Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_protection.c @ 8501:e617d0ba387a quic
QUIC: optimized initial secrets key length computation.
AES-128 key length is known in compile time.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 16 Jun 2021 17:55:57 +0300 |
parents | ef8276c8ccff |
children | d458101b7b81 |
comparison
equal
deleted
inserted
replaced
8500:ef8276c8ccff | 8501:e617d0ba387a |
---|---|
12 | 12 |
13 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ | 13 /* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */ |
14 #define NGX_QUIC_IV_LEN 12 | 14 #define NGX_QUIC_IV_LEN 12 |
15 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ | 15 /* RFC 9001, 5.4.1. Header Protection Application: 5-byte mask */ |
16 #define NGX_QUIC_HP_LEN 5 | 16 #define NGX_QUIC_HP_LEN 5 |
17 | |
18 #define NGX_QUIC_AES_128_KEY_LEN 16 | |
17 | 19 |
18 #define NGX_AES_128_GCM_SHA256 0x1301 | 20 #define NGX_AES_128_GCM_SHA256 0x1301 |
19 #define NGX_AES_256_GCM_SHA384 0x1302 | 21 #define NGX_AES_256_GCM_SHA384 0x1302 |
20 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 | 22 #define NGX_CHACHA20_POLY1305_SHA256 0x1303 |
21 | 23 |
148 { | 150 { |
149 size_t is_len; | 151 size_t is_len; |
150 uint8_t is[SHA256_DIGEST_LENGTH]; | 152 uint8_t is[SHA256_DIGEST_LENGTH]; |
151 ngx_uint_t i; | 153 ngx_uint_t i; |
152 const EVP_MD *digest; | 154 const EVP_MD *digest; |
153 const EVP_CIPHER *cipher; | |
154 ngx_quic_secret_t *client, *server; | 155 ngx_quic_secret_t *client, *server; |
155 | 156 |
156 static const uint8_t salt[20] = | 157 static const uint8_t salt[20] = |
157 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" | 158 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
158 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; | 159 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
168 * | 169 * |
169 * Initial packets use AEAD_AES_128_GCM. The hash function | 170 * Initial packets use AEAD_AES_128_GCM. The hash function |
170 * for HKDF when deriving initial secrets and keys is SHA-256. | 171 * for HKDF when deriving initial secrets and keys is SHA-256. |
171 */ | 172 */ |
172 | 173 |
173 cipher = EVP_aes_128_gcm(); | |
174 digest = EVP_sha256(); | 174 digest = EVP_sha256(); |
175 is_len = SHA256_DIGEST_LENGTH; | 175 is_len = SHA256_DIGEST_LENGTH; |
176 | 176 |
177 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, | 177 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
178 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) | 178 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) |
196 #endif | 196 #endif |
197 | 197 |
198 client->secret.len = SHA256_DIGEST_LENGTH; | 198 client->secret.len = SHA256_DIGEST_LENGTH; |
199 server->secret.len = SHA256_DIGEST_LENGTH; | 199 server->secret.len = SHA256_DIGEST_LENGTH; |
200 | 200 |
201 client->key.len = EVP_CIPHER_key_length(cipher); | 201 client->key.len = NGX_QUIC_AES_128_KEY_LEN; |
202 server->key.len = EVP_CIPHER_key_length(cipher); | 202 server->key.len = NGX_QUIC_AES_128_KEY_LEN; |
203 | 203 |
204 client->hp.len = EVP_CIPHER_key_length(cipher); | 204 client->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
205 server->hp.len = EVP_CIPHER_key_length(cipher); | 205 server->hp.len = NGX_QUIC_AES_128_KEY_LEN; |
206 | 206 |
207 client->iv.len = NGX_QUIC_IV_LEN; | 207 client->iv.len = NGX_QUIC_IV_LEN; |
208 server->iv.len = NGX_QUIC_IV_LEN; | 208 server->iv.len = NGX_QUIC_IV_LEN; |
209 | 209 |
210 struct { | 210 struct { |