Mercurial > hg > nginx-quic

comparison src/event/quic/ngx_event_quic_protection.c @ 8500:ef8276c8ccff quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: consistent use of 12-byte buffers in nonce computation. All supported cipher suites produce 96-bit IV (RFC 5116, 5.1, RFC 8439, 2.3). This eliminates a few magic numbers and run-time overhead.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 16 Jun 2021 17:54:21 +0300
parents fc5719637aff
children e617d0ba387a
comparison
equal deleted inserted replaced
8499:fc5719637aff 8500:ef8276c8ccff
202 server->key.len = EVP_CIPHER_key_length(cipher); 202 server->key.len = EVP_CIPHER_key_length(cipher);
203 203
204 client->hp.len = EVP_CIPHER_key_length(cipher); 204 client->hp.len = EVP_CIPHER_key_length(cipher);
205 server->hp.len = EVP_CIPHER_key_length(cipher); 205 server->hp.len = EVP_CIPHER_key_length(cipher);
206 206
207 client->iv.len = EVP_CIPHER_iv_length(cipher); 207 client->iv.len = NGX_QUIC_IV_LEN;
208 server->iv.len = EVP_CIPHER_iv_length(cipher); 208 server->iv.len = NGX_QUIC_IV_LEN;
209 209
210 struct { 210 struct {
211 ngx_str_t label; 211 ngx_str_t label;
212 ngx_str_t *key; 212 ngx_str_t *key;
213 ngx_str_t *prk; 213 ngx_str_t *prk;
791 return NGX_ERROR; 791 return NGX_ERROR;
792 } 792 }
793 793
794 next->client.secret.len = current->client.secret.len; 794 next->client.secret.len = current->client.secret.len;
795 next->client.key.len = current->client.key.len; 795 next->client.key.len = current->client.key.len;
796 next->client.iv.len = current->client.iv.len; 796 next->client.iv.len = NGX_QUIC_IV_LEN;
797 next->client.hp = current->client.hp; 797 next->client.hp = current->client.hp;
798 798
799 next->server.secret.len = current->server.secret.len; 799 next->server.secret.len = current->server.secret.len;
800 next->server.key.len = current->server.key.len; 800 next->server.key.len = current->server.key.len;
801 next->server.iv.len = current->server.iv.len; 801 next->server.iv.len = NGX_QUIC_IV_LEN;
802 next->server.hp = current->server.hp; 802 next->server.hp = current->server.hp;
803 803
804 struct { 804 struct {
805 ngx_str_t label; 805 ngx_str_t label;
806 ngx_str_t *key; 806 ngx_str_t *key;
858 u_char *pnp, *sample; 858 u_char *pnp, *sample;
859 ngx_str_t ad, out; 859 ngx_str_t ad, out;
860 ngx_uint_t i; 860 ngx_uint_t i;
861 ngx_quic_secret_t *secret; 861 ngx_quic_secret_t *secret;
862 ngx_quic_ciphers_t ciphers; 862 ngx_quic_ciphers_t ciphers;
863 u_char nonce[12], mask[NGX_QUIC_HP_LEN]; 863 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
864 864
865 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; 865 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
866 866
867 ad.data = res->data; 867 ad.data = res->data;
868 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp); 868 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp);
922 /* 5.8. Retry Packet Integrity */ 922 /* 5.8. Retry Packet Integrity */
923 static u_char key[16] = 923 static u_char key[16] =
924 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; 924 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
925 static u_char key29[16] = 925 static u_char key29[16] =
926 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; 926 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1";
927 static u_char nonce[12] = 927 static u_char nonce[NGX_QUIC_IV_LEN] =
928 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; 928 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
929 static u_char nonce29[12] = 929 static u_char nonce29[NGX_QUIC_IV_LEN] =
930 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; 930 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c";
931 static ngx_str_t in = ngx_string(""); 931 static ngx_str_t in = ngx_string("");
932 932
933 ad.data = res->data; 933 ad.data = res->data;
934 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); 934 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
945 return NGX_ERROR; 945 return NGX_ERROR;
946 } 946 }
947 947
948 secret.key.len = sizeof(key); 948 secret.key.len = sizeof(key);
949 secret.key.data = (pkt->version & 0xff000000) ? key29 : key; 949 secret.key.data = (pkt->version & 0xff000000) ? key29 : key;
950 secret.iv.len = sizeof(nonce); 950 secret.iv.len = NGX_QUIC_IV_LEN;
951 951
952 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, 952 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag,
953 (pkt->version & 0xff000000) ? nonce29 : nonce, 953 (pkt->version & 0xff000000) ? nonce29 : nonce,
954 &in, &ad, pkt->log) 954 &in, &ad, pkt->log)
955 != NGX_OK) 955 != NGX_OK)
1085 uint64_t pn, lpn; 1085 uint64_t pn, lpn;
1086 ngx_int_t pnl, rc, key_phase; 1086 ngx_int_t pnl, rc, key_phase;
1087 ngx_str_t in, ad; 1087 ngx_str_t in, ad;
1088 ngx_quic_secret_t *secret; 1088 ngx_quic_secret_t *secret;
1089 ngx_quic_ciphers_t ciphers; 1089 ngx_quic_ciphers_t ciphers;
1090 uint8_t nonce[12], mask[NGX_QUIC_HP_LEN]; 1090 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN];
1091 1091
1092 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) 1092 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
1093 { 1093 {
1094 return NGX_ERROR; 1094 return NGX_ERROR;
1095 } 1095 }