Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.h @ 9177:22d110af473c
QUIC: removed key field from ngx_quic_secret_t.
It is made local as it is only needed now when creating crypto context.
BoringSSL lacks EVP interface for ChaCha20, providing instead
a function for one-shot encryption, thus hp is still preserved.
Based on a patch by Roman Arutyunyan.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 20 Oct 2023 18:05:07 +0400 |
parents | 8dacf87e4007 |
children |
comparison
equal
deleted
inserted
replaced
9176:8dacf87e4007 | 9177:22d110af473c |
---|---|
45 } ngx_quic_iv_t; | 45 } ngx_quic_iv_t; |
46 | 46 |
47 | 47 |
48 typedef struct { | 48 typedef struct { |
49 ngx_quic_md_t secret; | 49 ngx_quic_md_t secret; |
50 ngx_quic_md_t key; | |
51 ngx_quic_iv_t iv; | 50 ngx_quic_iv_t iv; |
52 ngx_quic_md_t hp; | 51 ngx_quic_md_t hp; |
53 ngx_quic_crypto_ctx_t *ctx; | 52 ngx_quic_crypto_ctx_t *ctx; |
54 EVP_CIPHER_CTX *hp_ctx; | 53 EVP_CIPHER_CTX *hp_ctx; |
55 } ngx_quic_secret_t; | 54 } ngx_quic_secret_t; |
108 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); | 107 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
109 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); | 108 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
110 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); | 109 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); |
111 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers); | 110 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers); |
112 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, | 111 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, |
113 ngx_quic_secret_t *s, ngx_int_t enc, ngx_log_t *log); | 112 ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log); |
114 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, | 113 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, |
115 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); | 114 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); |
116 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); | 115 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); |
117 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, | 116 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, |
118 ngx_log_t *log); | 117 ngx_log_t *log); |