Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_protection.h @ 9025:e50f77a2d0b0 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: removed ngx_quic_keys_new(). The ngx_quic_keys_t structure is now exposed.
author Vladimir Homutov <vl@nginx.com>
date Wed, 27 Jul 2022 17:31:16 +0400
parents f2925c80401c
children 7da4791e0264
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8221
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
1
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
2 /*
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
3 * Copyright (C) Nginx, Inc.
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
4 */
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
5
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
6
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
9
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
10
8347
a5141e6b3214 Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents: 8339
diff changeset
11 #include <ngx_config.h>
a5141e6b3214 Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents: 8339
diff changeset
12 #include <ngx_core.h>
a5141e6b3214 Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents: 8339
diff changeset
13
8694
cef042935003 QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents: 8673
diff changeset
14 #include <ngx_event_quic_transport.h>
cef042935003 QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents: 8673
diff changeset
15
8347
a5141e6b3214 Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents: 8339
diff changeset
16
8306
058a5af7ddfc Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents: 8303
diff changeset
17 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
058a5af7ddfc Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents: 8303
diff changeset
18
9025
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
19 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
20 #define NGX_QUIC_IV_LEN 12
8306
058a5af7ddfc Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents: 8303
diff changeset
21
9025
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
22 /* largest hash used in TLS is SHA-384 */
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
23 #define NGX_QUIC_MAX_MD_SIZE 48
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
24
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
25
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
26 typedef struct {
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
27 size_t len;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
28 u_char data[NGX_QUIC_MAX_MD_SIZE];
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
29 } ngx_quic_md_t;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
30
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
31
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
32 typedef struct {
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
33 size_t len;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
34 u_char data[NGX_QUIC_IV_LEN];
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
35 } ngx_quic_iv_t;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
36
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
37
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
38 typedef struct {
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
39 ngx_quic_md_t secret;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
40 ngx_quic_md_t key;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
41 ngx_quic_iv_t iv;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
42 ngx_quic_md_t hp;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
43 } ngx_quic_secret_t;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
44
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
45
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
46 typedef struct {
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
47 ngx_quic_secret_t client;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
48 ngx_quic_secret_t server;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
49 } ngx_quic_secrets_t;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
50
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
51
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
52 struct ngx_quic_keys_s {
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
53 ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
54 ngx_quic_secrets_t next_key;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
55 ngx_uint_t cipher;
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
56 };
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
57
e50f77a2d0b0 QUIC: removed ngx_quic_keys_new().
Vladimir Homutov <vl@nginx.com>
parents: 9024
diff changeset
58
9024
f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents: 8980
diff changeset
59 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents: 8980
diff changeset
60 ngx_str_t *secret, ngx_log_t *log);
f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents: 8980
diff changeset
61 ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
8926
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8755
diff changeset
62 ngx_uint_t is_write, ngx_quic_keys_t *keys,
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8755
diff changeset
63 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8755
diff changeset
64 const uint8_t *secret, size_t secret_len);
8621
9c3be23ddbe7 QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8562
diff changeset
65 ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
8702
d4e02b3b734f QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8694
diff changeset
66 enum ssl_encryption_level_t level);
8621
9c3be23ddbe7 QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8562
diff changeset
67 void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
8702
d4e02b3b734f QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8694
diff changeset
68 enum ssl_encryption_level_t level);
8621
9c3be23ddbe7 QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8562
diff changeset
69 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
9c3be23ddbe7 QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8562
diff changeset
70 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys);
9c3be23ddbe7 QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8562
diff changeset
71 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
9c3be23ddbe7 QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8562
diff changeset
72 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
8221
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
73
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
74
69345a26ba69 Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
75 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */