Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 8710:44b4c6180106 quic
QUIC: multiple versions support.
Draft-29 and beyond are now supported simultaneously, no need to recompile.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 19 Feb 2021 17:27:19 +0300 |
parents | 81bb3a690c10 |
children | 1c48629cfa74 |
comparison
equal
deleted
inserted
replaced
8709:81bb3a690c10 | 8710:44b4c6180106 |
---|---|
140 } | 140 } |
141 | 141 |
142 | 142 |
143 ngx_int_t | 143 ngx_int_t |
144 ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, | 144 ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, |
145 ngx_str_t *secret) | 145 ngx_str_t *secret, uint32_t version) |
146 { | 146 { |
147 size_t is_len; | 147 size_t is_len; |
148 uint8_t is[SHA256_DIGEST_LENGTH]; | 148 uint8_t is[SHA256_DIGEST_LENGTH]; |
149 ngx_uint_t i; | 149 ngx_uint_t i; |
150 const EVP_MD *digest; | 150 const EVP_MD *digest; |
151 const EVP_CIPHER *cipher; | 151 const EVP_CIPHER *cipher; |
152 ngx_quic_secret_t *client, *server; | 152 ngx_quic_secret_t *client, *server; |
153 | 153 |
154 static const uint8_t salt[20] = | 154 static const uint8_t salt[20] = |
155 #if (NGX_QUIC_DRAFT_VERSION >= 33) | |
156 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" | 155 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
157 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; | 156 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
158 #else | 157 static const uint8_t salt29[20] = |
159 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" | 158 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" |
160 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; | 159 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; |
161 #endif | |
162 | 160 |
163 client = &keys->secrets[ssl_encryption_initial].client; | 161 client = &keys->secrets[ssl_encryption_initial].client; |
164 server = &keys->secrets[ssl_encryption_initial].server; | 162 server = &keys->secrets[ssl_encryption_initial].server; |
165 | 163 |
166 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 164 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
167 | 165 |
168 cipher = EVP_aes_128_gcm(); | 166 cipher = EVP_aes_128_gcm(); |
169 digest = EVP_sha256(); | 167 digest = EVP_sha256(); |
170 | 168 |
171 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, | 169 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
172 salt, sizeof(salt)) | 170 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) |
173 != NGX_OK) | 171 != NGX_OK) |
174 { | 172 { |
175 return NGX_ERROR; | 173 return NGX_ERROR; |
176 } | 174 } |
177 | 175 |
887 ngx_quic_secret_t secret; | 885 ngx_quic_secret_t secret; |
888 ngx_quic_ciphers_t ciphers; | 886 ngx_quic_ciphers_t ciphers; |
889 | 887 |
890 /* 5.8. Retry Packet Integrity */ | 888 /* 5.8. Retry Packet Integrity */ |
891 static u_char key[16] = | 889 static u_char key[16] = |
892 #if (NGX_QUIC_DRAFT_VERSION >= 33) | |
893 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; | 890 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
894 #else | 891 static u_char key29[16] = |
895 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; | 892 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
896 #endif | |
897 static u_char nonce[12] = | 893 static u_char nonce[12] = |
898 #if (NGX_QUIC_DRAFT_VERSION >= 33) | |
899 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; | 894 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
900 #else | 895 static u_char nonce29[12] = |
901 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; | 896 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
902 #endif | |
903 static ngx_str_t in = ngx_string(""); | 897 static ngx_str_t in = ngx_string(""); |
904 | 898 |
905 ad.data = res->data; | 899 ad.data = res->data; |
906 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); | 900 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
907 | 901 |
916 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { | 910 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { |
917 return NGX_ERROR; | 911 return NGX_ERROR; |
918 } | 912 } |
919 | 913 |
920 secret.key.len = sizeof(key); | 914 secret.key.len = sizeof(key); |
921 secret.key.data = key; | 915 secret.key.data = (pkt->version & 0xff000000) ? key29 : key; |
922 secret.iv.len = sizeof(nonce); | 916 secret.iv.len = sizeof(nonce); |
923 | 917 |
924 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log) | 918 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, |
919 (pkt->version & 0xff000000) ? nonce29 : nonce, | |
920 &in, &ad, pkt->log) | |
925 != NGX_OK) | 921 != NGX_OK) |
926 { | 922 { |
927 return NGX_ERROR; | 923 return NGX_ERROR; |
928 } | 924 } |
929 | 925 |