Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.h @ 9172:4ccb0d973206
QUIC: reusing crypto contexts for packet protection.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 20 Oct 2023 18:05:07 +0400 |
parents | f98636db77ef |
children | 31702c53d2db |
comparison
equal
deleted
inserted
replaced
9171:f98636db77ef | 9172:4ccb0d973206 |
---|---|
24 #define NGX_QUIC_MAX_MD_SIZE 48 | 24 #define NGX_QUIC_MAX_MD_SIZE 48 |
25 | 25 |
26 | 26 |
27 #ifdef OPENSSL_IS_BORINGSSL | 27 #ifdef OPENSSL_IS_BORINGSSL |
28 #define ngx_quic_cipher_t EVP_AEAD | 28 #define ngx_quic_cipher_t EVP_AEAD |
29 #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX | |
29 #else | 30 #else |
30 #define ngx_quic_cipher_t EVP_CIPHER | 31 #define ngx_quic_cipher_t EVP_CIPHER |
32 #define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX | |
31 #endif | 33 #endif |
32 | 34 |
33 | 35 |
34 typedef struct { | 36 typedef struct { |
35 size_t len; | 37 size_t len; |
46 typedef struct { | 48 typedef struct { |
47 ngx_quic_md_t secret; | 49 ngx_quic_md_t secret; |
48 ngx_quic_md_t key; | 50 ngx_quic_md_t key; |
49 ngx_quic_iv_t iv; | 51 ngx_quic_iv_t iv; |
50 ngx_quic_md_t hp; | 52 ngx_quic_md_t hp; |
53 ngx_quic_crypto_ctx_t *ctx; | |
51 } ngx_quic_secret_t; | 54 } ngx_quic_secret_t; |
52 | 55 |
53 | 56 |
54 typedef struct { | 57 typedef struct { |
55 ngx_quic_secret_t client; | 58 ngx_quic_secret_t client; |
98 enum ssl_encryption_level_t level, ngx_uint_t is_write); | 101 enum ssl_encryption_level_t level, ngx_uint_t is_write); |
99 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, | 102 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
100 enum ssl_encryption_level_t level); | 103 enum ssl_encryption_level_t level); |
101 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); | 104 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
102 void ngx_quic_keys_update(ngx_event_t *ev); | 105 void ngx_quic_keys_update(ngx_event_t *ev); |
106 void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys); | |
103 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); | 107 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
104 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); | 108 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
105 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); | 109 void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); |
106 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, | 110 ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, |
107 enum ssl_encryption_level_t level); | 111 enum ssl_encryption_level_t level); |
108 ngx_int_t ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, | 112 ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, |
109 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | 113 ngx_quic_secret_t *s, ngx_int_t enc, ngx_log_t *log); |
110 ngx_str_t *ad, ngx_log_t *log); | 114 ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, |
115 u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); | |
116 void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s); | |
111 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, | 117 ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, |
112 ngx_log_t *log); | 118 ngx_log_t *log); |
113 | 119 |
114 | 120 |
115 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ | 121 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |