Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 9126:29a6c0e11f75
QUIC: a new constant for AEAD tag length.
Previously used constant EVP_GCM_TLS_TAG_LEN had misleading name since it was
used not only with GCM, but also with CHACHAPOLY. Now a new constant
NGX_QUIC_TAG_LEN introduced. Luckily all AEAD algorithms used by QUIC have
the same tag length of 16.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Fri, 09 Jun 2023 10:25:54 +0400 |
parents | 7da4791e0264 |
children | a7b850a5d98d |
comparison
equal
deleted
inserted
replaced
9125:31c8c1a713bc | 9126:29a6c0e11f75 |
---|---|
404 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 404 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
405 return NGX_ERROR; | 405 return NGX_ERROR; |
406 } | 406 } |
407 | 407 |
408 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, | 408 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, |
409 in->len - EVP_GCM_TLS_TAG_LEN) | 409 in->len - NGX_QUIC_TAG_LEN) |
410 != 1) | 410 != 1) |
411 { | 411 { |
412 EVP_CIPHER_CTX_free(ctx); | 412 EVP_CIPHER_CTX_free(ctx); |
413 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); | 413 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
414 return NGX_ERROR; | 414 return NGX_ERROR; |
415 } | 415 } |
416 | 416 |
417 out->len = len; | 417 out->len = len; |
418 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN; | 418 tag = in->data + in->len - NGX_QUIC_TAG_LEN; |
419 | 419 |
420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag) | 420 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, NGX_QUIC_TAG_LEN, tag) |
421 == 0) | 421 == 0) |
422 { | 422 { |
423 EVP_CIPHER_CTX_free(ctx); | 423 EVP_CIPHER_CTX_free(ctx); |
424 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 424 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); | 425 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); |
517 return NGX_ERROR; | 517 return NGX_ERROR; |
518 } | 518 } |
519 | 519 |
520 out->len += len; | 520 out->len += len; |
521 | 521 |
522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN, | 522 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, NGX_QUIC_TAG_LEN, |
523 out->data + in->len) | 523 out->data + in->len) |
524 == 0) | 524 == 0) |
525 { | 525 { |
526 EVP_CIPHER_CTX_free(ctx); | 526 EVP_CIPHER_CTX_free(ctx); |
527 ngx_ssl_error(NGX_LOG_INFO, log, 0, | 527 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
529 return NGX_ERROR; | 529 return NGX_ERROR; |
530 } | 530 } |
531 | 531 |
532 EVP_CIPHER_CTX_free(ctx); | 532 EVP_CIPHER_CTX_free(ctx); |
533 | 533 |
534 out->len += EVP_GCM_TLS_TAG_LEN; | 534 out->len += NGX_QUIC_TAG_LEN; |
535 #endif | 535 #endif |
536 return NGX_OK; | 536 return NGX_OK; |
537 } | 537 } |
538 | 538 |
539 | 539 |
736 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; | 736 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
737 | 737 |
738 ad.data = res->data; | 738 ad.data = res->data; |
739 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); | 739 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); |
740 | 740 |
741 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; | 741 out.len = pkt->payload.len + NGX_QUIC_TAG_LEN; |
742 out.data = res->data + ad.len; | 742 out.data = res->data + ad.len; |
743 | 743 |
744 #ifdef NGX_QUIC_DEBUG_CRYPTO | 744 #ifdef NGX_QUIC_DEBUG_CRYPTO |
745 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 745 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
746 "quic ad len:%uz %xV", ad.len, &ad); | 746 "quic ad len:%uz %xV", ad.len, &ad); |
800 | 800 |
801 ad.data = res->data; | 801 ad.data = res->data; |
802 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); | 802 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
803 | 803 |
804 itag.data = ad.data + ad.len; | 804 itag.data = ad.data + ad.len; |
805 itag.len = EVP_GCM_TLS_TAG_LEN; | 805 itag.len = NGX_QUIC_TAG_LEN; |
806 | 806 |
807 #ifdef NGX_QUIC_DEBUG_CRYPTO | 807 #ifdef NGX_QUIC_DEBUG_CRYPTO |
808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
809 "quic retry itag len:%uz %xV", ad.len, &ad); | 809 "quic retry itag len:%uz %xV", ad.len, &ad); |
810 #endif | 810 #endif |
977 * | 977 * |
978 * the Packet Number field is assumed to be 4 bytes long | 978 * the Packet Number field is assumed to be 4 bytes long |
979 * AES and ChaCha20 algorithms sample 16 bytes | 979 * AES and ChaCha20 algorithms sample 16 bytes |
980 */ | 980 */ |
981 | 981 |
982 if (len < EVP_GCM_TLS_TAG_LEN + 4) { | 982 if (len < NGX_QUIC_TAG_LEN + 4) { |
983 return NGX_DECLINED; | 983 return NGX_DECLINED; |
984 } | 984 } |
985 | 985 |
986 sample = p + 4; | 986 sample = p + 4; |
987 | 987 |
1037 #ifdef NGX_QUIC_DEBUG_CRYPTO | 1037 #ifdef NGX_QUIC_DEBUG_CRYPTO |
1038 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1038 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1039 "quic ad len:%uz %xV", ad.len, &ad); | 1039 "quic ad len:%uz %xV", ad.len, &ad); |
1040 #endif | 1040 #endif |
1041 | 1041 |
1042 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; | 1042 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; |
1043 pkt->payload.data = pkt->plaintext + ad.len; | 1043 pkt->payload.data = pkt->plaintext + ad.len; |
1044 | 1044 |
1045 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, | 1045 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
1046 nonce, &in, &ad, pkt->log); | 1046 nonce, &in, &ad, pkt->log); |
1047 if (rc != NGX_OK) { | 1047 if (rc != NGX_OK) { |