Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 7645:7ee1ada04c8a quic
Generic function for HKDF expansion.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 26 Feb 2020 16:56:47 +0300 |
parents | a9ff4392ecde |
children | 01dc595de244 |
comparison
equal
deleted
inserted
replaced
7644:a9ff4392ecde | 7645:7ee1ada04c8a |
---|---|
151 | 151 |
152 } else { | 152 } else { |
153 return 0; | 153 return 0; |
154 } | 154 } |
155 | 155 |
156 size_t hkdfl_len, llen; | |
157 uint8_t hkdfl[20]; | |
158 uint8_t *p; | |
159 const char *label; | |
160 #if (NGX_DEBUG) | |
161 u_char buf[512]; | |
162 size_t m; | |
163 #endif | |
164 | |
165 ngx_str_t *client_key, *client_iv, *client_hp; | 156 ngx_str_t *client_key, *client_iv, *client_hp; |
166 ngx_str_t *server_key, *server_iv, *server_hp; | 157 ngx_str_t *server_key, *server_iv, *server_hp; |
167 | 158 |
168 switch (level) { | 159 switch (level) { |
169 | 160 |
217 return 0; | 208 return 0; |
218 } | 209 } |
219 | 210 |
220 ngx_memcpy(*wsec, write_secret, secret_len); | 211 ngx_memcpy(*wsec, write_secret, secret_len); |
221 | 212 |
222 // client keys | |
223 | |
224 #ifdef OPENSSL_IS_BORINGSSL | 213 #ifdef OPENSSL_IS_BORINGSSL |
225 client_key->len = EVP_AEAD_key_length(evp); | 214 client_key->len = EVP_AEAD_key_length(evp); |
215 server_key->len = EVP_AEAD_key_length(evp); | |
216 | |
217 client_iv->len = EVP_AEAD_nonce_length(evp); | |
218 server_iv->len = EVP_AEAD_nonce_length(evp); | |
219 | |
220 client_hp->len = EVP_AEAD_key_length(evp); | |
221 server_hp->len = EVP_AEAD_key_length(evp); | |
226 #else | 222 #else |
227 client_key->len = EVP_CIPHER_key_length(evp); | 223 client_key->len = EVP_CIPHER_key_length(evp); |
228 #endif | 224 server_key->len = EVP_CIPHER_key_length(evp); |
229 client_key->data = ngx_pnalloc(c->pool, client_key->len); | 225 |
230 if (client_key->data == NULL) { | |
231 return 0; | |
232 } | |
233 | |
234 label = "tls13 quic key"; | |
235 llen = sizeof("tls13 quic key") - 1; | |
236 hkdfl_len = 2 + 1 + llen + 1; | |
237 hkdfl[0] = client_key->len / 256; | |
238 hkdfl[1] = client_key->len % 256; | |
239 hkdfl[2] = llen; | |
240 p = ngx_cpymem(&hkdfl[3], label, llen); | |
241 *p = '\0'; | |
242 | |
243 if (ngx_hkdf_expand(client_key->data, client_key->len, | |
244 digest, *rsec, *rlen, hkdfl, hkdfl_len) | |
245 != NGX_OK) | |
246 { | |
247 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
248 "ngx_hkdf_expand(client_key) failed"); | |
249 return 0; | |
250 } | |
251 | |
252 m = ngx_hex_dump(buf, client_key->data, client_key->len) - buf; | |
253 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
254 "quic client key: %*s, len: %uz, level: %d", | |
255 m, buf, client_key->len, level); | |
256 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; | |
257 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
258 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); | |
259 | |
260 | |
261 #ifdef OPENSSL_IS_BORINGSSL | |
262 client_iv->len = EVP_AEAD_nonce_length(evp); | |
263 #else | |
264 client_iv->len = EVP_CIPHER_iv_length(evp); | 226 client_iv->len = EVP_CIPHER_iv_length(evp); |
265 #endif | 227 server_iv->len = EVP_CIPHER_iv_length(evp); |
266 client_iv->data = ngx_pnalloc(c->pool, client_iv->len); | 228 |
267 if (client_iv->data == NULL) { | |
268 return 0; | |
269 } | |
270 | |
271 label = "tls13 quic iv"; | |
272 llen = sizeof("tls13 quic iv") - 1; | |
273 hkdfl_len = 2 + 1 + llen + 1; | |
274 hkdfl[0] = client_iv->len / 256; | |
275 hkdfl[1] = client_iv->len % 256; | |
276 hkdfl[2] = llen; | |
277 p = ngx_cpymem(&hkdfl[3], label, llen); | |
278 *p = '\0'; | |
279 | |
280 if (ngx_hkdf_expand(client_iv->data, client_iv->len, | |
281 digest, *rsec, *rlen, hkdfl, hkdfl_len) | |
282 != NGX_OK) | |
283 { | |
284 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
285 "ngx_hkdf_expand(client_iv) failed"); | |
286 return 0; | |
287 } | |
288 | |
289 m = ngx_hex_dump(buf, client_iv->data, client_iv->len) - buf; | |
290 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
291 "quic client iv: %*s, len: %uz, level: %d", | |
292 m, buf, client_iv->len, level); | |
293 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; | |
294 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
295 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); | |
296 | |
297 | |
298 #ifdef OPENSSL_IS_BORINGSSL | |
299 client_hp->len = EVP_AEAD_key_length(evp); | |
300 #else | |
301 client_hp->len = EVP_CIPHER_key_length(evp); | 229 client_hp->len = EVP_CIPHER_key_length(evp); |
302 #endif | |
303 client_hp->data = ngx_pnalloc(c->pool, client_hp->len); | |
304 if (client_hp->data == NULL) { | |
305 return 0; | |
306 } | |
307 | |
308 label = "tls13 quic hp"; | |
309 llen = sizeof("tls13 quic hp") - 1; | |
310 hkdfl_len = 2 + 1 + llen + 1; | |
311 hkdfl[0] = client_hp->len / 256; | |
312 hkdfl[1] = client_hp->len % 256; | |
313 hkdfl[2] = llen; | |
314 p = ngx_cpymem(&hkdfl[3], label, llen); | |
315 *p = '\0'; | |
316 | |
317 if (ngx_hkdf_expand(client_hp->data, client_hp->len, | |
318 digest, *rsec, *rlen, hkdfl, hkdfl_len) | |
319 != NGX_OK) | |
320 { | |
321 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
322 "ngx_hkdf_expand(client_hp) failed"); | |
323 return 0; | |
324 } | |
325 | |
326 m = ngx_hex_dump(buf, client_hp->data, client_hp->len) - buf; | |
327 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
328 "quic client hp: %*s, len: %uz, level: %d", | |
329 m, buf, client_hp->len, level); | |
330 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; | |
331 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
332 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); | |
333 | |
334 | |
335 // server keys | |
336 | |
337 #ifdef OPENSSL_IS_BORINGSSL | |
338 server_key->len = EVP_AEAD_key_length(evp); | |
339 #else | |
340 server_key->len = EVP_CIPHER_key_length(evp); | |
341 #endif | |
342 server_key->data = ngx_pnalloc(c->pool, server_key->len); | |
343 if (server_key->data == NULL) { | |
344 return 0; | |
345 } | |
346 | |
347 label = "tls13 quic key"; | |
348 llen = sizeof("tls13 quic key") - 1; | |
349 hkdfl_len = 2 + 1 + llen + 1; | |
350 hkdfl[0] = server_key->len / 256; | |
351 hkdfl[1] = server_key->len % 256; | |
352 hkdfl[2] = llen; | |
353 p = ngx_cpymem(&hkdfl[3], label, llen); | |
354 *p = '\0'; | |
355 | |
356 if (ngx_hkdf_expand(server_key->data, server_key->len, | |
357 digest, *wsec, *wlen, hkdfl, hkdfl_len) | |
358 != NGX_OK) | |
359 { | |
360 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
361 "ngx_hkdf_expand(server_key) failed"); | |
362 return 0; | |
363 } | |
364 | |
365 m = ngx_hex_dump(buf, server_key->data, server_key->len) - buf; | |
366 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
367 "quic server key: %*s, len: %uz, level: %d", | |
368 m, buf, server_key->len, level); | |
369 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; | |
370 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
371 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); | |
372 | |
373 | |
374 #ifdef OPENSSL_IS_BORINGSSL | |
375 server_iv->len = EVP_AEAD_nonce_length(evp); | |
376 #else | |
377 server_iv->len = EVP_CIPHER_iv_length(evp); | |
378 #endif | |
379 server_iv->data = ngx_pnalloc(c->pool, server_iv->len); | |
380 if (server_iv->data == NULL) { | |
381 return 0; | |
382 } | |
383 | |
384 label = "tls13 quic iv"; | |
385 llen = sizeof("tls13 quic iv") - 1; | |
386 hkdfl_len = 2 + 1 + llen + 1; | |
387 hkdfl[0] = server_iv->len / 256; | |
388 hkdfl[1] = server_iv->len % 256; | |
389 hkdfl[2] = llen; | |
390 p = ngx_cpymem(&hkdfl[3], label, llen); | |
391 *p = '\0'; | |
392 | |
393 if (ngx_hkdf_expand(server_iv->data, server_iv->len, | |
394 digest, *wsec, *wlen, hkdfl, hkdfl_len) | |
395 != NGX_OK) | |
396 { | |
397 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | |
398 "ngx_hkdf_expand(server_iv) failed"); | |
399 return 0; | |
400 } | |
401 | |
402 m = ngx_hex_dump(buf, server_iv->data, server_iv->len) - buf; | |
403 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
404 "quic server iv: %*s, len: %uz, level: %d", | |
405 m, buf, server_iv->len, level); | |
406 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; | |
407 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
408 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); | |
409 | |
410 | |
411 #ifdef OPENSSL_IS_BORINGSSL | |
412 server_hp->len = EVP_AEAD_key_length(evp); | |
413 #else | |
414 server_hp->len = EVP_CIPHER_key_length(evp); | 230 server_hp->len = EVP_CIPHER_key_length(evp); |
415 #endif | 231 #endif |
416 server_hp->data = ngx_pnalloc(c->pool, server_hp->len); | 232 |
417 if (server_hp->data == NULL) { | 233 ngx_str_t rss = { |
418 return 0; | 234 .data = *rsec, |
419 } | 235 .len = *rlen |
420 | 236 }; |
421 label = "tls13 quic hp"; | 237 |
422 llen = sizeof("tls13 quic hp") - 1; | 238 ngx_str_t wss = { |
423 hkdfl_len = 2 + 1 + llen + 1; | 239 .data = *wsec, |
424 hkdfl[0] = server_hp->len / 256; | 240 .len = *wlen |
425 hkdfl[1] = server_hp->len % 256; | 241 }; |
426 hkdfl[2] = llen; | 242 |
427 p = ngx_cpymem(&hkdfl[3], label, llen); | 243 struct { |
428 *p = '\0'; | 244 ngx_str_t id; |
429 | 245 ngx_str_t *in; |
430 if (ngx_hkdf_expand(server_hp->data, server_hp->len, | 246 ngx_str_t *prk; |
431 digest, *wsec, *wlen, hkdfl, hkdfl_len) | 247 } seq[] = { |
432 != NGX_OK) | 248 { ngx_string("tls13 quic key"), client_key, &rss }, |
433 { | 249 { ngx_string("tls13 quic iv"), client_iv, &rss }, |
434 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, | 250 { ngx_string("tls13 quic hp"), client_hp, &rss }, |
435 "ngx_hkdf_expand(server_hp) failed"); | 251 { ngx_string("tls13 quic key"), server_key, &wss }, |
436 return 0; | 252 { ngx_string("tls13 quic iv"), server_iv, &wss }, |
437 } | 253 { ngx_string("tls13 quic hp"), server_hp, &wss }, |
438 | 254 }; |
439 m = ngx_hex_dump(buf, server_hp->data, server_hp->len) - buf; | 255 |
440 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0, | 256 ngx_uint_t i; |
441 "quic server hp: %*s, len: %uz, level: %d", | 257 |
442 m, buf, server_hp->len, level); | 258 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
443 m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf; | 259 |
444 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, | 260 if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1) |
445 "hkdf: %*s, len: %uz", m, buf, hkdfl_len); | 261 != NGX_OK) |
262 { | |
263 return 0; | |
264 } | |
265 } | |
446 | 266 |
447 return 1; | 267 return 1; |
448 } | 268 } |
449 | 269 |
450 | 270 |