Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 9171:f98636db77ef
QUIC: renamed protection functions.
Now these functions have names ngx_quic_crypto_XXX():
- ngx_quic_tls_open() -> ngx_quic_crypto_open()
- ngx_quic_tls_seal() -> ngx_quic_crypto_seal()
- ngx_quic_tls_hp() -> ngx_quic_crypto_hp()
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 20 Oct 2023 18:05:07 +0400 |
parents | ff98ae7d261e |
children | 4ccb0d973206 |
comparison
equal
deleted
inserted
replaced
9170:c80d111340dc | 9171:f98636db77ef |
---|---|
24 const u_char *salt, size_t salt_len); | 24 const u_char *salt, size_t salt_len); |
25 | 25 |
26 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, | 26 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
27 uint64_t *largest_pn); | 27 uint64_t *largest_pn); |
28 | 28 |
29 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, | 29 static ngx_int_t ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, |
30 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | 30 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
31 ngx_str_t *ad, ngx_log_t *log); | 31 ngx_str_t *ad, ngx_log_t *log); |
32 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, | 32 static ngx_int_t ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
33 ngx_quic_secret_t *s, u_char *out, u_char *in); | 33 ngx_quic_secret_t *s, u_char *out, u_char *in); |
34 | 34 |
35 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, | 35 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
36 ngx_str_t *res); | 36 ngx_str_t *res); |
37 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, | 37 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
342 #endif | 342 #endif |
343 } | 343 } |
344 | 344 |
345 | 345 |
346 static ngx_int_t | 346 static ngx_int_t |
347 ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, | 347 ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
348 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) | 348 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
349 { | 349 { |
350 | 350 |
351 #ifdef OPENSSL_IS_BORINGSSL | 351 #ifdef OPENSSL_IS_BORINGSSL |
352 EVP_AEAD_CTX *ctx; | 352 EVP_AEAD_CTX *ctx; |
447 return NGX_OK; | 447 return NGX_OK; |
448 } | 448 } |
449 | 449 |
450 | 450 |
451 ngx_int_t | 451 ngx_int_t |
452 ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, | 452 ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
453 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) | 453 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
454 { | 454 { |
455 | 455 |
456 #ifdef OPENSSL_IS_BORINGSSL | 456 #ifdef OPENSSL_IS_BORINGSSL |
457 EVP_AEAD_CTX *ctx; | 457 EVP_AEAD_CTX *ctx; |
563 return NGX_OK; | 563 return NGX_OK; |
564 } | 564 } |
565 | 565 |
566 | 566 |
567 static ngx_int_t | 567 static ngx_int_t |
568 ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, | 568 ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
569 ngx_quic_secret_t *s, u_char *out, u_char *in) | 569 ngx_quic_secret_t *s, u_char *out, u_char *in) |
570 { | 570 { |
571 int outlen; | 571 int outlen; |
572 EVP_CIPHER_CTX *ctx; | 572 EVP_CIPHER_CTX *ctx; |
573 u_char zero[NGX_QUIC_HP_LEN] = {0}; | 573 u_char zero[NGX_QUIC_HP_LEN] = {0}; |
799 secret = &pkt->keys->secrets[pkt->level].server; | 799 secret = &pkt->keys->secrets[pkt->level].server; |
800 | 800 |
801 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); | 801 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
802 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 802 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
803 | 803 |
804 if (ngx_quic_tls_seal(ciphers.c, secret, &out, | 804 if (ngx_quic_crypto_seal(ciphers.c, secret, &out, |
805 nonce, &pkt->payload, &ad, pkt->log) | 805 nonce, &pkt->payload, &ad, pkt->log) |
806 != NGX_OK) | 806 != NGX_OK) |
807 { | 807 { |
808 return NGX_ERROR; | 808 return NGX_ERROR; |
809 } | 809 } |
810 | 810 |
811 sample = &out.data[4 - pkt->num_len]; | 811 sample = &out.data[4 - pkt->num_len]; |
812 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 812 if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample) |
813 != NGX_OK) | 813 != NGX_OK) |
814 { | 814 { |
815 return NGX_ERROR; | 815 return NGX_ERROR; |
816 } | 816 } |
817 | 817 |
860 | 860 |
861 secret.key.len = sizeof(key); | 861 secret.key.len = sizeof(key); |
862 ngx_memcpy(secret.key.data, key, sizeof(key)); | 862 ngx_memcpy(secret.key.data, key, sizeof(key)); |
863 secret.iv.len = NGX_QUIC_IV_LEN; | 863 secret.iv.len = NGX_QUIC_IV_LEN; |
864 | 864 |
865 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log) | 865 if (ngx_quic_crypto_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, |
866 pkt->log) | |
866 != NGX_OK) | 867 != NGX_OK) |
867 { | 868 { |
868 return NGX_ERROR; | 869 return NGX_ERROR; |
869 } | 870 } |
870 | 871 |
1030 | 1031 |
1031 sample = p + 4; | 1032 sample = p + 4; |
1032 | 1033 |
1033 /* header protection */ | 1034 /* header protection */ |
1034 | 1035 |
1035 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 1036 if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample) |
1036 != NGX_OK) | 1037 != NGX_OK) |
1037 { | 1038 { |
1038 return NGX_DECLINED; | 1039 return NGX_DECLINED; |
1039 } | 1040 } |
1040 | 1041 |
1085 #endif | 1086 #endif |
1086 | 1087 |
1087 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; | 1088 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; |
1088 pkt->payload.data = pkt->plaintext + ad.len; | 1089 pkt->payload.data = pkt->plaintext + ad.len; |
1089 | 1090 |
1090 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, | 1091 rc = ngx_quic_crypto_open(ciphers.c, secret, &pkt->payload, |
1091 nonce, &in, &ad, pkt->log); | 1092 nonce, &in, &ad, pkt->log); |
1092 if (rc != NGX_OK) { | 1093 if (rc != NGX_OK) { |
1093 return NGX_DECLINED; | 1094 return NGX_DECLINED; |
1094 } | 1095 } |
1095 | 1096 |
1096 if (pkt->payload.len == 0) { | 1097 if (pkt->payload.len == 0) { |