Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 8172:640a13fc0f83 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PN-aware AEAD nonce, feeding proper CRYPTO length.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 4daf03d2bd0a
children b7bbfea7a6c3
comparison
equal deleted inserted replaced
8171:4daf03d2bd0a 8172:640a13fc0f83
450 450
451 static int 451 static int
452 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn, 452 quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
453 enum ssl_encryption_level_t level, const uint8_t *data, size_t len) 453 enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
454 { 454 {
455 u_char buf[512], *p, *ciphertext, *clear, *ad, *name; 455 u_char buf[2048], *p, *ciphertext, *clear, *ad, *name;
456 size_t ad_len, clear_len; 456 size_t ad_len, clear_len;
457 ngx_int_t m; 457 ngx_int_t m;
458 ngx_str_t *server_key, *server_iv, *server_hp; 458 ngx_str_t *server_key, *server_iv, *server_hp;
459 #ifdef OPENSSL_IS_BORINGSSL 459 #ifdef OPENSSL_IS_BORINGSSL
460 const EVP_AEAD *cipher; 460 const EVP_AEAD *cipher;
461 #else 461 #else
462 const EVP_CIPHER *cipher; 462 const EVP_CIPHER *cipher;
463 #endif 463 #endif
464 ngx_connection_t *c; 464 ngx_connection_t *c;
465 ngx_quic_connection_t *qc; 465 ngx_quic_connection_t *qc;
466 static int pn = 0;
466 467
467 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); 468 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
468 469
469 ngx_ssl_handshake_log(c); 470 ngx_ssl_handshake_log(c);
470 471
486 487
487 default: 488 default:
488 return 0; 489 return 0;
489 } 490 }
490 491
491 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 256)) - buf; 492 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 1024)) - buf;
492 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, 493 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
493 "quic_add_handshake_data: %*s%s, len: %uz, level:%d", 494 "quic_add_handshake_data: %*s%s, len: %uz, level:%d",
494 m, buf, len < 512 ? "" : "...", len, (int) level); 495 m, buf, len < 2048 ? "" : "...", len, (int) level);
495 496
496 clear = ngx_alloc(4 + len + 5 /*minimal ACK*/, c->log); 497 clear = ngx_alloc(4 + len + 5 /*minimal ACK*/, c->log);
497 if (clear == 0) { 498 if (clear == 0) {
498 return 0; 499 return 0;
499 } 500 }
502 ngx_quic_build_int(&p, 6); // crypto frame 503 ngx_quic_build_int(&p, 6); // crypto frame
503 ngx_quic_build_int(&p, 0); 504 ngx_quic_build_int(&p, 0);
504 ngx_quic_build_int(&p, len); 505 ngx_quic_build_int(&p, len);
505 p = ngx_cpymem(p, data, len); 506 p = ngx_cpymem(p, data, len);
506 507
507 ngx_quic_build_int(&p, 2); // ack frame 508 if (level == ssl_encryption_initial) {
508 ngx_quic_build_int(&p, 0); 509 ngx_quic_build_int(&p, 2); // ack frame
509 ngx_quic_build_int(&p, 0); 510 ngx_quic_build_int(&p, 0);
510 ngx_quic_build_int(&p, 0); 511 ngx_quic_build_int(&p, 0);
511 ngx_quic_build_int(&p, 0); 512 ngx_quic_build_int(&p, 0);
513 ngx_quic_build_int(&p, 0);
514 }
512 515
513 clear_len = p - clear; 516 clear_len = p - clear;
514 size_t ciphertext_len = clear_len + 16 /*expansion*/; 517 size_t ciphertext_len = clear_len + 16 /*expansion*/;
518
519 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
520 "quic_add_handshake_data: clear_len:%uz, ciphertext_len:%uz",
521 clear_len, ciphertext_len);
515 522
516 ad = ngx_alloc(346 /*max header*/, c->log); 523 ad = ngx_alloc(346 /*max header*/, c->log);
517 if (ad == 0) { 524 if (ad == 0) {
518 return 0; 525 return 0;
519 } 526 }
535 if (level == ssl_encryption_initial) { 542 if (level == ssl_encryption_initial) {
536 ngx_quic_build_int(&p, 0); // token length 543 ngx_quic_build_int(&p, 0); // token length
537 } 544 }
538 ngx_quic_build_int(&p, ciphertext_len + 1); // length (inc. pnl) 545 ngx_quic_build_int(&p, ciphertext_len + 1); // length (inc. pnl)
539 u_char *pnp = p; 546 u_char *pnp = p;
540 *p++ = 0; // packet number 0 547
548 if (level == ssl_encryption_initial) {
549 *p++ = 0; // packet number 0
550
551 } else if (level == ssl_encryption_handshake) {
552 *p++ = pn++;
553 }
541 554
542 ad_len = p - ad; 555 ad_len = p - ad;
543 556
544 m = ngx_hex_dump(buf, (u_char *) ad, ad_len) - buf; 557 m = ngx_hex_dump(buf, (u_char *) ad, ad_len) - buf;
545 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, 558 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
573 ciphertext = ngx_alloc(ciphertext_len, c->log); 586 ciphertext = ngx_alloc(ciphertext_len, c->log);
574 if (ciphertext == 0) { 587 if (ciphertext == 0) {
575 return 0; 588 return 0;
576 } 589 }
577 590
591 uint8_t *nonce = ngx_pstrdup(c->pool, server_iv);
592 if (level == ssl_encryption_handshake) {
593 nonce[11] ^= (pn - 1);
594 }
595
596 m = ngx_hex_dump(buf, (u_char *) server_iv->data, 12) - buf;
597 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
598 "quic_add_handshake_data sample: server_iv %*s",
599 m, buf);
600 m = ngx_hex_dump(buf, (u_char *) nonce, 12) - buf;
601 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
602 "quic_add_handshake_data sample: n=%d nonce %*s",
603 pn - 1, m, buf);
604
605
578 #ifdef OPENSSL_IS_BORINGSSL 606 #ifdef OPENSSL_IS_BORINGSSL
579 size_t out_len; 607 size_t out_len;
580 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher, 608 EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
581 server_key->data, 609 server_key->data,
582 server_key->len, 610 server_key->len,
583 EVP_AEAD_DEFAULT_TAG_LENGTH); 611 EVP_AEAD_DEFAULT_TAG_LENGTH);
584 612
585 if (EVP_AEAD_CTX_seal(aead, ciphertext, &out_len, ciphertext_len, 613 if (EVP_AEAD_CTX_seal(aead, ciphertext, &out_len, ciphertext_len,
586 server_iv->data, server_iv->len, 614 nonce, server_iv->len,
587 clear, clear_len, ad, ad_len) 615 clear, clear_len, ad, ad_len)
588 != 1) 616 != 1)
589 { 617 {
590 EVP_AEAD_CTX_free(aead); 618 EVP_AEAD_CTX_free(aead);
591 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, 619 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
617 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, 645 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
618 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed"); 646 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
619 return 0; 647 return 0;
620 } 648 }
621 649
622 if (EVP_EncryptInit_ex(aead, NULL, NULL, server_key->data, server_iv->data) 650 if (EVP_EncryptInit_ex(aead, NULL, NULL, server_key->data, nonce)
623 != 1) 651 != 1)
624 { 652 {
625 EVP_CIPHER_CTX_free(aead); 653 EVP_CIPHER_CTX_free(aead);
626 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed"); 654 ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "EVP_EncryptInit_ex() failed");
627 return 0; 655 return 0;
715 } 743 }
716 744
717 p = ngx_cpymem(packet, ad, ad_len); 745 p = ngx_cpymem(packet, ad, ad_len);
718 p = ngx_cpymem(p, ciphertext, out_len); 746 p = ngx_cpymem(p, ciphertext, out_len);
719 747
720 m = ngx_hex_dump(buf, (u_char *) packet, ngx_min(256, p - packet)) - buf; 748 m = ngx_hex_dump(buf, (u_char *) packet, ngx_min(1024, p - packet)) - buf;
721 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, 749 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
722 "quic_add_handshake_data packet: %*s%s, len: %uz", 750 "quic_add_handshake_data packet: %*s%s, len: %uz",
723 m, buf, len < 512 ? "" : "...", p - packet); 751 m, buf, len < 2048 ? "" : "...", p - packet);
724 752
725 c->send(c, packet, p - packet); 753 c->send(c, packet, p - packet);
726 754
727 return 1; 755 return 1;
728 } 756 }