Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8306:058a5af7ddfc quic
Refactored QUIC secrets storage.
The quic->keys[4] array now contains secrets related to the corresponding
encryption level. All protection-level functions get proper keys and do
not need to switch manually between levels.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 01 Apr 2020 14:25:25 +0300 |
parents | 2ac03e80d013 |
children | dc7ac778aafe |
comparison
equal
deleted
inserted
replaced
8305:e35f824f644d | 8306:058a5af7ddfc |
---|---|
116 return len; | 116 return len; |
117 } | 117 } |
118 | 118 |
119 | 119 |
120 ngx_int_t | 120 ngx_int_t |
121 ngx_quic_set_initial_secret(ngx_pool_t *pool, ngx_quic_secrets_t *qsec, | 121 ngx_quic_set_initial_secret(ngx_pool_t *pool, ngx_quic_secret_t *client, |
122 ngx_str_t *secret) | 122 ngx_quic_secret_t *server, ngx_str_t *secret) |
123 { | 123 { |
124 size_t is_len; | 124 size_t is_len; |
125 uint8_t is[SHA256_DIGEST_LENGTH]; | 125 uint8_t is[SHA256_DIGEST_LENGTH]; |
126 ngx_uint_t i; | 126 ngx_uint_t i; |
127 const EVP_MD *digest; | 127 const EVP_MD *digest; |
150 | 150 |
151 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); | 151 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); |
152 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); | 152 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); |
153 | 153 |
154 /* draft-ietf-quic-tls-23#section-5.2 */ | 154 /* draft-ietf-quic-tls-23#section-5.2 */ |
155 qsec->client.in.secret.len = SHA256_DIGEST_LENGTH; | 155 client->secret.len = SHA256_DIGEST_LENGTH; |
156 qsec->server.in.secret.len = SHA256_DIGEST_LENGTH; | 156 server->secret.len = SHA256_DIGEST_LENGTH; |
157 | 157 |
158 qsec->client.in.key.len = EVP_CIPHER_key_length(cipher); | 158 client->key.len = EVP_CIPHER_key_length(cipher); |
159 qsec->server.in.key.len = EVP_CIPHER_key_length(cipher); | 159 server->key.len = EVP_CIPHER_key_length(cipher); |
160 | 160 |
161 qsec->client.in.hp.len = EVP_CIPHER_key_length(cipher); | 161 client->hp.len = EVP_CIPHER_key_length(cipher); |
162 qsec->server.in.hp.len = EVP_CIPHER_key_length(cipher); | 162 server->hp.len = EVP_CIPHER_key_length(cipher); |
163 | 163 |
164 qsec->client.in.iv.len = EVP_CIPHER_iv_length(cipher); | 164 client->iv.len = EVP_CIPHER_iv_length(cipher); |
165 qsec->server.in.iv.len = EVP_CIPHER_iv_length(cipher); | 165 server->iv.len = EVP_CIPHER_iv_length(cipher); |
166 | 166 |
167 struct { | 167 struct { |
168 ngx_str_t label; | 168 ngx_str_t label; |
169 ngx_str_t *key; | 169 ngx_str_t *key; |
170 ngx_str_t *prk; | 170 ngx_str_t *prk; |
171 } seq[] = { | 171 } seq[] = { |
172 | 172 |
173 /* draft-ietf-quic-tls-23#section-5.2 */ | 173 /* draft-ietf-quic-tls-23#section-5.2 */ |
174 { ngx_string("tls13 client in"), &qsec->client.in.secret, &iss }, | 174 { ngx_string("tls13 client in"), &client->secret, &iss }, |
175 { | 175 { |
176 ngx_string("tls13 quic key"), | 176 ngx_string("tls13 quic key"), |
177 &qsec->client.in.key, | 177 &client->key, |
178 &qsec->client.in.secret, | 178 &client->secret, |
179 }, | 179 }, |
180 { | 180 { |
181 ngx_string("tls13 quic iv"), | 181 ngx_string("tls13 quic iv"), |
182 &qsec->client.in.iv, | 182 &client->iv, |
183 &qsec->client.in.secret, | 183 &client->secret, |
184 }, | 184 }, |
185 { | 185 { |
186 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 186 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
187 ngx_string("tls13 quic hp"), | 187 ngx_string("tls13 quic hp"), |
188 &qsec->client.in.hp, | 188 &client->hp, |
189 &qsec->client.in.secret, | 189 &client->secret, |
190 }, | 190 }, |
191 { ngx_string("tls13 server in"), &qsec->server.in.secret, &iss }, | 191 { ngx_string("tls13 server in"), &server->secret, &iss }, |
192 { | 192 { |
193 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 193 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
194 ngx_string("tls13 quic key"), | 194 ngx_string("tls13 quic key"), |
195 &qsec->server.in.key, | 195 &server->key, |
196 &qsec->server.in.secret, | 196 &server->secret, |
197 }, | 197 }, |
198 { | 198 { |
199 ngx_string("tls13 quic iv"), | 199 ngx_string("tls13 quic iv"), |
200 &qsec->server.in.iv, | 200 &server->iv, |
201 &qsec->server.in.secret, | 201 &server->secret, |
202 }, | 202 }, |
203 { | 203 { |
204 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ | 204 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */ |
205 ngx_string("tls13 quic hp"), | 205 ngx_string("tls13 quic hp"), |
206 &qsec->server.in.hp, | 206 &server->hp, |
207 &qsec->server.in.secret, | 207 &server->secret, |
208 }, | 208 }, |
209 | 209 |
210 }; | 210 }; |
211 | 211 |
212 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { | 212 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { |
602 | 602 |
603 | 603 |
604 int | 604 int |
605 ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, | 605 ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, |
606 enum ssl_encryption_level_t level, const uint8_t *secret, | 606 enum ssl_encryption_level_t level, const uint8_t *secret, |
607 size_t secret_len, ngx_quic_peer_secrets_t *qsec) | 607 size_t secret_len, ngx_quic_secret_t *peer_secret) |
608 { | 608 { |
609 ngx_int_t key_len; | 609 ngx_int_t key_len; |
610 ngx_uint_t i; | 610 ngx_uint_t i; |
611 ngx_quic_secret_t *peer_secret; | 611 ngx_quic_ciphers_t ciphers; |
612 ngx_quic_ciphers_t ciphers; | |
613 | 612 |
614 key_len = ngx_quic_ciphers(ssl_conn, &ciphers, level); | 613 key_len = ngx_quic_ciphers(ssl_conn, &ciphers, level); |
615 | 614 |
616 if (key_len == NGX_ERROR) { | 615 if (key_len == NGX_ERROR) { |
617 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); | 616 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher"); |
618 return 0; | 617 return 0; |
619 } | 618 } |
620 | 619 |
621 switch (level) { | 620 if (level == ssl_encryption_initial) { |
622 | |
623 case ssl_encryption_early_data: | |
624 peer_secret = &qsec->ed; | |
625 break; | |
626 | |
627 case ssl_encryption_handshake: | |
628 peer_secret = &qsec->hs; | |
629 break; | |
630 | |
631 case ssl_encryption_application: | |
632 peer_secret = &qsec->ad; | |
633 break; | |
634 | |
635 default: | |
636 return 0; | 621 return 0; |
637 } | 622 } |
638 | 623 |
639 peer_secret->key.len = key_len; | 624 peer_secret->key.len = key_len; |
640 peer_secret->iv.len = NGX_QUIC_IV_LEN; | 625 peer_secret->iv.len = NGX_QUIC_IV_LEN; |