Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8180:01dc595de244 quic
Cleanup.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:52 +0300 |
parents | 7ee1ada04c8a |
children | 3cb4f16426a5 |
comparison
equal
deleted
inserted
replaced
8179:7ee1ada04c8a | 8180:01dc595de244 |
---|---|
96 quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, | 96 quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, |
97 enum ssl_encryption_level_t level, const uint8_t *read_secret, | 97 enum ssl_encryption_level_t level, const uint8_t *read_secret, |
98 const uint8_t *write_secret, size_t secret_len) | 98 const uint8_t *write_secret, size_t secret_len) |
99 { | 99 { |
100 u_char *name; | 100 u_char *name; |
101 size_t *rlen, *wlen; | 101 ngx_uint_t i; |
102 uint8_t **rsec, **wsec; | |
103 const EVP_MD *digest; | 102 const EVP_MD *digest; |
104 #ifdef OPENSSL_IS_BORINGSSL | 103 const EVP_CIPHER *cipher; |
105 const EVP_AEAD *evp; | |
106 #else | |
107 const EVP_CIPHER *evp; | |
108 #endif | |
109 ngx_connection_t *c; | 104 ngx_connection_t *c; |
105 ngx_quic_secret_t *client, *server; | |
110 | 106 |
111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | 107 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
112 | 108 |
113 ngx_ssl_handshake_log(c); | 109 ngx_ssl_handshake_log(c); |
114 | 110 |
132 name = (u_char *) SSL_get_cipher(ssl_conn); | 128 name = (u_char *) SSL_get_cipher(ssl_conn); |
133 | 129 |
134 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 | 130 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 |
135 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) | 131 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) |
136 { | 132 { |
137 #ifdef OPENSSL_IS_BORINGSSL | 133 cipher = EVP_aes_128_gcm(); |
138 evp = EVP_aead_aes_128_gcm(); | |
139 #else | |
140 evp = EVP_aes_128_gcm(); | |
141 #endif | |
142 digest = EVP_sha256(); | 134 digest = EVP_sha256(); |
143 | 135 |
144 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { | 136 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { |
145 #ifdef OPENSSL_IS_BORINGSSL | 137 cipher = EVP_aes_256_gcm(); |
146 evp = EVP_aead_aes_256_gcm(); | |
147 #else | |
148 evp = EVP_aes_256_gcm(); | |
149 #endif | |
150 digest = EVP_sha384(); | 138 digest = EVP_sha384(); |
151 | 139 |
152 } else { | 140 } else { |
141 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher"); | |
153 return 0; | 142 return 0; |
154 } | 143 } |
155 | 144 |
156 ngx_str_t *client_key, *client_iv, *client_hp; | |
157 ngx_str_t *server_key, *server_iv, *server_hp; | |
158 | |
159 switch (level) { | 145 switch (level) { |
160 | 146 |
161 case ssl_encryption_handshake: | 147 case ssl_encryption_handshake: |
162 rlen = &c->quic->client_hs.secret.len; | 148 client = &c->quic->client_hs; |
163 rsec = &c->quic->client_hs.secret.data; | 149 server = &c->quic->server_hs; |
164 wlen = &c->quic->server_hs.secret.len; | |
165 wsec = &c->quic->server_hs.secret.data; | |
166 | |
167 client_key = &c->quic->client_hs.key; | |
168 client_iv = &c->quic->client_hs.iv; | |
169 client_hp = &c->quic->client_hs.hp; | |
170 | |
171 server_key = &c->quic->server_hs.key; | |
172 server_iv = &c->quic->server_hs.iv; | |
173 server_hp = &c->quic->server_hs.hp; | |
174 | 150 |
175 break; | 151 break; |
176 | 152 |
177 case ssl_encryption_application: | 153 case ssl_encryption_application: |
178 rlen = &c->quic->client_ad.secret.len; | 154 client = &c->quic->client_ad; |
179 rsec = &c->quic->client_ad.secret.data; | 155 server = &c->quic->server_ad; |
180 wlen = &c->quic->server_ad.secret.len; | |
181 wsec = &c->quic->server_ad.secret.data; | |
182 | |
183 client_key = &c->quic->client_ad.key; | |
184 client_iv = &c->quic->client_ad.iv; | |
185 client_hp = &c->quic->client_ad.hp; | |
186 | |
187 server_key = &c->quic->server_ad.key; | |
188 server_iv = &c->quic->server_ad.iv; | |
189 server_hp = &c->quic->server_ad.hp; | |
190 | 156 |
191 break; | 157 break; |
192 | 158 |
193 default: | 159 default: |
194 return 0; | 160 return 0; |
195 } | 161 } |
196 | 162 |
197 *rlen = *wlen = secret_len; | 163 client->key.len = EVP_CIPHER_key_length(cipher); |
198 | 164 server->key.len = EVP_CIPHER_key_length(cipher); |
199 *rsec = ngx_pnalloc(c->pool, secret_len); | 165 |
200 if (*rsec == NULL) { | 166 client->iv.len = EVP_CIPHER_iv_length(cipher); |
201 return 0; | 167 server->iv.len = EVP_CIPHER_iv_length(cipher); |
202 } | 168 |
203 | 169 client->hp.len = EVP_CIPHER_key_length(cipher); |
204 ngx_memcpy(*rsec, read_secret, secret_len); | 170 server->hp.len = EVP_CIPHER_key_length(cipher); |
205 | 171 |
206 *wsec = ngx_pnalloc(c->pool, secret_len); | 172 struct { |
207 if (*wsec == NULL) { | 173 ngx_str_t label; |
208 return 0; | 174 ngx_str_t *key; |
209 } | 175 const uint8_t *secret; |
210 | 176 } seq[] = { |
211 ngx_memcpy(*wsec, write_secret, secret_len); | 177 { ngx_string("tls13 quic key"), &client->key, read_secret }, |
212 | 178 { ngx_string("tls13 quic iv"), &client->iv, read_secret }, |
213 #ifdef OPENSSL_IS_BORINGSSL | 179 { ngx_string("tls13 quic hp"), &client->hp, read_secret }, |
214 client_key->len = EVP_AEAD_key_length(evp); | 180 { ngx_string("tls13 quic key"), &server->key, write_secret }, |
215 server_key->len = EVP_AEAD_key_length(evp); | 181 { ngx_string("tls13 quic iv"), &server->iv, write_secret }, |
216 | 182 { ngx_string("tls13 quic hp"), &server->hp, write_secret }, |
217 client_iv->len = EVP_AEAD_nonce_length(evp); | |
218 server_iv->len = EVP_AEAD_nonce_length(evp); | |
219 | |
220 client_hp->len = EVP_AEAD_key_length(evp); | |
221 server_hp->len = EVP_AEAD_key_length(evp); | |
222 #else | |
223 client_key->len = EVP_CIPHER_key_length(evp); | |
224 server_key->len = EVP_CIPHER_key_length(evp); | |
225 | |
226 client_iv->len = EVP_CIPHER_iv_length(evp); | |
227 server_iv->len = EVP_CIPHER_iv_length(evp); | |
228 | |
229 client_hp->len = EVP_CIPHER_key_length(evp); | |
230 server_hp->len = EVP_CIPHER_key_length(evp); | |
231 #endif | |
232 | |
233 ngx_str_t rss = { | |
234 .data = *rsec, | |
235 .len = *rlen | |
236 }; | 183 }; |
237 | 184 |
238 ngx_str_t wss = { | |
239 .data = *wsec, | |
240 .len = *wlen | |
241 }; | |
242 | |
243 struct { | |
244 ngx_str_t id; | |
245 ngx_str_t *in; | |
246 ngx_str_t *prk; | |
247 } seq[] = { | |
248 { ngx_string("tls13 quic key"), client_key, &rss }, | |
249 { ngx_string("tls13 quic iv"), client_iv, &rss }, | |
250 { ngx_string("tls13 quic hp"), client_hp, &rss }, | |
251 { ngx_string("tls13 quic key"), server_key, &wss }, | |
252 { ngx_string("tls13 quic iv"), server_iv, &wss }, | |
253 { ngx_string("tls13 quic hp"), server_hp, &wss }, | |
254 }; | |
255 | |
256 ngx_uint_t i; | |
257 | |
258 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { | 185 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
259 | 186 |
260 if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1) | 187 if (ngx_quic_hkdf_expand(c, digest, seq[i].key, &seq[i].label, |
188 seq[i].secret, secret_len) | |
261 != NGX_OK) | 189 != NGX_OK) |
262 { | 190 { |
263 return 0; | 191 return 0; |
264 } | 192 } |
265 } | 193 } |
270 | 198 |
271 static int | 199 static int |
272 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, | 200 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, |
273 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) | 201 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) |
274 { | 202 { |
275 u_char buf[2048], *p, *name; | 203 u_char *p, *pnp, *name, *nonce, *sample; |
276 ngx_int_t m; | 204 ngx_int_t m; |
277 ngx_str_t in, out, ad; | 205 ngx_str_t in, out, ad; |
206 static int pn; | |
207 const EVP_CIPHER *cipher; | |
208 ngx_connection_t *c; | |
278 ngx_quic_secret_t *secret; | 209 ngx_quic_secret_t *secret; |
279 ngx_connection_t *c; | |
280 ngx_quic_connection_t *qc; | 210 ngx_quic_connection_t *qc; |
281 const ngx_aead_cipher_t *cipher; | 211 u_char buf[2048], mask[16]; |
282 static int pn = 0; | |
283 | 212 |
284 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | 213 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
214 qc = c->quic; | |
285 | 215 |
286 ngx_ssl_handshake_log(c); | 216 ngx_ssl_handshake_log(c); |
287 | |
288 qc = c->quic; | |
289 | 217 |
290 switch (level) { | 218 switch (level) { |
291 | 219 |
292 case ssl_encryption_initial: | 220 case ssl_encryption_initial: |
293 secret = &qc->server_in; | 221 secret = &qc->server_in; |
353 p = ngx_cpymem(p, qc->dcid.data, qc->dcid.len); | 281 p = ngx_cpymem(p, qc->dcid.data, qc->dcid.len); |
354 if (level == ssl_encryption_initial) { | 282 if (level == ssl_encryption_initial) { |
355 ngx_quic_build_int(&p, 0); // token length | 283 ngx_quic_build_int(&p, 0); // token length |
356 } | 284 } |
357 ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl) | 285 ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl) |
358 u_char *pnp = p; | 286 pnp = p; |
359 | 287 |
360 if (level == ssl_encryption_initial) { | 288 if (level == ssl_encryption_initial) { |
361 *p++ = 0; // packet number 0 | 289 *p++ = 0; // packet number 0 |
362 | 290 |
363 } else if (level == ssl_encryption_handshake) { | 291 } else if (level == ssl_encryption_handshake) { |
375 name = (u_char *) SSL_get_cipher(ssl_conn); | 303 name = (u_char *) SSL_get_cipher(ssl_conn); |
376 | 304 |
377 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 | 305 if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0 |
378 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) | 306 || ngx_strcasecmp(name, (u_char *) "(NONE)") == 0) |
379 { | 307 { |
380 #ifdef OPENSSL_IS_BORINGSSL | |
381 cipher = EVP_aead_aes_128_gcm(); | |
382 #else | |
383 cipher = EVP_aes_128_gcm(); | 308 cipher = EVP_aes_128_gcm(); |
384 #endif | |
385 | 309 |
386 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { | 310 } else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) { |
387 #ifdef OPENSSL_IS_BORINGSSL | |
388 cipher = EVP_aead_aes_256_gcm(); | |
389 #else | |
390 cipher = EVP_aes_256_gcm(); | 311 cipher = EVP_aes_256_gcm(); |
391 #endif | |
392 | 312 |
393 } else { | 313 } else { |
394 return 0; | 314 return 0; |
395 } | 315 } |
396 | 316 |
397 uint8_t *nonce = ngx_pstrdup(c->pool, &secret->iv); | 317 nonce = ngx_pstrdup(c->pool, &secret->iv); |
398 if (level == ssl_encryption_handshake) { | 318 if (level == ssl_encryption_handshake) { |
399 nonce[11] ^= (pn - 1); | 319 nonce[11] ^= (pn - 1); |
400 } | 320 } |
401 | 321 |
402 m = ngx_hex_dump(buf, (u_char *) secret->iv.data, 12) - buf; | 322 m = ngx_hex_dump(buf, (u_char *) secret->iv.data, 12) - buf; |
411 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) | 331 if (ngx_quic_tls_seal(c, cipher, secret, &out, nonce, &in, &ad) != NGX_OK) |
412 { | 332 { |
413 return 0; | 333 return 0; |
414 } | 334 } |
415 | 335 |
416 u_char *sample = &out.data[3]; // pnl=0 | 336 sample = &out.data[3]; // pnl=0 |
417 uint8_t mask[16]; | |
418 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) { | 337 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) { |
419 return 0; | 338 return 0; |
420 } | 339 } |
421 | 340 |
422 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; | 341 m = ngx_hex_dump(buf, (u_char *) sample, 16) - buf; |
436 | 355 |
437 // header protection, pnl = 0 | 356 // header protection, pnl = 0 |
438 ad.data[0] ^= mask[0] & 0x0f; | 357 ad.data[0] ^= mask[0] & 0x0f; |
439 *pnp ^= mask[1]; | 358 *pnp ^= mask[1]; |
440 | 359 |
441 printf("clear_len %ld ciphertext_len %ld ad_len %ld\n", in.len, out.len, ad.len); | |
442 | |
443 u_char *packet = ngx_alloc(ad.len + out.len, c->log); | 360 u_char *packet = ngx_alloc(ad.len + out.len, c->log); |
444 if (packet == 0) { | 361 if (packet == 0) { |
445 return 0; | 362 return 0; |
446 } | 363 } |
447 | 364 |
460 | 377 |
461 | 378 |
462 static int | 379 static int |
463 quic_flush_flight(ngx_ssl_conn_t *ssl_conn) | 380 quic_flush_flight(ngx_ssl_conn_t *ssl_conn) |
464 { | 381 { |
465 printf("quic_flush_flight()\n"); | 382 ngx_connection_t *c; |
383 | |
384 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | |
385 | |
386 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic_flush_flight()"); | |
387 | |
466 return 1; | 388 return 1; |
467 } | 389 } |
468 | 390 |
469 | 391 |
470 static int | 392 static int |
471 quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, | 393 quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, |
472 uint8_t alert) | 394 uint8_t alert) |
473 { | 395 { |
474 printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert); | 396 ngx_connection_t *c; |
397 | |
398 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | |
399 | |
400 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
401 "quic_send_alert(), lvl=%d, alert=%d", | |
402 (int) level, (int) alert); | |
403 | |
475 return 1; | 404 return 1; |
476 } | 405 } |
477 | 406 |
478 | 407 |
479 static SSL_QUIC_METHOD quic_method = { | 408 static SSL_QUIC_METHOD quic_method = { |
1863 } | 1792 } |
1864 | 1793 |
1865 #if NGX_OPENSSL_QUIC | 1794 #if NGX_OPENSSL_QUIC |
1866 | 1795 |
1867 SSL_CTX_set_quic_method(ssl->ctx, &quic_method); | 1796 SSL_CTX_set_quic_method(ssl->ctx, &quic_method); |
1868 printf("%s\n", __func__); | |
1869 return NGX_OK; | 1797 return NGX_OK; |
1870 | 1798 |
1871 #else | 1799 #else |
1872 | 1800 |
1873 ngx_log_error(NGX_LOG_WARN, ssl->log, 0, | 1801 ngx_log_error(NGX_LOG_WARN, ssl->log, 0, |