Mercurial > hg > nginx-tests
comparison lib/Test/Nginx/HTTP3.pm @ 1910:e0b53fbdb5cf
Tests: TLS_AES_128_CCM_SHA256 support in QUIC handshake.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 13 Jun 2023 17:58:46 +0400 |
parents | 46bb1ffbb960 |
children | afbf4c06c014 |
comparison
equal
deleted
inserted
replaced
1909:46bb1ffbb960 | 1910:e0b53fbdb5cf |
---|---|
24 | 24 |
25 require Crypt::KeyDerivation; | 25 require Crypt::KeyDerivation; |
26 require Crypt::PK::X25519; | 26 require Crypt::PK::X25519; |
27 require Crypt::PRNG; | 27 require Crypt::PRNG; |
28 require Crypt::AuthEnc::GCM; | 28 require Crypt::AuthEnc::GCM; |
29 require Crypt::AuthEnc::CCM; | |
29 require Crypt::AuthEnc::ChaCha20Poly1305; | 30 require Crypt::AuthEnc::ChaCha20Poly1305; |
30 require Crypt::Mode::CTR; | 31 require Crypt::Mode::CTR; |
31 require Crypt::Stream::ChaCha; | 32 require Crypt::Stream::ChaCha; |
32 require Crypt::Digest; | 33 require Crypt::Digest; |
33 require Crypt::Mac::HMAC; | 34 require Crypt::Mac::HMAC; |
1661 sub decrypt_aead_f { | 1662 sub decrypt_aead_f { |
1662 my ($level, $cipher) = @_; | 1663 my ($level, $cipher) = @_; |
1663 if ($level == 0 || $cipher == 0x1301 || $cipher == 0x1302) { | 1664 if ($level == 0 || $cipher == 0x1301 || $cipher == 0x1302) { |
1664 return \&Crypt::AuthEnc::GCM::gcm_decrypt_verify, 'AES'; | 1665 return \&Crypt::AuthEnc::GCM::gcm_decrypt_verify, 'AES'; |
1665 } | 1666 } |
1667 if ($cipher == 0x1304) { | |
1668 return \&Crypt::AuthEnc::CCM::ccm_decrypt_verify, 'AES'; | |
1669 } | |
1666 \&Crypt::AuthEnc::ChaCha20Poly1305::chacha20poly1305_decrypt_verify; | 1670 \&Crypt::AuthEnc::ChaCha20Poly1305::chacha20poly1305_decrypt_verify; |
1667 } | 1671 } |
1668 | 1672 |
1669 sub decrypt_aead { | 1673 sub decrypt_aead { |
1670 my ($self, $buf) = @_; | 1674 my ($self, $buf) = @_; |
1735 sub encrypt_aead_f { | 1739 sub encrypt_aead_f { |
1736 my ($level, $cipher) = @_; | 1740 my ($level, $cipher) = @_; |
1737 if ($level == 0 || $cipher == 0x1301 || $cipher == 0x1302) { | 1741 if ($level == 0 || $cipher == 0x1301 || $cipher == 0x1302) { |
1738 return \&Crypt::AuthEnc::GCM::gcm_encrypt_authenticate, 'AES'; | 1742 return \&Crypt::AuthEnc::GCM::gcm_encrypt_authenticate, 'AES'; |
1739 } | 1743 } |
1744 if ($cipher == 0x1304) { | |
1745 return \&Crypt::AuthEnc::CCM::ccm_encrypt_authenticate, 'AES'; | |
1746 } | |
1740 \&Crypt::AuthEnc::ChaCha20Poly1305::chacha20poly1305_encrypt_authenticate; | 1747 \&Crypt::AuthEnc::ChaCha20Poly1305::chacha20poly1305_encrypt_authenticate; |
1741 } | 1748 } |
1742 | 1749 |
1743 sub encrypt_aead { | 1750 sub encrypt_aead { |
1744 my ($self, $payload, $level) = @_; | 1751 my ($self, $payload, $level) = @_; |
1754 $ad .= pack("N", $pn); | 1761 $ad .= pack("N", $pn); |
1755 my $nonce = substr(pack("x12") . pack("N", $pn), -12) | 1762 my $nonce = substr(pack("x12") . pack("N", $pn), -12) |
1756 ^ $self->{keys}[$level]{w}{iv}; | 1763 ^ $self->{keys}[$level]{w}{iv}; |
1757 my ($f, @args) = encrypt_aead_f($level, $self->{cipher}); | 1764 my ($f, @args) = encrypt_aead_f($level, $self->{cipher}); |
1758 my ($ciphertext, $tag) = $f->(@args, | 1765 my ($ciphertext, $tag) = $f->(@args, |
1759 $self->{keys}[$level]{w}{key}, $nonce, $ad, $payload); | 1766 $self->{keys}[$level]{w}{key}, $nonce, $ad, |
1767 $self->{cipher} == 0x1304 ? 16 : (), $payload); | |
1760 my $sample = substr($ciphertext . $tag, 0, 16); | 1768 my $sample = substr($ciphertext . $tag, 0, 16); |
1761 | 1769 |
1762 $ad = $self->encrypt_ad($ad, $self->{keys}[$level]{w}{hp}, | 1770 $ad = $self->encrypt_ad($ad, $self->{keys}[$level]{w}{hp}, |
1763 $sample, $level); | 1771 $sample, $level); |
1764 return $ad . $ciphertext . $tag; | 1772 return $ad . $ciphertext . $tag; |
1809 | 1817 |
1810 sub set_traffic_keys { | 1818 sub set_traffic_keys { |
1811 my ($self, $label, $hash, $hlen, $level, $direction, $secret, $digest) | 1819 my ($self, $label, $hash, $hlen, $level, $direction, $secret, $digest) |
1812 = @_; | 1820 = @_; |
1813 my $prk = hkdf_expand_label($label, $hash, $hlen, $secret, $digest); | 1821 my $prk = hkdf_expand_label($label, $hash, $hlen, $secret, $digest); |
1814 my $klen = $self->{cipher} == 0x1301 ? 16 : 32; | 1822 my $klen = $self->{cipher} == 0x1301 || $self->{cipher} == 0x1304 |
1823 ? 16 : 32; | |
1815 my $key = hkdf_expand_label("tls13 quic key", $hash, $klen, $prk); | 1824 my $key = hkdf_expand_label("tls13 quic key", $hash, $klen, $prk); |
1816 my $iv = hkdf_expand_label("tls13 quic iv", $hash, 12, $prk); | 1825 my $iv = hkdf_expand_label("tls13 quic iv", $hash, 12, $prk); |
1817 my $hp = hkdf_expand_label("tls13 quic hp", $hash, $klen, $prk); | 1826 my $hp = hkdf_expand_label("tls13 quic hp", $hash, $klen, $prk); |
1818 $self->{keys}[$level]{$direction}{prk} = $prk; | 1827 $self->{keys}[$level]{$direction}{prk} = $prk; |
1819 $self->{keys}[$level]{$direction}{key} = $key; | 1828 $self->{keys}[$level]{$direction}{key} = $key; |