Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_protection.c @ 9113:bddd3f76e3e5
QUIC: fixed OpenSSL compat layer with OpenSSL master branch.
The layer is enabled as a fallback if the QUIC support is configured and the
BoringSSL API wasn't detected, or when using the --with-openssl option, also
compatible with QuicTLS and LibreSSL. For the latter, the layer is assumed
to be present if QUIC was requested, so it needs to be undefined to prevent
QUIC API redefinition as appropriate.
A previously used approach to test the TLSEXT_TYPE_quic_transport_parameters
macro doesn't work with OpenSSL 3.2 master branch where this macro appeared
with incompatible QUIC API. To fix the build there, the test is revised to
pass only for QuicTLS and LibreSSL.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 23 May 2023 00:45:18 +0400 |
| parents | 7da4791e0264 |
| children | 29a6c0e11f75 |
| rev | line source |
|---|---|
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
|
8755
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8739
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
13 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ |
|
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
14 #define NGX_QUIC_HP_LEN 5 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 |
|
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
16 #define NGX_QUIC_AES_128_KEY_LEN 16 |
|
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
17 |
|
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
18 #ifndef TLS1_3_CK_AES_128_GCM_SHA256 |
|
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
19 #define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 |
|
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
20 #define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 |
|
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
21 #define TLS1_3_CK_CHACHA20_POLY1305_SHA256 \ |
|
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
22 0x03001303 |
|
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
23 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 const EVP_MD *digest, const u_char *prk, size_t prk_len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 const u_char *info, size_t info_len); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 static ngx_int_t ngx_hkdf_extract(u_char *out_key, size_t *out_len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 const EVP_MD *digest, const u_char *secret, size_t secret_len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 const u_char *salt, size_t salt_len); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
33 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
34 uint64_t *largest_pn); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
36 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
| 8287 | 38 ngx_str_t *ad, ngx_log_t *log); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 ngx_quic_secret_t *s, u_char *out, u_char *in); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 |
|
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
42 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
43 ngx_str_t *res); |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
44 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
45 ngx_str_t *res); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
48 ngx_int_t |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
49 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 enum ssl_encryption_level_t level) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 { |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
52 ngx_int_t len; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 if (level == ssl_encryption_initial) { |
|
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
55 id = TLS1_3_CK_AES_128_GCM_SHA256; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 switch (id) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 |
|
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
60 case TLS1_3_CK_AES_128_GCM_SHA256: |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 #ifdef OPENSSL_IS_BORINGSSL |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 ciphers->c = EVP_aead_aes_128_gcm(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 ciphers->c = EVP_aes_128_gcm(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 ciphers->hp = EVP_aes_128_ctr(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 ciphers->d = EVP_sha256(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 len = 16; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 break; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 |
|
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
71 case TLS1_3_CK_AES_256_GCM_SHA384: |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 #ifdef OPENSSL_IS_BORINGSSL |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 ciphers->c = EVP_aead_aes_256_gcm(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 ciphers->c = EVP_aes_256_gcm(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 ciphers->hp = EVP_aes_256_ctr(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 ciphers->d = EVP_sha384(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 len = 32; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 break; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 |
|
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
82 case TLS1_3_CK_CHACHA20_POLY1305_SHA256: |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 #ifdef OPENSSL_IS_BORINGSSL |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 ciphers->c = EVP_aead_chacha20_poly1305(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 ciphers->c = EVP_chacha20_poly1305(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 #ifdef OPENSSL_IS_BORINGSSL |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 ciphers->hp = EVP_chacha20(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 ciphers->d = EVP_sha256(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 len = 32; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 break; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 default: |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 return len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 ngx_int_t |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
106 ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, |
|
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
107 ngx_log_t *log) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 { |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
109 size_t is_len; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
110 uint8_t is[SHA256_DIGEST_LENGTH]; |
|
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
111 ngx_str_t iss; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
112 ngx_uint_t i; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
113 const EVP_MD *digest; |
|
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
114 ngx_quic_hkdf_t seq[8]; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
115 ngx_quic_secret_t *client, *server; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 static const uint8_t salt[20] = |
|
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
118 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
|
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
119 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
121 client = &keys->secrets[ssl_encryption_initial].client; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
122 server = &keys->secrets[ssl_encryption_initial].server; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
123 |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
124 /* |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
125 * RFC 9001, section 5. Packet Protection |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
126 * |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
127 * Initial packets use AEAD_AES_128_GCM. The hash function |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
128 * for HKDF when deriving initial secrets and keys is SHA-256. |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
129 */ |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 digest = EVP_sha256(); |
|
8729
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8716
diff
changeset
|
132 is_len = SHA256_DIGEST_LENGTH; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
|
8980
d8865baab732
QUIC: removed draft versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8926
diff
changeset
|
135 salt, sizeof(salt)) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 != NGX_OK) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 |
|
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
141 iss.len = is_len; |
|
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
142 iss.data = is; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
144 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
145 "quic ngx_quic_set_initial_secret"); |
|
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8565
diff
changeset
|
146 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
147 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
148 "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt); |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
149 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
150 "quic initial secret len:%uz %*xs", is_len, is_len, is); |
| 8359 | 151 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 |
|
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
153 client->secret.len = SHA256_DIGEST_LENGTH; |
|
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
154 server->secret.len = SHA256_DIGEST_LENGTH; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 |
|
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
156 client->key.len = NGX_QUIC_AES_128_KEY_LEN; |
|
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
157 server->key.len = NGX_QUIC_AES_128_KEY_LEN; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 |
|
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
159 client->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
|
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
160 server->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
162 client->iv.len = NGX_QUIC_IV_LEN; |
|
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
163 server->iv.len = NGX_QUIC_IV_LEN; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 |
|
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
165 /* labels per RFC 9001, 5.1. Packet Protection Keys */ |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
166 ngx_quic_hkdf_set(&seq[0], "tls13 client in", &client->secret, &iss); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
167 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", &client->key, &client->secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
168 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", &client->iv, &client->secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
169 ngx_quic_hkdf_set(&seq[3], "tls13 quic hp", &client->hp, &client->secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
170 ngx_quic_hkdf_set(&seq[4], "tls13 server in", &server->secret, &iss); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
171 ngx_quic_hkdf_set(&seq[5], "tls13 quic key", &server->key, &server->secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
172 ngx_quic_hkdf_set(&seq[6], "tls13 quic iv", &server->iv, &server->secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
173 ngx_quic_hkdf_set(&seq[7], "tls13 quic hp", &server->hp, &server->secret); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
176 if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) { |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
185 ngx_int_t |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
186 ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 size_t info_len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 uint8_t *p; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 uint8_t info[20]; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
192 info_len = 2 + 1 + h->label_len + 1; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 info[0] = 0; |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
195 info[1] = h->out_len; |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
196 info[2] = h->label_len; |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
197 |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
198 p = ngx_cpymem(&info[3], h->label, h->label_len); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 *p = '\0'; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
201 if (ngx_hkdf_expand(h->out, h->out_len, digest, |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
202 h->prk, h->prk_len, info, info_len) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 != NGX_OK) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 { |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
205 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
206 "ngx_hkdf_expand(%*s) failed", h->label_len, h->label); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 |
| 8359 | 210 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
211 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0, |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
212 "quic expand \"%*s\" len:%uz %*xs", |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
213 h->label_len, h->label, h->out_len, h->out_len, h->out); |
| 8359 | 214 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 static ngx_int_t |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 #ifdef OPENSSL_IS_BORINGSSL |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
225 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 == 0) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 } |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
231 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
232 return NGX_OK; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
233 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 EVP_PKEY_CTX *pctx; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
239 if (pctx == NULL) { |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
240 return NGX_ERROR; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
241 } |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 if (EVP_PKEY_derive_init(pctx) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
244 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
248 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
252 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
256 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
260 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
264 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 |
|
8739
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
267 EVP_PKEY_CTX_free(pctx); |
|
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
268 |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
269 return NGX_OK; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
270 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
271 failed: |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
273 EVP_PKEY_CTX_free(pctx); |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
274 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
275 return NGX_ERROR; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
276 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
277 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 static ngx_int_t |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 const u_char *secret, size_t secret_len, const u_char *salt, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 size_t salt_len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 #ifdef OPENSSL_IS_BORINGSSL |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
287 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 salt_len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 == 0) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 } |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
294 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
295 return NGX_OK; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
296 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 EVP_PKEY_CTX *pctx; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
302 if (pctx == NULL) { |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
303 return NGX_ERROR; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
304 } |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
305 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 if (EVP_PKEY_derive_init(pctx) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
307 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
309 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
311 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
313 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
315 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
319 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
323 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
325 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) { |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
327 goto failed; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
329 |
|
8739
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
330 EVP_PKEY_CTX_free(pctx); |
|
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
331 |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
332 return NGX_OK; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
333 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
334 failed: |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
335 |
|
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
336 EVP_PKEY_CTX_free(pctx); |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
337 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
338 return NGX_ERROR; |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
339 |
|
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
340 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
341 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
342 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 static ngx_int_t |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
345 ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
|
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
346 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, |
|
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
347 ngx_log_t *log) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
348 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
349 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 #ifdef OPENSSL_IS_BORINGSSL |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 EVP_AEAD_CTX *ctx; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 EVP_AEAD_DEFAULT_TAG_LENGTH); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 if (ctx == NULL) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 in->data, in->len, ad->data, ad->len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 != 1) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 EVP_AEAD_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
368 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 EVP_AEAD_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 int len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 u_char *tag; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 EVP_CIPHER_CTX *ctx; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 ctx = EVP_CIPHER_CTX_new(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 if (ctx == NULL) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 == 0) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
394 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
395 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
396 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
397 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
399 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
407 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
408 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 in->len - EVP_GCM_TLS_TAG_LEN) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 != 1) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
415 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
416 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 out->len = len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 == 0) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 out->len += len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
444 ngx_int_t |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
445 ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
|
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
446 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 #ifdef OPENSSL_IS_BORINGSSL |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 EVP_AEAD_CTX *ctx; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 EVP_AEAD_DEFAULT_TAG_LENGTH); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 if (ctx == NULL) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 in->data, in->len, ad->data, ad->len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 != 1) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 EVP_AEAD_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 EVP_AEAD_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 #else |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 int len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 EVP_CIPHER_CTX *ctx; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 ctx = EVP_CIPHER_CTX_new(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 if (ctx == NULL) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 == 0) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
502 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
503 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
506 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
507 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
508 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
509 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
510 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
511 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
512 out->len = len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
513 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
514 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
515 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
516 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
517 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
518 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
519 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
520 out->len += len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
521 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
523 out->data + in->len) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
524 == 0) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
525 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
526 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
527 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
528 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
529 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
530 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
532 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
533 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
534 out->len += EVP_GCM_TLS_TAG_LEN; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
539 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
540 static ngx_int_t |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
541 ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
542 ngx_quic_secret_t *s, u_char *out, u_char *in) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
543 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
544 int outlen; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
545 EVP_CIPHER_CTX *ctx; |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
546 u_char zero[NGX_QUIC_HP_LEN] = {0}; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
547 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
548 #ifdef OPENSSL_IS_BORINGSSL |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
549 uint32_t cnt; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
550 |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
551 ngx_memcpy(&cnt, in, sizeof(uint32_t)); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
552 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
553 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
554 CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
555 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
556 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
557 #endif |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
558 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
559 ctx = EVP_CIPHER_CTX_new(); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
560 if (ctx == NULL) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
561 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
562 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
563 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
564 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, in) != 1) { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
565 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
566 goto failed; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
567 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
568 |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
569 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) { |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
570 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
571 goto failed; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
572 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
573 |
|
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
574 if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) { |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
575 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed"); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
576 goto failed; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
577 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
578 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
579 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
580 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
581 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
582 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
583 failed: |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
584 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
585 EVP_CIPHER_CTX_free(ctx); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
586 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
587 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
588 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
589 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
590 |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
591 ngx_int_t |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
592 ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
593 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
594 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
595 { |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
596 ngx_int_t key_len; |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
597 ngx_str_t secret_str; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
598 ngx_uint_t i; |
|
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
599 ngx_quic_hkdf_t seq[3]; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
600 ngx_quic_secret_t *peer_secret; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
601 ngx_quic_ciphers_t ciphers; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
602 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
603 peer_secret = is_write ? &keys->secrets[level].server |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
604 : &keys->secrets[level].client; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
605 |
|
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
606 keys->cipher = SSL_CIPHER_get_id(cipher); |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
607 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
608 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
609 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
610 if (key_len == NGX_ERROR) { |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
611 ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
612 return NGX_ERROR; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
613 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
614 |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
615 if (sizeof(peer_secret->secret.data) < secret_len) { |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
616 ngx_log_error(NGX_LOG_ALERT, log, 0, |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
617 "unexpected secret len: %uz", secret_len); |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
618 return NGX_ERROR; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
619 } |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
620 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
621 peer_secret->secret.len = secret_len; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
622 ngx_memcpy(peer_secret->secret.data, secret, secret_len); |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
623 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
624 peer_secret->key.len = key_len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
625 peer_secret->iv.len = NGX_QUIC_IV_LEN; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
626 peer_secret->hp.len = key_len; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
627 |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
628 secret_str.len = secret_len; |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
629 secret_str.data = (u_char *) secret; |
|
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
630 |
|
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
631 ngx_quic_hkdf_set(&seq[0], "tls13 quic key", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
632 &peer_secret->key, &secret_str); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
633 ngx_quic_hkdf_set(&seq[1], "tls13 quic iv", &peer_secret->iv, &secret_str); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
634 ngx_quic_hkdf_set(&seq[2], "tls13 quic hp", &peer_secret->hp, &secret_str); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
635 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
636 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
637 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
638 return NGX_ERROR; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
639 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
640 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
641 |
|
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
642 return NGX_OK; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
643 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
644 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
645 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
646 ngx_uint_t |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
647 ngx_quic_keys_available(ngx_quic_keys_t *keys, |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
648 enum ssl_encryption_level_t level) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
649 { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
650 return keys->secrets[level].client.key.len != 0; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
651 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
652 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
653 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
654 void |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
655 ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
656 enum ssl_encryption_level_t level) |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
657 { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
658 keys->secrets[level].client.key.len = 0; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
659 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
660 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
661 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
662 void |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
663 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
664 { |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
665 ngx_quic_secrets_t *current, *next, tmp; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
666 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
667 current = &keys->secrets[ssl_encryption_application]; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
668 next = &keys->next_key; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
669 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
670 tmp = *current; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
671 *current = *next; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
672 *next = tmp; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
673 } |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
674 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
675 |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
676 ngx_int_t |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
677 ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys) |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
678 { |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
679 ngx_uint_t i; |
|
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
680 ngx_quic_hkdf_t seq[6]; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
681 ngx_quic_ciphers_t ciphers; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
682 ngx_quic_secrets_t *current, *next; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
683 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
684 current = &keys->secrets[ssl_encryption_application]; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
685 next = &keys->next_key; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
686 |
|
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
687 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
688 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
689 if (ngx_quic_ciphers(keys->cipher, &ciphers, ssl_encryption_application) |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
690 == NGX_ERROR) |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
691 { |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
692 return NGX_ERROR; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
693 } |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
694 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
695 next->client.secret.len = current->client.secret.len; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
696 next->client.key.len = current->client.key.len; |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
697 next->client.iv.len = NGX_QUIC_IV_LEN; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
698 next->client.hp = current->client.hp; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
699 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
700 next->server.secret.len = current->server.secret.len; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
701 next->server.key.len = current->server.key.len; |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
702 next->server.iv.len = NGX_QUIC_IV_LEN; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
703 next->server.hp = current->server.hp; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
704 |
|
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
705 ngx_quic_hkdf_set(&seq[0], "tls13 quic ku", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
706 &next->client.secret, ¤t->client.secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
707 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
708 &next->client.key, &next->client.secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
709 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
710 &next->client.iv, &next->client.secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
711 ngx_quic_hkdf_set(&seq[3], "tls13 quic ku", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
712 &next->server.secret, ¤t->server.secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
713 ngx_quic_hkdf_set(&seq[4], "tls13 quic key", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
714 &next->server.key, &next->server.secret); |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
715 ngx_quic_hkdf_set(&seq[5], "tls13 quic iv", |
|
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
716 &next->server.iv, &next->server.secret); |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
717 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
718 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
|
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
719 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) { |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
720 return NGX_ERROR; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
721 } |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
722 } |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
723 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
724 return NGX_OK; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
725 } |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
726 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
727 |
|
8376
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8375
diff
changeset
|
728 static ngx_int_t |
|
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
729 ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
730 { |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
731 u_char *pnp, *sample; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
732 ngx_str_t ad, out; |
|
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
733 ngx_uint_t i; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
734 ngx_quic_secret_t *secret; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
735 ngx_quic_ciphers_t ciphers; |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
736 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
737 |
|
8894
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
738 ad.data = res->data; |
|
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
739 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
740 |
|
8894
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
741 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; |
|
8318
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
742 out.data = res->data + ad.len; |
|
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
743 |
| 8359 | 744 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
745 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
746 "quic ad len:%uz %xV", ad.len, &ad); |
| 8359 | 747 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
748 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
749 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
750 { |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
751 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
752 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
753 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
754 secret = &pkt->keys->secrets[pkt->level].server; |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
755 |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
756 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
|
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
757 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
758 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
759 if (ngx_quic_tls_seal(ciphers.c, secret, &out, |
|
8318
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
760 nonce, &pkt->payload, &ad, pkt->log) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
761 != NGX_OK) |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
762 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
763 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
764 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
765 |
|
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
766 sample = &out.data[4 - pkt->num_len]; |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
767 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
768 != NGX_OK) |
|
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
769 { |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
770 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
771 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
772 |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
773 /* RFC 9001, 5.4.1. Header Protection Application */ |
|
8643
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8642
diff
changeset
|
774 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
|
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
775 |
|
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
776 for (i = 0; i < pkt->num_len; i++) { |
|
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
777 pnp[i] ^= mask[i + 1]; |
|
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
778 } |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
779 |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
780 res->len = ad.len + out.len; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
781 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
782 return NGX_OK; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
783 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
784 |
|
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
785 |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
786 static ngx_int_t |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
787 ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
788 { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
789 u_char *start; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
790 ngx_str_t ad, itag; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
791 ngx_quic_secret_t secret; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
792 ngx_quic_ciphers_t ciphers; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
793 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
794 /* 5.8. Retry Packet Integrity */ |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
795 static u_char key[16] = |
|
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
796 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
797 static u_char nonce[NGX_QUIC_IV_LEN] = |
|
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
798 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
799 static ngx_str_t in = ngx_string(""); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
800 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
801 ad.data = res->data; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
802 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
803 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
804 itag.data = ad.data + ad.len; |
| 8394 | 805 itag.len = EVP_GCM_TLS_TAG_LEN; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
806 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
807 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
809 "quic retry itag len:%uz %xV", ad.len, &ad); |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
810 #endif |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
811 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
812 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
813 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
814 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
815 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
816 secret.key.len = sizeof(key); |
|
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
817 ngx_memcpy(secret.key.data, key, sizeof(key)); |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
818 secret.iv.len = NGX_QUIC_IV_LEN; |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
819 |
|
8980
d8865baab732
QUIC: removed draft versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8926
diff
changeset
|
820 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log) |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
821 != NGX_OK) |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
822 { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
823 return NGX_ERROR; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
824 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
825 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
826 res->len = itag.data + itag.len - start; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
827 res->data = start; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
828 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
829 return NGX_OK; |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
830 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
831 |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
832 |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
833 ngx_int_t |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
834 ngx_quic_derive_key(ngx_log_t *log, const char *label, ngx_str_t *secret, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
835 ngx_str_t *salt, u_char *out, size_t len) |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
836 { |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
837 size_t is_len, info_len; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
838 uint8_t *p; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
839 const EVP_MD *digest; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
840 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
841 uint8_t is[SHA256_DIGEST_LENGTH]; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
842 uint8_t info[20]; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
843 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
844 digest = EVP_sha256(); |
|
8729
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8716
diff
changeset
|
845 is_len = SHA256_DIGEST_LENGTH; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
846 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
847 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
848 salt->data, salt->len) |
|
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
849 != NGX_OK) |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
850 { |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
851 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
852 "ngx_hkdf_extract(%s) failed", label); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
853 return NGX_ERROR; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
854 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
855 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
856 info[0] = 0; |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
857 info[1] = len; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
858 info[2] = ngx_strlen(label); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
859 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
860 info_len = 2 + 1 + info[2] + 1; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
861 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
862 if (info_len >= 20) { |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
863 ngx_log_error(NGX_LOG_INFO, log, 0, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
864 "ngx_quic_create_key label \"%s\" too long", label); |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
865 return NGX_ERROR; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
866 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
867 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
868 p = ngx_cpymem(&info[3], label, info[2]); |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
869 *p = '\0'; |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
870 |
|
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
871 if (ngx_hkdf_expand(out, len, digest, is, is_len, info, info_len) != NGX_OK) |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
872 { |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
873 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
874 "ngx_hkdf_expand(%s) failed", label); |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
875 return NGX_ERROR; |
|
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
876 } |
|
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
877 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
878 return NGX_OK; |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
879 } |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
880 |
|
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
881 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
882 static uint64_t |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
883 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
884 uint64_t *largest_pn) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
885 { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
886 u_char *p; |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
887 uint64_t truncated_pn, expected_pn, candidate_pn; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
888 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
889 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
890 pn_nbits = ngx_min(len * 8, 62); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
891 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
892 p = *pos; |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
893 truncated_pn = *p++ ^ *mask++; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
894 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
895 while (--len) { |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
896 truncated_pn = (truncated_pn << 8) + (*p++ ^ *mask++); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
897 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
898 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
899 *pos = p; |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
900 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
901 expected_pn = *largest_pn + 1; |
| 8394 | 902 pn_win = 1ULL << pn_nbits; |
|
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
903 pn_hwin = pn_win / 2; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
904 pn_mask = pn_win - 1; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
905 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
906 candidate_pn = (expected_pn & ~pn_mask) | truncated_pn; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
907 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
908 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin) |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
909 && candidate_pn < (1ULL << 62) - pn_win) |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
910 { |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
911 candidate_pn += pn_win; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
912 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
913 } else if (candidate_pn > expected_pn + pn_hwin |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
914 && candidate_pn >= pn_win) |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
915 { |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
916 candidate_pn -= pn_win; |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
917 } |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
918 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
919 *largest_pn = ngx_max((int64_t) *largest_pn, (int64_t) candidate_pn); |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
920 |
|
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
921 return candidate_pn; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
922 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
923 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
924 |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
925 void |
|
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
926 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn) |
|
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
927 { |
|
9047
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
928 nonce[len - 8] ^= (pn >> 56) & 0x3f; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
929 nonce[len - 7] ^= (pn >> 48) & 0xff; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
930 nonce[len - 6] ^= (pn >> 40) & 0xff; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
931 nonce[len - 5] ^= (pn >> 32) & 0xff; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
932 nonce[len - 4] ^= (pn >> 24) & 0xff; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
933 nonce[len - 3] ^= (pn >> 16) & 0xff; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
934 nonce[len - 2] ^= (pn >> 8) & 0xff; |
|
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
935 nonce[len - 1] ^= pn & 0xff; |
|
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
936 } |
|
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
937 |
|
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
938 |
|
8376
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8375
diff
changeset
|
939 ngx_int_t |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
940 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
941 { |
|
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
942 if (ngx_quic_pkt_retry(pkt->flags)) { |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
943 return ngx_quic_create_retry_packet(pkt, res); |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
944 } |
|
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
945 |
|
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
946 return ngx_quic_create_packet(pkt, res); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
947 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
948 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
949 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
950 ngx_int_t |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
951 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
952 { |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
953 u_char *p, *sample; |
|
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
954 size_t len; |
|
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
955 uint64_t pn, lpn; |
|
9041
e23fd55e1cc6
QUIC: fixed C4389 MSVC warning about signed/unsigned mismatch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9040
diff
changeset
|
956 ngx_int_t pnl, rc; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
957 ngx_str_t in, ad; |
|
9041
e23fd55e1cc6
QUIC: fixed C4389 MSVC warning about signed/unsigned mismatch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9040
diff
changeset
|
958 ngx_uint_t key_phase; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
959 ngx_quic_secret_t *secret; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
960 ngx_quic_ciphers_t ciphers; |
|
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
961 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
962 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
963 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
|
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
964 { |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
965 return NGX_ERROR; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
966 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
967 |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
968 secret = &pkt->keys->secrets[pkt->level].client; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
969 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
970 p = pkt->raw->pos; |
|
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
971 len = pkt->data + pkt->len - p; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
972 |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
973 /* |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
974 * RFC 9001, 5.4.2. Header Protection Sample |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
975 * 5.4.3. AES-Based Header Protection |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
976 * 5.4.4. ChaCha20-Based Header Protection |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
977 * |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
978 * the Packet Number field is assumed to be 4 bytes long |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
979 * AES and ChaCha20 algorithms sample 16 bytes |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
980 */ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
981 |
|
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
982 if (len < EVP_GCM_TLS_TAG_LEN + 4) { |
|
8543
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
983 return NGX_DECLINED; |
|
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
984 } |
|
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
985 |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
986 sample = p + 4; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
987 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
988 /* header protection */ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
989 |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
990 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
| 8287 | 991 != NGX_OK) |
| 992 { | |
|
8446
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8445
diff
changeset
|
993 return NGX_DECLINED; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
994 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
995 |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
996 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
997 |
|
8643
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8642
diff
changeset
|
998 if (ngx_quic_short_pkt(pkt->flags)) { |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
999 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1000 |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1001 if (key_phase != pkt->key_phase) { |
|
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1002 secret = &pkt->keys->next_key.client; |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1003 pkt->key_update = 1; |
|
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1004 } |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1005 } |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1006 |
|
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1007 lpn = *largest_pn; |
|
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1008 |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1009 pnl = (pkt->flags & 0x03) + 1; |
|
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1010 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1011 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1012 pkt->pn = pn; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1013 |
| 8287 | 1014 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1015 "quic packet rx clearflags:%xd", pkt->flags); |
| 8287 | 1016 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
|
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1017 "quic packet rx number:%uL len:%xi", pn, pnl); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1018 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1019 /* packet protection */ |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1020 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1021 in.data = p; |
|
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
1022 in.len = len - pnl; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1023 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1024 ad.len = p - pkt->data; |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1025 ad.data = pkt->plaintext; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1026 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1027 ngx_memcpy(ad.data, pkt->data, ad.len); |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1028 ad.data[0] = pkt->flags; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1029 |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1030 do { |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1031 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1032 } while (--pnl); |
|
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1033 |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1034 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
|
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1035 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1036 |
| 8359 | 1037 #ifdef NGX_QUIC_DEBUG_CRYPTO |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1038 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1039 "quic ad len:%uz %xV", ad.len, &ad); |
| 8359 | 1040 #endif |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1041 |
|
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1042 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; |
|
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1043 pkt->payload.data = pkt->plaintext + ad.len; |
|
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1044 |
|
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1045 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
| 8287 | 1046 nonce, &in, &ad, pkt->log); |
|
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1047 if (rc != NGX_OK) { |
|
8446
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8445
diff
changeset
|
1048 return NGX_DECLINED; |
|
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1049 } |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1050 |
|
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1051 if (pkt->payload.len == 0) { |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1052 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1053 * RFC 9000, 12.4. Frames and Frame Types |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1054 * |
|
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1055 * An endpoint MUST treat receipt of a packet containing no |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1056 * frames as a connection error of type PROTOCOL_VIOLATION. |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1057 */ |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1058 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet"); |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1059 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1060 return NGX_ERROR; |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1061 } |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1062 |
|
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1063 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { |
|
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1064 /* |
|
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1065 * RFC 9000, Reserved Bits |
|
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1066 * |
|
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1067 * An endpoint MUST treat receipt of a packet that has |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1068 * a non-zero value for these bits, after removing both |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1069 * packet and header protection, as a connection error |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1070 * of type PROTOCOL_VIOLATION. |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1071 */ |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1072 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1073 "quic reserved bit set in packet"); |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1074 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1075 return NGX_ERROR; |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1076 } |
|
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1077 |
|
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1078 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
|
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1079 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1080 "quic packet payload len:%uz %xV", |
|
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1081 pkt->payload.len, &pkt->payload); |
|
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1082 #endif |
|
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1083 |
|
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1084 *largest_pn = lpn; |
|
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1085 |
|
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1086 return NGX_OK; |
|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1087 } |