nginx: src/event/ngx_event_quic_protection.c annotate

annotate src/event/ngx_event_quic_protection.c @ 8337:ab443e80d9e4 quic

Create new stream immediately on receiving new stream id. Before the patch, full STREAM frame handling was delayed until the frame with zero offset is received. Only node in the streams tree was created. This lead to problems when such stream was deleted, in particular, it had no handlers set for read events. This patch creates new stream immediately, but delays data delivery until the proper offset will arrive. This is somewhat similar to how accept() operation works. The ngx_quic_add_stream() function is no longer needed and merged into stream handler. The ngx_quic_stream_input() now only handles frames for existing streams and does not deal with stream creation.

author	Vladimir Homutov <vl@nginx.com>
date	Wed, 15 Apr 2020 14:29:00 +0300
parents	7cca3624f9c4
children	aba84d9ab256

rev	line source
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12 #define NGX_QUIC_IV_LEN 12
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	13
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	14 #define NGX_AES_128_GCM_SHA256 0x1301
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	15 #define NGX_AES_256_GCM_SHA384 0x1302
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	16 #define NGX_CHACHA20_POLY1305_SHA256 0x1303
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	17
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	18
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	19 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20 #define ngx_quic_cipher_t EVP_AEAD
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	21 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 #define ngx_quic_cipher_t EVP_CIPHER
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 typedef struct {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26 const ngx_quic_cipher_t *c;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27 const EVP_CIPHER *hp;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	28 const EVP_MD *d;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	29 } ngx_quic_ciphers_t;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	31
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	33 const EVP_MD digest, const u_char prk, size_t prk_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	34 const u_char *info, size_t info_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	35 static ngx_int_t ngx_hkdf_extract(u_char out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	36 const EVP_MD digest, const u_char secret, size_t secret_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	37 const u_char *salt, size_t salt_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	38
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	39 static uint64_t ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	40 static void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	41 static ngx_int_t ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	42 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	43
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	44 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	45 ngx_quic_secret_t s, ngx_str_t out, u_char nonce, ngx_str_t in,
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	46 ngx_str_t ad, ngx_log_t log);
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	47 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	48 ngx_quic_secret_t s, ngx_str_t out, u_char nonce, ngx_str_t in,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	49 ngx_str_t ad, ngx_log_t log);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	50 static ngx_int_t ngx_quic_tls_hp(ngx_log_t log, const EVP_CIPHER cipher,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	51 ngx_quic_secret_t s, u_char out, u_char *in);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	52 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t pool, const EVP_MD digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	53 ngx_str_t out, ngx_str_t label, const uint8_t *prk, size_t prk_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	54
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	55 static ssize_t ngx_quic_create_long_packet(ngx_quic_header_t *pkt,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	56 ngx_ssl_conn_t ssl_conn, ngx_str_t res);
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	57 static ssize_t ngx_quic_create_short_packet(ngx_quic_header_t *pkt,
8299 4ad7d4272cd5 Style. Sergey Kandaurov <pluknet@nginx.com> parents: 8288 diff changeset	58 ngx_ssl_conn_t ssl_conn, ngx_str_t res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62 ngx_quic_ciphers(ngx_ssl_conn_t ssl_conn, ngx_quic_ciphers_t ciphers,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	63 enum ssl_encryption_level_t level)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	64 {
8324 7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	65 ngx_int_t id, len;
7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	66 const SSL_CIPHER *cipher;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	68 if (level == ssl_encryption_initial) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69 id = NGX_AES_128_GCM_SHA256;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	71 } else {
8324 7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	72 cipher = SSL_get_current_cipher(ssl_conn);
7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	73 if (cipher == NULL) {
7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	74 return NGX_ERROR;
7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	75 }
7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	76
7cca3624f9c4 Added check for SSL_get_current_cipher() results. Vladimir Homutov <vl@nginx.com> parents: 8319 diff changeset	77 id = SSL_CIPHER_get_id(cipher) & 0xffff;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	79
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	80 switch (id) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	81
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	82 case NGX_AES_128_GCM_SHA256:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	83 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84 ciphers->c = EVP_aead_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 ciphers->c = EVP_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	87 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88 ciphers->hp = EVP_aes_128_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90 len = 16;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93 case NGX_AES_256_GCM_SHA384:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	94 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	95 ciphers->c = EVP_aead_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	96 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	97 ciphers->c = EVP_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	98 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	99 ciphers->hp = EVP_aes_256_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	100 ciphers->d = EVP_sha384();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	101 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	102 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	103
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	104 case NGX_CHACHA20_POLY1305_SHA256:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	105 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	106 ciphers->c = EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	107 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	108 ciphers->c = EVP_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	112 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	113 ciphers->hp = EVP_chacha20();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	115 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	116 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	117 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	118
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	119 default:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	120 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	121 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	122
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	123 return len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	126
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	127 ngx_int_t
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	128 ngx_quic_set_initial_secret(ngx_pool_t pool, ngx_quic_secret_t client,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	129 ngx_quic_secret_t server, ngx_str_t secret)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	130 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	131 size_t is_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	132 uint8_t is[SHA256_DIGEST_LENGTH];
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	133 ngx_uint_t i;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	134 const EVP_MD *digest;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	135 const EVP_CIPHER *cipher;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	136
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	137 static const uint8_t salt[20] =
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7"
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02";
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	140
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	143 cipher = EVP_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	144 digest = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	145
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	147 salt, sizeof(salt))
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	148 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	149 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	150 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	151 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	152
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	153 ngx_str_t iss = {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	154 .data = is,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	155 .len = is_len
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	156 };
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	157
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	158 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt));
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	159 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	161 /* draft-ietf-quic-tls-23#section-5.2 */
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	162 client->secret.len = SHA256_DIGEST_LENGTH;
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	163 server->secret.len = SHA256_DIGEST_LENGTH;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	164
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	165 client->key.len = EVP_CIPHER_key_length(cipher);
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	166 server->key.len = EVP_CIPHER_key_length(cipher);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	167
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	168 client->hp.len = EVP_CIPHER_key_length(cipher);
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	169 server->hp.len = EVP_CIPHER_key_length(cipher);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	170
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	171 client->iv.len = EVP_CIPHER_iv_length(cipher);
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	172 server->iv.len = EVP_CIPHER_iv_length(cipher);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	173
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	174 struct {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	175 ngx_str_t label;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	176 ngx_str_t *key;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	177 ngx_str_t *prk;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	178 } seq[] = {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	179
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	180 /* draft-ietf-quic-tls-23#section-5.2 */
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	181 { ngx_string("tls13 client in"), &client->secret, &iss },
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	183 ngx_string("tls13 quic key"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	184 &client->key,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	185 &client->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	186 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	187 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	188 ngx_string("tls13 quic iv"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	189 &client->iv,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	190 &client->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	191 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	192 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	193 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	194 ngx_string("tls13 quic hp"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	195 &client->hp,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	196 &client->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	197 },
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	198 { ngx_string("tls13 server in"), &server->secret, &iss },
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	199 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	200 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	201 ngx_string("tls13 quic key"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	202 &server->key,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	203 &server->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	204 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	205 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	206 ngx_string("tls13 quic iv"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	207 &server->iv,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	208 &server->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	209 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	210 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	211 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	212 ngx_string("tls13 quic hp"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	213 &server->hp,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	214 &server->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	215 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	216
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	217 };
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	218
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	219 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221 if (ngx_quic_hkdf_expand(pool, digest, seq[i].key, &seq[i].label,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222 seq[i].prk->data, seq[i].prk->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	223 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	224 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	225 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	227 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	230 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	231
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	232
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	233 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	234 ngx_quic_hkdf_expand(ngx_pool_t pool, const EVP_MD digest, ngx_str_t *out,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	235 ngx_str_t label, const uint8_t prk, size_t prk_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	236 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	237 size_t info_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238 uint8_t *p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	239 uint8_t info[20];
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	240
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241 if (out->data == NULL) {
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	242 out->data = ngx_pnalloc(pool, out->len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	243 if (out->data == NULL) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	244 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	245 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	248 info_len = 2 + 1 + label->len + 1;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	249
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	250 info[0] = 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	251 info[1] = out->len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	252 info[2] = label->len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	253 p = ngx_cpymem(&info[3], label->data, label->len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	254 *p = '\0';
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	255
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	256 if (ngx_hkdf_expand(out->data, out->len, digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257 prk, prk_len, info, info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261 "ngx_hkdf_expand(%V) failed", label);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	262 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	263 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	265 ngx_quic_hexdump(pool->log, "%V info", info, info_len, label);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	268 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	269 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	270
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	271
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	272 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	273 ngx_hkdf_expand(u_char out_key, size_t out_len, const EVP_MD digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	274 const uint8_t prk, size_t prk_len, const u_char info, size_t info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	277 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	278 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	279 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	282 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	286 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288 if (EVP_PKEY_derive_init(pctx) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	290 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	291
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	292 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	293 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	294 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	295
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	296 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	297 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	298 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	299
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	300 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	301 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	302 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	303
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	304 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	305 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	306 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	307
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	308 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	309 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	310 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	311
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	312 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	313
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	314 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	315 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	316
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	317
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 ngx_hkdf_extract(u_char out_key, size_t out_len, const EVP_MD *digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 const u_char secret, size_t secret_len, const u_char salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 size_t salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	322 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	323 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	324 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	325 salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	326 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	329 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	332 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	333
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	334 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	335
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336 if (EVP_PKEY_derive_init(pctx) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	340 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	341 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	342 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	343
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	344 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	345 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	346 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	347
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	348 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	349 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	350 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	351
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	352 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	353 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	354 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	355
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	356 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	357 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	358 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	359
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	360 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	361
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	362 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	365
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	366 static ngx_int_t
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	367 ngx_quic_tls_open(const ngx_quic_cipher_t cipher, ngx_quic_secret_t s,
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	368 ngx_str_t out, u_char nonce, ngx_str_t in, ngx_str_t ad,
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	369 ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	370 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	371
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	372 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	373 EVP_AEAD_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	374
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	375 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	376 EVP_AEAD_DEFAULT_TAG_LENGTH);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	377 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	378 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	379 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	380 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	382 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	383 in->data, in->len, ad->data, ad->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	384 != 1)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	387 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	388 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	389 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	390
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 int len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394 u_char *tag;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	395 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	398 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	399 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	400 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	402
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	405 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	407 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	411 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	412 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	413 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	414 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	415 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	416 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	417
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	418 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	419 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	420 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	421 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	422 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	423
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	424 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	425 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	426 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	427 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	428 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	429
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	430 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	431 in->len - EVP_GCM_TLS_TAG_LEN)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432 != 1)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	433 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	434 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	435 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	436 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	437 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	438
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	439 out->len = len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	440 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	441
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	442 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	443 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	444 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	445 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	446 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	447 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	448 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	449 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	450
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	451 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	452 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	453 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	454 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	455 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	456
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	457 out->len += len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	458
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	459 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	460 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	461
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	462 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	463 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	464
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	465
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	466 static ngx_int_t
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	467 ngx_quic_tls_seal(const ngx_quic_cipher_t cipher, ngx_quic_secret_t s,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	468 ngx_str_t out, u_char nonce, ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	469 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	470
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	471 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	472 EVP_AEAD_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	473
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	474 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	475 EVP_AEAD_DEFAULT_TAG_LENGTH);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	476 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	477 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	478 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	479 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	480
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	481 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	482 in->data, in->len, ad->data, ad->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	483 != 1)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	484 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	485 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	486 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	487 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	488 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	489
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	490 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	491 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	492 int len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	493 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	494
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	495 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	496 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	497 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	498 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	499 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	500
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	501 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	502 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	503 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	504 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	505 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	506
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	507 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	508 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	509 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	510 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	511 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	512 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	513 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	514 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	515
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	516 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	517 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	518 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	519 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	520 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	521
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	522 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	523 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	524 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	525 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	526 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	527
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	528 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	529 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	530 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	531 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	532 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	533
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	534 out->len = len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	535
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	536 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	537 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	538 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	539 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	540 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	541
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	542 out->len += len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	543
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	544 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	545 out->data + in->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	546 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	547 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	548 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	549 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	550 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	551 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	552 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	553
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	554 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	555
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	556 out->len += EVP_GCM_TLS_TAG_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	557 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	558 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	559 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	560
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	561
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	562 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	563 ngx_quic_tls_hp(ngx_log_t log, const EVP_CIPHER cipher,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	564 ngx_quic_secret_t s, u_char out, u_char *in)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	565 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	566 int outlen;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	567 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	568 u_char zero[5] = {0};
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	569
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	570 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	571 uint32_t counter;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	572
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	573 ngx_memcpy(&counter, in, sizeof(uint32_t));
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	574
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	575 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	576 CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	577 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	578 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	579 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	580
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	581 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	582 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	583 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	584 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	585
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	586 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, in) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	587 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	588 goto failed;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	589 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	590
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	591 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, 5)) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	592 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	593 goto failed;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	594 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	595
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	596 if (!EVP_EncryptFinal_ex(ctx, out + 5, &outlen)) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	597 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	598 goto failed;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	599 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	600
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	601 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	602
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	603 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	604
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	605 failed:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	606
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	607 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	608
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	609 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	610 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	611
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	612
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	613 int
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	614 ngx_quic_set_encryption_secret(ngx_pool_t pool, ngx_ssl_conn_t ssl_conn,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	615 enum ssl_encryption_level_t level, const uint8_t *secret,
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	616 size_t secret_len, ngx_quic_secret_t *peer_secret)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	617 {
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	618 ngx_int_t key_len;
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	619 ngx_uint_t i;
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	620 ngx_quic_ciphers_t ciphers;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	621
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	622 key_len = ngx_quic_ciphers(ssl_conn, &ciphers, level);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	623
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	624 if (key_len == NGX_ERROR) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	625 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	626 return 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	627 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	628
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	629 if (level == ssl_encryption_initial) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	630 return 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	631 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	632
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	633 peer_secret->secret.data = ngx_pnalloc(pool, secret_len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	634 if (peer_secret->secret.data == NULL) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	635 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	636 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	637
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	638 peer_secret->secret.len = secret_len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	639 ngx_memcpy(peer_secret->secret.data, secret, secret_len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	640
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	641 peer_secret->key.len = key_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	642 peer_secret->iv.len = NGX_QUIC_IV_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	643 peer_secret->hp.len = key_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	644
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	645 struct {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	646 ngx_str_t label;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	647 ngx_str_t *key;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	648 const uint8_t *secret;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	649 } seq[] = {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	650 { ngx_string("tls13 quic key"), &peer_secret->key, secret },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	651 { ngx_string("tls13 quic iv"), &peer_secret->iv, secret },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	652 { ngx_string("tls13 quic hp"), &peer_secret->hp, secret },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	653 };
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	654
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	655 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	656
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	657 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	658 seq[i].secret, secret_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	659 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	660 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	661 return 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	662 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	663 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	664
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	665 return 1;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	666 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	667
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	668
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	669 ngx_int_t
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	670 ngx_quic_key_update(ngx_connection_t c, ngx_quic_secrets_t current,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	671 ngx_quic_secrets_t *next)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	672 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	673 ngx_uint_t i;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	674 ngx_quic_ciphers_t ciphers;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	675
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	676 ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	677
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	678 if (ngx_quic_ciphers(c->ssl->connection, &ciphers,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	679 ssl_encryption_application)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	680 == NGX_ERROR)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	681 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	682 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	683 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	684
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	685 next->client.secret.len = current->client.secret.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	686 next->client.key.len = current->client.key.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	687 next->client.iv.len = current->client.iv.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	688 next->client.hp = current->client.hp;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	689
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	690 next->server.secret.len = current->server.secret.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	691 next->server.key.len = current->server.key.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	692 next->server.iv.len = current->server.iv.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	693 next->server.hp = current->server.hp;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	694
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	695 struct {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	696 ngx_str_t label;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	697 ngx_str_t *key;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	698 ngx_str_t *secret;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	699 } seq[] = {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	700 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	701 ngx_string("tls13 quic ku"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	702 &next->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	703 &current->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	704 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	705 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	706 ngx_string("tls13 quic key"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	707 &next->client.key,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	708 &next->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	709 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	710 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	711 ngx_string("tls13 quic iv"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	712 &next->client.iv,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	713 &next->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	714 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	715 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	716 ngx_string("tls13 quic ku"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	717 &next->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	718 &current->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	719 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	720 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	721 ngx_string("tls13 quic key"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	722 &next->server.key,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	723 &next->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	724 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	725 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	726 ngx_string("tls13 quic iv"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	727 &next->server.iv,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	728 &next->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	729 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	730 };
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	731
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	732 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	733
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	734 if (ngx_quic_hkdf_expand(c->pool, ciphers.d, seq[i].key, &seq[i].label,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	735 seq[i].secret->data, seq[i].secret->len)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	736 != NGX_OK)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	737 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	738 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	739 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	740 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	741
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	742 return NGX_OK;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	743 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	744
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	745
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	746 static ssize_t
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	747 ngx_quic_create_long_packet(ngx_quic_header_t pkt, ngx_ssl_conn_t ssl_conn,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	748 ngx_str_t *res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	749 {
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	750 u_char pnp, sample;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	751 ngx_str_t ad, out;
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	752 ngx_uint_t i;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	753 ngx_quic_ciphers_t ciphers;
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	754 u_char nonce[12], mask[16];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	755
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	756 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	757
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	758 ad.data = res->data;
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	759 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	760
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	761 out.data = res->data + ad.len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	762
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	763 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	764
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	765 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	766 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	767 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	768
8317 435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	769 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	770 "ngx_quic_create_long_packet: number %L, encoded %d:0x%xD",
435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	771 pkt->number, (int) pkt->num_len, pkt->trunc);
435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	772
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	773 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	774 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	775
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	776 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12);
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	777 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	778
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	779 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	780 nonce, &pkt->payload, &ad, pkt->log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	781 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	782 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	783 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	784 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	785
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	786 sample = &out.data[4 - pkt->num_len];
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	787 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	788 != NGX_OK)
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	789 {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	790 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	791 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	792
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	793 ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	794 ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	795
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	796 /* quic-tls: 5.4.1. Header Protection Application */
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	797 ad.data[0] ^= mask[0] & 0x0f;
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	798
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	799 for (i = 0; i < pkt->num_len; i++) {
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	800 pnp[i] ^= mask[i + 1];
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	801 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	802
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	803 res->len = ad.len + out.len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	804
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	805 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	806 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	807
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	808
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	809 static ssize_t
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	810 ngx_quic_create_short_packet(ngx_quic_header_t pkt, ngx_ssl_conn_t ssl_conn,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	811 ngx_str_t *res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	812 {
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	813 u_char pnp, sample;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	814 ngx_str_t ad, out;
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	815 ngx_uint_t i;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	816 ngx_quic_ciphers_t ciphers;
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	817 u_char nonce[12], mask[16];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	818
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	819 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	820
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	821 ad.data = res->data;
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	822 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	823
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	824 out.data = res->data + ad.len;
1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	825
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	826 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	827
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	828 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	829 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	830 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	831
8317 435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	832 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	833 "ngx_quic_create_short_packet: number %L, encoded %d:0x%xD",
435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	834 pkt->number, (int) pkt->num_len, pkt->trunc);
435fed8e2489 Logging of packet numbers in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8315 diff changeset	835
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	836 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	837 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	838
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	839 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12);
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	840 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	841
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	842 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	843 nonce, &pkt->payload, &ad, pkt->log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	844 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	845 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	846 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	847 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	848
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	849 sample = &out.data[4 - pkt->num_len];
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	850 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	851 != NGX_OK)
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	852 {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	853 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	854 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	855
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	856 ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	857 ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	858
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	859 /* quic-tls: 5.4.1. Header Protection Application */
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	860 ad.data[0] ^= mask[0] & 0x1f;
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	861
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	862 for (i = 0; i < pkt->num_len; i++) {
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	863 pnp[i] ^= mask[i + 1];
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	864 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	865
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	866 res->len = ad.len + out.len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	867
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	868 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	869 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	870
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	871
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	872 static uint64_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	873 ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	874 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	875 u_char *p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	876 uint64_t value;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	877
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	878 p = *pos;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	879 value = p++ ^ mask++;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	880
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	881 while (--len) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	882 value = (value << 8) + (p++ ^ mask++);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	883 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	884
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	885 *pos = p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	886 return value;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	887 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	888
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	889
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	890 static void
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	891 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn)
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	892 {
8313 c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	893 nonce[len - 4] ^= (pn & 0xff000000) >> 24;
c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	894 nonce[len - 3] ^= (pn & 0x00ff0000) >> 16;
c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	895 nonce[len - 2] ^= (pn & 0x0000ff00) >> 8;
c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	896 nonce[len - 1] ^= (pn & 0x000000ff);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	897 }
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	898
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	899
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	900 ssize_t
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	901 ngx_quic_encrypt(ngx_quic_header_t pkt, ngx_ssl_conn_t ssl_conn,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	902 ngx_str_t *res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	903 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	904 if (pkt->level == ssl_encryption_application) {
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	905 return ngx_quic_create_short_packet(pkt, ssl_conn, res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	906 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	907
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	908 return ngx_quic_create_long_packet(pkt, ssl_conn, res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	909 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	910
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	911
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	912 ngx_int_t
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	913 ngx_quic_decrypt(ngx_quic_header_t pkt, ngx_ssl_conn_t ssl_conn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	914 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	915 u_char clearflags, p, sample;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	916 uint64_t pn;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	917 ngx_int_t pnl, rc, key_phase;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	918 ngx_str_t in, ad;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	919 ngx_quic_secret_t *secret;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	920 ngx_quic_ciphers_t ciphers;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	921 uint8_t mask[16], nonce[12];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	922
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	923 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	924 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	925 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	926
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	927 secret = pkt->secret;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	928
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	929 p = pkt->raw->pos;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	930
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	931 /* draft-ietf-quic-tls-23#section-5.4.2:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	932 * the Packet Number field is assumed to be 4 bytes long
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	933 * draft-ietf-quic-tls-23#section-5.4.[34]:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	934 * AES-Based and ChaCha20-Based header protections sample 16 bytes
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	935 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	936
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	937 sample = p + 4;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	938
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	939 ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	940
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	941 /* header protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	942
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	943 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	944 != NGX_OK)
ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	945 {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	946 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	947 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	948
8251 c217a907ce42 Added checks for permitted frame types. Vladimir Homutov <vl@nginx.com> parents: 8224 diff changeset	949 if (ngx_quic_long_pkt(pkt->flags)) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	950 clearflags = pkt->flags ^ (mask[0] & 0x0f);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	951
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	952 } else {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	953 clearflags = pkt->flags ^ (mask[0] & 0x1f);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	954 key_phase = (clearflags & NGX_QUIC_PKT_KPHASE) != 0;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	955
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	956 if (key_phase != pkt->key_phase) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	957 secret = pkt->next;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	958 pkt->key_update = 1;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	959 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	960 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	961
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	962 pnl = (clearflags & 0x03) + 1;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	963 pn = ngx_quic_parse_pn(&p, pnl, &mask[1]);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	964
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	965 pkt->pn = pn;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	966
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	967 ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	968 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	969 "quic clear flags: %xi", clearflags);
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	970 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	971 "quic packet number: %uL, len: %xi", pn, pnl);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	972
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	973 /* packet protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	974
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	975 in.data = p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	976
8251 c217a907ce42 Added checks for permitted frame types. Vladimir Homutov <vl@nginx.com> parents: 8224 diff changeset	977 if (ngx_quic_long_pkt(pkt->flags)) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	978 in.len = pkt->len - pnl;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	979
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	980 } else {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	981 in.len = pkt->data + pkt->len - p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	982 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	983
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	984 ad.len = p - pkt->data;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	985 ad.data = pkt->plaintext;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	986
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	987 ngx_memcpy(ad.data, pkt->data, ad.len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	988 ad.data[0] = clearflags;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	989
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	990 do {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	991 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	992 } while (--pnl);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	993
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	994 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	995 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	996
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	997 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	998 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	999
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1000 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1001
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1002 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) {
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1003 return NGX_ERROR;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1004 }
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1005
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1006 pkt->payload.data = pkt->plaintext + ad.len;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1007
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1008 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1009 nonce, &in, &ad, pkt->log);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1010
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1011 ngx_quic_hexdump0(pkt->log, "packet payload",
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1012 pkt->payload.data, pkt->payload.len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1013
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1014 return rc;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1015 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1016

Mercurial > hg > nginx

annotate src/event/ngx_event_quic_protection.c @ 8337:ab443e80d9e4 quic