Mercurial > hg > nginx-quic

comparison src/event/ngx_event_openssl.c @ 7646:01dc595de244 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleanup.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 7ee1ada04c8a
children 3cb4f16426a5
comparison
equal deleted inserted replaced
7645:7ee1ada04c8a 7646:01dc595de244
96 quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, 96 quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
97 enum ssl_encryption_level_t level, const uint8_t *read_secret, 97 enum ssl_encryption_level_t level, const uint8_t *read_secret,
98 const uint8_t *write_secret, size_t secret_len) 98 const uint8_t *write_secret, size_t secret_len)
99 { 99 {
100 u_char *name; 100 u_char *name;
101 size_t *rlen, *wlen; 101 ngx_uint_t i;
102 uint8_t **rsec, **wsec;
103 const EVP_MD *digest; 102 const EVP_MD *digest;
104 #ifdef OPENSSL_IS_BORINGSSL 103 const EVP_CIPHER *cipher;
105 const EVP_AEAD *evp;
106 #else
107 const EVP_CIPHER *evp;
108 #endif
109 ngx_connection_t *c; 104 ngx_connection_t *c;
105 ngx_quic_secret_t *client, *server;
110 106
111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); 107 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
112 108
113 ngx_ssl_handshake_log(c); 109 ngx_ssl_handshake_log(c);
114 110
132 name = (u_char *) SSL_get_cipher(ssl_conn); 128 name = (u_char *) SSL_get_cipher(ssl_conn);
133 129
134 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 130 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
135 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) 131 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
136 { 132 {
137 #ifdef OPENSSL_IS_BORINGSSL 133 cipher = EVP_aes_128_gcm();
138 evp = EVP_aead_aes_128_gcm();
139 #else
140 evp = EVP_aes_128_gcm();
141 #endif
142 digest = EVP_sha256(); 134 digest = EVP_sha256();
143 135
144 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { 136 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
145 #ifdef OPENSSL_IS_BORINGSSL 137 cipher = EVP_aes_256_gcm();
146 evp = EVP_aead_aes_256_gcm();
147 #else
148 evp = EVP_aes_256_gcm();
149 #endif
150 digest = EVP_sha384(); 138 digest = EVP_sha384();
151 139
152 } else { 140 } else {
141 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher");
153 return 0; 142 return 0;
154 } 143 }
155 144
156 ngx_str_t *client_key, *client_iv, *client_hp;
157 ngx_str_t *server_key, *server_iv, *server_hp;
158
159 switch (level) { 145 switch (level) {
160 146
161 case ssl_encryption_handshake: 147 case ssl_encryption_handshake:
162 rlen = &c->quic->client_hs.secret.len; 148 client = &c->quic->client_hs;
163 rsec = &c->quic->client_hs.secret.data; 149 server = &c->quic->server_hs;
164 wlen = &c->quic->server_hs.secret.len;
165 wsec = &c->quic->server_hs.secret.data;
166
167 client_key = &c->quic->client_hs.key;
168 client_iv = &c->quic->client_hs.iv;
169 client_hp = &c->quic->client_hs.hp;
170
171 server_key = &c->quic->server_hs.key;
172 server_iv = &c->quic->server_hs.iv;
173 server_hp = &c->quic->server_hs.hp;
174 150
175 break; 151 break;
176 152
177 case ssl_encryption_application: 153 case ssl_encryption_application:
178 rlen = &c->quic->client_ad.secret.len; 154 client = &c->quic->client_ad;
179 rsec = &c->quic->client_ad.secret.data; 155 server = &c->quic->server_ad;
180 wlen = &c->quic->server_ad.secret.len;
181 wsec = &c->quic->server_ad.secret.data;
182
183 client_key = &c->quic->client_ad.key;
184 client_iv = &c->quic->client_ad.iv;
185 client_hp = &c->quic->client_ad.hp;
186
187 server_key = &c->quic->server_ad.key;
188 server_iv = &c->quic->server_ad.iv;
189 server_hp = &c->quic->server_ad.hp;
190 156
191 break; 157 break;
192 158
193 default: 159 default:
194 return 0; 160 return 0;
195 } 161 }
196 162
197 *rlen = *wlen = secret_len; 163 client->key.len = EVP_CIPHER_key_length(cipher);
198 164 server->key.len = EVP_CIPHER_key_length(cipher);
199 *rsec = ngx_pnalloc(c->pool, secret_len); 165
200 if (*rsec == NULL) { 166 client->iv.len = EVP_CIPHER_iv_length(cipher);
201 return 0; 167 server->iv.len = EVP_CIPHER_iv_length(cipher);
202 } 168
203 169 client->hp.len = EVP_CIPHER_key_length(cipher);
204 ngx_memcpy(*rsec, read_secret, secret_len); 170 server->hp.len = EVP_CIPHER_key_length(cipher);
205 171
206 *wsec = ngx_pnalloc(c->pool, secret_len); 172 struct {
207 if (*wsec == NULL) { 173 ngx_str_t label;
208 return 0; 174 ngx_str_t *key;
209 } 175 const uint8_t *secret;
210 176 } seq[] = {
211 ngx_memcpy(*wsec, write_secret, secret_len); 177 { ngx_string("tls13 quic key"), &client->key, read_secret },
212 178 { ngx_string("tls13 quic iv"), &client->iv, read_secret },
213 #ifdef OPENSSL_IS_BORINGSSL 179 { ngx_string("tls13 quic hp"), &client->hp, read_secret },
214 client_key->len = EVP_AEAD_key_length(evp); 180 { ngx_string("tls13 quic key"), &server->key, write_secret },
215 server_key->len = EVP_AEAD_key_length(evp); 181 { ngx_string("tls13 quic iv"), &server->iv, write_secret },
216 182 { ngx_string("tls13 quic hp"), &server->hp, write_secret },
217 client_iv->len = EVP_AEAD_nonce_length(evp);
218 server_iv->len = EVP_AEAD_nonce_length(evp);
219
220 client_hp->len = EVP_AEAD_key_length(evp);
221 server_hp->len = EVP_AEAD_key_length(evp);
222 #else
223 client_key->len = EVP_CIPHER_key_length(evp);
224 server_key->len = EVP_CIPHER_key_length(evp);
225
226 client_iv->len = EVP_CIPHER_iv_length(evp);
227 server_iv->len = EVP_CIPHER_iv_length(evp);
228
229 client_hp->len = EVP_CIPHER_key_length(evp);
230 server_hp->len = EVP_CIPHER_key_length(evp);
231 #endif
232
233 ngx_str_t rss = {
234 .data = *rsec,
235 .len = *rlen
236 }; 183 };
237 184
238 ngx_str_t wss = {
239 .data = *wsec,
240 .len = *wlen
241 };
242
243 struct {
244 ngx_str_t id;
245 ngx_str_t *in;
246 ngx_str_t *prk;
247 } seq[] = {
248 { ngx_string("tls13 quic key"), client_key, &rss },
249 { ngx_string("tls13 quic iv"), client_iv, &rss },
250 { ngx_string("tls13 quic hp"), client_hp, &rss },
251 { ngx_string("tls13 quic key"), server_key, &wss },
252 { ngx_string("tls13 quic iv"), server_iv, &wss },
253 { ngx_string("tls13 quic hp"), server_hp, &wss },
254 };
255
256 ngx_uint_t i;
257
258 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { 185 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
259 186
260 if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1) 187 if (ngx_quic_hkdf_expand(c, digest, seq[i].key, &seq[i].label,
188 seq[i].secret, secret_len)
261 != NGX_OK) 189 != NGX_OK)
262 { 190 {
263 return 0; 191 return 0;
264 } 192 }
265 } 193 }
270 198
271 static int 199 static int
272 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, 200 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
273 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) 201 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
274 { 202 {
275 u_char buf[2048], *p, *name; 203 u_char *p, *pnp, *name, *nonce, *sample;
276 ngx_int_t m; 204 ngx_int_t m;
277 ngx_str_t in, out, ad; 205 ngx_str_t in, out, ad;
206 static int pn;
207 const EVP_CIPHER *cipher;
208 ngx_connection_t *c;
278 ngx_quic_secret_t *secret; 209 ngx_quic_secret_t *secret;
279 ngx_connection_t *c;
280 ngx_quic_connection_t *qc; 210 ngx_quic_connection_t *qc;
281 const ngx_aead_cipher_t *cipher; 211 u_char buf[2048], mask[16];
282 static int pn = 0;
283 212
284 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); 213 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
214 qc = c->quic;
285 215
286 ngx_ssl_handshake_log(c); 216 ngx_ssl_handshake_log(c);
287
288 qc = c->quic;
289 217
290 switch (level) { 218 switch (level) {
291 219
292 case ssl_encryption_initial: 220 case ssl_encryption_initial:
293 secret = &qc->server_in; 221 secret = &qc->server_in;
353 p = ngx_cpymem(p, qc->dcid.data, qc->dcid.len); 281 p = ngx_cpymem(p, qc->dcid.data, qc->dcid.len);
354 if (level == ssl_encryption_initial) { 282 if (level == ssl_encryption_initial) {
355 ngx_quic_build_int(&p, 0); // token length 283 ngx_quic_build_int(&p, 0); // token length
356 } 284 }
357 ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl) 285 ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl)
358 u_char *pnp = p; 286 pnp = p;
359 287
360 if (level == ssl_encryption_initial) { 288 if (level == ssl_encryption_initial) {
361 *p++ = 0; // packet number 0 289 *p++ = 0; // packet number 0
362 290
363 } else if (level == ssl_encryption_handshake) { 291 } else if (level == ssl_encryption_handshake) {
375 name = (u_char *) SSL_get_cipher(ssl_conn); 303 name = (u_char *) SSL_get_cipher(ssl_conn);
376 304
377 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 305 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
378 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) 306 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
379 { 307 {
380 #ifdef OPENSSL_IS_BORINGSSL
381 cipher = EVP_aead_aes_128_gcm();
382 #else
383 cipher = EVP_aes_128_gcm(); 308 cipher = EVP_aes_128_gcm();
384 #endif
385 309
386 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { 310 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
387 #ifdef OPENSSL_IS_BORINGSSL
388 cipher = EVP_aead_aes_256_gcm();
389 #else
390 cipher = EVP_aes_256_gcm(); 311 cipher = EVP_aes_256_gcm();
391 #endif
392 312
393 } else { 313 } else {
394 return 0; 314 return 0;
395 } 315 }
396 316
397 uint8_t *nonce = ngx_pstrdup(c->pool, &secret->iv); 317 nonce = ngx_pstrdup(c->pool, &secret->iv);
398 if (level == ssl_encryption_handshake) { 318 if (level == ssl_encryption_handshake) {
399 nonce[11] ^= (pn - 1); 319 nonce[11] ^= (pn - 1);
400 } 320 }
401 321
402 m = ngx_hex_dump(buf, (u_char *) secret->iv.data, 12) - buf; 322 m = ngx_hex_dump(buf, (u_char *) secret->iv.data, 12) - buf;
411 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) 331 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK)
412 { 332 {
413 return 0; 333 return 0;
414 } 334 }
415 335
416 u_char *sample = &out.data[3]; // pnl=0 336 sample = &out.data[3]; // pnl=0
417 uint8_t mask[16];
418 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) { 337 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) {
419 return 0; 338 return 0;
420 } 339 }
421 340
422 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; 341 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf;
436 355
437 // header protection, pnl = 0 356 // header protection, pnl = 0
438 ad.data[0] ^= mask[0] & 0x0f; 357 ad.data[0] ^= mask[0] & 0x0f;
439 *pnp ^= mask[1]; 358 *pnp ^= mask[1];
440 359
441 printf("clear_len %ld ciphertext_len %ld ad_len %ld\n", in.len, out.len, ad.len);
442
443 u_char *packet = ngx_alloc(ad.len + out.len, c->log); 360 u_char *packet = ngx_alloc(ad.len + out.len, c->log);
444 if (packet == 0) { 361 if (packet == 0) {
445 return 0; 362 return 0;
446 } 363 }
447 364
460 377
461 378
462 static int 379 static int
463 quic_flush_flight(ngx_ssl_conn_t *ssl_conn) 380 quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
464 { 381 {
465 printf("quic_flush_flight()\n"); 382 ngx_connection_t *c;
383
384 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
385
386 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic_flush_flight()");
387
466 return 1; 388 return 1;
467 } 389 }
468 390
469 391
470 static int 392 static int
471 quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, 393 quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
472 uint8_t alert) 394 uint8_t alert)
473 { 395 {
474 printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert); 396 ngx_connection_t *c;
397
398 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
399
400 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
401 "quic_send_alert(), lvl=%d, alert=%d",
402 (int) level, (int) alert);
403
475 return 1; 404 return 1;
476 } 405 }
477 406
478 407
479 static SSL_QUIC_METHOD quic_method = { 408 static SSL_QUIC_METHOD quic_method = {
1863 } 1792 }
1864 1793
1865 #if NGX_OPENSSL_QUIC 1794 #if NGX_OPENSSL_QUIC
1866 1795
1867 SSL_CTX_set_quic_method(ssl->ctx, &quic_method); 1796 SSL_CTX_set_quic_method(ssl->ctx, &quic_method);
1868 printf("%s\n", __func__);
1869 return NGX_OK; 1797 return NGX_OK;
1870 1798
1871 #else 1799 #else
1872 1800
1873 ngx_log_error(NGX_LOG_WARN, ssl->log, 0, 1801 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,