Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.h @ 9172:4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 20 Oct 2023 18:05:07 +0400 |
| parents | f98636db77ef |
| children | 31702c53d2db |
comparison
equal
deleted
inserted
replaced
| 9171:f98636db77ef | 9172:4ccb0d973206 |
|---|---|
| 24 #define NGX_QUIC_MAX_MD_SIZE 48 | 24 #define NGX_QUIC_MAX_MD_SIZE 48 |
| 25 | 25 |
| 26 | 26 |
| 27 #ifdef OPENSSL_IS_BORINGSSL | 27 #ifdef OPENSSL_IS_BORINGSSL |
| 28 #define ngx_quic_cipher_t EVP_AEAD | 28 #define ngx_quic_cipher_t EVP_AEAD |
| 29 #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX | |
| 29 #else | 30 #else |
| 30 #define ngx_quic_cipher_t EVP_CIPHER | 31 #define ngx_quic_cipher_t EVP_CIPHER |
| 32 #define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX | |
| 31 #endif | 33 #endif |
| 32 | 34 |
| 33 | 35 |
| 34 typedef struct { | 36 typedef struct { |
| 35 size_t len; | 37 size_t len; |
| 46 typedef struct { | 48 typedef struct { |
| 47 ngx_quic_md_t secret; | 49 ngx_quic_md_t secret; |
| 48 ngx_quic_md_t key; | 50 ngx_quic_md_t key; |
| 49 ngx_quic_iv_t iv; | 51 ngx_quic_iv_t iv; |
| 50 ngx_quic_md_t hp; | 52 ngx_quic_md_t hp; |
| 53 ngx_quic_crypto_ctx_t *ctx; | |
| 51 } ngx_quic_secret_t; | 54 } ngx_quic_secret_t; |
| 52 | 55 |
| 53 | 56 |
| 54 typedef struct { | 57 typedef struct { |
| 55 ngx_quic_secret_t client; | 58 ngx_quic_secret_t client; |
| 98 enum ssl_encryption_level_t level, ngx_uint_t is_write); | 101 enum ssl_encryption_level_t level, ngx_uint_t is_write); |
| 99 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, | 102 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
| 100 enum ssl_encryption_level_t level); | 103 enum ssl_encryption_level_t level); |
| 101 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); | 104 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
| 102 void ngx_quic_keys_update(ngx_event_t *ev); | 105 void ngx_quic_keys_update(ngx_event_t *ev); |
| 106 void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys); | |
| 103 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); | 107 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
| 104 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); | 108 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
| 105 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); | 109 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); |
| 106 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, | 110 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, |
| 107 enum ssl_encryption_level_t level); | 111 enum ssl_encryption_level_t level); |
| 108 ngx_int_t ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, | 112 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, |
| 109 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | 113 ngx_quic_secret_t *s, ngx_int_t enc, ngx_log_t *log); |
| 110 ngx_str_t *ad, ngx_log_t *log); | 114 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, |
| 115 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); | |
| 116 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); | |
| 111 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, | 117 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, |
| 112 ngx_log_t *log); | 118 ngx_log_t *log); |
| 113 | 119 |
| 114 | 120 |
| 115 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ | 121 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |