Mercurial > hg > nginx

changeset 8798:fc5719637aff quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: consistent use of 5-byte buffers for header protection. The output buffer is now also of 5 bytes. Header protection uses stream ciphers, which don't produce extra output nor PKCS padding.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 16 Jun 2021 17:53:18 +0300
parents 4715f3e669f1
children ef8276c8ccff
files src/event/quic/ngx_event_quic_protection.c
diffstat 1 files changed, 11 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -10,7 +10,10 @@
 #include <ngx_event_quic_connection.h>
 
 
+/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
 #define NGX_QUIC_IV_LEN               12
+/* RFC 9001, 5.4.1.  Header Protection Application: 5-byte mask */
+#define NGX_QUIC_HP_LEN               5
 
 #define NGX_AES_128_GCM_SHA256        0x1301
 #define NGX_AES_256_GCM_SHA384        0x1302
@@ -627,15 +630,15 @@ ngx_quic_tls_hp(ngx_log_t *log, const EV
 {
     int              outlen;
     EVP_CIPHER_CTX  *ctx;
-    u_char           zero[5] = {0};
+    u_char           zero[NGX_QUIC_HP_LEN] = {0};
 
 #ifdef OPENSSL_IS_BORINGSSL
-    uint32_t counter;
+    uint32_t         cnt;
 
-    ngx_memcpy(&counter, in, sizeof(uint32_t));
+    ngx_memcpy(&cnt, in, sizeof(uint32_t));
 
     if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
-        CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter);
+        CRYPTO_chacha_20(out, zero, NGX_QUIC_HP_LEN, s->hp.data, &in[4], cnt);
         return NGX_OK;
     }
 #endif
@@ -650,12 +653,12 @@ ngx_quic_tls_hp(ngx_log_t *log, const EV
         goto failed;
     }
 
-    if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, 5)) {
+    if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, NGX_QUIC_HP_LEN)) {
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
         goto failed;
     }
 
-    if (!EVP_EncryptFinal_ex(ctx, out + 5, &outlen)) {
+    if (!EVP_EncryptFinal_ex(ctx, out + NGX_QUIC_HP_LEN, &outlen)) {
         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
         goto failed;
     }
@@ -857,7 +860,7 @@ ngx_quic_create_packet(ngx_quic_header_t
     ngx_uint_t           i;
     ngx_quic_secret_t   *secret;
     ngx_quic_ciphers_t   ciphers;
-    u_char               nonce[12], mask[16];
+    u_char               nonce[12], mask[NGX_QUIC_HP_LEN];
 
     out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
 
@@ -1084,7 +1087,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     ngx_str_t            in, ad;
     ngx_quic_secret_t   *secret;
     ngx_quic_ciphers_t   ciphers;
-    uint8_t              mask[16], nonce[12];
+    uint8_t              nonce[12], mask[NGX_QUIC_HP_LEN];
 
     if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
     {