Mercurial > hg > nginx
annotate src/event/ngx_event_quic_protection.h @ 8621:9c3be23ddbe7 quic
QUIC: refactored key handling.
All key handling functionality is moved into ngx_quic_protection.c.
Public structures from ngx_quic_protection.h are now private and new
methods are available to manipulate keys.
A negotiated cipher is cached in QUIC connection from the set secret callback
to avoid calling SSL_get_current_cipher() on each encrypt/decrypt operation.
This also reduces the number of unwanted c->ssl->connection occurrences.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 02 Nov 2020 18:21:34 +0300 |
parents | b31c02454539 |
children |
rev | line source |
---|---|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
8347
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
11 #include <ngx_config.h> |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
12 #include <ngx_core.h> |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
13 |
a5141e6b3214
Fixed includes in quic headers.
Roman Arutyunyan <arut@nginx.com>
parents:
8339
diff
changeset
|
14 |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
15 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
16 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
17 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
18 ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
19 ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
20 ngx_quic_keys_t *keys, ngx_str_t *secret); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
21 int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
22 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
23 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
24 ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
25 enum ssl_encryption_level_t level); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
26 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
27 enum ssl_encryption_level_t level); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
28 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
29 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 |
8562
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8376
diff
changeset
|
31 ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, |
b31c02454539
QUIC: added stateless reset support.
Vladimir Homutov <vl@nginx.com>
parents:
8376
diff
changeset
|
32 ngx_str_t *key, u_char *token); |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8306
diff
changeset
|
33 |
8621
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
34 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
9c3be23ddbe7
QUIC: refactored key handling.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8562
diff
changeset
|
35 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |