Mercurial > hg > nginx

comparison src/event/ngx_event_quic.c @ 8171:4daf03d2bd0a quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OpenSSL compatibility.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:51 +0300
parents
children 76e29ff31cd3
comparison
equal deleted inserted replaced
8170:53a5cdbe500c 8171:4daf03d2bd0a
1 #include <ngx_config.h>
2 #include <ngx_core.h>
3 #include <ngx_event.h>
4
5
6 uint64_t
7 ngx_quic_parse_int(u_char **pos)
8 {
9 u_char *p;
10 uint64_t value;
11 ngx_uint_t len;
12
13 p = *pos;
14 len = 1 << ((*p & 0xc0) >> 6);
15 value = *p++ & 0x3f;
16
17 while (--len) {
18 value = (value << 8) + *p++;
19 }
20
21 *pos = p;
22 return value;
23 }
24
25
26 void
27 ngx_quic_build_int(u_char **pos, uint64_t value)
28 {
29 u_char *p;
30 ngx_uint_t len;//, len2;
31
32 p = *pos;
33 len = 0;
34
35 while (value >> ((1 << len) * 8 - 2)) {
36 len++;
37 }
38
39 *p = len << 6;
40
41 // len2 =
42 len = (1 << len);
43 len--;
44 *p |= value >> (len * 8);
45 p++;
46
47 while (len) {
48 *p++ = value >> ((len-- - 1) * 8);
49 }
50
51 *pos = p;
52 // return len2;
53 }
54
55
56 uint64_t
57 ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask)
58 {
59 u_char *p;
60 uint64_t value;
61
62 p = *pos;
63 value = *p++ ^ *mask++;
64
65 while (--len) {
66 value = (value << 8) + (*p++ ^ *mask++);
67 }
68
69 *pos = p;
70 return value;
71 }
72
73
74 ngx_int_t
75 ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
76 const u_char *secret, size_t secret_len, const u_char *salt,
77 size_t salt_len)
78 {
79 #ifdef OPENSSL_IS_BORINGSSL
80 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
81 salt_len)
82 == 0)
83 {
84 return NGX_ERROR;
85 }
86 #else
87
88 EVP_PKEY_CTX *pctx;
89
90 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
91
92 if (EVP_PKEY_derive_init(pctx) <= 0) {
93 return NGX_ERROR;
94 }
95
96 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
97 return NGX_ERROR;
98 }
99
100 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
101 return NGX_ERROR;
102 }
103
104 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
105 return NGX_ERROR;
106 }
107
108 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
109 return NGX_ERROR;
110 }
111
112 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
113 return NGX_ERROR;
114 }
115
116 #endif
117
118 return NGX_OK;
119 }
120
121
122 ngx_int_t
123 ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
124 const u_char *prk, size_t prk_len, const u_char *info, size_t info_len)
125 {
126 #ifdef OPENSSL_IS_BORINGSSL
127 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
128 == 0)
129 {
130 return NGX_ERROR;
131 }
132 #else
133
134 EVP_PKEY_CTX *pctx;
135
136 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
137
138 if (EVP_PKEY_derive_init(pctx) <= 0) {
139 return NGX_ERROR;
140 }
141
142 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
143 return NGX_ERROR;
144 }
145
146 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
147 return NGX_ERROR;
148 }
149
150 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
151 return NGX_ERROR;
152 }
153
154 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
155 return NGX_ERROR;
156 }
157
158 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
159 return NGX_ERROR;
160 }
161
162 #endif
163
164 return NGX_OK;
165 }