Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_protection.c @ 9171:f98636db77ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: renamed protection functions. Now these functions have names ngx_quic_crypto_XXX(): - ngx_quic_tls_open() -> ngx_quic_crypto_open() - ngx_quic_tls_seal() -> ngx_quic_crypto_seal() - ngx_quic_tls_hp() -> ngx_quic_crypto_hp()
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 20 Oct 2023 18:05:07 +0400
parents ff98ae7d261e
children 4ccb0d973206
comparison
equal deleted inserted replaced
9170:c80d111340dc 9171:f98636db77ef
24 const u_char *salt, size_t salt_len); 24 const u_char *salt, size_t salt_len);
25 25
26 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, 26 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask,
27 uint64_t *largest_pn); 27 uint64_t *largest_pn);
28 28
29 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, 29 static ngx_int_t ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher,
30 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, 30 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
31 ngx_str_t *ad, ngx_log_t *log); 31 ngx_str_t *ad, ngx_log_t *log);
32 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, 32 static ngx_int_t ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
33 ngx_quic_secret_t *s, u_char *out, u_char *in); 33 ngx_quic_secret_t *s, u_char *out, u_char *in);
34 34
35 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, 35 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
36 ngx_str_t *res); 36 ngx_str_t *res);
37 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, 37 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt,
342 #endif 342 #endif
343 } 343 }
344 344
345 345
346 static ngx_int_t 346 static ngx_int_t
347 ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, 347 ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
348 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) 348 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
349 { 349 {
350 350
351 #ifdef OPENSSL_IS_BORINGSSL 351 #ifdef OPENSSL_IS_BORINGSSL
352 EVP_AEAD_CTX *ctx; 352 EVP_AEAD_CTX *ctx;
447 return NGX_OK; 447 return NGX_OK;
448 } 448 }
449 449
450 450
451 ngx_int_t 451 ngx_int_t
452 ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, 452 ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
453 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) 453 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
454 { 454 {
455 455
456 #ifdef OPENSSL_IS_BORINGSSL 456 #ifdef OPENSSL_IS_BORINGSSL
457 EVP_AEAD_CTX *ctx; 457 EVP_AEAD_CTX *ctx;
563 return NGX_OK; 563 return NGX_OK;
564 } 564 }
565 565
566 566
567 static ngx_int_t 567 static ngx_int_t
568 ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, 568 ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
569 ngx_quic_secret_t *s, u_char *out, u_char *in) 569 ngx_quic_secret_t *s, u_char *out, u_char *in)
570 { 570 {
571 int outlen; 571 int outlen;
572 EVP_CIPHER_CTX *ctx; 572 EVP_CIPHER_CTX *ctx;
573 u_char zero[NGX_QUIC_HP_LEN] = {0}; 573 u_char zero[NGX_QUIC_HP_LEN] = {0};
799 secret = &pkt->keys->secrets[pkt->level].server; 799 secret = &pkt->keys->secrets[pkt->level].server;
800 800
801 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); 801 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
802 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); 802 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
803 803
804 if (ngx_quic_tls_seal(ciphers.c, secret, &out, 804 if (ngx_quic_crypto_seal(ciphers.c, secret, &out,
805 nonce, &pkt->payload, &ad, pkt->log) 805 nonce, &pkt->payload, &ad, pkt->log)
806 != NGX_OK) 806 != NGX_OK)
807 { 807 {
808 return NGX_ERROR; 808 return NGX_ERROR;
809 } 809 }
810 810
811 sample = &out.data[4 - pkt->num_len]; 811 sample = &out.data[4 - pkt->num_len];
812 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) 812 if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample)
813 != NGX_OK) 813 != NGX_OK)
814 { 814 {
815 return NGX_ERROR; 815 return NGX_ERROR;
816 } 816 }
817 817
860 860
861 secret.key.len = sizeof(key); 861 secret.key.len = sizeof(key);
862 ngx_memcpy(secret.key.data, key, sizeof(key)); 862 ngx_memcpy(secret.key.data, key, sizeof(key));
863 secret.iv.len = NGX_QUIC_IV_LEN; 863 secret.iv.len = NGX_QUIC_IV_LEN;
864 864
865 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log) 865 if (ngx_quic_crypto_seal(ciphers.c, &secret, &itag, nonce, &in, &ad,
866 pkt->log)
866 != NGX_OK) 867 != NGX_OK)
867 { 868 {
868 return NGX_ERROR; 869 return NGX_ERROR;
869 } 870 }
870 871
1030 1031
1031 sample = p + 4; 1032 sample = p + 4;
1032 1033
1033 /* header protection */ 1034 /* header protection */
1034 1035
1035 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) 1036 if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample)
1036 != NGX_OK) 1037 != NGX_OK)
1037 { 1038 {
1038 return NGX_DECLINED; 1039 return NGX_DECLINED;
1039 } 1040 }
1040 1041
1085 #endif 1086 #endif
1086 1087
1087 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; 1088 pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
1088 pkt->payload.data = pkt->plaintext + ad.len; 1089 pkt->payload.data = pkt->plaintext + ad.len;
1089 1090
1090 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, 1091 rc = ngx_quic_crypto_open(ciphers.c, secret, &pkt->payload,
1091 nonce, &in, &ad, pkt->log); 1092 nonce, &in, &ad, pkt->log);
1092 if (rc != NGX_OK) { 1093 if (rc != NGX_OK) {
1093 return NGX_DECLINED; 1094 return NGX_DECLINED;
1094 } 1095 }
1095 1096
1096 if (pkt->payload.len == 0) { 1097 if (pkt->payload.len == 0) {