Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_protection.c @ 9157:daf8f5ba23d8
QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level.
As explained in BoringSSL change[1], levels were introduced in the original
QUIC API to draw a line between when keys are released and when are active.
In the new QUIC API they are released in separate calls when it's needed.
BoringSSL has then a consideration to remove levels API, hence the change.
If not available e.g. from a QUIC packet header, levels can be taken based on
keys availability. The only real use of levels is to prevent using app keys
before they are active in QuicTLS that provides the old BoringSSL QUIC API,
it is replaced with an equivalent check of c->ssl->handshaked.
This change also removes OpenSSL compat shims since they are no longer used.
The only exception left is caching write level from the keylog callback in
the internal field which is a handy equivalent of checking keys availability.
[1] https://boringssl.googlesource.com/boringssl/+/1e859054
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 01 Sep 2023 20:31:46 +0400 |
parents | 2880f60a80c3 |
children | ff98ae7d261e |
rev | line source |
---|---|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
8755
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8739
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
13 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ |
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
14 #define NGX_QUIC_HP_LEN 5 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 |
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
16 #define NGX_QUIC_AES_128_KEY_LEN 16 |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
17 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 const EVP_MD *digest, const u_char *prk, size_t prk_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 const u_char *info, size_t info_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 static ngx_int_t ngx_hkdf_extract(u_char *out_key, size_t *out_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 const EVP_MD *digest, const u_char *secret, size_t secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 const u_char *salt, size_t salt_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
26 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
27 uint64_t *largest_pn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
29 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
8287 | 31 ngx_str_t *ad, ngx_log_t *log); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 ngx_quic_secret_t *s, u_char *out, u_char *in); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 |
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
35 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
36 ngx_str_t *res); |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
37 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
38 ngx_str_t *res); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
41 ngx_int_t |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
42 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 enum ssl_encryption_level_t level) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
45 ngx_int_t len; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 if (level == ssl_encryption_initial) { |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
48 id = TLS1_3_CK_AES_128_GCM_SHA256; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 switch (id) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
53 case TLS1_3_CK_AES_128_GCM_SHA256: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 ciphers->c = EVP_aead_aes_128_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 ciphers->c = EVP_aes_128_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ciphers->hp = EVP_aes_128_ctr(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 ciphers->d = EVP_sha256(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 len = 16; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
64 case TLS1_3_CK_AES_256_GCM_SHA384: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 ciphers->c = EVP_aead_aes_256_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 ciphers->c = EVP_aes_256_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 ciphers->hp = EVP_aes_256_ctr(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 ciphers->d = EVP_sha384(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 len = 32; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
75 case TLS1_3_CK_CHACHA20_POLY1305_SHA256: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 ciphers->c = EVP_aead_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 ciphers->c = EVP_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 ciphers->hp = EVP_chacha20(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 ciphers->d = EVP_sha256(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 len = 32; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
90 #ifndef OPENSSL_IS_BORINGSSL |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
91 case TLS1_3_CK_AES_128_CCM_SHA256: |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
92 ciphers->c = EVP_aes_128_ccm(); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
93 ciphers->hp = EVP_aes_128_ctr(); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
94 ciphers->d = EVP_sha256(); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
95 len = 16; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
96 break; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
97 #endif |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
98 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 default: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 return len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 ngx_int_t |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
108 ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, |
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
109 ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
111 size_t is_len; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
112 uint8_t is[SHA256_DIGEST_LENGTH]; |
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
113 ngx_str_t iss; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
114 ngx_uint_t i; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
115 const EVP_MD *digest; |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
116 ngx_quic_hkdf_t seq[8]; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
117 ngx_quic_secret_t *client, *server; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 static const uint8_t salt[20] = |
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
120 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
121 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
123 client = &keys->secrets[ssl_encryption_initial].client; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
124 server = &keys->secrets[ssl_encryption_initial].server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
125 |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
126 /* |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
127 * RFC 9001, section 5. Packet Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
128 * |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
129 * Initial packets use AEAD_AES_128_GCM. The hash function |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
130 * for HKDF when deriving initial secrets and keys is SHA-256. |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
131 */ |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 digest = EVP_sha256(); |
8729
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8716
diff
changeset
|
134 is_len = SHA256_DIGEST_LENGTH; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
8980
d8865baab732
QUIC: removed draft versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8926
diff
changeset
|
137 salt, sizeof(salt)) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 |
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
143 iss.len = is_len; |
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
144 iss.data = is; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
146 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
147 "quic ngx_quic_set_initial_secret"); |
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8565
diff
changeset
|
148 #ifdef NGX_QUIC_DEBUG_CRYPTO |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
149 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
150 "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt); |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
151 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
152 "quic initial secret len:%uz %*xs", is_len, is_len, is); |
8359 | 153 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
155 client->secret.len = SHA256_DIGEST_LENGTH; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
156 server->secret.len = SHA256_DIGEST_LENGTH; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 |
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
158 client->key.len = NGX_QUIC_AES_128_KEY_LEN; |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
159 server->key.len = NGX_QUIC_AES_128_KEY_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 |
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
161 client->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
162 server->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
164 client->iv.len = NGX_QUIC_IV_LEN; |
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
165 server->iv.len = NGX_QUIC_IV_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
167 /* labels per RFC 9001, 5.1. Packet Protection Keys */ |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
168 ngx_quic_hkdf_set(&seq[0], "tls13 client in", &client->secret, &iss); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
169 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", &client->key, &client->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
170 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", &client->iv, &client->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
171 ngx_quic_hkdf_set(&seq[3], "tls13 quic hp", &client->hp, &client->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
172 ngx_quic_hkdf_set(&seq[4], "tls13 server in", &server->secret, &iss); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
173 ngx_quic_hkdf_set(&seq[5], "tls13 quic key", &server->key, &server->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
174 ngx_quic_hkdf_set(&seq[6], "tls13 quic iv", &server->iv, &server->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
175 ngx_quic_hkdf_set(&seq[7], "tls13 quic hp", &server->hp, &server->secret); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
178 if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
187 ngx_int_t |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
188 ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 size_t info_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 uint8_t *p; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 uint8_t info[20]; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
194 info_len = 2 + 1 + h->label_len + 1; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 info[0] = 0; |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
197 info[1] = h->out_len; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
198 info[2] = h->label_len; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
199 |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
200 p = ngx_cpymem(&info[3], h->label, h->label_len); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 *p = '\0'; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
203 if (ngx_hkdf_expand(h->out, h->out_len, digest, |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
204 h->prk, h->prk_len, info, info_len) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
207 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
208 "ngx_hkdf_expand(%*s) failed", h->label_len, h->label); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 |
8359 | 212 #ifdef NGX_QUIC_DEBUG_CRYPTO |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
213 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0, |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
214 "quic expand \"%*s\" len:%uz %*xs", |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
215 h->label_len, h->label, h->out_len, h->out_len, h->out); |
8359 | 216 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 #ifdef OPENSSL_IS_BORINGSSL |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
227 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 } |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
233 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
234 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
235 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 EVP_PKEY_CTX *pctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
241 if (pctx == NULL) { |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
242 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
243 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 if (EVP_PKEY_derive_init(pctx) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
246 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
250 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
254 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
258 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
262 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
266 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 |
8739
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
269 EVP_PKEY_CTX_free(pctx); |
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
270 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
271 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
272 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
273 failed: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
275 EVP_PKEY_CTX_free(pctx); |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
276 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
277 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
278 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
279 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 const u_char *secret, size_t secret_len, const u_char *salt, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 size_t salt_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 #ifdef OPENSSL_IS_BORINGSSL |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
289 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 salt_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
294 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 } |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
296 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
297 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
298 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 EVP_PKEY_CTX *pctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
302 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
304 if (pctx == NULL) { |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
305 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
306 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 if (EVP_PKEY_derive_init(pctx) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
309 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
313 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
317 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
321 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
325 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
329 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
330 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
331 |
8739
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
332 EVP_PKEY_CTX_free(pctx); |
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
333 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
334 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
335 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
336 failed: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
337 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
338 EVP_PKEY_CTX_free(pctx); |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
339 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
340 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
341 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
342 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
345 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
346 static ngx_int_t |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
347 ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
9130 | 348 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
349 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 EVP_AEAD_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 EVP_AEAD_DEFAULT_TAG_LENGTH); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
357 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 in->data, in->len, ad->data, ad->len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 != 1) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
365 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
368 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
372 int len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 EVP_CIPHER_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
376 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
384 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 |
9129
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
387 in->len -= NGX_QUIC_TAG_LEN; |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
388 |
9129
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
389 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, |
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
390 in->data + in->len) |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
391 == 0) |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
392 { |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
393 EVP_CIPHER_CTX_free(ctx); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
394 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
395 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
396 return NGX_ERROR; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
397 } |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
398 |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
399 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
404 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
407 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
408 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
414 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE |
9129
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
415 && EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1) |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
416 { |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
417 EVP_CIPHER_CTX_free(ctx); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
418 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
419 return NGX_ERROR; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
420 } |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
421 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 |
9129
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
428 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 out->len = len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 |
9129
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
436 if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 out->len += len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
451 ngx_int_t |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
452 ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
453 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 EVP_AEAD_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 EVP_AEAD_DEFAULT_TAG_LENGTH); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 in->data, in->len, ad->data, ad->len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 != 1) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 int len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 EVP_CIPHER_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
492 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
493 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
494 NULL) |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
495 == 0) |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
496 { |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
497 EVP_CIPHER_CTX_free(ctx); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
498 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
499 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
500 return NGX_ERROR; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
501 } |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
502 |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
503 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
506 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
507 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
508 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
509 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
510 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
511 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
512 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
513 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
514 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
515 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
516 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
517 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
518 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
519 && EVP_EncryptUpdate(ctx, NULL, &len, NULL, in->len) != 1) |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
520 { |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
521 EVP_CIPHER_CTX_free(ctx); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
522 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
523 return NGX_ERROR; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
524 } |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
525 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
526 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
527 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
528 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
529 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
530 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
532 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
533 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
534 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 out->len = len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
539 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
540 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
541 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
542 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
543 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
544 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
545 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
546 out->len += len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
547 |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
548 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, |
9129
7379cb29cd72
QUIC: unified ngx_quic_tls_open() and ngx_quic_tls_seal().
Sergey Kandaurov <pluknet@nginx.com>
parents:
9128
diff
changeset
|
549 out->data + out->len) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
550 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
551 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
552 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
553 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
554 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
555 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
556 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
557 |
9130 | 558 out->len += NGX_QUIC_TAG_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
559 |
9130 | 560 EVP_CIPHER_CTX_free(ctx); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
561 #endif |
9130 | 562 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
563 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
564 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
565 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
566 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
567 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
568 ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
569 ngx_quic_secret_t *s, u_char *out, u_char *in) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
570 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
571 int outlen; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
572 EVP_CIPHER_CTX *ctx; |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
573 u_char zero[NGX_QUIC_HP_LEN] = {0}; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
574 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
575 #ifdef OPENSSL_IS_BORINGSSL |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
576 uint32_t cnt; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
577 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
578 ngx_memcpy(&cnt, in, sizeof(uint32_t)); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
579 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
580 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
581 CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
582 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
583 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
584 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
585 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
586 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
587 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
588 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
589 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
590 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
591 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, in) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
592 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
593 goto failed; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
594 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
595 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
596 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
597 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
598 goto failed; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
599 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
600 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
601 if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
602 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
603 goto failed; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
604 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
605 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
606 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
607 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
608 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
609 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
610 failed: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
611 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
612 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
613 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
614 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
615 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
616 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
617 |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
618 ngx_int_t |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
619 ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
620 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
621 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
622 { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
623 ngx_int_t key_len; |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
624 ngx_str_t secret_str; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
625 ngx_uint_t i; |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
626 ngx_quic_hkdf_t seq[3]; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
627 ngx_quic_secret_t *peer_secret; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
628 ngx_quic_ciphers_t ciphers; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
629 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
630 peer_secret = is_write ? &keys->secrets[level].server |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
631 : &keys->secrets[level].client; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
632 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
633 keys->cipher = SSL_CIPHER_get_id(cipher); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
634 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
635 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
636 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
637 if (key_len == NGX_ERROR) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
638 ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
639 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
640 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
641 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
642 if (sizeof(peer_secret->secret.data) < secret_len) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
643 ngx_log_error(NGX_LOG_ALERT, log, 0, |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
644 "unexpected secret len: %uz", secret_len); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
645 return NGX_ERROR; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
646 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
647 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
648 peer_secret->secret.len = secret_len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
649 ngx_memcpy(peer_secret->secret.data, secret, secret_len); |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
650 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
651 peer_secret->key.len = key_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
652 peer_secret->iv.len = NGX_QUIC_IV_LEN; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
653 peer_secret->hp.len = key_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
654 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
655 secret_str.len = secret_len; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
656 secret_str.data = (u_char *) secret; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
657 |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
658 ngx_quic_hkdf_set(&seq[0], "tls13 quic key", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
659 &peer_secret->key, &secret_str); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
660 ngx_quic_hkdf_set(&seq[1], "tls13 quic iv", &peer_secret->iv, &secret_str); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
661 ngx_quic_hkdf_set(&seq[2], "tls13 quic hp", &peer_secret->hp, &secret_str); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
662 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
663 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
664 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
665 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
666 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
667 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
668 |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
669 return NGX_OK; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
670 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
671 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
672 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
673 ngx_uint_t |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
674 ngx_quic_keys_available(ngx_quic_keys_t *keys, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
675 enum ssl_encryption_level_t level) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
676 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
677 return keys->secrets[level].client.key.len != 0; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
678 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
679 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
680 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
681 void |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
682 ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
683 enum ssl_encryption_level_t level) |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
684 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
685 keys->secrets[level].client.key.len = 0; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
686 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
687 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
688 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
689 void |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
690 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
691 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
692 ngx_quic_secrets_t *current, *next, tmp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
693 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
694 current = &keys->secrets[ssl_encryption_application]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
695 next = &keys->next_key; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
696 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
697 tmp = *current; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
698 *current = *next; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
699 *next = tmp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
700 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
701 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
702 |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
703 void |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
704 ngx_quic_keys_update(ngx_event_t *ev) |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
705 { |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
706 ngx_uint_t i; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
707 ngx_quic_hkdf_t seq[6]; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
708 ngx_quic_keys_t *keys; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
709 ngx_connection_t *c; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
710 ngx_quic_ciphers_t ciphers; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
711 ngx_quic_secrets_t *current, *next; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
712 ngx_quic_connection_t *qc; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
713 |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
714 c = ev->data; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
715 qc = ngx_quic_get_connection(c); |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
716 keys = qc->keys; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
717 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
718 current = &keys->secrets[ssl_encryption_application]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
719 next = &keys->next_key; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
720 |
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
721 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
722 |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
723 c->log->action = "updating keys"; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
724 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
725 if (ngx_quic_ciphers(keys->cipher, &ciphers, ssl_encryption_application) |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
726 == NGX_ERROR) |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
727 { |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
728 goto failed; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
729 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
730 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
731 next->client.secret.len = current->client.secret.len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
732 next->client.key.len = current->client.key.len; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
733 next->client.iv.len = NGX_QUIC_IV_LEN; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
734 next->client.hp = current->client.hp; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
735 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
736 next->server.secret.len = current->server.secret.len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
737 next->server.key.len = current->server.key.len; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
738 next->server.iv.len = NGX_QUIC_IV_LEN; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
739 next->server.hp = current->server.hp; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
740 |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
741 ngx_quic_hkdf_set(&seq[0], "tls13 quic ku", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
742 &next->client.secret, ¤t->client.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
743 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
744 &next->client.key, &next->client.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
745 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
746 &next->client.iv, &next->client.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
747 ngx_quic_hkdf_set(&seq[3], "tls13 quic ku", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
748 &next->server.secret, ¤t->server.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
749 ngx_quic_hkdf_set(&seq[4], "tls13 quic key", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
750 &next->server.key, &next->server.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
751 ngx_quic_hkdf_set(&seq[5], "tls13 quic iv", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
752 &next->server.iv, &next->server.secret); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
753 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
754 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
755 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) { |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
756 goto failed; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
757 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
758 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
759 |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
760 return; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
761 |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
762 failed: |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
763 |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
764 ngx_quic_close_connection(c, NGX_ERROR); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
765 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
766 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
767 |
8376
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8375
diff
changeset
|
768 static ngx_int_t |
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
769 ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
770 { |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
771 u_char *pnp, *sample; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
772 ngx_str_t ad, out; |
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
773 ngx_uint_t i; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
774 ngx_quic_secret_t *secret; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
775 ngx_quic_ciphers_t ciphers; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
776 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
777 |
8894
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
778 ad.data = res->data; |
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
779 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
780 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
781 out.len = pkt->payload.len + NGX_QUIC_TAG_LEN; |
8318
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
782 out.data = res->data + ad.len; |
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
783 |
8359 | 784 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
785 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
786 "quic ad len:%uz %xV", ad.len, &ad); |
8359 | 787 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
788 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
789 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
790 { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
791 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
792 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
793 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
794 secret = &pkt->keys->secrets[pkt->level].server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
795 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
796 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
797 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
798 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
799 if (ngx_quic_tls_seal(ciphers.c, secret, &out, |
8318
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
800 nonce, &pkt->payload, &ad, pkt->log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
801 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
802 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
803 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
804 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
805 |
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
806 sample = &out.data[4 - pkt->num_len]; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
807 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
808 != NGX_OK) |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
809 { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
810 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
811 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
812 |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
813 /* RFC 9001, 5.4.1. Header Protection Application */ |
8643
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8642
diff
changeset
|
814 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
815 |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
816 for (i = 0; i < pkt->num_len; i++) { |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
817 pnp[i] ^= mask[i + 1]; |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
818 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
819 |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
820 res->len = ad.len + out.len; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
821 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
822 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
823 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
824 |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
825 |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
826 static ngx_int_t |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
827 ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
828 { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
829 u_char *start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
830 ngx_str_t ad, itag; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
831 ngx_quic_secret_t secret; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
832 ngx_quic_ciphers_t ciphers; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
833 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
834 /* 5.8. Retry Packet Integrity */ |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
835 static u_char key[16] = |
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
836 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
837 static u_char nonce[NGX_QUIC_IV_LEN] = |
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
838 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
839 static ngx_str_t in = ngx_string(""); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
840 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
841 ad.data = res->data; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
842 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
843 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
844 itag.data = ad.data + ad.len; |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
845 itag.len = NGX_QUIC_TAG_LEN; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
846 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
847 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
848 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
849 "quic retry itag len:%uz %xV", ad.len, &ad); |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
850 #endif |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
851 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
852 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
853 return NGX_ERROR; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
854 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
855 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
856 secret.key.len = sizeof(key); |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
857 ngx_memcpy(secret.key.data, key, sizeof(key)); |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
858 secret.iv.len = NGX_QUIC_IV_LEN; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
859 |
8980
d8865baab732
QUIC: removed draft versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8926
diff
changeset
|
860 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log) |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
861 != NGX_OK) |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
862 { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
863 return NGX_ERROR; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
864 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
865 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
866 res->len = itag.data + itag.len - start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
867 res->data = start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
868 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
869 return NGX_OK; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
870 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
871 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
872 |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
873 ngx_int_t |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
874 ngx_quic_derive_key(ngx_log_t *log, const char *label, ngx_str_t *secret, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
875 ngx_str_t *salt, u_char *out, size_t len) |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
876 { |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
877 size_t is_len, info_len; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
878 uint8_t *p; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
879 const EVP_MD *digest; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
880 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
881 uint8_t is[SHA256_DIGEST_LENGTH]; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
882 uint8_t info[20]; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
883 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
884 digest = EVP_sha256(); |
8729
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8716
diff
changeset
|
885 is_len = SHA256_DIGEST_LENGTH; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
886 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
887 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
888 salt->data, salt->len) |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
889 != NGX_OK) |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
890 { |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
891 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
892 "ngx_hkdf_extract(%s) failed", label); |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
893 return NGX_ERROR; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
894 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
895 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
896 info[0] = 0; |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
897 info[1] = len; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
898 info[2] = ngx_strlen(label); |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
899 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
900 info_len = 2 + 1 + info[2] + 1; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
901 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
902 if (info_len >= 20) { |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
903 ngx_log_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
904 "ngx_quic_create_key label \"%s\" too long", label); |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
905 return NGX_ERROR; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
906 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
907 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
908 p = ngx_cpymem(&info[3], label, info[2]); |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
909 *p = '\0'; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
910 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
911 if (ngx_hkdf_expand(out, len, digest, is, is_len, info, info_len) != NGX_OK) |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
912 { |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
913 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
914 "ngx_hkdf_expand(%s) failed", label); |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
915 return NGX_ERROR; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
916 } |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
917 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
918 return NGX_OK; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
919 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
920 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
921 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
922 static uint64_t |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
923 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
924 uint64_t *largest_pn) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
925 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
926 u_char *p; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
927 uint64_t truncated_pn, expected_pn, candidate_pn; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
928 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
929 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
930 pn_nbits = ngx_min(len * 8, 62); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
931 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
932 p = *pos; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
933 truncated_pn = *p++ ^ *mask++; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
934 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
935 while (--len) { |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
936 truncated_pn = (truncated_pn << 8) + (*p++ ^ *mask++); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
937 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
938 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
939 *pos = p; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
940 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
941 expected_pn = *largest_pn + 1; |
8394 | 942 pn_win = 1ULL << pn_nbits; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
943 pn_hwin = pn_win / 2; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
944 pn_mask = pn_win - 1; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
945 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
946 candidate_pn = (expected_pn & ~pn_mask) | truncated_pn; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
947 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
948 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
949 && candidate_pn < (1ULL << 62) - pn_win) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
950 { |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
951 candidate_pn += pn_win; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
952 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
953 } else if (candidate_pn > expected_pn + pn_hwin |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
954 && candidate_pn >= pn_win) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
955 { |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
956 candidate_pn -= pn_win; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
957 } |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
958 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
959 *largest_pn = ngx_max((int64_t) *largest_pn, (int64_t) candidate_pn); |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
960 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
961 return candidate_pn; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
962 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
963 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
964 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
965 void |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
966 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn) |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
967 { |
9047
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
968 nonce[len - 8] ^= (pn >> 56) & 0x3f; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
969 nonce[len - 7] ^= (pn >> 48) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
970 nonce[len - 6] ^= (pn >> 40) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
971 nonce[len - 5] ^= (pn >> 32) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
972 nonce[len - 4] ^= (pn >> 24) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
973 nonce[len - 3] ^= (pn >> 16) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
974 nonce[len - 2] ^= (pn >> 8) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
975 nonce[len - 1] ^= pn & 0xff; |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
976 } |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
977 |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
978 |
8376
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8375
diff
changeset
|
979 ngx_int_t |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
980 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
981 { |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
982 if (ngx_quic_pkt_retry(pkt->flags)) { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
983 return ngx_quic_create_retry_packet(pkt, res); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
984 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
985 |
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
986 return ngx_quic_create_packet(pkt, res); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
987 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
988 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
989 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
990 ngx_int_t |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
991 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
992 { |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
993 u_char *p, *sample; |
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
994 size_t len; |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
995 uint64_t pn, lpn; |
9041
e23fd55e1cc6
QUIC: fixed C4389 MSVC warning about signed/unsigned mismatch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9040
diff
changeset
|
996 ngx_int_t pnl, rc; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
997 ngx_str_t in, ad; |
9041
e23fd55e1cc6
QUIC: fixed C4389 MSVC warning about signed/unsigned mismatch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9040
diff
changeset
|
998 ngx_uint_t key_phase; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
999 ngx_quic_secret_t *secret; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1000 ngx_quic_ciphers_t ciphers; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
1001 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1002 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1003 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1004 { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1005 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1006 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1007 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1008 secret = &pkt->keys->secrets[pkt->level].client; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1009 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1010 p = pkt->raw->pos; |
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
1011 len = pkt->data + pkt->len - p; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1012 |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1013 /* |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1014 * RFC 9001, 5.4.2. Header Protection Sample |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1015 * 5.4.3. AES-Based Header Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1016 * 5.4.4. ChaCha20-Based Header Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1017 * |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1018 * the Packet Number field is assumed to be 4 bytes long |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1019 * AES and ChaCha20 algorithms sample 16 bytes |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1020 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1021 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
1022 if (len < NGX_QUIC_TAG_LEN + 4) { |
8543
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
1023 return NGX_DECLINED; |
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
1024 } |
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
1025 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1026 sample = p + 4; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1027 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1028 /* header protection */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1029 |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1030 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
8287 | 1031 != NGX_OK) |
1032 { | |
8446
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8445
diff
changeset
|
1033 return NGX_DECLINED; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1034 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1035 |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1036 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1037 |
8643
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8642
diff
changeset
|
1038 if (ngx_quic_short_pkt(pkt->flags)) { |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1039 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1040 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1041 if (key_phase != pkt->key_phase) { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1042 secret = &pkt->keys->next_key.client; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1043 pkt->key_update = 1; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1044 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1045 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1046 |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1047 lpn = *largest_pn; |
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1048 |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1049 pnl = (pkt->flags & 0x03) + 1; |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1050 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1051 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1052 pkt->pn = pn; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1053 |
8287 | 1054 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1055 "quic packet rx clearflags:%xd", pkt->flags); |
8287 | 1056 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1057 "quic packet rx number:%uL len:%xi", pn, pnl); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1058 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1059 /* packet protection */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1060 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1061 in.data = p; |
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
1062 in.len = len - pnl; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1063 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1064 ad.len = p - pkt->data; |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1065 ad.data = pkt->plaintext; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1066 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1067 ngx_memcpy(ad.data, pkt->data, ad.len); |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1068 ad.data[0] = pkt->flags; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1069 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1070 do { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1071 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1072 } while (--pnl); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1073 |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1074 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1075 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1076 |
8359 | 1077 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1078 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1079 "quic ad len:%uz %xV", ad.len, &ad); |
8359 | 1080 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1081 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
1082 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1083 pkt->payload.data = pkt->plaintext + ad.len; |
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1084 |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1085 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
8287 | 1086 nonce, &in, &ad, pkt->log); |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1087 if (rc != NGX_OK) { |
8446
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8445
diff
changeset
|
1088 return NGX_DECLINED; |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1089 } |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1090 |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1091 if (pkt->payload.len == 0) { |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1092 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1093 * RFC 9000, 12.4. Frames and Frame Types |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1094 * |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1095 * An endpoint MUST treat receipt of a packet containing no |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1096 * frames as a connection error of type PROTOCOL_VIOLATION. |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1097 */ |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1098 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet"); |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1099 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1100 return NGX_ERROR; |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1101 } |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1102 |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1103 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1104 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1105 * RFC 9000, Reserved Bits |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1106 * |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1107 * An endpoint MUST treat receipt of a packet that has |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1108 * a non-zero value for these bits, after removing both |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1109 * packet and header protection, as a connection error |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1110 * of type PROTOCOL_VIOLATION. |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1111 */ |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1112 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1113 "quic reserved bit set in packet"); |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1114 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1115 return NGX_ERROR; |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1116 } |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1117 |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1118 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1119 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1120 "quic packet payload len:%uz %xV", |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1121 pkt->payload.len, &pkt->payload); |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1122 #endif |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1123 |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1124 *largest_pn = lpn; |
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1125 |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1126 return NGX_OK; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1127 } |