Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_protection.c @ 9126:29a6c0e11f75

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: a new constant for AEAD tag length. Previously used constant EVP_GCM_TLS_TAG_LEN had misleading name since it was used not only with GCM, but also with CHACHAPOLY. Now a new constant NGX_QUIC_TAG_LEN introduced. Luckily all AEAD algorithms used by QUIC have the same tag length of 16.
author Roman Arutyunyan <arut@nginx.com>
date Fri, 09 Jun 2023 10:25:54 +0400
parents 7da4791e0264
children a7b850a5d98d
comparison
equal deleted inserted replaced
9125:31c8c1a713bc 9126:29a6c0e11f75
404 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); 404 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
405 return NGX_ERROR; 405 return NGX_ERROR;
406 } 406 }
407 407
408 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, 408 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
409 in->len - EVP_GCM_TLS_TAG_LEN) 409 in->len - NGX_QUIC_TAG_LEN)
410 != 1) 410 != 1)
411 { 411 {
412 EVP_CIPHER_CTX_free(ctx); 412 EVP_CIPHER_CTX_free(ctx);
413 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); 413 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
414 return NGX_ERROR; 414 return NGX_ERROR;
415 } 415 }
416 416
417 out->len = len; 417 out->len = len;
418 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN; 418 tag = in->data + in->len - NGX_QUIC_TAG_LEN;
419 419
420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag) 420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, NGX_QUIC_TAG_LEN, tag)
421 == 0) 421 == 0)
422 { 422 {
423 EVP_CIPHER_CTX_free(ctx); 423 EVP_CIPHER_CTX_free(ctx);
424 ngx_ssl_error(NGX_LOG_INFO, log, 0, 424 ngx_ssl_error(NGX_LOG_INFO, log, 0,
425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); 425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
517 return NGX_ERROR; 517 return NGX_ERROR;
518 } 518 }
519 519
520 out->len += len; 520 out->len += len;
521 521
522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN, 522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, NGX_QUIC_TAG_LEN,
523 out->data + in->len) 523 out->data + in->len)
524 == 0) 524 == 0)
525 { 525 {
526 EVP_CIPHER_CTX_free(ctx); 526 EVP_CIPHER_CTX_free(ctx);
527 ngx_ssl_error(NGX_LOG_INFO, log, 0, 527 ngx_ssl_error(NGX_LOG_INFO, log, 0,
529 return NGX_ERROR; 529 return NGX_ERROR;
530 } 530 }
531 531
532 EVP_CIPHER_CTX_free(ctx); 532 EVP_CIPHER_CTX_free(ctx);
533 533
534 out->len += EVP_GCM_TLS_TAG_LEN; 534 out->len += NGX_QUIC_TAG_LEN;
535 #endif 535 #endif
536 return NGX_OK; 536 return NGX_OK;
537 } 537 }
538 538
539 539
736 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; 736 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
737 737
738 ad.data = res->data; 738 ad.data = res->data;
739 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); 739 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp);
740 740
741 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; 741 out.len = pkt->payload.len + NGX_QUIC_TAG_LEN;
742 out.data = res->data + ad.len; 742 out.data = res->data + ad.len;
743 743
744 #ifdef NGX_QUIC_DEBUG_CRYPTO 744 #ifdef NGX_QUIC_DEBUG_CRYPTO
745 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 745 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
746 "quic ad len:%uz %xV", ad.len, &ad); 746 "quic ad len:%uz %xV", ad.len, &ad);
800 800
801 ad.data = res->data; 801 ad.data = res->data;
802 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); 802 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
803 803
804 itag.data = ad.data + ad.len; 804 itag.data = ad.data + ad.len;
805 itag.len = EVP_GCM_TLS_TAG_LEN; 805 itag.len = NGX_QUIC_TAG_LEN;
806 806
807 #ifdef NGX_QUIC_DEBUG_CRYPTO 807 #ifdef NGX_QUIC_DEBUG_CRYPTO
808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
809 "quic retry itag len:%uz %xV", ad.len, &ad); 809 "quic retry itag len:%uz %xV", ad.len, &ad);
810 #endif 810 #endif
977 * 977 *
978 * the Packet Number field is assumed to be 4 bytes long 978 * the Packet Number field is assumed to be 4 bytes long
979 * AES and ChaCha20 algorithms sample 16 bytes 979 * AES and ChaCha20 algorithms sample 16 bytes
980 */ 980 */
981 981
982 if (len < EVP_GCM_TLS_TAG_LEN + 4) { 982 if (len < NGX_QUIC_TAG_LEN + 4) {
983 return NGX_DECLINED; 983 return NGX_DECLINED;
984 } 984 }
985 985
986 sample = p + 4; 986 sample = p + 4;
987 987
1037 #ifdef NGX_QUIC_DEBUG_CRYPTO 1037 #ifdef NGX_QUIC_DEBUG_CRYPTO
1038 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1038 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1039 "quic ad len:%uz %xV", ad.len, &ad); 1039 "quic ad len:%uz %xV", ad.len, &ad);
1040 #endif 1040 #endif
1041 1041
1042 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; 1042 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
1043 pkt->payload.data = pkt->plaintext + ad.len; 1043 pkt->payload.data = pkt->plaintext + ad.len;
1044 1044
1045 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, 1045 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
1046 nonce, &in, &ad, pkt->log); 1046 nonce, &in, &ad, pkt->log);
1047 if (rc != NGX_OK) { 1047 if (rc != NGX_OK) {