Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic.c @ 7646:01dc595de244 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleanup.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 7ee1ada04c8a
children b28ea685a56e
comparison
equal deleted inserted replaced
7645:7ee1ada04c8a 7646:01dc595de244
119 } 119 }
120 120
121 121
122 ngx_int_t 122 ngx_int_t
123 ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out, 123 ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
124 ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender) 124 ngx_str_t *label, const uint8_t *prk, size_t prk_len)
125 { 125 {
126 uint8_t *p; 126 uint8_t *p;
127 size_t hkdfl_len; 127 size_t info_len;
128 uint8_t hkdfl[20]; 128 uint8_t info[20];
129 129
130 #if (NGX_DEBUG) 130 #if (NGX_DEBUG)
131 u_char buf[512]; 131 u_char buf[512];
132 size_t m; 132 size_t m;
133 #endif 133 #endif
135 out->data = ngx_pnalloc(c->pool, out->len); 135 out->data = ngx_pnalloc(c->pool, out->len);
136 if (out->data == NULL) { 136 if (out->data == NULL) {
137 return NGX_ERROR; 137 return NGX_ERROR;
138 } 138 }
139 139
140 hkdfl_len = 2 + 1 + name->len + 1; 140 info_len = 2 + 1 + label->len + 1;
141 141
142 if (sender) { 142 info[0] = 0;
143 hkdfl[0] = out->len / 256; 143 info[1] = out->len;
144 hkdfl[1] = out->len % 256; 144 info[2] = label->len;
145 145 p = ngx_cpymem(&info[3], label->data, label->len);
146 } else {
147 hkdfl[0] = 0;
148 hkdfl[1] = out->len;
149 }
150
151 hkdfl[2] = name->len;
152 p = ngx_cpymem(&hkdfl[3], name->data, name->len);
153 *p = '\0'; 146 *p = '\0';
154 147
155 if (ngx_hkdf_expand(out->data, out->len, digest, 148 if (ngx_hkdf_expand(out->data, out->len, digest,
156 prk->data, prk->len, hkdfl, hkdfl_len) 149 prk, prk_len, info, info_len)
157 != NGX_OK) 150 != NGX_OK)
158 { 151 {
159 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, 152 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
160 "ngx_hkdf_expand(%V) failed", name); 153 "ngx_hkdf_expand(%V) failed", label);
161 return NGX_ERROR; 154 return NGX_ERROR;
162 } 155 }
163 156
164 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) { 157 if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
158 m = ngx_hex_dump(buf, info, info_len) - buf;
159 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
160 "%V info: %*s, len: %uz", label, m, buf, info_len);
161
165 m = ngx_hex_dump(buf, out->data, out->len) - buf; 162 m = ngx_hex_dump(buf, out->data, out->len) - buf;
166 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, 163 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
167 "%V: %*s, len: %uz", name, m, buf, out->len); 164 "%V key: %*s, len: %uz", label, m, buf, out->len);
168
169 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
170 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
171 "%V hkdf: %*s, len: %uz", name, m, buf, hkdfl_len);
172 } 165 }
173 166
174 return NGX_OK; 167 return NGX_OK;
175 } 168 }
176 169
177 170
178 ngx_int_t 171 ngx_int_t
179 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, 172 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
180 const u_char *prk, size_t prk_len, const u_char *info, size_t info_len) 173 const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len)
181 { 174 {
182 #ifdef OPENSSL_IS_BORINGSSL 175 #ifdef OPENSSL_IS_BORINGSSL
183 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) 176 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
184 == 0) 177 == 0)
185 { 178 {
220 return NGX_OK; 213 return NGX_OK;
221 } 214 }
222 215
223 216
224 ngx_int_t 217 ngx_int_t
225 ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher, 218 ngx_quic_tls_open(ngx_connection_t *c, const EVP_CIPHER *cipher,
226 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, 219 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
227 ngx_str_t *ad) 220 ngx_str_t *ad)
228 { 221 {
229 out->len = in->len - EVP_GCM_TLS_TAG_LEN; 222 out->len = in->len - EVP_GCM_TLS_TAG_LEN;
230 out->data = ngx_pnalloc(c->pool, out->len); 223 out->data = ngx_pnalloc(c->pool, out->len);
231 if (out->data == NULL) { 224 if (out->data == NULL) {
232 return NGX_ERROR; 225 return NGX_ERROR;
233 } 226 }
234 227
235 #ifdef OPENSSL_IS_BORINGSSL 228 #ifdef OPENSSL_IS_BORINGSSLL
236 EVP_AEAD_CTX *ctx; 229 EVP_AEAD_CTX *ctx;
237 230
238 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, 231 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
239 EVP_AEAD_DEFAULT_TAG_LENGTH); 232 EVP_AEAD_DEFAULT_TAG_LENGTH);
240 if (ctx == NULL) { 233 if (ctx == NULL) {
325 return NGX_OK; 318 return NGX_OK;
326 } 319 }
327 320
328 321
329 ngx_int_t 322 ngx_int_t
330 ngx_quic_tls_seal(ngx_connection_t *c, const ngx_aead_cipher_t *cipher, 323 ngx_quic_tls_seal(ngx_connection_t *c, const EVP_CIPHER *cipher,
331 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, 324 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
332 ngx_str_t *ad) 325 ngx_str_t *ad)
333 { 326 {
334 out->len = in->len + EVP_GCM_TLS_TAG_LEN; 327 out->len = in->len + EVP_GCM_TLS_TAG_LEN;
335 out->data = ngx_pnalloc(c->pool, out->len); 328 out->data = ngx_pnalloc(c->pool, out->len);
336 if (out->data == NULL) { 329 if (out->data == NULL) {
337 return NGX_ERROR; 330 return NGX_ERROR;
338 } 331 }
339 332
340 #ifdef OPENSSL_IS_BORINGSSL 333 #ifdef OPENSSL_IS_BORINGSSLL
341 EVP_AEAD_CTX *ctx; 334 EVP_AEAD_CTX *ctx;
342 335
343 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len, 336 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
344 EVP_AEAD_DEFAULT_TAG_LENGTH); 337 EVP_AEAD_DEFAULT_TAG_LENGTH);
345 if (ctx == NULL) { 338 if (ctx == NULL) {