Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_protection.c @ 9189:fcec773dd249
QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
By default packets with these frames are expanded to 1200 bytes. Previously,
if anti-amplification limit did not allow this expansion, it was limited to
whatever size was allowed. However RFC 9000 clearly states no partial
expansion should happen in both cases.
Section 8.2.1. Initiating Path Validation:
An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
to at least the smallest allowed maximum datagram size of 1200 bytes,
unless the anti-amplification limit for the path does not permit
sending a datagram of this size.
Section 8.2.2. Path Validation Responses:
An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
to at least the smallest allowed maximum datagram size of 1200 bytes.
...
However, an endpoint MUST NOT expand the datagram containing the
PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 29 Nov 2023 18:13:25 +0400 |
parents | b74f891053c7 |
children | 1bf1b423f268 |
rev | line source |
---|---|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
8755
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8739
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
13 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ |
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
14 #define NGX_QUIC_HP_LEN 5 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 |
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
16 #define NGX_QUIC_AES_128_KEY_LEN 16 |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
17 |
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9175
diff
changeset
|
18 #define NGX_QUIC_INITIAL_CIPHER TLS1_3_CK_AES_128_GCM_SHA256 |
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9175
diff
changeset
|
19 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 const EVP_MD *digest, const u_char *prk, size_t prk_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 const u_char *info, size_t info_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 static ngx_int_t ngx_hkdf_extract(u_char *out_key, size_t *out_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 const EVP_MD *digest, const u_char *secret, size_t secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 const u_char *salt, size_t salt_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
28 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
29 uint64_t *largest_pn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
31 static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
32 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
33 #ifndef OPENSSL_IS_BORINGSSL |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
34 static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
35 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
36 #endif |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
37 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
38 static ngx_int_t ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher, |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
39 ngx_quic_secret_t *s, ngx_log_t *log); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
40 static ngx_int_t ngx_quic_crypto_hp(ngx_quic_secret_t *s, |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
41 u_char *out, u_char *in, ngx_log_t *log); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
42 static void ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 |
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
44 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
45 ngx_str_t *res); |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
46 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
47 ngx_str_t *res); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
50 ngx_int_t |
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9175
diff
changeset
|
51 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
53 ngx_int_t len; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 switch (id) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
57 case TLS1_3_CK_AES_128_GCM_SHA256: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ciphers->c = EVP_aead_aes_128_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 ciphers->c = EVP_aes_128_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 ciphers->hp = EVP_aes_128_ctr(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 ciphers->d = EVP_sha256(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 len = 16; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
68 case TLS1_3_CK_AES_256_GCM_SHA384: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 ciphers->c = EVP_aead_aes_256_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 ciphers->c = EVP_aes_256_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 ciphers->hp = EVP_aes_256_ctr(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 ciphers->d = EVP_sha384(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 len = 32; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
79 case TLS1_3_CK_CHACHA20_POLY1305_SHA256: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 ciphers->c = EVP_aead_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 ciphers->c = EVP_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 ciphers->hp = EVP_chacha20(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 ciphers->d = EVP_sha256(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 len = 32; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
94 #ifndef OPENSSL_IS_BORINGSSL |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
95 case TLS1_3_CK_AES_128_CCM_SHA256: |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
96 ciphers->c = EVP_aes_128_ccm(); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
97 ciphers->hp = EVP_aes_128_ctr(); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
98 ciphers->d = EVP_sha256(); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
99 len = 16; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
100 break; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
101 #endif |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
102 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 default: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 return len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 ngx_int_t |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
112 ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, |
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
113 ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
115 size_t is_len; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
116 uint8_t is[SHA256_DIGEST_LENGTH]; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
117 ngx_str_t iss; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
118 ngx_uint_t i; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
119 const EVP_MD *digest; |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
120 ngx_quic_md_t client_key, server_key; |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
121 ngx_quic_hkdf_t seq[8]; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
122 ngx_quic_secret_t *client, *server; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
123 ngx_quic_ciphers_t ciphers; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 static const uint8_t salt[20] = |
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
126 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
127 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
129 client = &keys->secrets[ssl_encryption_initial].client; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
130 server = &keys->secrets[ssl_encryption_initial].server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
131 |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
132 /* |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
133 * RFC 9001, section 5. Packet Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
134 * |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
135 * Initial packets use AEAD_AES_128_GCM. The hash function |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
136 * for HKDF when deriving initial secrets and keys is SHA-256. |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
137 */ |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 digest = EVP_sha256(); |
8729
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8716
diff
changeset
|
140 is_len = SHA256_DIGEST_LENGTH; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
8980
d8865baab732
QUIC: removed draft versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8926
diff
changeset
|
143 salt, sizeof(salt)) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 |
9040
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
149 iss.len = is_len; |
8c0bccdf2743
QUIC: avoid using C99 designated initializers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9039
diff
changeset
|
150 iss.data = is; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
152 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
153 "quic ngx_quic_set_initial_secret"); |
8578
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8565
diff
changeset
|
154 #ifdef NGX_QUIC_DEBUG_CRYPTO |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
155 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
156 "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt); |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
157 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
158 "quic initial secret len:%uz %*xs", is_len, is_len, is); |
8359 | 159 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
161 client->secret.len = SHA256_DIGEST_LENGTH; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
162 server->secret.len = SHA256_DIGEST_LENGTH; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
164 client_key.len = NGX_QUIC_AES_128_KEY_LEN; |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
165 server_key.len = NGX_QUIC_AES_128_KEY_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 |
8800
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
167 client->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8799
diff
changeset
|
168 server->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
170 client->iv.len = NGX_QUIC_IV_LEN; |
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
171 server->iv.len = NGX_QUIC_IV_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
173 /* labels per RFC 9001, 5.1. Packet Protection Keys */ |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
174 ngx_quic_hkdf_set(&seq[0], "tls13 client in", &client->secret, &iss); |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
175 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", &client_key, &client->secret); |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
176 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", &client->iv, &client->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
177 ngx_quic_hkdf_set(&seq[3], "tls13 quic hp", &client->hp, &client->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
178 ngx_quic_hkdf_set(&seq[4], "tls13 server in", &server->secret, &iss); |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
179 ngx_quic_hkdf_set(&seq[5], "tls13 quic key", &server_key, &server->secret); |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
180 ngx_quic_hkdf_set(&seq[6], "tls13 quic iv", &server->iv, &server->secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
181 ngx_quic_hkdf_set(&seq[7], "tls13 quic hp", &server->hp, &server->secret); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
184 if (ngx_quic_hkdf_expand(&seq[i], digest, log) != NGX_OK) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 |
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9175
diff
changeset
|
189 if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
190 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
191 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
192 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
193 if (ngx_quic_crypto_init(ciphers.c, client, &client_key, 0, log) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
194 == NGX_ERROR) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
195 { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
196 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
197 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
198 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
199 if (ngx_quic_crypto_init(ciphers.c, server, &server_key, 1, log) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
200 == NGX_ERROR) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
201 { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
202 goto failed; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
203 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
204 |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
205 if (ngx_quic_crypto_hp_init(ciphers.hp, client, log) == NGX_ERROR) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
206 goto failed; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
207 } |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
208 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
209 if (ngx_quic_crypto_hp_init(ciphers.hp, server, log) == NGX_ERROR) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
210 goto failed; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
211 } |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
212 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 return NGX_OK; |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
214 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
215 failed: |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
216 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
217 ngx_quic_keys_cleanup(keys); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
218 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
219 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
223 ngx_int_t |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
224 ngx_quic_hkdf_expand(ngx_quic_hkdf_t *h, const EVP_MD *digest, ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 size_t info_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 uint8_t *p; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 uint8_t info[20]; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
230 info_len = 2 + 1 + h->label_len + 1; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 info[0] = 0; |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
233 info[1] = h->out_len; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
234 info[2] = h->label_len; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
235 |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
236 p = ngx_cpymem(&info[3], h->label, h->label_len); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 *p = '\0'; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
239 if (ngx_hkdf_expand(h->out, h->out_len, digest, |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
240 h->prk, h->prk_len, info, info_len) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
243 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
244 "ngx_hkdf_expand(%*s) failed", h->label_len, h->label); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
8359 | 248 #ifdef NGX_QUIC_DEBUG_CRYPTO |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
249 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, log, 0, |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
250 "quic expand \"%*s\" len:%uz %*xs", |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
251 h->label_len, h->label, h->out_len, h->out_len, h->out); |
8359 | 252 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 #ifdef OPENSSL_IS_BORINGSSL |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
263 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 } |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
269 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
270 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
271 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 EVP_PKEY_CTX *pctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
277 if (pctx == NULL) { |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
278 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
279 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 if (EVP_PKEY_derive_init(pctx) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
282 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
286 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
290 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
293 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
294 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
298 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
300 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
301 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
302 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 |
8739
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
305 EVP_PKEY_CTX_free(pctx); |
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
306 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
307 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
308 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
309 failed: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
311 EVP_PKEY_CTX_free(pctx); |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
312 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
313 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
314 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
315 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
317 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
321 const u_char *secret, size_t secret_len, const u_char *salt, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 size_t salt_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 #ifdef OPENSSL_IS_BORINGSSL |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
325 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 salt_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
328 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
329 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
330 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
331 } |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
332 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
333 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
334 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
335 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
336 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
337 EVP_PKEY_CTX *pctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
338 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
340 if (pctx == NULL) { |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
341 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
342 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 if (EVP_PKEY_derive_init(pctx) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
345 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
346 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
347 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
348 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
349 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
353 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
355 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
356 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
357 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
361 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
363 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
364 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) { |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
365 goto failed; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 |
8739
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
368 EVP_PKEY_CTX_free(pctx); |
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8729
diff
changeset
|
369 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
370 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
371 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
372 failed: |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 |
8716
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
374 EVP_PKEY_CTX_free(pctx); |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
375 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
376 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
377 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8710
diff
changeset
|
378 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
380 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
382 ngx_int_t |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
383 ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
384 ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
388 EVP_AEAD_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
390 ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len, |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
391 EVP_AEAD_DEFAULT_TAG_LENGTH); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
392 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
393 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
394 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
395 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
396 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
397 EVP_CIPHER_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
398 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
399 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
400 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
401 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
405 if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) != 1) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
406 EVP_CIPHER_CTX_free(ctx); |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
407 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
408 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
411 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
412 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
413 NULL) |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
414 == 0) |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
415 { |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
416 EVP_CIPHER_CTX_free(ctx); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
417 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
418 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
419 return NGX_ERROR; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
420 } |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
421 |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
422 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
9127
a7b850a5d98d
QUIC: common cipher control constants instead of GCM-related.
Roman Arutyunyan <arut@nginx.com>
parents:
9126
diff
changeset
|
427 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
431 if (EVP_CipherInit_ex(ctx, NULL, NULL, key->data, NULL, enc) != 1) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 EVP_CIPHER_CTX_free(ctx); |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
433 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed"); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
434 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
435 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
436 #endif |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
437 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
438 s->ctx = ctx; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
439 return NGX_OK; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
440 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
441 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
442 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
443 static ngx_int_t |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
444 ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
445 ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
446 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
447 #ifdef OPENSSL_IS_BORINGSSL |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
448 if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
449 s->iv.len, in->data, in->len, ad->data, ad->len) |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
450 != 1) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
451 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
452 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed"); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
453 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
454 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
455 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
456 return NGX_OK; |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
457 #else |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
458 return ngx_quic_crypto_common(s, out, nonce, in, ad, log); |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
459 #endif |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
460 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
461 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
462 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
463 ngx_int_t |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
464 ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
465 ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
466 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
467 #ifdef OPENSSL_IS_BORINGSSL |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
468 if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
469 s->iv.len, in->data, in->len, ad->data, ad->len) |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
470 != 1) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
471 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
472 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed"); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
473 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
474 } |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
475 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
476 return NGX_OK; |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
477 #else |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
478 return ngx_quic_crypto_common(s, out, nonce, in, ad, log); |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
479 #endif |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
480 } |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
481 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
482 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
483 #ifndef OPENSSL_IS_BORINGSSL |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
484 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
485 static ngx_int_t |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
486 ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
487 ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
488 { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
489 int len, enc; |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
490 ngx_quic_crypto_ctx_t *ctx; |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
491 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
492 ctx = s->ctx; |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
493 enc = EVP_CIPHER_CTX_encrypting(ctx); |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
494 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
495 if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, nonce, enc) != 1) { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
496 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
500 if (enc == 0) { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
501 in->len -= NGX_QUIC_TAG_LEN; |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
502 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
503 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
504 in->data + in->len) |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
505 == 0) |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
506 { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
507 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
508 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed"); |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
509 return NGX_ERROR; |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
510 } |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
511 } |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
512 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
513 if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
514 && EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1) |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
515 { |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
516 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed"); |
9128
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
517 return NGX_ERROR; |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
518 } |
756ab66de10e
QUIC: TLS_AES_128_CCM_SHA256 cipher suite support.
Roman Arutyunyan <arut@nginx.com>
parents:
9127
diff
changeset
|
519 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
520 if (EVP_CipherUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
521 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
522 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
523 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
524 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
525 if (EVP_CipherUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
526 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
527 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
528 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
529 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
530 out->len = len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
532 if (EVP_CipherFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
533 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherFinal_ex failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
534 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 out->len += len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
539 if (enc == 1) { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
540 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, NGX_QUIC_TAG_LEN, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
541 out->data + out->len) |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
542 == 0) |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
543 { |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
544 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
545 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
546 return NGX_ERROR; |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
547 } |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
548 |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
549 out->len += NGX_QUIC_TAG_LEN; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
550 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
551 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
552 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
553 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
554 |
9173
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
555 #endif |
904a54092d5b
QUIC: common code for crypto open and seal operations.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9172
diff
changeset
|
556 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
557 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
558 void |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
559 ngx_quic_crypto_cleanup(ngx_quic_secret_t *s) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
560 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
561 if (s->ctx) { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
562 #ifdef OPENSSL_IS_BORINGSSL |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
563 EVP_AEAD_CTX_free(s->ctx); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
564 #else |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
565 EVP_CIPHER_CTX_free(s->ctx); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
566 #endif |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
567 s->ctx = NULL; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
568 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
569 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
570 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
571 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
572 static ngx_int_t |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
573 ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher, ngx_quic_secret_t *s, |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
574 ngx_log_t *log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
575 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
576 EVP_CIPHER_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
577 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
578 #ifdef OPENSSL_IS_BORINGSSL |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
579 if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
580 /* no EVP interface */ |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
581 s->hp_ctx = NULL; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
582 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
583 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
584 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
585 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
586 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
587 if (ctx == NULL) { |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
588 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
589 return NGX_ERROR; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
590 } |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
591 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
592 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, NULL) != 1) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
593 EVP_CIPHER_CTX_free(ctx); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
594 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
595 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
596 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
597 |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
598 s->hp_ctx = ctx; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
599 return NGX_OK; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
600 } |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
601 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
602 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
603 static ngx_int_t |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
604 ngx_quic_crypto_hp(ngx_quic_secret_t *s, u_char *out, u_char *in, |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
605 ngx_log_t *log) |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
606 { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
607 int outlen; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
608 EVP_CIPHER_CTX *ctx; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
609 u_char zero[NGX_QUIC_HP_LEN] = {0}; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
610 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
611 ctx = s->hp_ctx; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
612 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
613 #ifdef OPENSSL_IS_BORINGSSL |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
614 uint32_t cnt; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
615 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
616 if (ctx == NULL) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
617 ngx_memcpy(&cnt, in, sizeof(uint32_t)); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
618 CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
619 return NGX_OK; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
620 } |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
621 #endif |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
622 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
623 if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, in) != 1) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
624 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
625 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
626 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
627 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
628 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
629 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
630 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
631 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
632 |
8798
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8797
diff
changeset
|
633 if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
634 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed"); |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
635 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
636 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
637 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
638 return NGX_OK; |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
639 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
640 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
641 |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
642 static void |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
643 ngx_quic_crypto_hp_cleanup(ngx_quic_secret_t *s) |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
644 { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
645 if (s->hp_ctx) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
646 EVP_CIPHER_CTX_free(s->hp_ctx); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
647 s->hp_ctx = NULL; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
648 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
649 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
650 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
651 |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
652 ngx_int_t |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
653 ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write, |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
654 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
655 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
656 { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
657 ngx_int_t key_len; |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
658 ngx_str_t secret_str; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
659 ngx_uint_t i; |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
660 ngx_quic_md_t key; |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
661 ngx_quic_hkdf_t seq[3]; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
662 ngx_quic_secret_t *peer_secret; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
663 ngx_quic_ciphers_t ciphers; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
664 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
665 peer_secret = is_write ? &keys->secrets[level].server |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
666 : &keys->secrets[level].client; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
667 |
9030
172705615d04
QUIC: using native TLSv1.3 cipher suite constants.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9025
diff
changeset
|
668 keys->cipher = SSL_CIPHER_get_id(cipher); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
669 |
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9175
diff
changeset
|
670 key_len = ngx_quic_ciphers(keys->cipher, &ciphers); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
671 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
672 if (key_len == NGX_ERROR) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
673 ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
674 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
675 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
676 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
677 if (sizeof(peer_secret->secret.data) < secret_len) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
678 ngx_log_error(NGX_LOG_ALERT, log, 0, |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
679 "unexpected secret len: %uz", secret_len); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
680 return NGX_ERROR; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
681 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
682 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
683 peer_secret->secret.len = secret_len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
684 ngx_memcpy(peer_secret->secret.data, secret, secret_len); |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
685 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
686 key.len = key_len; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
687 peer_secret->iv.len = NGX_QUIC_IV_LEN; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
688 peer_secret->hp.len = key_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
689 |
9023
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
690 secret_str.len = secret_len; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
691 secret_str.data = (u_char *) secret; |
d8b3851f172c
QUIC: fixed-length buffers for secrets.
Vladimir Homutov <vl@nginx.com>
parents:
8980
diff
changeset
|
692 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
693 ngx_quic_hkdf_set(&seq[0], "tls13 quic key", &key, &secret_str); |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
694 ngx_quic_hkdf_set(&seq[1], "tls13 quic iv", &peer_secret->iv, &secret_str); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
695 ngx_quic_hkdf_set(&seq[2], "tls13 quic hp", &peer_secret->hp, &secret_str); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
696 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
697 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
698 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
699 return NGX_ERROR; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
700 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
701 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
702 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
703 if (ngx_quic_crypto_init(ciphers.c, peer_secret, &key, is_write, log) |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
704 == NGX_ERROR) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
705 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
706 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
707 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
708 |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
709 if (ngx_quic_crypto_hp_init(ciphers.hp, peer_secret, log) == NGX_ERROR) { |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
710 return NGX_ERROR; |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
711 } |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
712 |
9178
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
713 ngx_explicit_memzero(key.data, key.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
714 |
8926
3341e4089c6c
QUIC: converted ngx_quic_keys_set_encryption_secret() to NGX codes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8894
diff
changeset
|
715 return NGX_OK; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
716 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
717 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
718 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
719 ngx_uint_t |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
720 ngx_quic_keys_available(ngx_quic_keys_t *keys, |
9168
ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9152
diff
changeset
|
721 enum ssl_encryption_level_t level, ngx_uint_t is_write) |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
722 { |
9168
ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9152
diff
changeset
|
723 if (is_write == 0) { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
724 return keys->secrets[level].client.ctx != NULL; |
9168
ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9152
diff
changeset
|
725 } |
ff98ae7d261e
QUIC: split keys availability checks to read and write sides.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9152
diff
changeset
|
726 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
727 return keys->secrets[level].server.ctx != NULL; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
728 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
729 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
730 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
731 void |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
732 ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
733 enum ssl_encryption_level_t level) |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
734 { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
735 ngx_quic_secret_t *client, *server; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
736 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
737 client = &keys->secrets[level].client; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
738 server = &keys->secrets[level].server; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
739 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
740 ngx_quic_crypto_cleanup(client); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
741 ngx_quic_crypto_cleanup(server); |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
742 |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
743 ngx_quic_crypto_hp_cleanup(client); |
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
744 ngx_quic_crypto_hp_cleanup(server); |
9178
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
745 |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
746 ngx_explicit_memzero(client->secret.data, client->secret.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
747 ngx_explicit_memzero(server->secret.data, server->secret.len); |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
748 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
749 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
750 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
751 void |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
752 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
753 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
754 ngx_quic_secrets_t *current, *next, tmp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
755 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
756 current = &keys->secrets[ssl_encryption_application]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
757 next = &keys->next_key; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
758 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
759 ngx_quic_crypto_cleanup(¤t->client); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
760 ngx_quic_crypto_cleanup(¤t->server); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
761 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
762 tmp = *current; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
763 *current = *next; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
764 *next = tmp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
765 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
766 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
767 |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
768 void |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
769 ngx_quic_keys_update(ngx_event_t *ev) |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
770 { |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
771 ngx_int_t key_len; |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
772 ngx_uint_t i; |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
773 ngx_quic_md_t client_key, server_key; |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
774 ngx_quic_hkdf_t seq[6]; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
775 ngx_quic_keys_t *keys; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
776 ngx_connection_t *c; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
777 ngx_quic_ciphers_t ciphers; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
778 ngx_quic_secrets_t *current, *next; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
779 ngx_quic_connection_t *qc; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
780 |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
781 c = ev->data; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
782 qc = ngx_quic_get_connection(c); |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
783 keys = qc->keys; |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
784 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
785 current = &keys->secrets[ssl_encryption_application]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
786 next = &keys->next_key; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
787 |
8360
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
8359
diff
changeset
|
788 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
789 |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
790 c->log->action = "updating keys"; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
791 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
792 key_len = ngx_quic_ciphers(keys->cipher, &ciphers); |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
793 |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
794 if (key_len == NGX_ERROR) { |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
795 goto failed; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
796 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
797 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
798 client_key.len = key_len; |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
799 server_key.len = key_len; |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
800 |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
801 next->client.secret.len = current->client.secret.len; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
802 next->client.iv.len = NGX_QUIC_IV_LEN; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
803 next->client.hp = current->client.hp; |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
804 next->client.hp_ctx = current->client.hp_ctx; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
805 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
806 next->server.secret.len = current->server.secret.len; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
807 next->server.iv.len = NGX_QUIC_IV_LEN; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
808 next->server.hp = current->server.hp; |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
809 next->server.hp_ctx = current->server.hp_ctx; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
810 |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
811 ngx_quic_hkdf_set(&seq[0], "tls13 quic ku", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
812 &next->client.secret, ¤t->client.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
813 ngx_quic_hkdf_set(&seq[1], "tls13 quic key", |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
814 &client_key, &next->client.secret); |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
815 ngx_quic_hkdf_set(&seq[2], "tls13 quic iv", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
816 &next->client.iv, &next->client.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
817 ngx_quic_hkdf_set(&seq[3], "tls13 quic ku", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
818 &next->server.secret, ¤t->server.secret); |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
819 ngx_quic_hkdf_set(&seq[4], "tls13 quic key", |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
820 &server_key, &next->server.secret); |
9039
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
821 ngx_quic_hkdf_set(&seq[5], "tls13 quic iv", |
a6cc246654f8
QUIC: moved variable declaration to fix build with MSVC 2010.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9030
diff
changeset
|
822 &next->server.iv, &next->server.secret); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
823 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
824 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
9024
f2925c80401c
QUIC: avoided pool usage in ngx_quic_protection.c.
Vladimir Homutov <vl@nginx.com>
parents:
9023
diff
changeset
|
825 if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) { |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
826 goto failed; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
827 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
828 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
829 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
830 if (ngx_quic_crypto_init(ciphers.c, &next->client, &client_key, 0, c->log) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
831 == NGX_ERROR) |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
832 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
833 goto failed; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
834 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
835 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
836 if (ngx_quic_crypto_init(ciphers.c, &next->server, &server_key, 1, c->log) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
837 == NGX_ERROR) |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
838 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
839 goto failed; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
840 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
841 |
9178
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
842 ngx_explicit_memzero(current->client.secret.data, |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
843 current->client.secret.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
844 ngx_explicit_memzero(current->server.secret.data, |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
845 current->server.secret.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
846 |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
847 ngx_explicit_memzero(client_key.data, client_key.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
848 ngx_explicit_memzero(server_key.data, server_key.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
849 |
9152
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
850 return; |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
851 |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
852 failed: |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
853 |
2880f60a80c3
QUIC: posted generating TLS Key Update next keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9131
diff
changeset
|
854 ngx_quic_close_connection(c, NGX_ERROR); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
855 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
856 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
857 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
858 void |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
859 ngx_quic_keys_cleanup(ngx_quic_keys_t *keys) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
860 { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
861 ngx_uint_t i; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
862 ngx_quic_secrets_t *next; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
863 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
864 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) { |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
865 ngx_quic_keys_discard(keys, i); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
866 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
867 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
868 next = &keys->next_key; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
869 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
870 ngx_quic_crypto_cleanup(&next->client); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
871 ngx_quic_crypto_cleanup(&next->server); |
9178
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
872 |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
873 ngx_explicit_memzero(next->client.secret.data, |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
874 next->client.secret.len); |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
875 ngx_explicit_memzero(next->server.secret.data, |
b74f891053c7
QUIC: explicitly zero out unused keying material.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9177
diff
changeset
|
876 next->server.secret.len); |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
877 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
878 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
879 |
8376
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8375
diff
changeset
|
880 static ngx_int_t |
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
881 ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
882 { |
9175
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
883 u_char *pnp, *sample; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
884 ngx_str_t ad, out; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
885 ngx_uint_t i; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
886 ngx_quic_secret_t *secret; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
887 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
888 |
8894
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
889 ad.data = res->data; |
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8888
diff
changeset
|
890 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
891 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
892 out.len = pkt->payload.len + NGX_QUIC_TAG_LEN; |
8318
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
893 out.data = res->data + ad.len; |
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8317
diff
changeset
|
894 |
8359 | 895 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
896 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
897 "quic ad len:%uz %xV", ad.len, &ad); |
8359 | 898 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
899 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
900 secret = &pkt->keys->secrets[pkt->level].server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
901 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
902 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
903 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
904 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
905 if (ngx_quic_crypto_seal(secret, &out, nonce, &pkt->payload, &ad, pkt->log) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
906 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
907 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
908 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
909 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
910 |
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
911 sample = &out.data[4 - pkt->num_len]; |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
912 if (ngx_quic_crypto_hp(secret, mask, sample, pkt->log) != NGX_OK) { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
913 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
914 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
915 |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
916 /* RFC 9001, 5.4.1. Header Protection Application */ |
8643
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8642
diff
changeset
|
917 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
8315
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
918 |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
919 for (i = 0; i < pkt->num_len; i++) { |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
920 pnp[i] ^= mask[i + 1]; |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
8313
diff
changeset
|
921 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
922 |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
923 res->len = ad.len + out.len; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
924 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
925 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
926 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
927 |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8265
diff
changeset
|
928 |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
929 static ngx_int_t |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
930 ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
931 { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
932 u_char *start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
933 ngx_str_t ad, itag; |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
934 ngx_quic_md_t key; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
935 ngx_quic_secret_t secret; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
936 ngx_quic_ciphers_t ciphers; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
937 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
938 /* 5.8. Retry Packet Integrity */ |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
939 static u_char key_data[16] = |
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
940 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
941 static u_char nonce[NGX_QUIC_IV_LEN] = |
8678
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8673
diff
changeset
|
942 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
943 static ngx_str_t in = ngx_string(""); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
944 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
945 ad.data = res->data; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
946 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
947 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
948 itag.data = ad.data + ad.len; |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
949 itag.len = NGX_QUIC_TAG_LEN; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
950 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
951 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
952 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
953 "quic retry itag len:%uz %xV", ad.len, &ad); |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
954 #endif |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
955 |
9176
8dacf87e4007
QUIC: simplified ngx_quic_ciphers() API.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9175
diff
changeset
|
956 if (ngx_quic_ciphers(NGX_QUIC_INITIAL_CIPHER, &ciphers) == NGX_ERROR) { |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
957 return NGX_ERROR; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
958 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
959 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
960 key.len = sizeof(key_data); |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
961 ngx_memcpy(key.data, key_data, sizeof(key_data)); |
8799
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8798
diff
changeset
|
962 secret.iv.len = NGX_QUIC_IV_LEN; |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
963 |
9177
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
964 if (ngx_quic_crypto_init(ciphers.c, &secret, &key, 1, pkt->log) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
965 == NGX_ERROR) |
22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9176
diff
changeset
|
966 { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
967 return NGX_ERROR; |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
968 } |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
969 |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
970 if (ngx_quic_crypto_seal(&secret, &itag, nonce, &in, &ad, pkt->log) |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
971 != NGX_OK) |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
972 { |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
973 ngx_quic_crypto_cleanup(&secret); |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
974 return NGX_ERROR; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
975 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
976 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
977 ngx_quic_crypto_cleanup(&secret); |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
978 |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
979 res->len = itag.data + itag.len - start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
980 res->data = start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
981 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
982 return NGX_OK; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
983 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
984 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
985 |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
986 ngx_int_t |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
987 ngx_quic_derive_key(ngx_log_t *log, const char *label, ngx_str_t *secret, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
988 ngx_str_t *salt, u_char *out, size_t len) |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
989 { |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
990 size_t is_len, info_len; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
991 uint8_t *p; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
992 const EVP_MD *digest; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
993 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
994 uint8_t is[SHA256_DIGEST_LENGTH]; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
995 uint8_t info[20]; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
996 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
997 digest = EVP_sha256(); |
8729
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8716
diff
changeset
|
998 is_len = SHA256_DIGEST_LENGTH; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
999 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1000 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1001 salt->data, salt->len) |
8702
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8694
diff
changeset
|
1002 != NGX_OK) |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1003 { |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1004 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1005 "ngx_hkdf_extract(%s) failed", label); |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1006 return NGX_ERROR; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1007 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1008 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1009 info[0] = 0; |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1010 info[1] = len; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1011 info[2] = ngx_strlen(label); |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1012 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1013 info_len = 2 + 1 + info[2] + 1; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1014 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1015 if (info_len >= 20) { |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1016 ngx_log_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1017 "ngx_quic_create_key label \"%s\" too long", label); |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1018 return NGX_ERROR; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1019 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1020 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1021 p = ngx_cpymem(&info[3], label, info[2]); |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1022 *p = '\0'; |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1023 |
8694
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1024 if (ngx_hkdf_expand(out, len, digest, is, is_len, info, info_len) != NGX_OK) |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1025 { |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1026 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1027 "ngx_hkdf_expand(%s) failed", label); |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1028 return NGX_ERROR; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8678
diff
changeset
|
1029 } |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1030 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1031 return NGX_OK; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1032 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1033 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8558
diff
changeset
|
1034 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1035 static uint64_t |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1036 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1037 uint64_t *largest_pn) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1038 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1039 u_char *p; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1040 uint64_t truncated_pn, expected_pn, candidate_pn; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1041 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1042 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1043 pn_nbits = ngx_min(len * 8, 62); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1044 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1045 p = *pos; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1046 truncated_pn = *p++ ^ *mask++; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1047 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1048 while (--len) { |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1049 truncated_pn = (truncated_pn << 8) + (*p++ ^ *mask++); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1050 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1051 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1052 *pos = p; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1053 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1054 expected_pn = *largest_pn + 1; |
8394 | 1055 pn_win = 1ULL << pn_nbits; |
8339
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1056 pn_hwin = pn_win / 2; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1057 pn_mask = pn_win - 1; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1058 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1059 candidate_pn = (expected_pn & ~pn_mask) | truncated_pn; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1060 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1061 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1062 && candidate_pn < (1ULL << 62) - pn_win) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1063 { |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1064 candidate_pn += pn_win; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1065 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1066 } else if (candidate_pn > expected_pn + pn_hwin |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1067 && candidate_pn >= pn_win) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1068 { |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1069 candidate_pn -= pn_win; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1070 } |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1071 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1072 *largest_pn = ngx_max((int64_t) *largest_pn, (int64_t) candidate_pn); |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1073 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8324
diff
changeset
|
1074 return candidate_pn; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1075 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1076 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1077 |
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
9047
diff
changeset
|
1078 void |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1079 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn) |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1080 { |
9047
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1081 nonce[len - 8] ^= (pn >> 56) & 0x3f; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1082 nonce[len - 7] ^= (pn >> 48) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1083 nonce[len - 6] ^= (pn >> 40) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1084 nonce[len - 5] ^= (pn >> 32) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1085 nonce[len - 4] ^= (pn >> 24) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1086 nonce[len - 3] ^= (pn >> 16) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1087 nonce[len - 2] ^= (pn >> 8) & 0xff; |
70ce1e927715
QUIC: fixed computation of nonce with packet numbers beyond 2^32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9041
diff
changeset
|
1088 nonce[len - 1] ^= pn & 0xff; |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1089 } |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1090 |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1091 |
8376
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8375
diff
changeset
|
1092 ngx_int_t |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1093 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1094 { |
8383
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
1095 if (ngx_quic_pkt_retry(pkt->flags)) { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
1096 return ngx_quic_create_retry_packet(pkt, res); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
1097 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8376
diff
changeset
|
1098 |
8644
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8643
diff
changeset
|
1099 return ngx_quic_create_packet(pkt, res); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1100 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1101 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1102 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1103 ngx_int_t |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1104 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1105 { |
9175
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1106 u_char *p, *sample; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1107 size_t len; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1108 uint64_t pn, lpn; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1109 ngx_int_t pnl; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1110 ngx_str_t in, ad; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1111 ngx_uint_t key_phase; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1112 ngx_quic_secret_t *secret; |
f7c9cd726298
QUIC: cleaned up now unused ngx_quic_ciphers() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9174
diff
changeset
|
1113 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1114 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1115 secret = &pkt->keys->secrets[pkt->level].client; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1116 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1117 p = pkt->raw->pos; |
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
1118 len = pkt->data + pkt->len - p; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1119 |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1120 /* |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1121 * RFC 9001, 5.4.2. Header Protection Sample |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1122 * 5.4.3. AES-Based Header Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1123 * 5.4.4. ChaCha20-Based Header Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1124 * |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1125 * the Packet Number field is assumed to be 4 bytes long |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1126 * AES and ChaCha20 algorithms sample 16 bytes |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1127 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1128 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
1129 if (len < NGX_QUIC_TAG_LEN + 4) { |
8543
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
1130 return NGX_DECLINED; |
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
1131 } |
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8542
diff
changeset
|
1132 |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1133 sample = p + 4; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1134 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1135 /* header protection */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1136 |
9174
31702c53d2db
QUIC: reusing crypto contexts for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9173
diff
changeset
|
1137 if (ngx_quic_crypto_hp(secret, mask, sample, pkt->log) != NGX_OK) { |
8446
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8445
diff
changeset
|
1138 return NGX_DECLINED; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1139 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1140 |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1141 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1142 |
8643
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8642
diff
changeset
|
1143 if (ngx_quic_short_pkt(pkt->flags)) { |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1144 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1145 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1146 if (key_phase != pkt->key_phase) { |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8609
diff
changeset
|
1147 secret = &pkt->keys->next_key.client; |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1148 pkt->key_update = 1; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1149 } |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1150 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1151 |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1152 lpn = *largest_pn; |
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1153 |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1154 pnl = (pkt->flags & 0x03) + 1; |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1155 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1156 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1157 pkt->pn = pn; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1158 |
8287 | 1159 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1160 "quic packet rx clearflags:%xd", pkt->flags); |
8287 | 1161 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
8609
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8608
diff
changeset
|
1162 "quic packet rx number:%uL len:%xi", pn, pnl); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1163 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1164 /* packet protection */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1165 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1166 in.data = p; |
8558
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8544
diff
changeset
|
1167 in.len = len - pnl; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1168 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1169 ad.len = p - pkt->data; |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1170 ad.data = pkt->plaintext; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1171 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1172 ngx_memcpy(ad.data, pkt->data, ad.len); |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1173 ad.data[0] = pkt->flags; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1174 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1175 do { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1176 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1177 } while (--pnl); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1178 |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8318
diff
changeset
|
1179 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
8310
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8307
diff
changeset
|
1180 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1181 |
8359 | 1182 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1183 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1184 "quic ad len:%uz %xV", ad.len, &ad); |
8359 | 1185 #endif |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1186 |
9126
29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Roman Arutyunyan <arut@nginx.com>
parents:
9080
diff
changeset
|
1187 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1188 pkt->payload.data = pkt->plaintext + ad.len; |
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8287
diff
changeset
|
1189 |
9172
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
1190 if (ngx_quic_crypto_open(secret, &pkt->payload, nonce, &in, &ad, pkt->log) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
1191 != NGX_OK) |
4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9171
diff
changeset
|
1192 { |
8446
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8445
diff
changeset
|
1193 return NGX_DECLINED; |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1194 } |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1195 |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1196 if (pkt->payload.len == 0) { |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1197 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1198 * RFC 9000, 12.4. Frames and Frame Types |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1199 * |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1200 * An endpoint MUST treat receipt of a packet containing no |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1201 * frames as a connection error of type PROTOCOL_VIOLATION. |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1202 */ |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1203 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet"); |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1204 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1205 return NGX_ERROR; |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1206 } |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1207 |
8645
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8644
diff
changeset
|
1208 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1209 /* |
8797
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1210 * RFC 9000, Reserved Bits |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8755
diff
changeset
|
1211 * |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1212 * An endpoint MUST treat receipt of a packet that has |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1213 * a non-zero value for these bits, after removing both |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1214 * packet and header protection, as a connection error |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1215 * of type PROTOCOL_VIOLATION. |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1216 */ |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1217 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1218 "quic reserved bit set in packet"); |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1219 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1220 return NGX_ERROR; |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1221 } |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1222 |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1223 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
8651
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1224 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1225 "quic packet payload len:%uz %xV", |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8646
diff
changeset
|
1226 pkt->payload.len, &pkt->payload); |
8646
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1227 #endif |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8645
diff
changeset
|
1228 |
8532
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1229 *largest_pn = lpn; |
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8525
diff
changeset
|
1230 |
8386
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
8383
diff
changeset
|
1231 return NGX_OK; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1232 } |