Mercurial > hg > nginx-quic
comparison src/event/quic/ngx_event_quic_protection.c @ 8500:ef8276c8ccff quic
QUIC: consistent use of 12-byte buffers in nonce computation.
All supported cipher suites produce 96-bit IV (RFC 5116, 5.1, RFC 8439, 2.3).
This eliminates a few magic numbers and run-time overhead.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 16 Jun 2021 17:54:21 +0300 |
parents | fc5719637aff |
children | e617d0ba387a |
comparison
equal
deleted
inserted
replaced
8499:fc5719637aff | 8500:ef8276c8ccff |
---|---|
202 server->key.len = EVP_CIPHER_key_length(cipher); | 202 server->key.len = EVP_CIPHER_key_length(cipher); |
203 | 203 |
204 client->hp.len = EVP_CIPHER_key_length(cipher); | 204 client->hp.len = EVP_CIPHER_key_length(cipher); |
205 server->hp.len = EVP_CIPHER_key_length(cipher); | 205 server->hp.len = EVP_CIPHER_key_length(cipher); |
206 | 206 |
207 client->iv.len = EVP_CIPHER_iv_length(cipher); | 207 client->iv.len = NGX_QUIC_IV_LEN; |
208 server->iv.len = EVP_CIPHER_iv_length(cipher); | 208 server->iv.len = NGX_QUIC_IV_LEN; |
209 | 209 |
210 struct { | 210 struct { |
211 ngx_str_t label; | 211 ngx_str_t label; |
212 ngx_str_t *key; | 212 ngx_str_t *key; |
213 ngx_str_t *prk; | 213 ngx_str_t *prk; |
791 return NGX_ERROR; | 791 return NGX_ERROR; |
792 } | 792 } |
793 | 793 |
794 next->client.secret.len = current->client.secret.len; | 794 next->client.secret.len = current->client.secret.len; |
795 next->client.key.len = current->client.key.len; | 795 next->client.key.len = current->client.key.len; |
796 next->client.iv.len = current->client.iv.len; | 796 next->client.iv.len = NGX_QUIC_IV_LEN; |
797 next->client.hp = current->client.hp; | 797 next->client.hp = current->client.hp; |
798 | 798 |
799 next->server.secret.len = current->server.secret.len; | 799 next->server.secret.len = current->server.secret.len; |
800 next->server.key.len = current->server.key.len; | 800 next->server.key.len = current->server.key.len; |
801 next->server.iv.len = current->server.iv.len; | 801 next->server.iv.len = NGX_QUIC_IV_LEN; |
802 next->server.hp = current->server.hp; | 802 next->server.hp = current->server.hp; |
803 | 803 |
804 struct { | 804 struct { |
805 ngx_str_t label; | 805 ngx_str_t label; |
806 ngx_str_t *key; | 806 ngx_str_t *key; |
858 u_char *pnp, *sample; | 858 u_char *pnp, *sample; |
859 ngx_str_t ad, out; | 859 ngx_str_t ad, out; |
860 ngx_uint_t i; | 860 ngx_uint_t i; |
861 ngx_quic_secret_t *secret; | 861 ngx_quic_secret_t *secret; |
862 ngx_quic_ciphers_t ciphers; | 862 ngx_quic_ciphers_t ciphers; |
863 u_char nonce[12], mask[NGX_QUIC_HP_LEN]; | 863 u_char nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
864 | 864 |
865 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; | 865 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; |
866 | 866 |
867 ad.data = res->data; | 867 ad.data = res->data; |
868 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp); | 868 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp); |
922 /* 5.8. Retry Packet Integrity */ | 922 /* 5.8. Retry Packet Integrity */ |
923 static u_char key[16] = | 923 static u_char key[16] = |
924 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; | 924 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
925 static u_char key29[16] = | 925 static u_char key29[16] = |
926 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; | 926 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
927 static u_char nonce[12] = | 927 static u_char nonce[NGX_QUIC_IV_LEN] = |
928 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; | 928 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
929 static u_char nonce29[12] = | 929 static u_char nonce29[NGX_QUIC_IV_LEN] = |
930 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; | 930 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
931 static ngx_str_t in = ngx_string(""); | 931 static ngx_str_t in = ngx_string(""); |
932 | 932 |
933 ad.data = res->data; | 933 ad.data = res->data; |
934 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); | 934 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
945 return NGX_ERROR; | 945 return NGX_ERROR; |
946 } | 946 } |
947 | 947 |
948 secret.key.len = sizeof(key); | 948 secret.key.len = sizeof(key); |
949 secret.key.data = (pkt->version & 0xff000000) ? key29 : key; | 949 secret.key.data = (pkt->version & 0xff000000) ? key29 : key; |
950 secret.iv.len = sizeof(nonce); | 950 secret.iv.len = NGX_QUIC_IV_LEN; |
951 | 951 |
952 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, | 952 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, |
953 (pkt->version & 0xff000000) ? nonce29 : nonce, | 953 (pkt->version & 0xff000000) ? nonce29 : nonce, |
954 &in, &ad, pkt->log) | 954 &in, &ad, pkt->log) |
955 != NGX_OK) | 955 != NGX_OK) |
1085 uint64_t pn, lpn; | 1085 uint64_t pn, lpn; |
1086 ngx_int_t pnl, rc, key_phase; | 1086 ngx_int_t pnl, rc, key_phase; |
1087 ngx_str_t in, ad; | 1087 ngx_str_t in, ad; |
1088 ngx_quic_secret_t *secret; | 1088 ngx_quic_secret_t *secret; |
1089 ngx_quic_ciphers_t ciphers; | 1089 ngx_quic_ciphers_t ciphers; |
1090 uint8_t nonce[12], mask[NGX_QUIC_HP_LEN]; | 1090 uint8_t nonce[NGX_QUIC_IV_LEN], mask[NGX_QUIC_HP_LEN]; |
1091 | 1091 |
1092 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) | 1092 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) |
1093 { | 1093 { |
1094 return NGX_ERROR; | 1094 return NGX_ERROR; |
1095 } | 1095 } |