nginx: src/event/quic/ngx_event_quic

annotate src/event/quic/ngx_event_quic_protection.c @ 9189:fcec773dd249

QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE. By default packets with these frames are expanded to 1200 bytes. Previously, if anti-amplification limit did not allow this expansion, it was limited to whatever size was allowed. However RFC 9000 clearly states no partial expansion should happen in both cases. Section 8.2.1. Initiating Path Validation: An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame to at least the smallest allowed maximum datagram size of 1200 bytes, unless the anti-amplification limit for the path does not permit sending a datagram of this size. Section 8.2.2. Path Validation Responses: An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame to at least the smallest allowed maximum datagram size of 1200 bytes. ... However, an endpoint MUST NOT expand the datagram containing the PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.

author	Roman Arutyunyan <arut@nginx.com>
date	Wed, 29 Nov 2023 18:13:25 +0400
parents	b74f891053c7
children	1bf1b423f268

rev	line source
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
8755 b4e6b7049984 QUIC: normalize header inclusion. Sergey Kandaurov <pluknet@nginx.com> parents: 8739 diff changeset	10 #include <ngx_event_quic_connection.h>
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
8798 fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	13 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */
fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	14 #define NGX_QUIC_HP_LEN 5
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	15
8800 e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	16 #define NGX_QUIC_AES_128_KEY_LEN 16
e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	17
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	18 #define NGX_QUIC_INITIAL_CIPHER TLS1_3_CK_AES_128_GCM_SHA256
8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	19
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	21 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 const EVP_MD digest, const u_char prk, size_t prk_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 const u_char *info, size_t info_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 static ngx_int_t ngx_hkdf_extract(u_char out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 const EVP_MD digest, const u_char secret, size_t secret_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26 const u_char *salt, size_t salt_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	28 static uint64_t ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask,
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	29 uint64_t *largest_pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	31 static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t s, ngx_str_t out,
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	32 u_char nonce, ngx_str_t in, ngx_str_t ad, ngx_log_t log);
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	33 #ifndef OPENSSL_IS_BORINGSSL
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	34 static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t s, ngx_str_t out,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	35 u_char nonce, ngx_str_t in, ngx_str_t ad, ngx_log_t log);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	36 #endif
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	37
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	38 static ngx_int_t ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	39 ngx_quic_secret_t s, ngx_log_t log);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	40 static ngx_int_t ngx_quic_crypto_hp(ngx_quic_secret_t *s,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	41 u_char out, u_char in, ngx_log_t *log);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	42 static void ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	43
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	44 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	45 ngx_str_t *res);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	46 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt,
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	47 ngx_str_t *res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	48
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	49
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9047 diff changeset	50 ngx_int_t
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	51 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	52 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	53 ngx_int_t len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	54
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	55 switch (id) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	56
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	57 case TLS1_3_CK_AES_128_GCM_SHA256:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	58 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59 ciphers->c = EVP_aead_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 ciphers->c = EVP_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	63 ciphers->hp = EVP_aes_128_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	64 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	65 len = 16;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	66 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	68 case TLS1_3_CK_AES_256_GCM_SHA384:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	69 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70 ciphers->c = EVP_aead_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	71 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	72 ciphers->c = EVP_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	73 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	74 ciphers->hp = EVP_aes_256_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	75 ciphers->d = EVP_sha384();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	76 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	77 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	79 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	80 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	81 ciphers->c = EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	82 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	83 ciphers->c = EVP_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	87 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88 ciphers->hp = EVP_chacha20();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	90 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	94 #ifndef OPENSSL_IS_BORINGSSL
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	95 case TLS1_3_CK_AES_128_CCM_SHA256:
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	96 ciphers->c = EVP_aes_128_ccm();
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	97 ciphers->hp = EVP_aes_128_ctr();
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	98 ciphers->d = EVP_sha256();
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	99 len = 16;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	100 break;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	101 #endif
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	102
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	103 default:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	104 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	105 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	106
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	107 return len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	108 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 ngx_int_t
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	112 ngx_quic_keys_set_initial_secret(ngx_quic_keys_t keys, ngx_str_t secret,
f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	113 ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	115 size_t is_len;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	116 uint8_t is[SHA256_DIGEST_LENGTH];
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	117 ngx_str_t iss;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	118 ngx_uint_t i;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	119 const EVP_MD *digest;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	120 ngx_quic_md_t client_key, server_key;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	121 ngx_quic_hkdf_t seq[8];
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	122 ngx_quic_secret_t client, server;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	123 ngx_quic_ciphers_t ciphers;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125 static const uint8_t salt[20] =
8678 3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	126 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	127 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a";
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	128
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	129 client = &keys->secrets[ssl_encryption_initial].client;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	130 server = &keys->secrets[ssl_encryption_initial].server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	131
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	132 /*
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	133 * RFC 9001, section 5. Packet Protection
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	134 *
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	135 * Initial packets use AEAD_AES_128_GCM. The hash function
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	136 * for HKDF when deriving initial secrets and keys is SHA-256.
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	137 */
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139 digest = EVP_sha256();
8729 0f8565e0fc76 QUIC: HKDF API compatibility with OpenSSL master branch. Sergey Kandaurov <pluknet@nginx.com> parents: 8716 diff changeset	140 is_len = SHA256_DIGEST_LENGTH;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
8980 d8865baab732 QUIC: removed draft versions support. Sergey Kandaurov <pluknet@nginx.com> parents: 8926 diff changeset	143 salt, sizeof(salt))
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	144 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	145 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	147 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	148
9040 8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9039 diff changeset	149 iss.len = is_len;
8c0bccdf2743 QUIC: avoid using C99 designated initializers. Sergey Kandaurov <pluknet@nginx.com> parents: 9039 diff changeset	150 iss.data = is;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	151
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	152 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,
8702 d4e02b3b734f QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 8694 diff changeset	153 "quic ngx_quic_set_initial_secret");
8578 52ad697f9d1c QUIC: enabled more key-related debug by default. Vladimir Homutov <vl@nginx.com> parents: 8565 diff changeset	154 #ifdef NGX_QUIC_DEBUG_CRYPTO
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	155 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	156 "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt);
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	157 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0,
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	158 "quic initial secret len:%uz %*xs", is_len, is_len, is);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	159 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	161 client->secret.len = SHA256_DIGEST_LENGTH;
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	162 server->secret.len = SHA256_DIGEST_LENGTH;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	163
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	164 client_key.len = NGX_QUIC_AES_128_KEY_LEN;
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	165 server_key.len = NGX_QUIC_AES_128_KEY_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	166
8800 e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	167 client->hp.len = NGX_QUIC_AES_128_KEY_LEN;
e617d0ba387a QUIC: optimized initial secrets key length computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8799 diff changeset	168 server->hp.len = NGX_QUIC_AES_128_KEY_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	169
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	170 client->iv.len = NGX_QUIC_IV_LEN;
ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	171 server->iv.len = NGX_QUIC_IV_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	172
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	173 /* labels per RFC 9001, 5.1. Packet Protection Keys */
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	174 ngx_quic_hkdf_set(&seq[0], "tls13 client in", &client->secret, &iss);
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	175 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", &client_key, &client->secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	176 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", &client->iv, &client->secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	177 ngx_quic_hkdf_set(&seq[3], "tls13 quic hp", &client->hp, &client->secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	178 ngx_quic_hkdf_set(&seq[4], "tls13 server in", &server->secret, &iss);
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	179 ngx_quic_hkdf_set(&seq[5], "tls13 quic key", &server_key, &server->secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	180 ngx_quic_hkdf_set(&seq[6], "tls13 quic iv", &server->iv, &server->secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	181 ngx_quic_hkdf_set(&seq[7], "tls13 quic hp", &server->hp, &server->secret);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	183 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	184 if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	185 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	186 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	187 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	188
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	189 if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	190 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	191 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	192
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	193 if (ngx_quic_crypto_init(ciphers.c, client, &client_key, 0, log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	194 == NGX_ERROR)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	195 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	196 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	197 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	198
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	199 if (ngx_quic_crypto_init(ciphers.c, server, &server_key, 1, log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	200 == NGX_ERROR)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	201 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	202 goto failed;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	203 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	204
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	205 if (ngx_quic_crypto_hp_init(ciphers.hp, client, log) == NGX_ERROR) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	206 goto failed;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	207 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	208
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	209 if (ngx_quic_crypto_hp_init(ciphers.hp, server, log) == NGX_ERROR) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	210 goto failed;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	211 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	212
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	213 return NGX_OK;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	214
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	215 failed:
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	216
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	217 ngx_quic_keys_cleanup(keys);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	218
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	219 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9047 diff changeset	223 ngx_int_t
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	224 ngx_quic_hkdf_expand(ngx_quic_hkdf_t h, const EVP_MD digest, ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	225 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 size_t info_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	227 uint8_t *p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228 uint8_t info[20];
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	230 info_len = 2 + 1 + h->label_len + 1;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	231
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	232 info[0] = 0;
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	233 info[1] = h->out_len;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	234 info[2] = h->label_len;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	235
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	236 p = ngx_cpymem(&info[3], h->label, h->label_len);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	237 *p = '\0';
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	239 if (ngx_hkdf_expand(h->out, h->out_len, digest,
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	240 h->prk, h->prk_len, info, info_len)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	242 {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	243 ngx_ssl_error(NGX_LOG_INFO, log, 0,
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	244 "ngx_hkdf_expand(%*s) failed", h->label_len, h->label);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	245 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	248 #ifdef NGX_QUIC_DEBUG_CRYPTO
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	249 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0,
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	250 "quic expand \"%s\" len:%uz %xs",
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	251 h->label_len, h->label, h->out_len, h->out_len, h->out);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	252 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	253
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	254 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	255 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	256
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259 ngx_hkdf_expand(u_char out_key, size_t out_len, const EVP_MD digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260 const uint8_t prk, size_t prk_len, const u_char info, size_t info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	262 #ifdef OPENSSL_IS_BORINGSSL
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	263
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	265 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	268 }
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	269
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	270 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	271
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	272 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	273
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	274 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	277 if (pctx == NULL) {
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	278 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	279 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281 if (EVP_PKEY_derive_init(pctx) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	282 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	286 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	290 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	291 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	292
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	293 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	294 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	295 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	296
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	297 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	298 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	299 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	300
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	301 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	302 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	303 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	304
8739 c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	305 EVP_PKEY_CTX_free(pctx);
c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	306
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	307 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	308
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	309 failed:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	310
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	311 EVP_PKEY_CTX_free(pctx);
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	312
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	313 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	314
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	315 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	316 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	317
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 ngx_hkdf_extract(u_char out_key, size_t out_len, const EVP_MD *digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 const u_char secret, size_t secret_len, const u_char salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	322 size_t salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	323 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	324 #ifdef OPENSSL_IS_BORINGSSL
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	325
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	326 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327 salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	329 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331 }
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	332
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	333 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	334
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	335 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	340 if (pctx == NULL) {
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	341 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	342 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	343
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	344 if (EVP_PKEY_derive_init(pctx) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	345 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	346 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	347
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	348 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	349 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	350 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	351
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	352 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	353 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	354 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	355
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	356 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	357 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	358 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	359
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	360 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	361 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	362 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	365 goto failed;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	366 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	367
8739 c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	368 EVP_PKEY_CTX_free(pctx);
c0cd180308e4 QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand(). Sergey Kandaurov <pluknet@nginx.com> parents: 8729 diff changeset	369
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	370 return NGX_OK;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	371
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	372 failed:
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	373
8716 1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	374 EVP_PKEY_CTX_free(pctx);
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	375
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	376 return NGX_ERROR;
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	377
1c48629cfa74 QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand(). Vladimir Homutov <vl@nginx.com> parents: 8710 diff changeset	378 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	379 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	380
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	382 ngx_int_t
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	383 ngx_quic_crypto_init(const ngx_quic_cipher_t cipher, ngx_quic_secret_t s,
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	384 ngx_quic_md_t key, ngx_int_t enc, ngx_log_t log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	387 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	388 EVP_AEAD_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	389
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	390 ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391 EVP_AEAD_DEFAULT_TAG_LENGTH);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	395 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	398
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	399 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	400 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	402 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	405 if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) != 1) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 EVP_CIPHER_CTX_free(ctx);
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	407 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	411 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	412 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	413 NULL)
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	414 == 0)
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	415 {
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	416 EVP_CIPHER_CTX_free(ctx);
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	417 ngx_ssl_error(NGX_LOG_INFO, log, 0,
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	418 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	419 return NGX_ERROR;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	420 }
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	421
9127 a7b850a5d98d QUIC: common cipher control constants instead of GCM-related. Roman Arutyunyan <arut@nginx.com> parents: 9126 diff changeset	422 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	423 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	424 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	425 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	426 ngx_ssl_error(NGX_LOG_INFO, log, 0,
9127 a7b850a5d98d QUIC: common cipher control constants instead of GCM-related. Roman Arutyunyan <arut@nginx.com> parents: 9126 diff changeset	427 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	428 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	429 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	430
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	431 if (EVP_CipherInit_ex(ctx, NULL, NULL, key->data, NULL, enc) != 1) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432 EVP_CIPHER_CTX_free(ctx);
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	433 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	434 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	435 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	436 #endif
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	437
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	438 s->ctx = ctx;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	439 return NGX_OK;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	440 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	441
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	442
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	443 static ngx_int_t
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	444 ngx_quic_crypto_open(ngx_quic_secret_t s, ngx_str_t out, u_char *nonce,
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	445 ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	446 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	447 #ifdef OPENSSL_IS_BORINGSSL
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	448 if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	449 s->iv.len, in->data, in->len, ad->data, ad->len)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	450 != 1)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	451 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	452 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed");
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	453 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	454 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	455
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	456 return NGX_OK;
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	457 #else
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	458 return ngx_quic_crypto_common(s, out, nonce, in, ad, log);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	459 #endif
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	460 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	461
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	462
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	463 ngx_int_t
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	464 ngx_quic_crypto_seal(ngx_quic_secret_t s, ngx_str_t out, u_char *nonce,
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	465 ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	466 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	467 #ifdef OPENSSL_IS_BORINGSSL
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	468 if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	469 s->iv.len, in->data, in->len, ad->data, ad->len)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	470 != 1)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	471 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	472 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed");
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	473 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	474 }
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	475
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	476 return NGX_OK;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	477 #else
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	478 return ngx_quic_crypto_common(s, out, nonce, in, ad, log);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	479 #endif
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	480 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	481
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	482
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	483 #ifndef OPENSSL_IS_BORINGSSL
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	484
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	485 static ngx_int_t
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	486 ngx_quic_crypto_common(ngx_quic_secret_t s, ngx_str_t out, u_char *nonce,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	487 ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	488 {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	489 int len, enc;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	490 ngx_quic_crypto_ctx_t *ctx;
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	491
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	492 ctx = s->ctx;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	493 enc = EVP_CIPHER_CTX_encrypting(ctx);
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	494
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	495 if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, nonce, enc) != 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	496 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	497 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	498 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	499
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	500 if (enc == 0) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	501 in->len -= NGX_QUIC_TAG_LEN;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	502
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	503 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	504 in->data + in->len)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	505 == 0)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	506 {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	507 ngx_ssl_error(NGX_LOG_INFO, log, 0,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	508 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	509 return NGX_ERROR;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	510 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	511 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	512
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	513 if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	514 && EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1)
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	515 {
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	516 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
9128 756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	517 return NGX_ERROR;
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	518 }
756ab66de10e QUIC: TLS_AES_128_CCM_SHA256 cipher suite support. Roman Arutyunyan <arut@nginx.com> parents: 9127 diff changeset	519
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	520 if (EVP_CipherUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	521 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	522 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	523 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	524
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	525 if (EVP_CipherUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	526 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	527 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	528 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	529
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	530 out->len = len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	531
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	532 if (EVP_CipherFinal_ex(ctx, out->data + out->len, &len) <= 0) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	533 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherFinal_ex failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	534 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	535 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	536
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	537 out->len += len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	538
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	539 if (enc == 1) {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	540 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	541 out->data + out->len)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	542 == 0)
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	543 {
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	544 ngx_ssl_error(NGX_LOG_INFO, log, 0,
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	545 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed");
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	546 return NGX_ERROR;
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	547 }
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	548
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	549 out->len += NGX_QUIC_TAG_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	550 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	551
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	552 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	553 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	554
9173 904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	555 #endif
904a54092d5b QUIC: common code for crypto open and seal operations. Sergey Kandaurov <pluknet@nginx.com> parents: 9172 diff changeset	556
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	557
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	558 void
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	559 ngx_quic_crypto_cleanup(ngx_quic_secret_t *s)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	560 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	561 if (s->ctx) {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	562 #ifdef OPENSSL_IS_BORINGSSL
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	563 EVP_AEAD_CTX_free(s->ctx);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	564 #else
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	565 EVP_CIPHER_CTX_free(s->ctx);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	566 #endif
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	567 s->ctx = NULL;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	568 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	569 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	570
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	571
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	572 static ngx_int_t
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	573 ngx_quic_crypto_hp_init(const EVP_CIPHER cipher, ngx_quic_secret_t s,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	574 ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	575 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	576 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	577
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	578 #ifdef OPENSSL_IS_BORINGSSL
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	579 if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	580 /* no EVP interface */
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	581 s->hp_ctx = NULL;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	582 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	583 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	584 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	585
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	586 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	587 if (ctx == NULL) {
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	588 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	589 return NGX_ERROR;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	590 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	591
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	592 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, NULL) != 1) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	593 EVP_CIPHER_CTX_free(ctx);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	594 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	595 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	596 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	597
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	598 s->hp_ctx = ctx;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	599 return NGX_OK;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	600 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	601
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	602
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	603 static ngx_int_t
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	604 ngx_quic_crypto_hp(ngx_quic_secret_t s, u_char out, u_char *in,
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	605 ngx_log_t *log)
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	606 {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	607 int outlen;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	608 EVP_CIPHER_CTX *ctx;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	609 u_char zero[NGX_QUIC_HP_LEN] = {0};
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	610
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	611 ctx = s->hp_ctx;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	612
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	613 #ifdef OPENSSL_IS_BORINGSSL
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	614 uint32_t cnt;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	615
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	616 if (ctx == NULL) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	617 ngx_memcpy(&cnt, in, sizeof(uint32_t));
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	618 CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	619 return NGX_OK;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	620 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	621 #endif
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	622
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	623 if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, in) != 1) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	624 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	625 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	626 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	627
8798 fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	628 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	629 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	630 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	631 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	632
8798 fc5719637aff QUIC: consistent use of 5-byte buffers for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 8797 diff changeset	633 if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	634 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	635 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	636 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	637
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	638 return NGX_OK;
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	639 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	640
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	641
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	642 static void
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	643 ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s)
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	644 {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	645 if (s->hp_ctx) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	646 EVP_CIPHER_CTX_free(s->hp_ctx);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	647 s->hp_ctx = NULL;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	648 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	649 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	650
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	651
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	652 ngx_int_t
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	653 ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	654 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	655 const SSL_CIPHER cipher, const uint8_t secret, size_t secret_len)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	656 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	657 ngx_int_t key_len;
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	658 ngx_str_t secret_str;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	659 ngx_uint_t i;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	660 ngx_quic_md_t key;
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	661 ngx_quic_hkdf_t seq[3];
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	662 ngx_quic_secret_t *peer_secret;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	663 ngx_quic_ciphers_t ciphers;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	664
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	665 peer_secret = is_write ? &keys->secrets[level].server
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	666 : &keys->secrets[level].client;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	667
9030 172705615d04 QUIC: using native TLSv1.3 cipher suite constants. Sergey Kandaurov <pluknet@nginx.com> parents: 9025 diff changeset	668 keys->cipher = SSL_CIPHER_get_id(cipher);
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	669
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	670 key_len = ngx_quic_ciphers(keys->cipher, &ciphers);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	671
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	672 if (key_len == NGX_ERROR) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	673 ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher");
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	674 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	675 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	676
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	677 if (sizeof(peer_secret->secret.data) < secret_len) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	678 ngx_log_error(NGX_LOG_ALERT, log, 0,
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	679 "unexpected secret len: %uz", secret_len);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	680 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	681 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	682
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	683 peer_secret->secret.len = secret_len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	684 ngx_memcpy(peer_secret->secret.data, secret, secret_len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	685
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	686 key.len = key_len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	687 peer_secret->iv.len = NGX_QUIC_IV_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	688 peer_secret->hp.len = key_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	689
9023 d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	690 secret_str.len = secret_len;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	691 secret_str.data = (u_char *) secret;
d8b3851f172c QUIC: fixed-length buffers for secrets. Vladimir Homutov <vl@nginx.com> parents: 8980 diff changeset	692
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	693 ngx_quic_hkdf_set(&seq[0], "tls13 quic key", &key, &secret_str);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	694 ngx_quic_hkdf_set(&seq[1], "tls13 quic iv", &peer_secret->iv, &secret_str);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	695 ngx_quic_hkdf_set(&seq[2], "tls13 quic hp", &peer_secret->hp, &secret_str);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	696
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	697 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	698 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) {
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	699 return NGX_ERROR;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	700 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	701 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	702
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	703 if (ngx_quic_crypto_init(ciphers.c, peer_secret, &key, is_write, log)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	704 == NGX_ERROR)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	705 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	706 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	707 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	708
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	709 if (ngx_quic_crypto_hp_init(ciphers.hp, peer_secret, log) == NGX_ERROR) {
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	710 return NGX_ERROR;
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	711 }
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	712
9178 b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	713 ngx_explicit_memzero(key.data, key.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	714
8926 3341e4089c6c QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes. Sergey Kandaurov <pluknet@nginx.com> parents: 8894 diff changeset	715 return NGX_OK;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	716 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	717
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	718
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	719 ngx_uint_t
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	720 ngx_quic_keys_available(ngx_quic_keys_t *keys,
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	721 enum ssl_encryption_level_t level, ngx_uint_t is_write)
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	722 {
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	723 if (is_write == 0) {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	724 return keys->secrets[level].client.ctx != NULL;
9168 ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	725 }
ff98ae7d261e QUIC: split keys availability checks to read and write sides. Sergey Kandaurov <pluknet@nginx.com> parents: 9152 diff changeset	726
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	727 return keys->secrets[level].server.ctx != NULL;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	728 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	729
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	730
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	731 void
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	732 ngx_quic_keys_discard(ngx_quic_keys_t *keys,
8702 d4e02b3b734f QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 8694 diff changeset	733 enum ssl_encryption_level_t level)
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	734 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	735 ngx_quic_secret_t client, server;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	736
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	737 client = &keys->secrets[level].client;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	738 server = &keys->secrets[level].server;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	739
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	740 ngx_quic_crypto_cleanup(client);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	741 ngx_quic_crypto_cleanup(server);
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	742
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	743 ngx_quic_crypto_hp_cleanup(client);
31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	744 ngx_quic_crypto_hp_cleanup(server);
9178 b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	745
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	746 ngx_explicit_memzero(client->secret.data, client->secret.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	747 ngx_explicit_memzero(server->secret.data, server->secret.len);
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	748 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	749
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	750
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	751 void
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	752 ngx_quic_keys_switch(ngx_connection_t c, ngx_quic_keys_t keys)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	753 {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	754 ngx_quic_secrets_t current, next, tmp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	755
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	756 current = &keys->secrets[ssl_encryption_application];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	757 next = &keys->next_key;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	758
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	759 ngx_quic_crypto_cleanup(&current->client);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	760 ngx_quic_crypto_cleanup(&current->server);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	761
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	762 tmp = *current;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	763 current = next;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	764 *next = tmp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	765 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	766
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	767
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	768 void
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	769 ngx_quic_keys_update(ngx_event_t *ev)
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	770 {
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	771 ngx_int_t key_len;
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	772 ngx_uint_t i;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	773 ngx_quic_md_t client_key, server_key;
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	774 ngx_quic_hkdf_t seq[6];
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	775 ngx_quic_keys_t *keys;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	776 ngx_connection_t *c;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	777 ngx_quic_ciphers_t ciphers;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	778 ngx_quic_secrets_t current, next;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	779 ngx_quic_connection_t *qc;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	780
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	781 c = ev->data;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	782 qc = ngx_quic_get_connection(c);
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	783 keys = qc->keys;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	784
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	785 current = &keys->secrets[ssl_encryption_application];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	786 next = &keys->next_key;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	787
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	788 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	789
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	790 c->log->action = "updating keys";
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	791
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	792 key_len = ngx_quic_ciphers(keys->cipher, &ciphers);
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	793
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	794 if (key_len == NGX_ERROR) {
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	795 goto failed;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	796 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	797
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	798 client_key.len = key_len;
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	799 server_key.len = key_len;
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	800
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	801 next->client.secret.len = current->client.secret.len;
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	802 next->client.iv.len = NGX_QUIC_IV_LEN;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	803 next->client.hp = current->client.hp;
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	804 next->client.hp_ctx = current->client.hp_ctx;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	805
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	806 next->server.secret.len = current->server.secret.len;
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	807 next->server.iv.len = NGX_QUIC_IV_LEN;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	808 next->server.hp = current->server.hp;
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	809 next->server.hp_ctx = current->server.hp_ctx;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	810
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	811 ngx_quic_hkdf_set(&seq[0], "tls13 quic ku",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	812 &next->client.secret, &current->client.secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	813 ngx_quic_hkdf_set(&seq[1], "tls13 quic key",
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	814 &client_key, &next->client.secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	815 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	816 &next->client.iv, &next->client.secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	817 ngx_quic_hkdf_set(&seq[3], "tls13 quic ku",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	818 &next->server.secret, &current->server.secret);
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	819 ngx_quic_hkdf_set(&seq[4], "tls13 quic key",
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	820 &server_key, &next->server.secret);
9039 a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	821 ngx_quic_hkdf_set(&seq[5], "tls13 quic iv",
a6cc246654f8 QUIC: moved variable declaration to fix build with MSVC 2010. Sergey Kandaurov <pluknet@nginx.com> parents: 9030 diff changeset	822 &next->server.iv, &next->server.secret);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	823
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	824 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
9024 f2925c80401c QUIC: avoided pool usage in ngx_quic_protection.c. Vladimir Homutov <vl@nginx.com> parents: 9023 diff changeset	825 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	826 goto failed;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	827 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	828 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	829
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	830 if (ngx_quic_crypto_init(ciphers.c, &next->client, &client_key, 0, c->log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	831 == NGX_ERROR)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	832 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	833 goto failed;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	834 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	835
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	836 if (ngx_quic_crypto_init(ciphers.c, &next->server, &server_key, 1, c->log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	837 == NGX_ERROR)
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	838 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	839 goto failed;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	840 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	841
9178 b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	842 ngx_explicit_memzero(current->client.secret.data,
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	843 current->client.secret.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	844 ngx_explicit_memzero(current->server.secret.data,
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	845 current->server.secret.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	846
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	847 ngx_explicit_memzero(client_key.data, client_key.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	848 ngx_explicit_memzero(server_key.data, server_key.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	849
9152 2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	850 return;
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	851
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	852 failed:
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	853
2880f60a80c3 QUIC: posted generating TLS Key Update next keys. Sergey Kandaurov <pluknet@nginx.com> parents: 9131 diff changeset	854 ngx_quic_close_connection(c, NGX_ERROR);
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	855 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	856
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	857
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	858 void
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	859 ngx_quic_keys_cleanup(ngx_quic_keys_t *keys)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	860 {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	861 ngx_uint_t i;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	862 ngx_quic_secrets_t *next;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	863
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	864 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) {
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	865 ngx_quic_keys_discard(keys, i);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	866 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	867
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	868 next = &keys->next_key;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	869
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	870 ngx_quic_crypto_cleanup(&next->client);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	871 ngx_quic_crypto_cleanup(&next->server);
9178 b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	872
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	873 ngx_explicit_memzero(next->client.secret.data,
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	874 next->client.secret.len);
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	875 ngx_explicit_memzero(next->server.secret.data,
b74f891053c7 QUIC: explicitly zero out unused keying material. Sergey Kandaurov <pluknet@nginx.com> parents: 9177 diff changeset	876 next->server.secret.len);
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	877 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	878
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	879
8376 2d0f4aa78ed6 Restored ngx_quic_encrypt return type. Sergey Kandaurov <pluknet@nginx.com> parents: 8375 diff changeset	880 static ngx_int_t
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	881 ngx_quic_create_packet(ngx_quic_header_t pkt, ngx_str_t res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	882 {
9175 f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	883 u_char pnp, sample;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	884 ngx_str_t ad, out;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	885 ngx_uint_t i;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	886 ngx_quic_secret_t *secret;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	887 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	888
8894 de7b9af30fc6 QUIC: refactored packet creation. Vladimir Homutov <vl@nginx.com> parents: 8888 diff changeset	889 ad.data = res->data;
de7b9af30fc6 QUIC: refactored packet creation. Vladimir Homutov <vl@nginx.com> parents: 8888 diff changeset	890 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	891
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	892 out.len = pkt->payload.len + NGX_QUIC_TAG_LEN;
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	893 out.data = res->data + ad.len;
1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	894
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	895 #ifdef NGX_QUIC_DEBUG_CRYPTO
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	896 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	897 "quic ad len:%uz %xV", ad.len, &ad);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	898 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	899
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	900 secret = &pkt->keys->secrets[pkt->level].server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	901
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	902 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	903 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	904
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	905 if (ngx_quic_crypto_seal(secret, &out, nonce, &pkt->payload, &ad, pkt->log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	906 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	907 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	908 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	909 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	910
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	911 sample = &out.data[4 - pkt->num_len];
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	912 if (ngx_quic_crypto_hp(secret, mask, sample, pkt->log) != NGX_OK) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	913 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	914 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	915
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	916 /* RFC 9001, 5.4.1. Header Protection Application */
8643 5fdd0ef42232 QUIC: macros for manipulating header protection and reserved bits. Sergey Kandaurov <pluknet@nginx.com> parents: 8642 diff changeset	917 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	918
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	919 for (i = 0; i < pkt->num_len; i++) {
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	920 pnp[i] ^= mask[i + 1];
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	921 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	922
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	923 res->len = ad.len + out.len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	924
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	925 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	926 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	927
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	928
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	929 static ngx_int_t
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	930 ngx_quic_create_retry_packet(ngx_quic_header_t pkt, ngx_str_t res)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	931 {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	932 u_char *start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	933 ngx_str_t ad, itag;
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	934 ngx_quic_md_t key;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	935 ngx_quic_secret_t secret;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	936 ngx_quic_ciphers_t ciphers;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	937
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	938 /* 5.8. Retry Packet Integrity */
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	939 static u_char key_data[16] =
8678 3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	940 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	941 static u_char nonce[NGX_QUIC_IV_LEN] =
8678 3443ee341cc1 QUIC: draft-33 salt and retry keys. Sergey Kandaurov <pluknet@nginx.com> parents: 8673 diff changeset	942 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	943 static ngx_str_t in = ngx_string("");
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	944
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	945 ad.data = res->data;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	946 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	947
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	948 itag.data = ad.data + ad.len;
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	949 itag.len = NGX_QUIC_TAG_LEN;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	950
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	951 #ifdef NGX_QUIC_DEBUG_CRYPTO
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	952 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	953 "quic retry itag len:%uz %xV", ad.len, &ad);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	954 #endif
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	955
9176 8dacf87e4007 QUIC: simplified ngx_quic_ciphers() API. Sergey Kandaurov <pluknet@nginx.com> parents: 9175 diff changeset	956 if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) {
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	957 return NGX_ERROR;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	958 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	959
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	960 key.len = sizeof(key_data);
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	961 ngx_memcpy(key.data, key_data, sizeof(key_data));
8799 ef8276c8ccff QUIC: consistent use of 12-byte buffers in nonce computation. Sergey Kandaurov <pluknet@nginx.com> parents: 8798 diff changeset	962 secret.iv.len = NGX_QUIC_IV_LEN;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	963
9177 22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	964 if (ngx_quic_crypto_init(ciphers.c, &secret, &key, 1, pkt->log)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	965 == NGX_ERROR)
22d110af473c QUIC: removed key field from ngx_quic_secret_t. Sergey Kandaurov <pluknet@nginx.com> parents: 9176 diff changeset	966 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	967 return NGX_ERROR;
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	968 }
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	969
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	970 if (ngx_quic_crypto_seal(&secret, &itag, nonce, &in, &ad, pkt->log)
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	971 != NGX_OK)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	972 {
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	973 ngx_quic_crypto_cleanup(&secret);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	974 return NGX_ERROR;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	975 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	976
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	977 ngx_quic_crypto_cleanup(&secret);
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	978
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	979 res->len = itag.data + itag.len - start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	980 res->data = start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	981
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	982 return NGX_OK;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	983 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	984
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	985
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	986 ngx_int_t
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	987 ngx_quic_derive_key(ngx_log_t log, const char label, ngx_str_t *secret,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	988 ngx_str_t salt, u_char out, size_t len)
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	989 {
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	990 size_t is_len, info_len;
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	991 uint8_t *p;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	992 const EVP_MD *digest;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	993
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	994 uint8_t is[SHA256_DIGEST_LENGTH];
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	995 uint8_t info[20];
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	996
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	997 digest = EVP_sha256();
8729 0f8565e0fc76 QUIC: HKDF API compatibility with OpenSSL master branch. Sergey Kandaurov <pluknet@nginx.com> parents: 8716 diff changeset	998 is_len = SHA256_DIGEST_LENGTH;
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	999
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1000 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1001 salt->data, salt->len)
8702 d4e02b3b734f QUIC: fixed indentation. Sergey Kandaurov <pluknet@nginx.com> parents: 8694 diff changeset	1002 != NGX_OK)
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1003 {
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1004 ngx_ssl_error(NGX_LOG_INFO, log, 0,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1005 "ngx_hkdf_extract(%s) failed", label);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1006 return NGX_ERROR;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1007 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1008
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1009 info[0] = 0;
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1010 info[1] = len;
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1011 info[2] = ngx_strlen(label);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1012
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1013 info_len = 2 + 1 + info[2] + 1;
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1014
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1015 if (info_len >= 20) {
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1016 ngx_log_error(NGX_LOG_INFO, log, 0,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1017 "ngx_quic_create_key label \"%s\" too long", label);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1018 return NGX_ERROR;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1019 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1020
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1021 p = ngx_cpymem(&info[3], label, info[2]);
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1022 *p = '\0';
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1023
8694 cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1024 if (ngx_hkdf_expand(out, len, digest, is, is_len, info, info_len) != NGX_OK)
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1025 {
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1026 ngx_ssl_error(NGX_LOG_INFO, log, 0,
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1027 "ngx_hkdf_expand(%s) failed", label);
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1028 return NGX_ERROR;
cef042935003 QUIC: the "quic_host_key" directive. Vladimir Homutov <vl@nginx.com> parents: 8678 diff changeset	1029 }
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1030
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1031 return NGX_OK;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1032 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1033
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	1034
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1035 static uint64_t
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1036 ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask,
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1037 uint64_t *largest_pn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1038 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1039 u_char *p;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1040 uint64_t truncated_pn, expected_pn, candidate_pn;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1041 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1042
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1043 pn_nbits = ngx_min(len * 8, 62);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1044
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1045 p = *pos;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1046 truncated_pn = p++ ^ mask++;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1047
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1048 while (--len) {
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1049 truncated_pn = (truncated_pn << 8) + (p++ ^ mask++);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1050 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1051
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1052 *pos = p;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1053
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1054 expected_pn = *largest_pn + 1;
8394 df18ae7161b8 Assorted fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 8386 diff changeset	1055 pn_win = 1ULL << pn_nbits;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1056 pn_hwin = pn_win / 2;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1057 pn_mask = pn_win - 1;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1058
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1059 candidate_pn = (expected_pn & ~pn_mask) \| truncated_pn;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1060
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1061 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1062 && candidate_pn < (1ULL << 62) - pn_win)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1063 {
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1064 candidate_pn += pn_win;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1065
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1066 } else if (candidate_pn > expected_pn + pn_hwin
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1067 && candidate_pn >= pn_win)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1068 {
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1069 candidate_pn -= pn_win;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1070 }
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1071
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1072 largest_pn = ngx_max((int64_t) largest_pn, (int64_t) candidate_pn);
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1073
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1074 return candidate_pn;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1075 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1076
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1077
9080 7da4791e0264 QUIC: OpenSSL compatibility layer. Roman Arutyunyan <arut@nginx.com> parents: 9047 diff changeset	1078 void
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1079 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn)
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1080 {
9047 70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1081 nonce[len - 8] ^= (pn >> 56) & 0x3f;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1082 nonce[len - 7] ^= (pn >> 48) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1083 nonce[len - 6] ^= (pn >> 40) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1084 nonce[len - 5] ^= (pn >> 32) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1085 nonce[len - 4] ^= (pn >> 24) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1086 nonce[len - 3] ^= (pn >> 16) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1087 nonce[len - 2] ^= (pn >> 8) & 0xff;
70ce1e927715 QUIC: fixed computation of nonce with packet numbers beyond 2^32. Sergey Kandaurov <pluknet@nginx.com> parents: 9041 diff changeset	1088 nonce[len - 1] ^= pn & 0xff;
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1089 }
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1090
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1091
8376 2d0f4aa78ed6 Restored ngx_quic_encrypt return type. Sergey Kandaurov <pluknet@nginx.com> parents: 8375 diff changeset	1092 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1093 ngx_quic_encrypt(ngx_quic_header_t pkt, ngx_str_t res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1094 {
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1095 if (ngx_quic_pkt_retry(pkt->flags)) {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1096 return ngx_quic_create_retry_packet(pkt, res);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1097 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1098
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	1099 return ngx_quic_create_packet(pkt, res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1100 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1101
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1102
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1103 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1104 ngx_quic_decrypt(ngx_quic_header_t pkt, uint64_t largest_pn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1105 {
9175 f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1106 u_char p, sample;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1107 size_t len;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1108 uint64_t pn, lpn;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1109 ngx_int_t pnl;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1110 ngx_str_t in, ad;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1111 ngx_uint_t key_phase;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1112 ngx_quic_secret_t *secret;
f7c9cd726298 QUIC: cleaned up now unused ngx_quic_ciphers() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 9174 diff changeset	1113 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1114
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1115 secret = &pkt->keys->secrets[pkt->level].client;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1116
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1117 p = pkt->raw->pos;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1118 len = pkt->data + pkt->len - p;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1119
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1120 /*
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1121 * RFC 9001, 5.4.2. Header Protection Sample
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1122 * 5.4.3. AES-Based Header Protection
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1123 * 5.4.4. ChaCha20-Based Header Protection
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1124 *
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1125 * the Packet Number field is assumed to be 4 bytes long
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1126 * AES and ChaCha20 algorithms sample 16 bytes
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1127 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1128
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	1129 if (len < NGX_QUIC_TAG_LEN + 4) {
8543 9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1130 return NGX_DECLINED;
9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1131 }
9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1132
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1133 sample = p + 4;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1134
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1135 /* header protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1136
9174 31702c53d2db QUIC: reusing crypto contexts for header protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9173 diff changeset	1137 if (ngx_quic_crypto_hp(secret, mask, sample, pkt->log) != NGX_OK) {
8446 df29219988bc Discard short packets which could not be decrypted. Sergey Kandaurov <pluknet@nginx.com> parents: 8445 diff changeset	1138 return NGX_DECLINED;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1139 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1140
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1141 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1142
8643 5fdd0ef42232 QUIC: macros for manipulating header protection and reserved bits. Sergey Kandaurov <pluknet@nginx.com> parents: 8642 diff changeset	1143 if (ngx_quic_short_pkt(pkt->flags)) {
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1144 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1145
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1146 if (key_phase != pkt->key_phase) {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1147 secret = &pkt->keys->next_key.client;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1148 pkt->key_update = 1;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1149 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1150 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1151
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1152 lpn = *largest_pn;
b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1153
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1154 pnl = (pkt->flags & 0x03) + 1;
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1155 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1156
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1157 pkt->pn = pn;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1158
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1159 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1160 "quic packet rx clearflags:%xd", pkt->flags);
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1161 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8609 f32740ddd484 QUIC: got rid of "pkt" abbreviation in logs. Vladimir Homutov <vl@nginx.com> parents: 8608 diff changeset	1162 "quic packet rx number:%uL len:%xi", pn, pnl);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1163
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1164 /* packet protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1165
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1166 in.data = p;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1167 in.len = len - pnl;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1168
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1169 ad.len = p - pkt->data;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1170 ad.data = pkt->plaintext;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1171
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1172 ngx_memcpy(ad.data, pkt->data, ad.len);
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1173 ad.data[0] = pkt->flags;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1174
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1175 do {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1176 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1177 } while (--pnl);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1178
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1179 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1180 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1181
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	1182 #ifdef NGX_QUIC_DEBUG_CRYPTO
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1183 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1184 "quic ad len:%uz %xV", ad.len, &ad);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	1185 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1186
9126 29a6c0e11f75 QUIC: a new constant for AEAD tag length. Roman Arutyunyan <arut@nginx.com> parents: 9080 diff changeset	1187 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1188 pkt->payload.data = pkt->plaintext + ad.len;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1189
9172 4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	1190 if (ngx_quic_crypto_open(secret, &pkt->payload, nonce, &in, &ad, pkt->log)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	1191 != NGX_OK)
4ccb0d973206 QUIC: reusing crypto contexts for packet protection. Sergey Kandaurov <pluknet@nginx.com> parents: 9171 diff changeset	1192 {
8446 df29219988bc Discard short packets which could not be decrypted. Sergey Kandaurov <pluknet@nginx.com> parents: 8445 diff changeset	1193 return NGX_DECLINED;
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1194 }
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1195
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1196 if (pkt->payload.len == 0) {
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1197 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1198 * RFC 9000, 12.4. Frames and Frame Types
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1199 *
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1200 * An endpoint MUST treat receipt of a packet containing no
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1201 * frames as a connection error of type PROTOCOL_VIOLATION.
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1202 */
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1203 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet");
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1204 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1205 return NGX_ERROR;
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1206 }
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1207
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1208 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) {
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1209 /*
8797 4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1210 * RFC 9000, Reserved Bits
4715f3e669f1 QUIC: updated specification references. Sergey Kandaurov <pluknet@nginx.com> parents: 8755 diff changeset	1211 *
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1212 * An endpoint MUST treat receipt of a packet that has
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1213 * a non-zero value for these bits, after removing both
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1214 * packet and header protection, as a connection error
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1215 * of type PROTOCOL_VIOLATION.
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1216 */
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1217 ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1218 "quic reserved bit set in packet");
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1219 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1220 return NGX_ERROR;
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1221 }
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1222
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1223 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
8651 dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1224 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1225 "quic packet payload len:%uz %xV",
dbad2d6d1898 QUIC: removed ngx_quic_hexdump() macro. Vladimir Homutov <vl@nginx.com> parents: 8646 diff changeset	1226 pkt->payload.len, &pkt->payload);
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1227 #endif
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1228
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1229 *largest_pn = lpn;
b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1230
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1231 return NGX_OK;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1232 }

Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_protection.c @ 9189:fcec773dd249