	134 *
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	135 * Initial packets use AEAD_AES_128_GCM. The hash function
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	136 * for HKDF when deriving initial secrets and keys is SHA-256.
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	137 */
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139 digest = EVP_sha256();
8729 0f8565e0fc76 QUIC: HKDF API compatibility with OpenSSL master branch. Sergey Kandaurov <pluknet@nginx.com> parents: 8716 diff changeset	140 is_len = SHA256_DIGEST_LENGTH;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
8980 d8865baab732 QUIC: removed draft versions support. Sergey Kandaurov <pluknet@nginx.com> parents: 8926 diff changeset	143 salt, sizeof(salt))
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	144 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	145 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	147 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	148
9040 8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9039 diff changeset	149 iss.len = is_len;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9039 diff changeset	150 iss.data = is;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	151
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	152 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,
8702 d4e02b3b734f QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 8694 diff changeset	153 "quic ngx_quic_set_initial_secret");
8578 52ad697f9d1c QUIC: enabled more key-related debug by default. Vladimir Homutov <vl@nginx.com> parents: 8565 diff changeset	154 #ifdef NGX_QUIC_DEBUG_CRYPTO
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	155 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	156 "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt);
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	157 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	158 "quic initial secret len:%uz %*xs", is_len, is_len, is);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	159 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	161 client->secret.len = SHA256_DIGEST_LENGTH;
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	162 server->secret.len = SHA256_DIGEST_LENGTH;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	163
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	164 client_key.len = NGX_QUIC_AES_128_KEY_LEN;
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	165 server_key.len = NGX_QUIC_AES_128_KEY_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	166
8800 e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	167 client->hp.len = NGX_QUIC_AES_128_KEY_LEN;
e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	168 server->hp.len = NGX_QUIC_AES_128_KEY_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	169
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	170 client->iv.len = NGX_QUIC_IV_LEN;
ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	171 server->iv.len = NGX_QUIC_IV_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	172
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	173 /* labels per RFC 9001, 5.1. Packet Protection Keys */
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	174 ngx_quic_hkdf_set(&seq[0], "tls13 client in", &client->secret, &iss);
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	175 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", &client_key, &client->secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	176 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", &client->iv, &client->secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	177 ngx_quic_hkdf_set(&seq[3], "tls13 quic hp", &client->hp, &client->secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	178 ngx_quic_hkdf_set(&seq[4], "tls13 server in", &server->secret, &iss);
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	179 ngx_quic_hkdf_set(&seq[5], "tls13 quic key", &server_key, &server->secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	180 ngx_quic_hkdf_set(&seq[6], "tls13 quic iv", &server->iv, &server->secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	181 ngx_quic_hkdf_set(&seq[7], "tls13 quic hp", &server->hp, &server->secret);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	183 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	184 if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	185 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	186 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	187 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	188
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	189 if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	190 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	191 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	192
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	193 if (ngx_quic_crypto_init(ciphers.c, client, &client_key, 0, log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	194 == NGX_ERROR)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	195 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	196 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	197 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	198
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	199 if (ngx_quic_crypto_init(ciphers.c, server, &server_key, 1, log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	200 == NGX_ERROR)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	201 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	202 goto failed;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	203 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	204
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	205 if (ngx_quic_crypto_hp_init(ciphers.hp, client, log) == NGX_ERROR) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	206 goto failed;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	207 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	208
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	209 if (ngx_quic_crypto_hp_init(ciphers.hp, server, log) == NGX_ERROR) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	210 goto failed;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	211 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	212
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	213 return NGX_OK;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	214
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	215 failed:
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	216
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	217 ngx_quic_keys_cleanup(keys);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	218
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	219 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9047 diff changeset	223 ngx_int_t
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	224 ngx_quic_hkdf_expand(ngx_quic_hkdf_t h, const EVP_MD digest, ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	225 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 size_t info_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	227 uint8_t *p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228 uint8_t info[20];
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	230 info_len = 2 + 1 + h->label_len + 1;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	231
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	232 info[0] = 0;
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	233 info[1] = h->out_len;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	234 info[2] = h->label_len;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	235
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	236 p = ngx_cpymem(&info[3], h->label, h->label_len);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	237 *p = '\0';
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	239 if (ngx_hkdf_expand(h->out, h->out_len, digest,
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	240 h->prk, h->prk_len, info, info_len)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	242 {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	243 ngx_ssl_error(NGX_LOG_INFO, log, 0,
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	244 "ngx_hkdf_expand(%*s) failed", h->label_len, h->label);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	245 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	248 #ifdef NGX_QUIC_DEBUG_CRYPTO
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	249 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0,
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	250 "quic expand \"%s\" len:%uz %xs",
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	251 h->label_len, h->label, h->out_len, h->out_len, h->out);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	252 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	253
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	254 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	255 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	256
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259 ngx_hkdf_expand(u_char out_key, size_t out_len, const EVP_MD digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260 const uint8_t prk, size_t prk_len, const u_char info, size_t info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	262 #ifdef OPENSSL_IS_BORINGSSL
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	263
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	265 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	268 }
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	269
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	270 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	271
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	272 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	273
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	274 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	277 if (pctx == NULL) {
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	278 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	279 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281 if (EVP_PKEY_derive_init(pctx) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	282 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	286 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	290 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	291 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	292
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	293 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	294 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	295 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	296
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	297 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	298 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	299 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	300
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	301 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	302 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	303 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	304
8739 c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	305 EVP_PKEY_CTX_free(pctx);
c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	306
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	307 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	308
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	309 failed:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	310
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	311 EVP_PKEY_CTX_free(pctx);
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	312
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	313 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	314
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	315 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	316 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	317
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 ngx_hkdf_extract(u_char out_key, size_t out_len, const EVP_MD *digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 const u_char secret, size_t secret_len, const u_char salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	322 size_t salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	323 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	324 #ifdef OPENSSL_IS_BORINGSSL
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	325
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	326 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327 salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	329 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331 }
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	332
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	333 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	334
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	335 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	340 if (pctx == NULL) {
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	341 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	342 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	343
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	344 if (EVP_PKEY_derive_init(pctx) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	345 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	346 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	347
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	348 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	349 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	350 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	351
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	352 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	353 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	354 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	355
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	356 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	357 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	358 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	359
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	360 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	361 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	362 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	365 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	366 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	367
8739 c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	368 EVP_PKEY_CTX_free(pctx);
c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	369
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	370 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	371
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	372 failed:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	373
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	374 EVP_PKEY_CTX_free(pctx);
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	375
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	376 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	377
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	378 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	379 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	380
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	382 ngx_int_t
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	383 ngx_quic_crypto_init(const ngx_quic_cipher_t cipher, ngx_quic_secret_t s,
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	384 ngx_quic_md_t key, ngx_int_t enc, ngx_log_t log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	387 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	388 EVP_AEAD_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	389
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	390 ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391 EVP_AEAD_DEFAULT_TAG_LENGTH);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	395 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	398
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	399 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	400 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	402 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	405 if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) != 1) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 EVP_CIPHER_CTX_free(ctx);
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	407 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	411 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	412 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	413 NULL)
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	414 == 0)
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	415 {
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	416 EVP_CIPHER_CTX_free(ctx);
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	417 ngx_ssl_error(NGX_LOG_INFO, log, 0,
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	418 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	419 return NGX_ERROR;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	420 }
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	421
9127 a7b850a5d98d QUIC: common cipher control constants instead of GCM-related. Roman Arutyunyan <arut@nginx.com> parents: 9126 diff changeset	422 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	423 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	424 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	425 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	426 ngx_ssl_error(NGX_LOG_INFO, log, 0,
9127 a7b850a5d98d QUIC: common cipher control constants instead of GCM-related. Roman Arutyunyan <arut@nginx.com> parents: 9126 diff changeset	427 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	428 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	429 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	430
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	431 if (EVP_CipherInit_ex(ctx, NULL, NULL, key->data, NULL, enc) != 1) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432 EVP_CIPHER_CTX_free(ctx);
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	433 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	434 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	435 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	436 #endif
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	437
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	438 s->ctx = ctx;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	439 return NGX_OK;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	440 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	441
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	442
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	443 static ngx_int_t
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	444 ngx_quic_crypto_open(ngx_quic_secret_t s, ngx_str_t out, u_char *nonce,
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	445 ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	446 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	447 #ifdef OPENSSL_IS_BORINGSSL
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	448 if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	449 s->iv.len, in->data, in->len, ad->data, ad->len)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	450 != 1)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	451 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	452 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed");
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	453 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	454 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	455
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	456 return NGX_OK;
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	457 #else
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	458 return ngx_quic_crypto_common(s, out, nonce, in, ad, log);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	459 #endif
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	460 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	461
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	462
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	463 ngx_int_t
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	464 ngx_quic_crypto_seal(ngx_quic_secret_t s, ngx_str_t out, u_char *nonce,
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	465 ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	466 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	467 #ifdef OPENSSL_IS_BORINGSSL
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	468 if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	469 s->iv.len, in->data, in->len, ad->data, ad->len)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	470 != 1)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	471 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	472 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed");
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	473 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	474 }
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	475
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	476 return NGX_OK;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	477 #else
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	478 return ngx_quic_crypto_common(s, out, nonce, in, ad, log);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	479 #endif
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	480 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	481
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	482
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	483 #ifndef OPENSSL_IS_BORINGSSL
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	484
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	485 static ngx_int_t
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	486 ngx_quic_crypto_common(ngx_quic_secret_t s, ngx_str_t out, u_char *nonce,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	487 ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	488 {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	489 int len, enc;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	490 ngx_quic_crypto_ctx_t *ctx;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	491
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	492 ctx = s->ctx;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	493 enc = EVP_CIPHER_CTX_encrypting(ctx);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	494
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	495 if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, nonce, enc) != 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	496 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	497 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	498 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	499
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	500 if (enc == 0) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	501 in->len -= NGX_QUIC_TAG_LEN;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	502
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	503 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	504 in->data + in->len)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	505 == 0)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	506 {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	507 ngx_ssl_error(NGX_LOG_INFO, log, 0,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	508 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	509 return NGX_ERROR;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	510 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	511 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	512
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	513 if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	514 && EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1)
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	515 {
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	516 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	517 return NGX_ERROR;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	518 }
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	519
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	520 if (EVP_CipherUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	521 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	522 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	523 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	524
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	525 if (EVP_CipherUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	526 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	527 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	528 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	529
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	530 out->len = len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	531
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	532 if (EVP_CipherFinal_ex(ctx, out->data + out->len, &len) <= 0) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	533 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherFinal_ex failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	534 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	535 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	536
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	537 out->len += len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	538
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	539 if (enc == 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	540 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	541 out->data + out->len)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	542 == 0)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	543 {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	544 ngx_ssl_error(NGX_LOG_INFO, log, 0,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	545 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed");
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	546 return NGX_ERROR;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	547 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	548
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	549 out->len += NGX_QUIC_TAG_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	550 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	551
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	552 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	553 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	554
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	555 #endif
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	556
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	557
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	558 void
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	559 ngx_quic_crypto_cleanup(ngx_quic_secret_t *s)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	560 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	561 if (s->ctx) {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	562 #ifdef OPENSSL_IS_BORINGSSL
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	563 EVP_AEAD_CTX_free(s->ctx);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	564 #else
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	565 EVP_CIPHER_CTX_free(s->ctx);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	566 #endif
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	567 s->ctx = NULL;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	568 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	569 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	570
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	571
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	572 static ngx_int_t
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	573 ngx_quic_crypto_hp_init(const EVP_CIPHER cipher, ngx_quic_secret_t s,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	574 ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	575 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	576 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	577
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	578 #ifdef OPENSSL_IS_BORINGSSL
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	579 if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	580 /* no EVP interface */
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	581 s->hp_ctx = NULL;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	582 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	583 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	584 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	585
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	586 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	587 if (ctx == NULL) {
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	588 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	589 return NGX_ERROR;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	590 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	591
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	592 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, NULL) != 1) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	593 EVP_CIPHER_CTX_free(ctx);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	594 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	595 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	596 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	597
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	598 s->hp_ctx = ctx;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	599 return NGX_OK;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	600 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	601
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	602
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	603 static ngx_int_t
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	604 ngx_quic_crypto_hp(ngx_quic_secret_t s, u_char out, u_char *in,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	605 ngx_log_t *log)
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	606 {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	607 int outlen;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	608 EVP_CIPHER_CTX *ctx;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	609 u_char zero[NGX_QUIC_HP_LEN] = {0};
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	610
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	611 ctx = s->hp_ctx;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	612
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	613 #ifdef OPENSSL_IS_BORINGSSL
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	614 uint32_t cnt;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	615
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	616 if (ctx == NULL) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	617 ngx_memcpy(&cnt, in, sizeof(uint32_t));
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	618 CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	619 return NGX_OK;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	620 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	621 #endif
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	622
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	623 if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, in) != 1) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	624 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	625 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	626 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	627
8798 fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	628 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	629 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	630 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	631 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	632
8798 fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	633 if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	634 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	635 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	636 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	637
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	638 return NGX_OK;
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	639 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	640
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	641
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	642 static void
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	643 ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s)
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	644 {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	645 if (s->hp_ctx) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	646 EVP_CIPHER_CTX_free(s->hp_ctx);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	647 s->hp_ctx = NULL;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	648 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	649 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	650
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	651
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	652 ngx_int_t
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	653 ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	654 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	655 const SSL_CIPHER cipher, const uint8_t secret, size_t secret_len)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	656 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	657 ngx_int_t key_len;
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	658 ngx_str_t secret_str;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	659 ngx_uint_t i;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	660 ngx_quic_md_t key;
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	661 ngx_quic_hkdf_t seq[3];
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	662 ngx_quic_secret_t *peer_secret;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	663 ngx_quic_ciphers_t ciphers;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	664
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	665 peer_secret = is_write ? &keys->secrets[level].server
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	666 : &keys->secrets[level].client;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	667
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	668 keys->cipher = SSL_CIPHER_get_id(cipher);
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	669
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	670 key_len = ngx_quic_ciphers(keys->cipher, &ciphers);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	671
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	672 if (key_len == NGX_ERROR) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	673 ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	674 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	675 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	676
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	677 if (sizeof(peer_secret->secret.data) < secret_len) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	678 ngx_log_error(NGX_LOG_ALERT, log, 0,
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	679 "unexpected secret len: %uz", secret_len);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	680 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	681 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	682
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	683 peer_secret->secret.len = secret_len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	684 ngx_memcpy(peer_secret->secret.data, secret, secret_len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	685
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	686 key.len = key_len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	687 peer_secret->iv.len = NGX_QUIC_IV_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	688 peer_secret->hp.len = key_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	689
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	690 secret_str.len = secret_len;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	691 secret_str.data = (u_char *) secret;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	692
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	693 ngx_quic_hkdf_set(&seq[0], "tls13 quic key", &key, &secret_str);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	694 ngx_quic_hkdf_set(&seq[1], "tls13 quic iv", &peer_secret->iv, &secret_str);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	695 ngx_quic_hkdf_set(&seq[2], "tls13 quic hp", &peer_secret->hp, &secret_str);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	696
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	697 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	698 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	699 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	700 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	701 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	702
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	703 if (ngx_quic_crypto_init(ciphers.c, peer_secret, &key, is_write, log)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	704 == NGX_ERROR)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	705 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	706 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	707 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	708
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	709 if (ngx_quic_crypto_hp_init(ciphers.hp, peer_secret, log) == NGX_ERROR) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	710 return NGX_ERROR;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	711 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	712
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	713 return NGX_OK;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	714 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	715
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	716
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	717 ngx_uint_t
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	718 ngx_quic_keys_available(ngx_quic_keys_t *keys,
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	719 enum ssl_encryption_level_t level, ngx_uint_t is_write)
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	720 {
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	721 if (is_write == 0) {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	722 return keys->secrets[level].client.ctx != NULL;
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	723 }
ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	724
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	725 return keys->secrets[level].server.ctx != NULL;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	726 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	727
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	728
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	729 void
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	730 ngx_quic_keys_discard(ngx_quic_keys_t *keys,
8702 d4e02b3b734f QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 8694 diff changeset	731 enum ssl_encryption_level_t level)
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	732 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	733 ngx_quic_secret_t client, server;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	734
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	735 client = &keys->secrets[level].client;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	736 server = &keys->secrets[level].server;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	737
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	738 ngx_quic_crypto_cleanup(client);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	739 ngx_quic_crypto_cleanup(server);
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	740
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	741 ngx_quic_crypto_hp_cleanup(client);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	742 ngx_quic_crypto_hp_cleanup(server);
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	743 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	744
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	745
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	746 void
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	747 ngx_quic_keys_switch(ngx_connection_t c, ngx_quic_keys_t keys)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	748 {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	749 ngx_quic_secrets_t current, next, tmp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	750
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	751 current = &keys->secrets[ssl_encryption_application];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	752 next = &keys->next_key;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	753
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	754 ngx_quic_crypto_cleanup(&current->client);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	755 ngx_quic_crypto_cleanup(&current->server);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	756
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	757 tmp = *current;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	758 current = next;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	759 *next = tmp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	760 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	761
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	762
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	763 void
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	764 ngx_quic_keys_update(ngx_event_t *ev)
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	765 {
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	766 ngx_int_t key_len;
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	767 ngx_uint_t i;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	768 ngx_quic_md_t client_key, server_key;
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	769 ngx_quic_hkdf_t seq[6];
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	770 ngx_quic_keys_t *keys;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	771 ngx_connection_t *c;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	772 ngx_quic_ciphers_t ciphers;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	773 ngx_quic_secrets_t current, next;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	774 ngx_quic_connection_t *qc;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	775
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	776 c = ev->data;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	777 qc = ngx_quic_get_connection(c);
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	778 keys = qc->keys;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	779
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	780 current = &keys->secrets[ssl_encryption_application];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	781 next = &keys->next_key;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	782
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	783 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	784
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	785 c->log->action = "updating keys";
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	786
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	787 key_len = ngx_quic_ciphers(keys->cipher, &ciphers);
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	788
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	789 if (key_len == NGX_ERROR) {
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	790 goto failed;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	791 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	792
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	793 client_key.len = key_len;
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	794 server_key.len = key_len;
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	795
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	796 next->client.secret.len = current->client.secret.len;
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	797 next->client.iv.len = NGX_QUIC_IV_LEN;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	798 next->client.hp = current->client.hp;
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	799 next->client.hp_ctx = current->client.hp_ctx;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	800
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	801 next->server.secret.len = current->server.secret.len;
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	802 next->server.iv.len = NGX_QUIC_IV_LEN;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	803 next->server.hp = current->server.hp;
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	804 next->server.hp_ctx = current->server.hp_ctx;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	805
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	806 ngx_quic_hkdf_set(&seq[0], "tls13 quic ku",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	807 &next->client.secret, &current->client.secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	808 ngx_quic_hkdf_set(&seq[1], "tls13 quic key",
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	809 &client_key, &next->client.secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	810 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	811 &next->client.iv, &next->client.secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	812 ngx_quic_hkdf_set(&seq[3], "tls13 quic ku",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	813 &next->server.secret, &current->server.secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	814 ngx_quic_hkdf_set(&seq[4], "tls13 quic key",
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	815 &server_key, &next->server.secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	816 ngx_quic_hkdf_set(&seq[5], "tls13 quic iv",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	817 &next->server.iv, &next->server.secret);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	818
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	819 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	820 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	821 goto failed;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	822 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	823 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	824
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	825 if (ngx_quic_crypto_init(ciphers.c, &next->client, &client_key, 0, c->log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	826 == NGX_ERROR)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	827 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	828 goto failed;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	829 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	830
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	831 if (ngx_quic_crypto_init(ciphers.c, &next->server, &server_key, 1, c->log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	832 == NGX_ERROR)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	833 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	834 goto failed;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	835 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	836
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	837 return;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	838
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	839 failed:
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	840
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	841 ngx_quic_close_connection(c, NGX_ERROR);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	842 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	843
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	844
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	845 void
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	846 ngx_quic_keys_cleanup(ngx_quic_keys_t *keys)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	847 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	848 ngx_uint_t i;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	849 ngx_quic_secrets_t *next;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	850
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	851 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	852 ngx_quic_keys_discard(keys, i);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	853 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	854
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	855 next = &keys->next_key;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	856
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	857 ngx_quic_crypto_cleanup(&next->client);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	858 ngx_quic_crypto_cleanup(&next->server);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	859 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	860
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	861
8376 2d0f4aa78ed6 Restored ngx_quic_encrypt return type. Sergey Kandaurov <pluknet@nginx.com> parents: 8375 diff changeset	862 static ngx_int_t
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	863 ngx_quic_create_packet(ngx_quic_header_t pkt, ngx_str_t res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	864 {
9175 f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	865 u_char pnp, sample;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	866 ngx_str_t ad, out;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	867 ngx_uint_t i;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	868 ngx_quic_secret_t *secret;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	869 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	870
8894 de7b9af30fc6 QUIC: refactored packet creation. Vladimir Homutov <vl@nginx.com> parents: 8888 diff changeset	871 ad.data = res->data;
de7b9af30fc6 QUIC: refactored packet creation. Vladimir Homutov <vl@nginx.com> parents: 8888 diff changeset	872 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	873
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	874 out.len = pkt->payload.len + NGX_QUIC_TAG_LEN;
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	875 out.data = res->data + ad.len;
1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	876
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	877 #ifdef NGX_QUIC_DEBUG_CRYPTO
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	878 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	879 "quic ad len:%uz %xV", ad.len, &ad);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	880 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	881
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	882 secret = &pkt->keys->secrets[pkt->level].server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	883
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	884 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	885 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	886
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	887 if (ngx_quic_crypto_seal(secret, &out, nonce, &pkt->payload, &ad, pkt->log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	888 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	889 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	890 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	891 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	892
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	893 sample = &out.data[4 - pkt->num_len];
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	894 if (ngx_quic_crypto_hp(secret, mask, sample, pkt->log) != NGX_OK) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	895 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	896 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	897
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	898 /* RFC 9001, 5.4.1. Header Protection Application */
8643 5fdd0ef42232 QUIC: macros for manipulating header protection and reserved bits. Sergey Kandaurov <pluknet@nginx.com> parents: 8642 diff changeset	899 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	900
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	901 for (i = 0; i < pkt->num_len; i++) {
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	902 pnp[i] ^= mask[i + 1];
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	903 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	904
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	905 res->len = ad.len + out.len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	906
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	907 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	908 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	909
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	910
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	911 static ngx_int_t
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	912 ngx_quic_create_retry_packet(ngx_quic_header_t pkt, ngx_str_t res)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	913 {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	914 u_char *start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	915 ngx_str_t ad, itag;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	916 ngx_quic_md_t key;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	917 ngx_quic_secret_t secret;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	918 ngx_quic_ciphers_t ciphers;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	919
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	920 /* 5.8. Retry Packet Integrity */
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	921 static u_char key_data[16] =
8678 3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	922 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	923 static u_char nonce[NGX_QUIC_IV_LEN] =
8678 3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	924 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	925 static ngx_str_t in = ngx_string("");
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	926
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	927 ad.data = res->data;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	928 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	929
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	930 itag.data = ad.data + ad.len;
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	931 itag.len = NGX_QUIC_TAG_LEN;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	932
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	933 #ifdef NGX_QUIC_DEBUG_CRYPTO
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	934 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	935 "quic retry itag len:%uz %xV", ad.len, &ad);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	936 #endif
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	937
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	938 if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) {
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	939 return NGX_ERROR;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	940 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	941
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	942 key.len = sizeof(key_data);
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	943 ngx_memcpy(key.data, key_data, sizeof(key_data));
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	944 secret.iv.len = NGX_QUIC_IV_LEN;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	945
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	946 if (ngx_quic_crypto_init(ciphers.c, &secret, &key, 1, pkt->log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	947 == NGX_ERROR)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	948 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	949 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	950 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	951
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	952 if (ngx_quic_crypto_seal(&secret, &itag, nonce, &in, &ad, pkt->log)
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	953 != NGX_OK)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	954 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	955 ngx_quic_crypto_cleanup(&secret);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	956 return NGX_ERROR;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	957 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	958
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	959 ngx_quic_crypto_cleanup(&secret);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	960
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	961 res->len = itag.data + itag.len - start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	962 res->data = start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	963
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	964 return NGX_OK;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	965 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	966
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	967
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	968 ngx_int_t
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	969 ngx_quic_derive_key(ngx_log_t log, const char label, ngx_str_t *secret,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	970 ngx_str_t salt, u_char out, size_t len)
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	971 {
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	972 size_t is_len, info_len;
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	973 uint8_t *p;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	974 const EVP_MD *digest;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	975
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	976 uint8_t is[SHA256_DIGEST_LENGTH];
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	977 uint8_t info[20];
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	978
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	979 digest = EVP_sha256();
8729 0f8565e0fc76 QUIC: HKDF API compatibility with OpenSSL master branch. Sergey Kandaurov <pluknet@nginx.com> parents: 8716 diff changeset	980 is_len = SHA256_DIGEST_LENGTH;
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	981
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	982 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	983 salt->data, salt->len)
8702 d4e02b3b734f QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 8694 diff changeset	984 != NGX_OK)
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	985 {
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	986 ngx_ssl_error(NGX_LOG_INFO, log, 0,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	987 "ngx_hkdf_extract(%s) failed", label);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	988 return NGX_ERROR;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	989 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	990
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	991 info[0] = 0;
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	992 info[1] = len;
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	993 info[2] = ngx_strlen(label);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	994
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	995 info_len = 2 + 1 + info[2] + 1;
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	996
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	997 if (info_len >= 20) {
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	998 ngx_log_error(NGX_LOG_INFO, log, 0,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	999 "ngx_quic_create_key label \"%s\" too long", label);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1000 return NGX_ERROR;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1001 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1002
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1003 p = ngx_cpymem(&info[3], label, info[2]);
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1004 *p = '\0';
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1005
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1006 if (ngx_hkdf_expand(out, len, digest, is, is_len, info, info_len) != NGX_OK)
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1007 {
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1008 ngx_ssl_error(NGX_LOG_INFO, log, 0,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1009 "ngx_hkdf_expand(%s) failed", label);
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1010 return NGX_ERROR;
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1011 }
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1012
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1013 return NGX_OK;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1014 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1015
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1016
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1017 static uint64_t
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1018 ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask,
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1019 uint64_t *largest_pn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1020 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1021 u_char *p;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1022 uint64_t truncated_pn, expected_pn, candidate_pn;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1023 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1024
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1025 pn_nbits = ngx_min(len * 8, 62);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1026
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1027 p = *pos;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1028 truncated_pn = p++ ^ mask++;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1029
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1030 while (--len) {
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1031 truncated_pn = (truncated_pn << 8) + (p++ ^ mask++);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1032 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1033
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1034 *pos = p;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1035
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1036 expected_pn = *largest_pn + 1;
8394 df18ae7161b8 Assorted fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 8386 diff changeset	1037 pn_win = 1ULL << pn_nbits;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1038 pn_hwin = pn_win / 2;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1039 pn_mask = pn_win - 1;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1040
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1041 candidate_pn = (expected_pn & ~pn_mask) \| truncated_pn;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1042
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1043 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1044 && candidate_pn < (1ULL << 62) - pn_win)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1045 {
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1046 candidate_pn += pn_win;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1047
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1048 } else if (candidate_pn > expected_pn + pn_hwin
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1049 && candidate_pn >= pn_win)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1050 {
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1051 candidate_pn -= pn_win;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1052 }
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1053
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1054 largest_pn = ngx_max((int64_t) largest_pn, (int64_t) candidate_pn);
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1055
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1056 return candidate_pn;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1057 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1058
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1059
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9047 diff changeset	1060 void
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1061 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn)
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1062 {
9047 70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1063 nonce[len - 8] ^= (pn >> 56) & 0x3f;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1064 nonce[len - 7] ^= (pn >> 48) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1065 nonce[len - 6] ^= (pn >> 40) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1066 nonce[len - 5] ^= (pn >> 32) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1067 nonce[len - 4] ^= (pn >> 24) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1068 nonce[len - 3] ^= (pn >> 16) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1069 nonce[len - 2] ^= (pn >> 8) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1070 nonce[len - 1] ^= pn & 0xff;
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1071 }
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1072
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1073
8376 2d0f4aa78ed6 Restored ngx_quic_encrypt return type. Sergey Kandaurov <pluknet@nginx.com> parents: 8375 diff changeset	1074 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1075 ngx_quic_encrypt(ngx_quic_header_t pkt, ngx_str_t res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1076 {
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1077 if (ngx_quic_pkt_retry(pkt->flags)) {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1078 return ngx_quic_create_retry_packet(pkt, res);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1079 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1080
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	1081 return ngx_quic_create_packet(pkt, res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1082 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1083
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1084
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1085 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1086 ngx_quic_decrypt(ngx_quic_header_t pkt, uint64_t largest_pn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1087 {
9175 f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1088 u_char p, sample;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1089 size_t len;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1090 uint64_t pn, lpn;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1091 ngx_int_t pnl;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1092 ngx_str_t in, ad;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1093 ngx_uint_t key_phase;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1094 ngx_quic_secret_t *secret;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1095 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1096
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1097 secret = &pkt->keys->secrets[pkt->level].client;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1098
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1099 p = pkt->raw->pos;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1100 len = pkt->data + pkt->len - p;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1101
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1102 /*
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1103 * RFC 9001, 5.4.2. Header Protection Sample
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1104 * 5.4.3. AES-Based Header Protection
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1105 * 5.4.4. ChaCha20-Based Header Protection
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1106 *
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1107 * the Packet Number field is assumed to be 4 bytes long
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1108 * AES and ChaCha20 algorithms sample 16 bytes
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1109 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1110
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	1111 if (len < NGX_QUIC_TAG_LEN + 4) {
8543 9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1112 return NGX_DECLINED;
9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1113 }
9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1114
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1115 sample = p + 4;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1116
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1117 /* header protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1118
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	1119 if (ngx_quic_crypto_hp(secret, mask, sample, pkt->log) != NGX_OK) {
8446 df29219988bc Discard short packets which could not be decrypted. Sergey Kandaurov <pluknet@nginx.com> parents: 8445 diff changeset	1120 return NGX_DECLINED;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1121 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1122
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1123 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1124
8643 5fdd0ef42232 QUIC: macros for manipulating header protection and reserved bits. Sergey Kandaurov <pluknet@nginx.com> parents: 8642 diff changeset	1125 if (ngx_quic_short_pkt(pkt->flags)) {
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1126 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1127
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1128 if (key_phase != pkt->key_phase) {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1129 secret = &pkt->keys->next_key.client;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1130 pkt->key_update = 1;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1131 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1132 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1133
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1134 lpn = *largest_pn;
b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1135
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1136 pnl = (pkt->flags & 0x03) + 1;
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1137 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1138
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1139 pkt->pn = pn;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1140
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1141 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1142 "quic packet rx clearflags:%xd", pkt->flags);
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1143 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8609 f32740ddd484 QUIC: got rid of "pkt" abbreviation in logs. Vladimir Homutov <vl@nginx.com> parents: 8608 diff changeset	1144 "quic packet rx number:%uL len:%xi", pn, pnl);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1145
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1146 /* packet protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1147
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1148 in.data = p;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1149 in.len = len - pnl;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1150
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1151 ad.len = p - pkt->data;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1152 ad.data = pkt->plaintext;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1153
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1154 ngx_memcpy(ad.data, pkt->data, ad.len);
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1155 ad.data[0] = pkt->flags;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1156
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1157 do {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1158 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1159 } while (--pnl);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1160
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1161 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1162 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1163
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	1164 #ifdef NGX_QUIC_DEBUG_CRYPTO
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1165 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1166 "quic ad len:%uz %xV", ad.len, &ad);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	1167 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1168
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	1169 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1170 pkt->payload.data = pkt->plaintext + ad.len;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1171
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	1172 if (ngx_quic_crypto_open(secret, &pkt->payload, nonce, &in, &ad, pkt->log)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	1173 != NGX_OK)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	1174 {
8446 df29219988bc Discard short packets which could not be decrypted. Sergey Kandaurov <pluknet@nginx.com> parents: 8445 diff changeset	1175 return NGX_DECLINED;
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1176 }
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1177
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1178 if (pkt->payload.len == 0) {
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1179 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1180 * RFC 9000, 12.4. Frames and Frame Types
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1181 *
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1182 * An endpoint MUST treat receipt of a packet containing no
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1183 * frames as a connection error of type PROTOCOL_VIOLATION.
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1184 */
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1185 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet");
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1186 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1187 return NGX_ERROR;
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1188 }
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1189
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1190 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) {
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1191 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1192 * RFC 9000, Reserved Bits
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1193 *
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1194 * An endpoint MUST treat receipt of a packet that has
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1195 * a non-zero value for these bits, after removing both
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1196 * packet and header protection, as a connection error
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1197 * of type PROTOCOL_VIOLATION.
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1198 */
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1199 ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1200 "quic reserved bit set in packet");
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1201 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1202 return NGX_ERROR;
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1203 }
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1204
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1205 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1206 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1207 "quic packet payload len:%uz %xV",
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1208 pkt->payload.len, &pkt->payload);
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1209 #endif
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1210
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1211 *largest_pn = lpn;
b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1212
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1213 return NGX_OK;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1214 }

Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_protection.c @ 9177:22d110af473c