Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 8710:44b4c6180106 quic
QUIC: multiple versions support.
Draft-29 and beyond are now supported simultaneously, no need to recompile.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 19 Feb 2021 17:27:19 +0300 |
| parents | 81bb3a690c10 |
| children | 1c48629cfa74 |
comparison
equal
deleted
inserted
replaced
| 8709:81bb3a690c10 | 8710:44b4c6180106 |
|---|---|
| 140 } | 140 } |
| 141 | 141 |
| 142 | 142 |
| 143 ngx_int_t | 143 ngx_int_t |
| 144 ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, | 144 ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys, |
| 145 ngx_str_t *secret) | 145 ngx_str_t *secret, uint32_t version) |
| 146 { | 146 { |
| 147 size_t is_len; | 147 size_t is_len; |
| 148 uint8_t is[SHA256_DIGEST_LENGTH]; | 148 uint8_t is[SHA256_DIGEST_LENGTH]; |
| 149 ngx_uint_t i; | 149 ngx_uint_t i; |
| 150 const EVP_MD *digest; | 150 const EVP_MD *digest; |
| 151 const EVP_CIPHER *cipher; | 151 const EVP_CIPHER *cipher; |
| 152 ngx_quic_secret_t *client, *server; | 152 ngx_quic_secret_t *client, *server; |
| 153 | 153 |
| 154 static const uint8_t salt[20] = | 154 static const uint8_t salt[20] = |
| 155 #if (NGX_QUIC_DRAFT_VERSION >= 33) | |
| 156 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" | 155 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" |
| 157 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; | 156 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; |
| 158 #else | 157 static const uint8_t salt29[20] = |
| 159 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" | 158 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" |
| 160 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; | 159 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; |
| 161 #endif | |
| 162 | 160 |
| 163 client = &keys->secrets[ssl_encryption_initial].client; | 161 client = &keys->secrets[ssl_encryption_initial].client; |
| 164 server = &keys->secrets[ssl_encryption_initial].server; | 162 server = &keys->secrets[ssl_encryption_initial].server; |
| 165 | 163 |
| 166 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 164 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
| 167 | 165 |
| 168 cipher = EVP_aes_128_gcm(); | 166 cipher = EVP_aes_128_gcm(); |
| 169 digest = EVP_sha256(); | 167 digest = EVP_sha256(); |
| 170 | 168 |
| 171 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, | 169 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len, |
| 172 salt, sizeof(salt)) | 170 (version & 0xff000000) ? salt29 : salt, sizeof(salt)) |
| 173 != NGX_OK) | 171 != NGX_OK) |
| 174 { | 172 { |
| 175 return NGX_ERROR; | 173 return NGX_ERROR; |
| 176 } | 174 } |
| 177 | 175 |
| 887 ngx_quic_secret_t secret; | 885 ngx_quic_secret_t secret; |
| 888 ngx_quic_ciphers_t ciphers; | 886 ngx_quic_ciphers_t ciphers; |
| 889 | 887 |
| 890 /* 5.8. Retry Packet Integrity */ | 888 /* 5.8. Retry Packet Integrity */ |
| 891 static u_char key[16] = | 889 static u_char key[16] = |
| 892 #if (NGX_QUIC_DRAFT_VERSION >= 33) | |
| 893 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; | 890 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; |
| 894 #else | 891 static u_char key29[16] = |
| 895 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; | 892 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
| 896 #endif | |
| 897 static u_char nonce[12] = | 893 static u_char nonce[12] = |
| 898 #if (NGX_QUIC_DRAFT_VERSION >= 33) | |
| 899 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; | 894 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; |
| 900 #else | 895 static u_char nonce29[12] = |
| 901 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; | 896 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
| 902 #endif | |
| 903 static ngx_str_t in = ngx_string(""); | 897 static ngx_str_t in = ngx_string(""); |
| 904 | 898 |
| 905 ad.data = res->data; | 899 ad.data = res->data; |
| 906 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); | 900 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
| 907 | 901 |
| 916 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { | 910 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) { |
| 917 return NGX_ERROR; | 911 return NGX_ERROR; |
| 918 } | 912 } |
| 919 | 913 |
| 920 secret.key.len = sizeof(key); | 914 secret.key.len = sizeof(key); |
| 921 secret.key.data = key; | 915 secret.key.data = (pkt->version & 0xff000000) ? key29 : key; |
| 922 secret.iv.len = sizeof(nonce); | 916 secret.iv.len = sizeof(nonce); |
| 923 | 917 |
| 924 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log) | 918 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, |
| 919 (pkt->version & 0xff000000) ? nonce29 : nonce, | |
| 920 &in, &ad, pkt->log) | |
| 925 != NGX_OK) | 921 != NGX_OK) |
| 926 { | 922 { |
| 927 return NGX_ERROR; | 923 return NGX_ERROR; |
| 928 } | 924 } |
| 929 | 925 |