7637
|
1 #include <ngx_config.h>
|
|
2 #include <ngx_core.h>
|
|
3 #include <ngx_event.h>
|
|
4
|
|
5
|
|
6 uint64_t
|
|
7 ngx_quic_parse_int(u_char **pos)
|
|
8 {
|
|
9 u_char *p;
|
|
10 uint64_t value;
|
|
11 ngx_uint_t len;
|
|
12
|
|
13 p = *pos;
|
|
14 len = 1 << ((*p & 0xc0) >> 6);
|
|
15 value = *p++ & 0x3f;
|
|
16
|
|
17 while (--len) {
|
|
18 value = (value << 8) + *p++;
|
|
19 }
|
|
20
|
|
21 *pos = p;
|
|
22 return value;
|
|
23 }
|
|
24
|
|
25
|
|
26 void
|
|
27 ngx_quic_build_int(u_char **pos, uint64_t value)
|
|
28 {
|
|
29 u_char *p;
|
|
30 ngx_uint_t len;//, len2;
|
|
31
|
|
32 p = *pos;
|
|
33 len = 0;
|
|
34
|
|
35 while (value >> ((1 << len) * 8 - 2)) {
|
|
36 len++;
|
|
37 }
|
|
38
|
|
39 *p = len << 6;
|
|
40
|
|
41 // len2 =
|
|
42 len = (1 << len);
|
|
43 len--;
|
|
44 *p |= value >> (len * 8);
|
|
45 p++;
|
|
46
|
|
47 while (len) {
|
|
48 *p++ = value >> ((len-- - 1) * 8);
|
|
49 }
|
|
50
|
|
51 *pos = p;
|
|
52 // return len2;
|
|
53 }
|
|
54
|
|
55
|
|
56 uint64_t
|
|
57 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask)
|
|
58 {
|
|
59 u_char *p;
|
|
60 uint64_t value;
|
|
61
|
|
62 p = *pos;
|
|
63 value = *p++ ^ *mask++;
|
|
64
|
|
65 while (--len) {
|
|
66 value = (value << 8) + (*p++ ^ *mask++);
|
|
67 }
|
|
68
|
|
69 *pos = p;
|
|
70 return value;
|
|
71 }
|
|
72
|
|
73
|
|
74 ngx_int_t
|
|
75 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
|
|
76 const u_char *secret, size_t secret_len, const u_char *salt,
|
|
77 size_t salt_len)
|
|
78 {
|
|
79 #ifdef OPENSSL_IS_BORINGSSL
|
|
80 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
|
|
81 salt_len)
|
|
82 == 0)
|
|
83 {
|
|
84 return NGX_ERROR;
|
|
85 }
|
|
86 #else
|
|
87
|
|
88 EVP_PKEY_CTX *pctx;
|
|
89
|
|
90 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
|
91
|
|
92 if (EVP_PKEY_derive_init(pctx) <= 0) {
|
|
93 return NGX_ERROR;
|
|
94 }
|
|
95
|
|
96 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
|
|
97 return NGX_ERROR;
|
|
98 }
|
|
99
|
|
100 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
|
|
101 return NGX_ERROR;
|
|
102 }
|
|
103
|
|
104 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
|
|
105 return NGX_ERROR;
|
|
106 }
|
|
107
|
|
108 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
|
|
109 return NGX_ERROR;
|
|
110 }
|
|
111
|
|
112 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
|
|
113 return NGX_ERROR;
|
|
114 }
|
|
115
|
|
116 #endif
|
|
117
|
|
118 return NGX_OK;
|
|
119 }
|
|
120
|
|
121
|
|
122 ngx_int_t
|
|
123 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
|
|
124 const u_char *prk, size_t prk_len, const u_char *info, size_t info_len)
|
|
125 {
|
|
126 #ifdef OPENSSL_IS_BORINGSSL
|
|
127 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
|
|
128 == 0)
|
|
129 {
|
|
130 return NGX_ERROR;
|
|
131 }
|
|
132 #else
|
|
133
|
|
134 EVP_PKEY_CTX *pctx;
|
|
135
|
|
136 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
|
137
|
|
138 if (EVP_PKEY_derive_init(pctx) <= 0) {
|
|
139 return NGX_ERROR;
|
|
140 }
|
|
141
|
|
142 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
|
|
143 return NGX_ERROR;
|
|
144 }
|
|
145
|
|
146 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
|
|
147 return NGX_ERROR;
|
|
148 }
|
|
149
|
|
150 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
|
|
151 return NGX_ERROR;
|
|
152 }
|
|
153
|
|
154 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
|
|
155 return NGX_ERROR;
|
|
156 }
|
|
157
|
|
158 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
|
|
159 return NGX_ERROR;
|
|
160 }
|
|
161
|
|
162 #endif
|
|
163
|
|
164 return NGX_OK;
|
|
165 }
|