Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 8800:e617d0ba387a quic
QUIC: optimized initial secrets key length computation.
AES-128 key length is known in compile time.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 16 Jun 2021 17:55:57 +0300 |
| parents | ef8276c8ccff |
| children | d458101b7b81 |
comparison
equal
deleted
inserted
replaced
| 8799:ef8276c8ccff | 8800:e617d0ba387a |
|---|---|
| 12 | 12 |
| 13 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ | 13 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ |
| 14 #define NGX_QUIC_IV_LEN 12 | 14 #define NGX_QUIC_IV_LEN 12 |
| 15 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ | 15 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ |
| 16 #define NGX_QUIC_HP_LEN 5 | 16 #define NGX_QUIC_HP_LEN 5 |
| 17 | |
| 18 #define NGX_QUIC_AES_128_KEY_LEN 16 | |
| 17 | 19 |
| 18 #define NGX_AES_128_GCM_SHA256 0x1301 | 20 #define NGX_AES_128_GCM_SHA256 0x1301 |
| 19 #define NGX_AES_256_GCM_SHA384 0x1302 | 21 #define NGX_AES_256_GCM_SHA384 0x1302 |
| 20 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 | 22 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 |
| 21 | 23 |
| 148 { | 150 { |
| 149 size_t is_len; | 151 size_t is_len; |
| 150 uint8_t is[SHA256_DIGEST_LENGTH]; | 152 uint8_t is[SHA256_DIGEST_LENGTH]; |
| 151 ngx_uint_t i; | 153 ngx_uint_t i; |
| 152 const EVP_MD *digest; | 154 const EVP_MD *digest; |
| 153 const EVP_CIPHER *cipher; | |
| 154 ngx_quic_secret_t *client, *server; | 155 ngx_quic_secret_t *client, *server; |
| 155 | 156 |
| 156 static const uint8_t salt[20] = | 157 static const uint8_t salt[20] = |
| 157 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" | 158 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
| 158 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; | 159 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
| 168 * | 169 * |
| 169 * Initial packets use AEAD_AES_128_GCM. The hash function | 170 * Initial packets use AEAD_AES_128_GCM. The hash function |
| 170 * for HKDF when deriving initial secrets and keys is SHA-256. | 171 * for HKDF when deriving initial secrets and keys is SHA-256. |
| 171 */ | 172 */ |
| 172 | 173 |
| 173 cipher = EVP_aes_128_gcm(); | |
| 174 digest = EVP_sha256(); | 174 digest = EVP_sha256(); |
| 175 is_len = SHA256_DIGEST_LENGTH; | 175 is_len = SHA256_DIGEST_LENGTH; |
| 176 | 176 |
| 177 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, | 177 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
| 178 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) | 178 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) |
| 196 #endif | 196 #endif |
| 197 | 197 |
| 198 client->secret.len = SHA256_DIGEST_LENGTH; | 198 client->secret.len = SHA256_DIGEST_LENGTH; |
| 199 server->secret.len = SHA256_DIGEST_LENGTH; | 199 server->secret.len = SHA256_DIGEST_LENGTH; |
| 200 | 200 |
| 201 client->key.len = EVP_CIPHER_key_length(cipher); | 201 client->key.len = NGX_QUIC_AES_128_KEY_LEN; |
| 202 server->key.len = EVP_CIPHER_key_length(cipher); | 202 server->key.len = NGX_QUIC_AES_128_KEY_LEN; |
| 203 | 203 |
| 204 client->hp.len = EVP_CIPHER_key_length(cipher); | 204 client->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
| 205 server->hp.len = EVP_CIPHER_key_length(cipher); | 205 server->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
| 206 | 206 |
| 207 client->iv.len = NGX_QUIC_IV_LEN; | 207 client->iv.len = NGX_QUIC_IV_LEN; |
| 208 server->iv.len = NGX_QUIC_IV_LEN; | 208 server->iv.len = NGX_QUIC_IV_LEN; |
| 209 | 209 |
| 210 struct { | 210 struct { |