Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_protection.h @ 9177:22d110af473c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: removed key field from ngx_quic_secret_t. It is made local as it is only needed now when creating crypto context. BoringSSL lacks EVP interface for ChaCha20, providing instead a function for one-shot encryption, thus hp is still preserved. Based on a patch by Roman Arutyunyan.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 20 Oct 2023 18:05:07 +0400
parents 8dacf87e4007
children
comparison
equal deleted inserted replaced
9176:8dacf87e4007 9177:22d110af473c
45 } ngx_quic_iv_t; 45 } ngx_quic_iv_t;
46 46
47 47
48 typedef struct { 48 typedef struct {
49 ngx_quic_md_t secret; 49 ngx_quic_md_t secret;
50 ngx_quic_md_t key;
51 ngx_quic_iv_t iv; 50 ngx_quic_iv_t iv;
52 ngx_quic_md_t hp; 51 ngx_quic_md_t hp;
53 ngx_quic_crypto_ctx_t *ctx; 52 ngx_quic_crypto_ctx_t *ctx;
54 EVP_CIPHER_CTX *hp_ctx; 53 EVP_CIPHER_CTX *hp_ctx;
55 } ngx_quic_secret_t; 54 } ngx_quic_secret_t;
108 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); 107 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
109 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); 108 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
110 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); 109 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
111 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers); 110 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers);
112 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, 111 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher,
113 ngx_quic_secret_t *s, ngx_int_t enc, ngx_log_t *log); 112 ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log);
114 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, 113 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out,
115 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); 114 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
116 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); 115 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s);
117 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, 116 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest,
118 ngx_log_t *log); 117 ngx_log_t *log);