Mercurial > hg > nginx
diff src/event/ngx_event_quic_protection.h @ 8621:9c3be23ddbe7 quic
QUIC: refactored key handling.
All key handling functionality is moved into ngx_quic_protection.c.
Public structures from ngx_quic_protection.h are now private and new
methods are available to manipulate keys.
A negotiated cipher is cached in QUIC connection from the set secret callback
to avoid calling SSL_get_current_cipher() on each encrypt/decrypt operation.
This also reduces the number of unwanted c->ssl->connection occurrences.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 02 Nov 2020 18:21:34 +0300 |
parents | b31c02454539 |
children |
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.h +++ b/src/event/ngx_event_quic_protection.h @@ -15,37 +15,24 @@ #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) -typedef struct ngx_quic_secret_s { - ngx_str_t secret; - ngx_str_t key; - ngx_str_t iv; - ngx_str_t hp; -} ngx_quic_secret_t; - +ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool); +ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, + ngx_quic_keys_t *keys, ngx_str_t *secret); +int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, + ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); +ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, + enum ssl_encryption_level_t level); +void ngx_quic_keys_discard(ngx_quic_keys_t *keys, + enum ssl_encryption_level_t level); +void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); +ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); -typedef struct { - ngx_quic_secret_t client; - ngx_quic_secret_t server; -} ngx_quic_secrets_t; - - -ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, - ngx_quic_secret_t *client, ngx_quic_secret_t *server, - ngx_str_t *secret); - -int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, - enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, - ngx_quic_secret_t *peer_secret); - -ngx_int_t ngx_quic_key_update(ngx_connection_t *c, - ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, ngx_str_t *key, u_char *token); -ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, - ngx_str_t *res); -ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, - uint64_t *largest_pn); +ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); +ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */