Mercurial > hg > nginx-quic
annotate src/event/quic/ngx_event_quic_protection.c @ 8683:de7b9af30fc6 quic
QUIC: refactored packet creation.
The "min" and "max" arguments refer to UDP datagram size. Generating payload
requires to account properly for header size, which is variable and depends on
payload size and packet number.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 07 Oct 2021 13:48:29 +0300 |
parents | 6d1488b62dc5 |
children | 3341e4089c6c |
rev | line source |
---|---|
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
8415
b4e6b7049984
QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8389
diff
changeset
|
10 #include <ngx_event_quic_connection.h> |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
13 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 #define NGX_QUIC_IV_LEN 12 |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
15 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ |
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
16 #define NGX_QUIC_HP_LEN 5 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 |
8501
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8500
diff
changeset
|
18 #define NGX_QUIC_AES_128_KEY_LEN 16 |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8500
diff
changeset
|
19 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 #define NGX_AES_128_GCM_SHA256 0x1301 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 #define NGX_AES_256_GCM_SHA384 0x1302 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 #define ngx_quic_cipher_t EVP_AEAD |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 #define ngx_quic_cipher_t EVP_CIPHER |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
31 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 typedef struct { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 const ngx_quic_cipher_t *c; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 const EVP_CIPHER *hp; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 const EVP_MD *d; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 } ngx_quic_ciphers_t; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
39 typedef struct ngx_quic_secret_s { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
40 ngx_str_t secret; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
41 ngx_str_t key; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
42 ngx_str_t iv; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
43 ngx_str_t hp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
44 } ngx_quic_secret_t; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
45 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
46 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
47 typedef struct { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
48 ngx_quic_secret_t client; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
49 ngx_quic_secret_t server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
50 } ngx_quic_secrets_t; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
51 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
52 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
53 struct ngx_quic_keys_s { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
54 ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
55 ngx_quic_secrets_t next_key; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
56 ngx_uint_t cipher; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
57 }; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
58 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
59 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 const EVP_MD *digest, const u_char *prk, size_t prk_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 const u_char *info, size_t info_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 static ngx_int_t ngx_hkdf_extract(u_char *out_key, size_t *out_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 const EVP_MD *digest, const u_char *secret, size_t secret_len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 const u_char *salt, size_t salt_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
67 static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
68 uint64_t *largest_pn); |
7776
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
69 static void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
70 static ngx_int_t ngx_quic_ciphers(ngx_uint_t id, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
73 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
7753 | 75 ngx_str_t *ad, ngx_log_t *log); |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
76 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
77 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
78 ngx_str_t *ad, ngx_log_t *log); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 ngx_quic_secret_t *s, u_char *out, u_char *in); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 |
8214
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8213
diff
changeset
|
84 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
85 ngx_str_t *res); |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
86 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
87 ngx_str_t *res); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 static ngx_int_t |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
91 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 enum ssl_encryption_level_t level) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 { |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
94 ngx_int_t len; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 if (level == ssl_encryption_initial) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 id = NGX_AES_128_GCM_SHA256; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 switch (id) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 case NGX_AES_128_GCM_SHA256: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 ciphers->c = EVP_aead_aes_128_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 ciphers->c = EVP_aes_128_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 ciphers->hp = EVP_aes_128_ctr(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 ciphers->d = EVP_sha256(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 len = 16; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 case NGX_AES_256_GCM_SHA384: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 ciphers->c = EVP_aead_aes_256_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 ciphers->c = EVP_aes_256_gcm(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 ciphers->hp = EVP_aes_256_ctr(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 ciphers->d = EVP_sha384(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 len = 32; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 case NGX_CHACHA20_POLY1305_SHA256: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 ciphers->c = EVP_aead_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 ciphers->c = EVP_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 ciphers->hp = EVP_chacha20(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 ciphers->d = EVP_sha256(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 len = 32; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 break; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 default: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 return len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 ngx_int_t |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
148 ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, |
8322
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
149 ngx_str_t *secret, uint32_t version) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 { |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
151 size_t is_len; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
152 uint8_t is[SHA256_DIGEST_LENGTH]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
153 ngx_uint_t i; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
154 const EVP_MD *digest; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
155 ngx_quic_secret_t *client, *server; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 static const uint8_t salt[20] = |
8271
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8266
diff
changeset
|
158 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8266
diff
changeset
|
159 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
8322
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
160 static const uint8_t salt29[20] = |
7943
011668fc9efd
Update Initial salt and Retry secret from quic-tls-29.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7941
diff
changeset
|
161 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" |
011668fc9efd
Update Initial salt and Retry secret from quic-tls-29.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7941
diff
changeset
|
162 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
164 client = &keys->secrets[ssl_encryption_initial].client; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
165 server = &keys->secrets[ssl_encryption_initial].server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
166 |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
167 /* |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
168 * RFC 9001, section 5. Packet Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
169 * |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
170 * Initial packets use AEAD_AES_128_GCM. The hash function |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
171 * for HKDF when deriving initial secrets and keys is SHA-256. |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
172 */ |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 digest = EVP_sha256(); |
8379
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8351
diff
changeset
|
175 is_len = SHA256_DIGEST_LENGTH; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
8322
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
178 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 ngx_str_t iss = { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 .data = is, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 .len = is_len |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 }; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 |
7837
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
7836
diff
changeset
|
189 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0, |
8295
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8287
diff
changeset
|
190 "quic ngx_quic_set_initial_secret"); |
8137
52ad697f9d1c
QUIC: enabled more key-related debug by default.
Vladimir Homutov <vl@nginx.com>
parents:
8103
diff
changeset
|
191 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
192 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
193 "quic salt len:%uz %*xs", sizeof(salt), sizeof(salt), salt); |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
194 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
195 "quic initial secret len:%uz %*xs", is_len, is_len, is); |
7836 | 196 #endif |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7769
diff
changeset
|
198 client->secret.len = SHA256_DIGEST_LENGTH; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7769
diff
changeset
|
199 server->secret.len = SHA256_DIGEST_LENGTH; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 |
8501
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8500
diff
changeset
|
201 client->key.len = NGX_QUIC_AES_128_KEY_LEN; |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8500
diff
changeset
|
202 server->key.len = NGX_QUIC_AES_128_KEY_LEN; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 |
8501
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8500
diff
changeset
|
204 client->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
e617d0ba387a
QUIC: optimized initial secrets key length computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8500
diff
changeset
|
205 server->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
207 client->iv.len = NGX_QUIC_IV_LEN; |
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
208 server->iv.len = NGX_QUIC_IV_LEN; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 struct { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 ngx_str_t label; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 ngx_str_t *key; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 ngx_str_t *prk; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 } seq[] = { |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
215 /* labels per RFC 9001, 5.1. Packet Protection Keys */ |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7769
diff
changeset
|
216 { ngx_string("tls13 client in"), &client->secret, &iss }, |
8503
d458101b7b81
QUIC: compact initial secrets table.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8501
diff
changeset
|
217 { ngx_string("tls13 quic key"), &client->key, &client->secret }, |
d458101b7b81
QUIC: compact initial secrets table.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8501
diff
changeset
|
218 { ngx_string("tls13 quic iv"), &client->iv, &client->secret }, |
d458101b7b81
QUIC: compact initial secrets table.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8501
diff
changeset
|
219 { ngx_string("tls13 quic hp"), &client->hp, &client->secret }, |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7769
diff
changeset
|
220 { ngx_string("tls13 server in"), &server->secret, &iss }, |
8503
d458101b7b81
QUIC: compact initial secrets table.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8501
diff
changeset
|
221 { ngx_string("tls13 quic key"), &server->key, &server->secret }, |
d458101b7b81
QUIC: compact initial secrets table.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8501
diff
changeset
|
222 { ngx_string("tls13 quic iv"), &server->iv, &server->secret }, |
d458101b7b81
QUIC: compact initial secrets table.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8501
diff
changeset
|
223 { ngx_string("tls13 quic hp"), &server->hp, &server->secret }, |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 }; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 if (ngx_quic_hkdf_expand(pool, digest, seq[i].key, &seq[i].label, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 seq[i].prk->data, seq[i].prk->len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, ngx_str_t *out, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 ngx_str_t *label, const uint8_t *prk, size_t prk_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 size_t info_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 uint8_t *p; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 uint8_t info[20]; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 if (out->data == NULL) { |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
249 out->data = ngx_pnalloc(pool, out->len); |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
250 if (out->data == NULL) { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
251 return NGX_ERROR; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
252 } |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 info_len = 2 + 1 + label->len + 1; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 info[0] = 0; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 info[1] = out->len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 info[2] = label->len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 p = ngx_cpymem(&info[3], label->data, label->len); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 *p = '\0'; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 if (ngx_hkdf_expand(out->data, out->len, digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 prk, prk_len, info, info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 "ngx_hkdf_expand(%V) failed", label); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 |
7836 | 272 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
273 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pool->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
274 "quic expand %V key len:%uz %xV", label, out->len, out); |
7836 | 275 #endif |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 #ifdef OPENSSL_IS_BORINGSSL |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
286 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 } |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
292 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
293 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
294 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
295 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
296 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
297 EVP_PKEY_CTX *pctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
298 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
299 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
300 if (pctx == NULL) { |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
301 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
302 } |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
303 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
304 if (EVP_PKEY_derive_init(pctx) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
305 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
306 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
307 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
308 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
309 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
310 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
311 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
312 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
313 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
314 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
315 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
316 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
317 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
318 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
319 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
320 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
321 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
322 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
323 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
324 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
325 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
326 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
327 |
8389
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8379
diff
changeset
|
328 EVP_PKEY_CTX_free(pctx); |
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8379
diff
changeset
|
329 |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
330 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
331 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
332 failed: |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
333 |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
334 EVP_PKEY_CTX_free(pctx); |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
335 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
336 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
337 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
338 #endif |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
339 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
340 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
341 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
342 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
343 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
344 const u_char *secret, size_t secret_len, const u_char *salt, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
345 size_t salt_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
346 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
347 #ifdef OPENSSL_IS_BORINGSSL |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
348 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
349 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
350 salt_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
351 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
352 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
353 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
354 } |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
355 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
356 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
357 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
358 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
359 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
360 EVP_PKEY_CTX *pctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
361 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
362 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
363 if (pctx == NULL) { |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
364 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
365 } |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
366 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
367 if (EVP_PKEY_derive_init(pctx) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
368 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
369 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
370 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
371 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
372 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
373 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
374 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
375 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
376 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
377 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
378 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
379 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
380 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
381 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
382 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
383 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
384 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
385 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
386 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
387 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) { |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
388 goto failed; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
389 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
390 |
8389
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8379
diff
changeset
|
391 EVP_PKEY_CTX_free(pctx); |
c0cd180308e4
QUIC: fixed memory leak in ngx_hkdf_extract()/ngx_hkdf_expand().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8379
diff
changeset
|
392 |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
393 return NGX_OK; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
394 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
395 failed: |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
396 |
8351
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
397 EVP_PKEY_CTX_free(pctx); |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
398 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
399 return NGX_ERROR; |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
400 |
1c48629cfa74
QUIC: added error handling to ngx_hkdf_extract()/ngx_hkdf_expand().
Vladimir Homutov <vl@nginx.com>
parents:
8322
diff
changeset
|
401 #endif |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
402 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
403 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
404 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
405 static ngx_int_t |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
406 ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
407 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, |
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
408 ngx_log_t *log) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
409 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
410 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
411 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
412 EVP_AEAD_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
413 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
414 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
415 EVP_AEAD_DEFAULT_TAG_LENGTH); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
416 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
417 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
418 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
419 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
420 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
421 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
422 in->data, in->len, ad->data, ad->len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
423 != 1) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
424 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
425 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
426 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
427 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
428 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
429 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
430 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
431 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
432 int len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
433 u_char *tag; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
434 EVP_CIPHER_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
435 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
436 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
437 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
438 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
439 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
440 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
441 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
442 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
443 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
444 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
445 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
446 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
447 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
448 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
449 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
450 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
451 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
452 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
453 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
454 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
455 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
456 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
457 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
458 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
459 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
460 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
461 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
462 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
463 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
464 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
465 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
466 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
467 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
468 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
469 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
470 in->len - EVP_GCM_TLS_TAG_LEN) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
471 != 1) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
472 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
473 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
474 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
475 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
476 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
477 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
478 out->len = len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
479 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
480 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
481 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
482 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
483 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
484 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
485 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
486 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
487 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
488 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
489 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
490 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
491 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
492 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
493 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
494 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
495 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
496 out->len += len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
497 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
498 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
499 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
500 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
501 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
502 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
503 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
504 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
505 static ngx_int_t |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
506 ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
507 ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
508 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
509 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
510 #ifdef OPENSSL_IS_BORINGSSL |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
511 EVP_AEAD_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
512 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
513 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
514 EVP_AEAD_DEFAULT_TAG_LENGTH); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
515 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
516 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
517 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
518 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
519 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
520 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
521 in->data, in->len, ad->data, ad->len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
522 != 1) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
523 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
524 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
525 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
526 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
527 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
528 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
529 EVP_AEAD_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
530 #else |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
531 int len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
532 EVP_CIPHER_CTX *ctx; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
533 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
534 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
535 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
536 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
537 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
538 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
539 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
540 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
541 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
542 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
543 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
544 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
545 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
546 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
547 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
548 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
549 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
550 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
551 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
552 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
553 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
554 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
555 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
556 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
557 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
558 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
559 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
560 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
561 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
562 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
563 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
564 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
565 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
566 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
567 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
568 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
569 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
570 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
571 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
572 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
573 out->len = len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
574 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
575 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
576 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
577 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
578 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
579 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
580 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
581 out->len += len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
582 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
583 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
584 out->data + in->len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
585 == 0) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
586 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
587 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
588 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
589 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
590 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
591 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
592 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
593 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
594 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
595 out->len += EVP_GCM_TLS_TAG_LEN; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
596 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
597 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
598 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
599 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
600 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
601 static ngx_int_t |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
602 ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
603 ngx_quic_secret_t *s, u_char *out, u_char *in) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
604 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
605 int outlen; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
606 EVP_CIPHER_CTX *ctx; |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
607 u_char zero[NGX_QUIC_HP_LEN] = {0}; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
608 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
609 #ifdef OPENSSL_IS_BORINGSSL |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
610 uint32_t cnt; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
611 |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
612 ngx_memcpy(&cnt, in, sizeof(uint32_t)); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
613 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
614 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
615 CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
616 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
617 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
618 #endif |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
619 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
620 ctx = EVP_CIPHER_CTX_new(); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
621 if (ctx == NULL) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
622 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
623 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
624 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
625 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, in) != 1) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
626 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
627 goto failed; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
628 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
629 |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
630 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
631 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
632 goto failed; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
633 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
634 |
8499
fc5719637aff
QUIC: consistent use of 5-byte buffers for header protection.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8498
diff
changeset
|
635 if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
636 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
637 goto failed; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
638 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
639 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
640 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
641 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
642 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
643 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
644 failed: |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
645 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
646 EVP_CIPHER_CTX_free(ctx); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
647 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
648 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
649 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
650 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
651 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
652 int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
653 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
654 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
655 { |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
656 ngx_int_t key_len; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
657 ngx_uint_t i; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
658 ngx_quic_secret_t *peer_secret; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
659 ngx_quic_ciphers_t ciphers; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
660 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
661 peer_secret = is_write ? &keys->secrets[level].server |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
662 : &keys->secrets[level].client; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
663 |
8260
a4c05aff8ec0
QUIC: converted to SSL_CIPHER_get_protocol_id().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8235
diff
changeset
|
664 keys->cipher = SSL_CIPHER_get_protocol_id(cipher); |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
665 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
666 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
667 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
668 if (key_len == NGX_ERROR) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
669 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
670 return 0; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
671 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
672 |
7772
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
7769
diff
changeset
|
673 if (level == ssl_encryption_initial) { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
674 return 0; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
675 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
676 |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
677 peer_secret->secret.data = ngx_pnalloc(pool, secret_len); |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
678 if (peer_secret->secret.data == NULL) { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
679 return NGX_ERROR; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
680 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
681 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
682 peer_secret->secret.len = secret_len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
683 ngx_memcpy(peer_secret->secret.data, secret, secret_len); |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
684 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
685 peer_secret->key.len = key_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
686 peer_secret->iv.len = NGX_QUIC_IV_LEN; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
687 peer_secret->hp.len = key_len; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
688 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
689 struct { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
690 ngx_str_t label; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
691 ngx_str_t *key; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
692 const uint8_t *secret; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
693 } seq[] = { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
694 { ngx_string("tls13 quic key"), &peer_secret->key, secret }, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
695 { ngx_string("tls13 quic iv"), &peer_secret->iv, secret }, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
696 { ngx_string("tls13 quic hp"), &peer_secret->hp, secret }, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
697 }; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
698 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
699 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
700 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
701 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
702 seq[i].secret, secret_len) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
703 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
704 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
705 return 0; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
706 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
707 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
708 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
709 return 1; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
710 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
711 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
712 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
713 ngx_quic_keys_t * |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
714 ngx_quic_keys_new(ngx_pool_t *pool) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
715 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
716 return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t)); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
717 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
718 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
719 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
720 ngx_uint_t |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
721 ngx_quic_keys_available(ngx_quic_keys_t *keys, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
722 enum ssl_encryption_level_t level) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
723 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
724 return keys->secrets[level].client.key.len != 0; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
725 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
726 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
727 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
728 void |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
729 ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
8295
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8287
diff
changeset
|
730 enum ssl_encryption_level_t level) |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
731 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
732 keys->secrets[level].client.key.len = 0; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
733 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
734 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
735 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
736 void |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
737 ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
738 { |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
739 ngx_quic_secrets_t *current, *next, tmp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
740 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
741 current = &keys->secrets[ssl_encryption_application]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
742 next = &keys->next_key; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
743 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
744 tmp = *current; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
745 *current = *next; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
746 *next = tmp; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
747 } |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
748 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
749 |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
750 ngx_int_t |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
751 ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys) |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
752 { |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
753 ngx_uint_t i; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
754 ngx_quic_ciphers_t ciphers; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
755 ngx_quic_secrets_t *current, *next; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
756 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
757 current = &keys->secrets[ssl_encryption_application]; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
758 next = &keys->next_key; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
759 |
7837
f175006124d0
Cleaned up hexdumps in debug output.
Vladimir Homutov <vl@nginx.com>
parents:
7836
diff
changeset
|
760 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
761 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
762 if (ngx_quic_ciphers(keys->cipher, &ciphers, ssl_encryption_application) |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
763 == NGX_ERROR) |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
764 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
765 return NGX_ERROR; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
766 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
767 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
768 next->client.secret.len = current->client.secret.len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
769 next->client.key.len = current->client.key.len; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
770 next->client.iv.len = NGX_QUIC_IV_LEN; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
771 next->client.hp = current->client.hp; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
772 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
773 next->server.secret.len = current->server.secret.len; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
774 next->server.key.len = current->server.key.len; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
775 next->server.iv.len = NGX_QUIC_IV_LEN; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
776 next->server.hp = current->server.hp; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
777 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
778 struct { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
779 ngx_str_t label; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
780 ngx_str_t *key; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
781 ngx_str_t *secret; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
782 } seq[] = { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
783 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
784 ngx_string("tls13 quic ku"), |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
785 &next->client.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
786 ¤t->client.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
787 }, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
788 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
789 ngx_string("tls13 quic key"), |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
790 &next->client.key, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
791 &next->client.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
792 }, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
793 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
794 ngx_string("tls13 quic iv"), |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
795 &next->client.iv, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
796 &next->client.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
797 }, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
798 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
799 ngx_string("tls13 quic ku"), |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
800 &next->server.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
801 ¤t->server.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
802 }, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
803 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
804 ngx_string("tls13 quic key"), |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
805 &next->server.key, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
806 &next->server.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
807 }, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
808 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
809 ngx_string("tls13 quic iv"), |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
810 &next->server.iv, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
811 &next->server.secret, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
812 }, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
813 }; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
814 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
815 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
816 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
817 if (ngx_quic_hkdf_expand(c->pool, ciphers.d, seq[i].key, &seq[i].label, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
818 seq[i].secret->data, seq[i].secret->len) |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
819 != NGX_OK) |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
820 { |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
821 return NGX_ERROR; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
822 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
823 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
824 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
825 return NGX_OK; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
826 } |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
827 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
828 |
7853
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7852
diff
changeset
|
829 static ngx_int_t |
8214
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8213
diff
changeset
|
830 ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
831 { |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
832 u_char *pnp, *sample; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
833 ngx_str_t ad, out; |
7781
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
7779
diff
changeset
|
834 ngx_uint_t i; |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
835 ngx_quic_secret_t *secret; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
836 ngx_quic_ciphers_t ciphers; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
837 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
838 |
8683
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8650
diff
changeset
|
839 ad.data = res->data; |
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8650
diff
changeset
|
840 ad.len = ngx_quic_create_header(pkt, ad.data, &pnp); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
841 |
8683
de7b9af30fc6
QUIC: refactored packet creation.
Vladimir Homutov <vl@nginx.com>
parents:
8650
diff
changeset
|
842 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; |
7784
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7783
diff
changeset
|
843 out.data = res->data + ad.len; |
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7783
diff
changeset
|
844 |
7836 | 845 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
846 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
847 "quic ad len:%uz %xV", ad.len, &ad); |
7836 | 848 #endif |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
849 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
850 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
851 { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
852 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
853 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
854 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
855 secret = &pkt->keys->secrets[pkt->level].server; |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
856 |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
857 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
7776
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
858 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
859 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
860 if (ngx_quic_tls_seal(ciphers.c, secret, &out, |
7784
1bb5e8538d0c
Removed excessive debugging in QUIC packet creation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7783
diff
changeset
|
861 nonce, &pkt->payload, &ad, pkt->log) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
862 != NGX_OK) |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
863 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
864 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
865 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
866 |
7781
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
7779
diff
changeset
|
867 sample = &out.data[4 - pkt->num_len]; |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
868 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
869 != NGX_OK) |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
870 { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
871 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
872 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
873 |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
874 /* RFC 9001, 5.4.1. Header Protection Application */ |
8213
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8212
diff
changeset
|
875 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
7781
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
7779
diff
changeset
|
876 |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
7779
diff
changeset
|
877 for (i = 0; i < pkt->num_len; i++) { |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
7779
diff
changeset
|
878 pnp[i] ^= mask[i + 1]; |
fdda518d10ba
Proper handling of packet number in header.
Vladimir Homutov <vl@nginx.com>
parents:
7779
diff
changeset
|
879 } |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
880 |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
881 res->len = ad.len + out.len; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
882 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
883 return NGX_OK; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
884 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
885 |
7751
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
7731
diff
changeset
|
886 |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
887 static ngx_int_t |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
888 ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
889 { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
890 u_char *start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
891 ngx_str_t ad, itag; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
892 ngx_quic_secret_t secret; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
893 ngx_quic_ciphers_t ciphers; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
894 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
895 /* 5.8. Retry Packet Integrity */ |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
896 static u_char key[16] = |
8271
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8266
diff
changeset
|
897 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
8322
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
898 static u_char key29[16] = |
7943
011668fc9efd
Update Initial salt and Retry secret from quic-tls-29.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7941
diff
changeset
|
899 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
900 static u_char nonce[NGX_QUIC_IV_LEN] = |
8271
3443ee341cc1
QUIC: draft-33 salt and retry keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8266
diff
changeset
|
901 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
902 static u_char nonce29[NGX_QUIC_IV_LEN] = |
7943
011668fc9efd
Update Initial salt and Retry secret from quic-tls-29.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7941
diff
changeset
|
903 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
904 static ngx_str_t in = ngx_string(""); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
905 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
906 ad.data = res->data; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
907 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
908 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
909 itag.data = ad.data + ad.len; |
7871 | 910 itag.len = EVP_GCM_TLS_TAG_LEN; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
911 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
912 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
913 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
914 "quic retry itag len:%uz %xV", ad.len, &ad); |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
915 #endif |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
916 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
917 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
918 return NGX_ERROR; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
919 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
920 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
921 secret.key.len = sizeof(key); |
8322
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
922 secret.key.data = (pkt->version & 0xff000000) ? key29 : key; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
923 secret.iv.len = NGX_QUIC_IV_LEN; |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
924 |
8322
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
925 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, |
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
926 (pkt->version & 0xff000000) ? nonce29 : nonce, |
44b4c6180106
QUIC: multiple versions support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8321
diff
changeset
|
927 &in, &ad, pkt->log) |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
928 != NGX_OK) |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
929 { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
930 return NGX_ERROR; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
931 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
932 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
933 res->len = itag.data + itag.len - start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
934 res->data = start; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
935 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
936 return NGX_OK; |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
937 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
938 |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
939 |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
940 ngx_int_t |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
941 ngx_quic_derive_key(ngx_log_t *log, const char *label, ngx_str_t *secret, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
942 ngx_str_t *salt, u_char *out, size_t len) |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
943 { |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
944 size_t is_len, info_len; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
945 uint8_t *p; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
946 const EVP_MD *digest; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
947 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
948 uint8_t is[SHA256_DIGEST_LENGTH]; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
949 uint8_t info[20]; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
950 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
951 digest = EVP_sha256(); |
8379
0f8565e0fc76
QUIC: HKDF API compatibility with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8351
diff
changeset
|
952 is_len = SHA256_DIGEST_LENGTH; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
953 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
954 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
955 salt->data, salt->len) |
8295
d4e02b3b734f
QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8287
diff
changeset
|
956 != NGX_OK) |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
957 { |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
958 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
959 "ngx_hkdf_extract(%s) failed", label); |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
960 return NGX_ERROR; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
961 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
962 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
963 info[0] = 0; |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
964 info[1] = len; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
965 info[2] = ngx_strlen(label); |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
966 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
967 info_len = 2 + 1 + info[2] + 1; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
968 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
969 if (info_len >= 20) { |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
970 ngx_log_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
971 "ngx_quic_create_key label \"%s\" too long", label); |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
972 return NGX_ERROR; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
973 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
974 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
975 p = ngx_cpymem(&info[3], label, info[2]); |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
976 *p = '\0'; |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
977 |
8287
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
978 if (ngx_hkdf_expand(out, len, digest, is, is_len, info, info_len) != NGX_OK) |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
979 { |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
980 ngx_ssl_error(NGX_LOG_INFO, log, 0, |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
981 "ngx_hkdf_expand(%s) failed", label); |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
982 return NGX_ERROR; |
cef042935003
QUIC: the "quic_host_key" directive.
Vladimir Homutov <vl@nginx.com>
parents:
8271
diff
changeset
|
983 } |
8100
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
984 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
985 return NGX_OK; |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
986 } |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
987 |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8096
diff
changeset
|
988 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
989 static uint64_t |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
990 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
991 uint64_t *largest_pn) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
992 { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
993 u_char *p; |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
994 uint64_t truncated_pn, expected_pn, candidate_pn; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
995 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
996 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
997 pn_nbits = ngx_min(len * 8, 62); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
998 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
999 p = *pos; |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1000 truncated_pn = *p++ ^ *mask++; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1001 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1002 while (--len) { |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1003 truncated_pn = (truncated_pn << 8) + (*p++ ^ *mask++); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1004 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1005 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1006 *pos = p; |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1007 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1008 expected_pn = *largest_pn + 1; |
7871 | 1009 pn_win = 1ULL << pn_nbits; |
7816
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1010 pn_hwin = pn_win / 2; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1011 pn_mask = pn_win - 1; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1012 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1013 candidate_pn = (expected_pn & ~pn_mask) | truncated_pn; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1014 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1015 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1016 && candidate_pn < (1ULL << 62) - pn_win) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1017 { |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1018 candidate_pn += pn_win; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1019 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1020 } else if (candidate_pn > expected_pn + pn_hwin |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1021 && candidate_pn >= pn_win) |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1022 { |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1023 candidate_pn -= pn_win; |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1024 } |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1025 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1026 *largest_pn = ngx_max((int64_t) *largest_pn, (int64_t) candidate_pn); |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1027 |
aba84d9ab256
Parsing of truncated packet numbers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7790
diff
changeset
|
1028 return candidate_pn; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1029 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1030 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1031 |
7776
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1032 static void |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1033 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn) |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1034 { |
7779
c625bde6cb77
Fixed computing nonce again, by properly shifting packet number.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7776
diff
changeset
|
1035 nonce[len - 4] ^= (pn & 0xff000000) >> 24; |
c625bde6cb77
Fixed computing nonce again, by properly shifting packet number.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7776
diff
changeset
|
1036 nonce[len - 3] ^= (pn & 0x00ff0000) >> 16; |
c625bde6cb77
Fixed computing nonce again, by properly shifting packet number.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7776
diff
changeset
|
1037 nonce[len - 2] ^= (pn & 0x0000ff00) >> 8; |
c625bde6cb77
Fixed computing nonce again, by properly shifting packet number.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7776
diff
changeset
|
1038 nonce[len - 1] ^= (pn & 0x000000ff); |
7776
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1039 } |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1040 |
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1041 |
7853
2d0f4aa78ed6
Restored ngx_quic_encrypt return type.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7852
diff
changeset
|
1042 ngx_int_t |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
1043 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1044 { |
7860
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
1045 if (ngx_quic_pkt_retry(pkt->flags)) { |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
1046 return ngx_quic_create_retry_packet(pkt, res); |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
1047 } |
7ea34e13937f
Address validation using Retry packets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7853
diff
changeset
|
1048 |
8214
e953bd2c5bb3
QUIC: merged create_long/short_packet() functions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8213
diff
changeset
|
1049 return ngx_quic_create_packet(pkt, res); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1050 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1051 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1052 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1053 ngx_int_t |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
1054 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1055 { |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1056 u_char *p, *sample; |
8096
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8082
diff
changeset
|
1057 size_t len; |
8070
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8063
diff
changeset
|
1058 uint64_t pn, lpn; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1059 ngx_int_t pnl, rc, key_phase; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1060 ngx_str_t in, ad; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1061 ngx_quic_secret_t *secret; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1062 ngx_quic_ciphers_t ciphers; |
8500
ef8276c8ccff
QUIC: consistent use of 12-byte buffers in nonce computation.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8499
diff
changeset
|
1063 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1064 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
1065 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
1066 { |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1067 return NGX_ERROR; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1068 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1069 |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
1070 secret = &pkt->keys->secrets[pkt->level].client; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1071 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1072 p = pkt->raw->pos; |
8096
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8082
diff
changeset
|
1073 len = pkt->data + pkt->len - p; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1074 |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1075 /* |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1076 * RFC 9001, 5.4.2. Header Protection Sample |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1077 * 5.4.3. AES-Based Header Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1078 * 5.4.4. ChaCha20-Based Header Protection |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1079 * |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1080 * the Packet Number field is assumed to be 4 bytes long |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1081 * AES and ChaCha20 algorithms sample 16 bytes |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1082 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1083 |
8096
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8082
diff
changeset
|
1084 if (len < EVP_GCM_TLS_TAG_LEN + 4) { |
8081
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8080
diff
changeset
|
1085 return NGX_DECLINED; |
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8080
diff
changeset
|
1086 } |
9aedab0f0dff
QUIC: check that the packet length is of at least sample size.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8080
diff
changeset
|
1087 |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1088 sample = p + 4; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1089 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1090 /* header protection */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1091 |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1092 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
7753 | 1093 != NGX_OK) |
1094 { | |
7941
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7940
diff
changeset
|
1095 return NGX_DECLINED; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1096 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1097 |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1098 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1099 |
8213
5fdd0ef42232
QUIC: macros for manipulating header protection and reserved bits.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8212
diff
changeset
|
1100 if (ngx_quic_short_pkt(pkt->flags)) { |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1101 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1102 |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1103 if (key_phase != pkt->key_phase) { |
8191
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8168
diff
changeset
|
1104 secret = &pkt->keys->next_key.client; |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1105 pkt->key_update = 1; |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1106 } |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1107 } |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1108 |
8070
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8063
diff
changeset
|
1109 lpn = *largest_pn; |
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8063
diff
changeset
|
1110 |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1111 pnl = (pkt->flags & 0x03) + 1; |
8070
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8063
diff
changeset
|
1112 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1113 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1114 pkt->pn = pn; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1115 |
7753 | 1116 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1117 "quic packet rx clearflags:%xd", pkt->flags); |
7753 | 1118 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
8168
f32740ddd484
QUIC: got rid of "pkt" abbreviation in logs.
Vladimir Homutov <vl@nginx.com>
parents:
8167
diff
changeset
|
1119 "quic packet rx number:%uL len:%xi", pn, pnl); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1120 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1121 /* packet protection */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1122 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1123 in.data = p; |
8096
0f37b4ef3cd9
QUIC: keep the entire packet size in pkt->len.
Roman Arutyunyan <arut@nginx.com>
parents:
8082
diff
changeset
|
1124 in.len = len - pnl; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1125 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1126 ad.len = p - pkt->data; |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
1127 ad.data = pkt->plaintext; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1128 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1129 ngx_memcpy(ad.data, pkt->data, ad.len); |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1130 ad.data[0] = pkt->flags; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1131 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1132 do { |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1133 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1134 } while (--pnl); |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1135 |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1136 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
7776
7ac890c18f5e
Fixed computing nonce by xoring all packet number bytes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7773
diff
changeset
|
1137 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1138 |
7836 | 1139 #ifdef NGX_QUIC_DEBUG_CRYPTO |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
1140 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
1141 "quic ad len:%uz %xV", ad.len, &ad); |
7836 | 1142 #endif |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1143 |
7754
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
1144 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; |
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
1145 pkt->payload.data = pkt->plaintext + ad.len; |
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
7753
diff
changeset
|
1146 |
7785
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7784
diff
changeset
|
1147 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
7753 | 1148 nonce, &in, &ad, pkt->log); |
7863
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1149 if (rc != NGX_OK) { |
7941
df29219988bc
Discard short packets which could not be decrypted.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7940
diff
changeset
|
1150 return NGX_DECLINED; |
7863
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1151 } |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1152 |
8216
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1153 if (pkt->payload.len == 0) { |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1154 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1155 * RFC 9000, 12.4. Frames and Frame Types |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1156 * |
8216
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1157 * An endpoint MUST treat receipt of a packet containing no |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1158 * frames as a connection error of type PROTOCOL_VIOLATION. |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1159 */ |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1160 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet"); |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1161 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1162 return NGX_ERROR; |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1163 } |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1164 |
8215
ae4bffb75df8
QUIC: simplified and streamlined ngx_quic_decrypt().
Sergey Kandaurov <pluknet@nginx.com>
parents:
8214
diff
changeset
|
1165 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { |
7863
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1166 /* |
8498
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1167 * RFC 9000, Reserved Bits |
4715f3e669f1
QUIC: updated specification references.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8415
diff
changeset
|
1168 * |
7863
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1169 * An endpoint MUST treat receipt of a packet that has |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1170 * a non-zero value for these bits, after removing both |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1171 * packet and header protection, as a connection error |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1172 * of type PROTOCOL_VIOLATION. |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1173 */ |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1174 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1175 "quic reserved bit set in packet"); |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1176 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1177 return NGX_ERROR; |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1178 } |
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1179 |
8216
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1180 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
8235
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
1181 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
1182 "quic packet payload len:%uz %xV", |
dbad2d6d1898
QUIC: removed ngx_quic_hexdump() macro.
Vladimir Homutov <vl@nginx.com>
parents:
8216
diff
changeset
|
1183 pkt->payload.len, &pkt->payload); |
8216
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1184 #endif |
4bf332873a83
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8215
diff
changeset
|
1185 |
8070
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8063
diff
changeset
|
1186 *largest_pn = lpn; |
b13141d6d250
QUIC: do not update largest packet number from a bad packet.
Roman Arutyunyan <arut@nginx.com>
parents:
8063
diff
changeset
|
1187 |
7863
81f85c479d7e
Discard packets without fixed bit or reserved bits set.
Vladimir Homutov <vl@nginx.com>
parents:
7860
diff
changeset
|
1188 return NGX_OK; |
7687
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1189 } |