Mercurial > hg > nginx-tests
comparison lib/Test/Nginx/HTTP3.pm @ 1930:0e8b5b442b1d
Tests: basic QUIC key update tests.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 18 Aug 2023 17:03:34 +0400 |
| parents | 3408c20d2f24 |
| children | 9bafe7cddd3c |
comparison
equal
deleted
inserted
replaced
| 1929:3408c20d2f24 | 1930:0e8b5b442b1d |
|---|---|
| 63 } | 63 } |
| 64 | 64 |
| 65 sub init { | 65 sub init { |
| 66 my ($self) = @_; | 66 my ($self) = @_; |
| 67 $self->{keys} = []; | 67 $self->{keys} = []; |
| 68 $self->{key_phase} = 0; | |
| 68 $self->{pn} = [[-1, -1, -1, -1], [-1, -1, -1, -1]]; | 69 $self->{pn} = [[-1, -1, -1, -1], [-1, -1, -1, -1]]; |
| 69 $self->{crypto_in} = [[],[],[],[]]; | 70 $self->{crypto_in} = [[],[],[],[]]; |
| 70 $self->{stream_in} = []; | 71 $self->{stream_in} = []; |
| 71 $self->{frames_in} = []; | 72 $self->{frames_in} = []; |
| 72 $self->{frames_incomplete} = []; | 73 $self->{frames_incomplete} = []; |
| 1773 } | 1774 } |
| 1774 | 1775 |
| 1775 sub encrypt_aead { | 1776 sub encrypt_aead { |
| 1776 my ($self, $payload, $level) = @_; | 1777 my ($self, $payload, $level) = @_; |
| 1777 my $pn = ++$self->{pn}[0][$level]; | 1778 my $pn = ++$self->{pn}[0][$level]; |
| 1778 my $ad = pack("C", $level == 3 ? 0x40 : 0xc + $level << 4) | "\x03"; | 1779 my $ad = pack("C", $level == 3 |
| 1780 ? 0x40 | ($self->{key_phase} << 2) | |
| 1781 : 0xc + $level << 4) | "\x03"; | |
| 1779 $ad .= "\x00\x00\x00\x01" unless $level == 3; | 1782 $ad .= "\x00\x00\x00\x01" unless $level == 3; |
| 1780 $ad .= $level == 3 ? $self->{dcid} : | 1783 $ad .= $level == 3 ? $self->{dcid} : |
| 1781 pack("C", length($self->{dcid})) . $self->{dcid} | 1784 pack("C", length($self->{dcid})) . $self->{dcid} |
| 1782 . pack("C", length($self->{scid})) . $self->{scid}; | 1785 . pack("C", length($self->{scid})) . $self->{scid}; |
| 1783 $ad .= build_int(length($self->{token})) . $self->{token} | 1786 $ad .= build_int(length($self->{token})) . $self->{token} |
| 1863 my $hp = hkdf_expand_label("tls13 quic hp", $hash, $klen, $prk); | 1866 my $hp = hkdf_expand_label("tls13 quic hp", $hash, $klen, $prk); |
| 1864 $self->{keys}[$level]{$direction}{prk} = $prk; | 1867 $self->{keys}[$level]{$direction}{prk} = $prk; |
| 1865 $self->{keys}[$level]{$direction}{key} = $key; | 1868 $self->{keys}[$level]{$direction}{key} = $key; |
| 1866 $self->{keys}[$level]{$direction}{iv} = $iv; | 1869 $self->{keys}[$level]{$direction}{iv} = $iv; |
| 1867 $self->{keys}[$level]{$direction}{hp} = $hp; | 1870 $self->{keys}[$level]{$direction}{hp} = $hp; |
| 1871 } | |
| 1872 | |
| 1873 sub key_update { | |
| 1874 my ($self) = @_; | |
| 1875 my ($prk, $key, $iv); | |
| 1876 my $klen = $self->{cipher} == 0x1301 || $self->{cipher} == 0x1304 | |
| 1877 ? 16 : 32; | |
| 1878 my ($hash, $hlen) = $self->{cipher} == 0x1302 ? | |
| 1879 ('SHA384', 48) : ('SHA256', 32); | |
| 1880 $self->{key_phase} ^= 1; | |
| 1881 | |
| 1882 for my $direction ('r', 'w') { | |
| 1883 $prk = $self->{keys}[3]{$direction}{prk}; | |
| 1884 $prk = hkdf_expand_label("tls13 quic ku", $hash, $hlen, $prk); | |
| 1885 $key = hkdf_expand_label("tls13 quic key", $hash, $klen, $prk); | |
| 1886 $iv = hkdf_expand_label("tls13 quic iv", $hash, 12, $prk); | |
| 1887 $self->{keys}[3]{$direction}{prk} = $prk; | |
| 1888 $self->{keys}[3]{$direction}{key} = $key; | |
| 1889 $self->{keys}[3]{$direction}{iv} = $iv; | |
| 1890 } | |
| 1868 } | 1891 } |
| 1869 | 1892 |
| 1870 sub hmac_finished { | 1893 sub hmac_finished { |
| 1871 my ($hash, $hlen, $key, $digest) = @_; | 1894 my ($hash, $hlen, $key, $digest) = @_; |
| 1872 my $expand = hkdf_expand_label("tls13 finished", $hash, $hlen, $key); | 1895 my $expand = hkdf_expand_label("tls13 finished", $hash, $hlen, $key); |