mirror of
https://github.com/nginx/nginx.git
synced 2024-12-12 18:29:00 +08:00
Introduced ngx_quic_secret_t.
This commit is contained in:
parent
aba1768d94
commit
27e5e87784
@ -168,34 +168,34 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
|||||||
switch (level) {
|
switch (level) {
|
||||||
|
|
||||||
case ssl_encryption_handshake:
|
case ssl_encryption_handshake:
|
||||||
rlen = &c->quic->client_hs.len;
|
rlen = &c->quic->client_hs.secret.len;
|
||||||
rsec = &c->quic->client_hs.data;
|
rsec = &c->quic->client_hs.secret.data;
|
||||||
wlen = &c->quic->server_hs.len;
|
wlen = &c->quic->server_hs.secret.len;
|
||||||
wsec = &c->quic->server_hs.data;
|
wsec = &c->quic->server_hs.secret.data;
|
||||||
|
|
||||||
client_key = &c->quic->client_hs_key;
|
client_key = &c->quic->client_hs.key;
|
||||||
client_iv = &c->quic->client_hs_iv;
|
client_iv = &c->quic->client_hs.iv;
|
||||||
client_hp = &c->quic->client_hs_hp;
|
client_hp = &c->quic->client_hs.hp;
|
||||||
|
|
||||||
server_key = &c->quic->server_hs_key;
|
server_key = &c->quic->server_hs.key;
|
||||||
server_iv = &c->quic->server_hs_iv;
|
server_iv = &c->quic->server_hs.iv;
|
||||||
server_hp = &c->quic->server_hs_hp;
|
server_hp = &c->quic->server_hs.hp;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ssl_encryption_application:
|
case ssl_encryption_application:
|
||||||
rlen = &c->quic->client_ad.len;
|
rlen = &c->quic->client_ad.secret.len;
|
||||||
rsec = &c->quic->client_ad.data;
|
rsec = &c->quic->client_ad.secret.data;
|
||||||
wlen = &c->quic->server_ad.len;
|
wlen = &c->quic->server_ad.secret.len;
|
||||||
wsec = &c->quic->server_ad.data;
|
wsec = &c->quic->server_ad.secret.data;
|
||||||
|
|
||||||
client_key = &c->quic->client_ad_key;
|
client_key = &c->quic->client_ad.key;
|
||||||
client_iv = &c->quic->client_ad_iv;
|
client_iv = &c->quic->client_ad.iv;
|
||||||
client_hp = &c->quic->client_ad_hp;
|
client_hp = &c->quic->client_ad.hp;
|
||||||
|
|
||||||
server_key = &c->quic->server_ad_key;
|
server_key = &c->quic->server_ad.key;
|
||||||
server_iv = &c->quic->server_ad_iv;
|
server_iv = &c->quic->server_ad.iv;
|
||||||
server_hp = &c->quic->server_ad_hp;
|
server_hp = &c->quic->server_ad.hp;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -474,15 +474,15 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
|||||||
switch (level) {
|
switch (level) {
|
||||||
|
|
||||||
case ssl_encryption_initial:
|
case ssl_encryption_initial:
|
||||||
server_key = &qc->server_in_key;
|
server_key = &qc->server_in.key;
|
||||||
server_iv = &qc->server_in_iv;
|
server_iv = &qc->server_in.iv;
|
||||||
server_hp = &qc->server_in_hp;
|
server_hp = &qc->server_in.hp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ssl_encryption_handshake:
|
case ssl_encryption_handshake:
|
||||||
server_key = &qc->server_hs_key;
|
server_key = &qc->server_hs.key;
|
||||||
server_iv = &qc->server_hs_iv;
|
server_iv = &qc->server_hs.iv;
|
||||||
server_hp = &qc->server_hs_hp;
|
server_hp = &qc->server_hs.hp;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -11,40 +11,25 @@
|
|||||||
#include <ngx_event_openssl.h>
|
#include <ngx_event_openssl.h>
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
ngx_str_t secret;
|
||||||
|
ngx_str_t key;
|
||||||
|
ngx_str_t iv;
|
||||||
|
ngx_str_t hp;
|
||||||
|
} ngx_quic_secret_t;
|
||||||
|
|
||||||
|
|
||||||
struct ngx_quic_connection_s {
|
struct ngx_quic_connection_s {
|
||||||
ngx_str_t scid;
|
ngx_str_t scid;
|
||||||
ngx_str_t dcid;
|
ngx_str_t dcid;
|
||||||
ngx_str_t token;
|
ngx_str_t token;
|
||||||
|
|
||||||
ngx_str_t client_in;
|
ngx_quic_secret_t client_in;
|
||||||
ngx_str_t client_in_key;
|
ngx_quic_secret_t client_hs;
|
||||||
ngx_str_t client_in_iv;
|
ngx_quic_secret_t client_ad;
|
||||||
ngx_str_t client_in_hp;
|
ngx_quic_secret_t server_in;
|
||||||
|
ngx_quic_secret_t server_hs;
|
||||||
ngx_str_t server_in;
|
ngx_quic_secret_t server_ad;
|
||||||
ngx_str_t server_in_key;
|
|
||||||
ngx_str_t server_in_iv;
|
|
||||||
ngx_str_t server_in_hp;
|
|
||||||
|
|
||||||
ngx_str_t client_hs;
|
|
||||||
ngx_str_t client_hs_key;
|
|
||||||
ngx_str_t client_hs_iv;
|
|
||||||
ngx_str_t client_hs_hp;
|
|
||||||
|
|
||||||
ngx_str_t server_hs;
|
|
||||||
ngx_str_t server_hs_key;
|
|
||||||
ngx_str_t server_hs_iv;
|
|
||||||
ngx_str_t server_hs_hp;
|
|
||||||
|
|
||||||
ngx_str_t client_ad;
|
|
||||||
ngx_str_t client_ad_key;
|
|
||||||
ngx_str_t client_ad_iv;
|
|
||||||
ngx_str_t client_ad_hp;
|
|
||||||
|
|
||||||
ngx_str_t server_ad;
|
|
||||||
ngx_str_t server_ad_key;
|
|
||||||
ngx_str_t server_ad_iv;
|
|
||||||
ngx_str_t server_ad_hp;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -831,9 +831,9 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
|
|
||||||
/* draft-ietf-quic-tls-23#section-5.2 */
|
/* draft-ietf-quic-tls-23#section-5.2 */
|
||||||
|
|
||||||
qc->client_in.len = SHA256_DIGEST_LENGTH;
|
qc->client_in.secret.len = SHA256_DIGEST_LENGTH;
|
||||||
qc->client_in.data = ngx_pnalloc(c->pool, qc->client_in.len);
|
qc->client_in.secret.data = ngx_pnalloc(c->pool, qc->client_in.secret.len);
|
||||||
if (qc->client_in.data == NULL) {
|
if (qc->client_in.secret.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -841,7 +841,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1;
|
||||||
bzero(hkdfl, sizeof(hkdfl));
|
bzero(hkdfl, sizeof(hkdfl));
|
||||||
hkdfl[0] = 0;
|
hkdfl[0] = 0;
|
||||||
hkdfl[1] = qc->client_in.len;
|
hkdfl[1] = qc->client_in.secret.len;
|
||||||
hkdfl[2] = sizeof("tls13 client in") - 1;
|
hkdfl[2] = sizeof("tls13 client in") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
@ -856,7 +856,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
m, buf, sizeof(hkdfl));
|
m, buf, sizeof(hkdfl));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->client_in.data, qc->client_in.len,
|
if (ngx_hkdf_expand(qc->client_in.secret.data, qc->client_in.secret.len,
|
||||||
digest, is, is_len, hkdfl, hkdfl_len)
|
digest, is, is_len, hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
@ -876,57 +876,57 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
|
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
qc->client_in_key.len = EVP_AEAD_key_length(cipher);
|
qc->client_in.key.len = EVP_AEAD_key_length(cipher);
|
||||||
#else
|
#else
|
||||||
qc->client_in_key.len = EVP_CIPHER_key_length(cipher);
|
qc->client_in.key.len = EVP_CIPHER_key_length(cipher);
|
||||||
#endif
|
#endif
|
||||||
qc->client_in_key.data = ngx_pnalloc(c->pool, qc->client_in_key.len);
|
qc->client_in.key.data = ngx_pnalloc(c->pool, qc->client_in.key.len);
|
||||||
if (qc->client_in_key.data == NULL) {
|
if (qc->client_in.key.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
|
||||||
hkdfl[1] = qc->client_in_key.len;
|
hkdfl[1] = qc->client_in.key.len;
|
||||||
hkdfl[2] = sizeof("tls13 quic key") - 1;
|
hkdfl[2] = sizeof("tls13 quic key") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->client_in_key.data, qc->client_in_key.len,
|
if (ngx_hkdf_expand(qc->client_in.key.data, qc->client_in.key.len,
|
||||||
digest, qc->client_in.data, qc->client_in.len,
|
digest, qc->client_in.secret.data, qc->client_in.secret.len,
|
||||||
hkdfl, hkdfl_len)
|
hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
||||||
"ngx_hkdf_expand(client_in_key) failed");
|
"ngx_hkdf_expand(client_in.key) failed");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
qc->client_in_iv.len = EVP_AEAD_nonce_length(cipher);
|
qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher);
|
||||||
#else
|
#else
|
||||||
qc->client_in_iv.len = EVP_CIPHER_iv_length(cipher);
|
qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher);
|
||||||
#endif
|
#endif
|
||||||
qc->client_in_iv.data = ngx_pnalloc(c->pool, qc->client_in_iv.len);
|
qc->client_in.iv.data = ngx_pnalloc(c->pool, qc->client_in.iv.len);
|
||||||
if (qc->client_in_iv.data == NULL) {
|
if (qc->client_in.iv.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
|
||||||
hkdfl[1] = qc->client_in_iv.len;
|
hkdfl[1] = qc->client_in.iv.len;
|
||||||
hkdfl[2] = sizeof("tls13 quic iv") - 1;
|
hkdfl[2] = sizeof("tls13 quic iv") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->client_in_iv.data, qc->client_in_iv.len,
|
if (ngx_hkdf_expand(qc->client_in.iv.data, qc->client_in.iv.len,
|
||||||
digest, qc->client_in.data, qc->client_in.len,
|
digest, qc->client_in.secret.data, qc->client_in.secret.len,
|
||||||
hkdfl, hkdfl_len)
|
hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
||||||
"ngx_hkdf_expand(client_in_iv) failed");
|
"ngx_hkdf_expand(client_in.iv) failed");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -934,57 +934,57 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
|
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
qc->client_in_hp.len = EVP_AEAD_key_length(cipher);
|
qc->client_in.hp.len = EVP_AEAD_key_length(cipher);
|
||||||
#else
|
#else
|
||||||
qc->client_in_hp.len = EVP_CIPHER_key_length(cipher);
|
qc->client_in.hp.len = EVP_CIPHER_key_length(cipher);
|
||||||
#endif
|
#endif
|
||||||
qc->client_in_hp.data = ngx_pnalloc(c->pool, qc->client_in_hp.len);
|
qc->client_in.hp.data = ngx_pnalloc(c->pool, qc->client_in.hp.len);
|
||||||
if (qc->client_in_hp.data == NULL) {
|
if (qc->client_in.hp.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
|
||||||
hkdfl[1] = qc->client_in_hp.len;
|
hkdfl[1] = qc->client_in.hp.len;
|
||||||
hkdfl[2] = sizeof("tls13 quic hp") - 1;
|
hkdfl[2] = sizeof("tls13 quic hp") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->client_in_hp.data, qc->client_in_hp.len,
|
if (ngx_hkdf_expand(qc->client_in.hp.data, qc->client_in.hp.len,
|
||||||
digest, qc->client_in.data, qc->client_in.len,
|
digest, qc->client_in.secret.data, qc->client_in.secret.len,
|
||||||
hkdfl, hkdfl_len)
|
hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
||||||
"ngx_hkdf_expand(client_in_hp) failed");
|
"ngx_hkdf_expand(client_in.hp) failed");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if (NGX_DEBUG)
|
#if (NGX_DEBUG)
|
||||||
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
||||||
m = ngx_hex_dump(buf, qc->client_in.data, qc->client_in.len) - buf;
|
m = ngx_hex_dump(buf, qc->client_in.secret.data, qc->client_in.secret.len) - buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic client initial secret: %*s, len: %uz",
|
"quic client initial secret: %*s, len: %uz",
|
||||||
m, buf, qc->client_in.len);
|
m, buf, qc->client_in.secret.len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, qc->client_in_key.data, qc->client_in_key.len)
|
m = ngx_hex_dump(buf, qc->client_in.key.data, qc->client_in.key.len)
|
||||||
- buf;
|
- buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic client key: %*s, len: %uz",
|
"quic client key: %*s, len: %uz",
|
||||||
m, buf, qc->client_in_key.len);
|
m, buf, qc->client_in.key.len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, qc->client_in_iv.data, qc->client_in_iv.len)
|
m = ngx_hex_dump(buf, qc->client_in.iv.data, qc->client_in.iv.len)
|
||||||
- buf;
|
- buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic client iv: %*s, len: %uz",
|
"quic client iv: %*s, len: %uz",
|
||||||
m, buf, qc->client_in_iv.len);
|
m, buf, qc->client_in.iv.len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, qc->client_in_hp.data, qc->client_in_hp.len)
|
m = ngx_hex_dump(buf, qc->client_in.hp.data, qc->client_in.hp.len)
|
||||||
- buf;
|
- buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic client hp: %*s, len: %uz",
|
"quic client hp: %*s, len: %uz",
|
||||||
m, buf, qc->client_in_hp.len);
|
m, buf, qc->client_in.hp.len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -992,21 +992,21 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
|
|
||||||
/* draft-ietf-quic-tls-23#section-5.2 */
|
/* draft-ietf-quic-tls-23#section-5.2 */
|
||||||
|
|
||||||
qc->server_in.len = SHA256_DIGEST_LENGTH;
|
qc->server_in.secret.len = SHA256_DIGEST_LENGTH;
|
||||||
qc->server_in.data = ngx_pnalloc(c->pool, qc->server_in.len);
|
qc->server_in.secret.data = ngx_pnalloc(c->pool, qc->server_in.secret.len);
|
||||||
if (qc->server_in.data == NULL) {
|
if (qc->server_in.secret.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1;
|
||||||
hkdfl[0] = 0;
|
hkdfl[0] = 0;
|
||||||
hkdfl[1] = qc->server_in.len;
|
hkdfl[1] = qc->server_in.secret.len;
|
||||||
hkdfl[2] = sizeof("tls13 server in") - 1;
|
hkdfl[2] = sizeof("tls13 server in") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->server_in.data, qc->server_in.len,
|
if (ngx_hkdf_expand(qc->server_in.secret.data, qc->server_in.secret.len,
|
||||||
digest, is, is_len, hkdfl, hkdfl_len)
|
digest, is, is_len, hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
@ -1019,57 +1019,57 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
|
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
qc->server_in_key.len = EVP_AEAD_key_length(cipher);
|
qc->server_in.key.len = EVP_AEAD_key_length(cipher);
|
||||||
#else
|
#else
|
||||||
qc->server_in_key.len = EVP_CIPHER_key_length(cipher);
|
qc->server_in.key.len = EVP_CIPHER_key_length(cipher);
|
||||||
#endif
|
#endif
|
||||||
qc->server_in_key.data = ngx_pnalloc(c->pool, qc->server_in_key.len);
|
qc->server_in.key.data = ngx_pnalloc(c->pool, qc->server_in.key.len);
|
||||||
if (qc->server_in_key.data == NULL) {
|
if (qc->server_in.key.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
|
||||||
hkdfl[1] = qc->server_in_key.len;
|
hkdfl[1] = qc->server_in.key.len;
|
||||||
hkdfl[2] = sizeof("tls13 quic key") - 1;
|
hkdfl[2] = sizeof("tls13 quic key") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->server_in_key.data, qc->server_in_key.len,
|
if (ngx_hkdf_expand(qc->server_in.key.data, qc->server_in.key.len,
|
||||||
digest, qc->server_in.data, qc->server_in.len,
|
digest, qc->server_in.secret.data, qc->server_in.secret.len,
|
||||||
hkdfl, hkdfl_len)
|
hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
||||||
"ngx_hkdf_expand(server_in_key) failed");
|
"ngx_hkdf_expand(server_in.key) failed");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
qc->server_in_iv.len = EVP_AEAD_nonce_length(cipher);
|
qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher);
|
||||||
#else
|
#else
|
||||||
qc->server_in_iv.len = EVP_CIPHER_iv_length(cipher);
|
qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher);
|
||||||
#endif
|
#endif
|
||||||
qc->server_in_iv.data = ngx_pnalloc(c->pool, qc->server_in_iv.len);
|
qc->server_in.iv.data = ngx_pnalloc(c->pool, qc->server_in.iv.len);
|
||||||
if (qc->server_in_iv.data == NULL) {
|
if (qc->server_in.iv.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
|
||||||
hkdfl[1] = qc->server_in_iv.len;
|
hkdfl[1] = qc->server_in.iv.len;
|
||||||
hkdfl[2] = sizeof("tls13 quic iv") - 1;
|
hkdfl[2] = sizeof("tls13 quic iv") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->server_in_iv.data, qc->server_in_iv.len,
|
if (ngx_hkdf_expand(qc->server_in.iv.data, qc->server_in.iv.len,
|
||||||
digest, qc->server_in.data, qc->server_in.len,
|
digest, qc->server_in.secret.data, qc->server_in.secret.len,
|
||||||
hkdfl, hkdfl_len)
|
hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
||||||
"ngx_hkdf_expand(server_in_iv) failed");
|
"ngx_hkdf_expand(server_in.iv) failed");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -1077,57 +1077,57 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
|
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
qc->server_in_hp.len = EVP_AEAD_key_length(cipher);
|
qc->server_in.hp.len = EVP_AEAD_key_length(cipher);
|
||||||
#else
|
#else
|
||||||
qc->server_in_hp.len = EVP_CIPHER_key_length(cipher);
|
qc->server_in.hp.len = EVP_CIPHER_key_length(cipher);
|
||||||
#endif
|
#endif
|
||||||
qc->server_in_hp.data = ngx_pnalloc(c->pool, qc->server_in_hp.len);
|
qc->server_in.hp.data = ngx_pnalloc(c->pool, qc->server_in.hp.len);
|
||||||
if (qc->server_in_hp.data == NULL) {
|
if (qc->server_in.hp.data == NULL) {
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
|
hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
|
||||||
hkdfl[1] = qc->server_in_hp.len;
|
hkdfl[1] = qc->server_in.hp.len;
|
||||||
hkdfl[2] = sizeof("tls13 quic hp") - 1;
|
hkdfl[2] = sizeof("tls13 quic hp") - 1;
|
||||||
p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
|
p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(qc->server_in_hp.data, qc->server_in_hp.len,
|
if (ngx_hkdf_expand(qc->server_in.hp.data, qc->server_in.hp.len,
|
||||||
digest, qc->server_in.data, qc->server_in.len,
|
digest, qc->server_in.secret.data, qc->server_in.secret.len,
|
||||||
hkdfl, hkdfl_len)
|
hkdfl, hkdfl_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
|
||||||
"ngx_hkdf_expand(server_in_hp) failed");
|
"ngx_hkdf_expand(server_in.hp) failed");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if (NGX_DEBUG)
|
#if (NGX_DEBUG)
|
||||||
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
||||||
m = ngx_hex_dump(buf, qc->server_in.data, qc->server_in.len) - buf;
|
m = ngx_hex_dump(buf, qc->server_in.secret.data, qc->server_in.secret.len) - buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic server initial secret: %*s, len: %uz",
|
"quic server initial secret: %*s, len: %uz",
|
||||||
m, buf, qc->server_in.len);
|
m, buf, qc->server_in.secret.len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, qc->server_in_key.data, qc->server_in_key.len)
|
m = ngx_hex_dump(buf, qc->server_in.key.data, qc->server_in.key.len)
|
||||||
- buf;
|
- buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic server key: %*s, len: %uz",
|
"quic server key: %*s, len: %uz",
|
||||||
m, buf, qc->server_in_key.len);
|
m, buf, qc->server_in.key.len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, qc->server_in_iv.data, qc->server_in_iv.len)
|
m = ngx_hex_dump(buf, qc->server_in.iv.data, qc->server_in.iv.len)
|
||||||
- buf;
|
- buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic server iv: %*s, len: %uz",
|
"quic server iv: %*s, len: %uz",
|
||||||
m, buf, qc->server_in_iv.len);
|
m, buf, qc->server_in.iv.len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, qc->server_in_hp.data, qc->server_in_hp.len)
|
m = ngx_hex_dump(buf, qc->server_in.hp.data, qc->server_in.hp.len)
|
||||||
- buf;
|
- buf;
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic server hp: %*s, len: %uz",
|
"quic server hp: %*s, len: %uz",
|
||||||
m, buf, qc->server_in_hp.len);
|
m, buf, qc->server_in.hp.len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1138,7 +1138,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
int outlen;
|
int outlen;
|
||||||
|
|
||||||
if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
|
if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
|
||||||
qc->client_in_hp.data, NULL)
|
qc->client_in.hp.data, NULL)
|
||||||
!= 1)
|
!= 1)
|
||||||
{
|
{
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
@ -1195,7 +1195,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
ad.data[0] = clearflags;
|
ad.data[0] = clearflags;
|
||||||
ad.data[ad.len - pnl] = (u_char)pn;
|
ad.data[ad.len - pnl] = (u_char)pn;
|
||||||
|
|
||||||
uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in_iv);
|
uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_in.iv);
|
||||||
nonce[11] ^= pn;
|
nonce[11] ^= pn;
|
||||||
|
|
||||||
#if (NGX_DEBUG)
|
#if (NGX_DEBUG)
|
||||||
@ -1215,8 +1215,8 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
|
EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
|
||||||
qc->client_in_key.data,
|
qc->client_in.key.data,
|
||||||
qc->client_in_key.len,
|
qc->client_in.key.len,
|
||||||
EVP_AEAD_DEFAULT_TAG_LENGTH);
|
EVP_AEAD_DEFAULT_TAG_LENGTH);
|
||||||
if (aead == NULL) {
|
if (aead == NULL) {
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
|
||||||
@ -1225,7 +1225,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
|
if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
|
||||||
nonce, qc->client_in_iv.len, ciphertext.data,
|
nonce, qc->client_in.iv.len, ciphertext.data,
|
||||||
ciphertext.len, ad.data, ad.len)
|
ciphertext.len, ad.data, ad.len)
|
||||||
!= 1)
|
!= 1)
|
||||||
{
|
{
|
||||||
@ -1256,7 +1256,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in_iv.len,
|
if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_in.iv.len,
|
||||||
NULL)
|
NULL)
|
||||||
== 0)
|
== 0)
|
||||||
{
|
{
|
||||||
@ -1267,7 +1267,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in_key.data, nonce)
|
if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_in.key.data, nonce)
|
||||||
!= 1)
|
!= 1)
|
||||||
{
|
{
|
||||||
EVP_CIPHER_CTX_free(aead);
|
EVP_CIPHER_CTX_free(aead);
|
||||||
@ -1527,7 +1527,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
int outlen;
|
int outlen;
|
||||||
|
|
||||||
if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
|
if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
|
||||||
qc->client_hs_hp.data, NULL)
|
qc->client_hs.hp.data, NULL)
|
||||||
!= 1)
|
!= 1)
|
||||||
{
|
{
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
@ -1581,7 +1581,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
ad.data[0] = clearflags;
|
ad.data[0] = clearflags;
|
||||||
ad.data[ad.len - pnl] = (u_char)pn;
|
ad.data[ad.len - pnl] = (u_char)pn;
|
||||||
|
|
||||||
uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs_iv);
|
uint8_t *nonce = ngx_pstrdup(c->pool, &qc->client_hs.iv);
|
||||||
nonce[11] ^= pn;
|
nonce[11] ^= pn;
|
||||||
|
|
||||||
#if (NGX_DEBUG)
|
#if (NGX_DEBUG)
|
||||||
@ -1634,8 +1634,8 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
|
EVP_AEAD_CTX *aead = EVP_AEAD_CTX_new(cipher,
|
||||||
qc->client_hs_key.data,
|
qc->client_hs.key.data,
|
||||||
qc->client_hs_key.len,
|
qc->client_hs.key.len,
|
||||||
EVP_AEAD_DEFAULT_TAG_LENGTH);
|
EVP_AEAD_DEFAULT_TAG_LENGTH);
|
||||||
if (aead == NULL) {
|
if (aead == NULL) {
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "EVP_AEAD_CTX_new() failed");
|
||||||
@ -1644,7 +1644,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
|
if (EVP_AEAD_CTX_open(aead, cleartext, &cleartext_len, sizeof(cleartext),
|
||||||
nonce, qc->client_hs_iv.len, ciphertext.data,
|
nonce, qc->client_hs.iv.len, ciphertext.data,
|
||||||
ciphertext.len, ad.data, ad.len)
|
ciphertext.len, ad.data, ad.len)
|
||||||
!= 1)
|
!= 1)
|
||||||
{
|
{
|
||||||
@ -1675,7 +1675,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs_iv.len,
|
if (EVP_CIPHER_CTX_ctrl(aead, EVP_CTRL_GCM_SET_IVLEN, qc->client_hs.iv.len,
|
||||||
NULL)
|
NULL)
|
||||||
== 0)
|
== 0)
|
||||||
{
|
{
|
||||||
@ -1686,7 +1686,7 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs_key.data, nonce)
|
if (EVP_DecryptInit_ex(aead, NULL, NULL, qc->client_hs.key.data, nonce)
|
||||||
!= 1)
|
!= 1)
|
||||||
{
|
{
|
||||||
EVP_CIPHER_CTX_free(aead);
|
EVP_CIPHER_CTX_free(aead);
|
||||||
|
Loading…
Reference in New Issue
Block a user