mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-08-06 14:56:15 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

QUIC: reusing crypto contexts for packet protection.

Browse Source
This commit is contained in:
Sergey Kandaurov 2023-10-20 18:05:07 +04:00
parent 885a02696e
commit 80a695add8
5 changed files with 257 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/event/quic/ngx_event_quic.c
View File

@ -335,6 +335,7 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
qc->validated = pkt->validated; qc->validated = pkt->validated;
if (ngx_quic_open_sockets(c, qc, pkt) != NGX_OK) { if (ngx_quic_open_sockets(c, qc, pkt) != NGX_OK) {
ngx_quic_keys_cleanup(qc->keys);
return NULL; return NULL;
} }
@ -585,6 +586,8 @@ ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
ngx_quic_close_sockets(c); ngx_quic_close_sockets(c);
ngx_quic_keys_cleanup(qc->keys);
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic close completed"); ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic close completed");
/* may be tested from SSL callback during SSL shutdown */ /* may be tested from SSL callback during SSL shutdown */

45
src/event/quic/ngx_event_quic_openssl_compat.c
View File

@ -54,9 +54,10 @@ struct ngx_quic_compat_s {
static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line); static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line);
static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_log_t *log, static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_connection_t *c,
ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level, ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level,
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
static void ngx_quic_compat_cleanup_encryption_secret(void *data);
static int ngx_quic_compat_add_transport_params_callback(SSL *ssl, static int ngx_quic_compat_add_transport_params_callback(SSL *ssl,
unsigned int ext_type, unsigned int context, const unsigned char **out, unsigned int ext_type, unsigned int context, const unsigned char **out,
size_t *outlen, X509 *x, size_t chainidx, int *al, void *add_arg); size_t *outlen, X509 *x, size_t chainidx, int *al, void *add_arg);
@ -214,14 +215,14 @@ ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line)
com->method->set_read_secret((SSL *) ssl, level, cipher, secret, n); com->method->set_read_secret((SSL *) ssl, level, cipher, secret, n);
com->read_record = 0; com->read_record = 0;
(void) ngx_quic_compat_set_encryption_secret(c->log, &com->keys, level, (void) ngx_quic_compat_set_encryption_secret(c, &com->keys, level,
cipher, secret, n); cipher, secret, n);
} }
} }
static ngx_int_t static ngx_int_t
ngx_quic_compat_set_encryption_secret(ngx_log_t *log, ngx_quic_compat_set_encryption_secret(ngx_connection_t *c,
ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level, ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level,
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
{ {
@ -231,6 +232,7 @@ ngx_quic_compat_set_encryption_secret(ngx_log_t *log,
ngx_quic_hkdf_t seq[2]; ngx_quic_hkdf_t seq[2];
ngx_quic_secret_t *peer_secret; ngx_quic_secret_t *peer_secret;
ngx_quic_ciphers_t ciphers; ngx_quic_ciphers_t ciphers;
ngx_pool_cleanup_t *cln;
peer_secret = &keys->secret; peer_secret = &keys->secret;
@ -239,12 +241,12 @@ ngx_quic_compat_set_encryption_secret(ngx_log_t *log,
key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
if (key_len == NGX_ERROR) { if (key_len == NGX_ERROR) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher");
return NGX_ERROR; return NGX_ERROR;
} }
if (sizeof(peer_secret->secret.data) < secret_len) { if (sizeof(peer_secret->secret.data) < secret_len) {
ngx_log_error(NGX_LOG_ALERT, log, 0, ngx_log_error(NGX_LOG_ALERT, c->log, 0,
"unexpected secret len: %uz", secret_len); "unexpected secret len: %uz", secret_len);
return NGX_ERROR; return NGX_ERROR;
} }
@ -262,15 +264,43 @@ ngx_quic_compat_set_encryption_secret(ngx_log_t *log,
ngx_quic_hkdf_set(&seq[1], "tls13 iv", &peer_secret->iv, &secret_str); ngx_quic_hkdf_set(&seq[1], "tls13 iv", &peer_secret->iv, &secret_str);
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, c->log) != NGX_OK) {
return NGX_ERROR; return NGX_ERROR;
} }
} }
/* register cleanup handler once */
if (peer_secret->ctx) {
ngx_quic_crypto_cleanup(peer_secret);
} else {
cln = ngx_pool_cleanup_add(c->pool, 0);
if (cln == NULL) {
return NGX_ERROR;
}
cln->handler = ngx_quic_compat_cleanup_encryption_secret;
cln->data = peer_secret;
}
if (ngx_quic_crypto_init(ciphers.c, peer_secret, 1, c->log) == NGX_ERROR) {
return NGX_ERROR;
}
return NGX_OK; return NGX_OK;
} }
static void
ngx_quic_compat_cleanup_encryption_secret(void *data)
{
ngx_quic_secret_t *secret = data;
ngx_quic_crypto_cleanup(secret);
}
static int static int
ngx_quic_compat_add_transport_params_callback(SSL *ssl, unsigned int ext_type, ngx_quic_compat_add_transport_params_callback(SSL *ssl, unsigned int ext_type,
unsigned int context, const unsigned char **out, size_t *outlen, X509 *x, unsigned int context, const unsigned char **out, size_t *outlen, X509 *x,
@ -578,8 +608,7 @@ ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res)
ngx_memcpy(nonce, secret->iv.data, secret->iv.len); ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number); ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number);
if (ngx_quic_crypto_seal(ciphers.c, secret, &out, if (ngx_quic_crypto_seal(secret, &out, nonce, &rec->payload, &ad, rec->log)
nonce, &rec->payload, &ad, rec->log)
!= NGX_OK) != NGX_OK)
{ {
return NGX_ERROR; return NGX_ERROR;

4
src/event/quic/ngx_event_quic_output.c
View File

@ -941,13 +941,17 @@ ngx_quic_send_early_cc(ngx_connection_t *c, ngx_quic_header_t *inpkt,
res.data = dst; res.data = dst;
if (ngx_quic_encrypt(&pkt, &res) != NGX_OK) { if (ngx_quic_encrypt(&pkt, &res) != NGX_OK) {
ngx_quic_keys_cleanup(pkt.keys);
return NGX_ERROR; return NGX_ERROR;
} }
if (ngx_quic_send(c, res.data, res.len, c->sockaddr, c->socklen) < 0) { if (ngx_quic_send(c, res.data, res.len, c->sockaddr, c->socklen) < 0) {
ngx_quic_keys_cleanup(pkt.keys);
return NGX_ERROR; return NGX_ERROR;
} }
ngx_quic_keys_cleanup(pkt.keys);
return NGX_DONE; return NGX_DONE;
} }

358
src/event/quic/ngx_event_quic_protection.c
View File

@ -26,9 +26,8 @@ static ngx_int_t ngx_hkdf_extract(u_char *out_key, size_t *out_len,
static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask,
uint64_t *largest_pn); uint64_t *largest_pn);
static ngx_int_t ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out,
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
ngx_str_t *ad, ngx_log_t *log);
static ngx_int_t ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher, static ngx_int_t ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
ngx_quic_secret_t *s, u_char *out, u_char *in); ngx_quic_secret_t *s, u_char *out, u_char *in);
@ -108,13 +107,14 @@ ngx_int_t
ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret, ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
ngx_log_t *log) ngx_log_t *log)
{ {
size_t is_len; size_t is_len;
uint8_t is[SHA256_DIGEST_LENGTH]; uint8_t is[SHA256_DIGEST_LENGTH];
ngx_str_t iss; ngx_str_t iss;
ngx_uint_t i; ngx_uint_t i;
const EVP_MD *digest; const EVP_MD *digest;
ngx_quic_hkdf_t seq[8]; ngx_quic_hkdf_t seq[8];
ngx_quic_secret_t *client, *server; ngx_quic_secret_t *client, *server;
ngx_quic_ciphers_t ciphers;
static const uint8_t salt[20] = static const uint8_t salt[20] =
"\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
@ -180,7 +180,25 @@ ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys, ngx_str_t *secret,
} }
} }
if (ngx_quic_ciphers(0, &ciphers, ssl_encryption_initial) == NGX_ERROR) {
return NGX_ERROR;
}
if (ngx_quic_crypto_init(ciphers.c, client, 0, log) == NGX_ERROR) {
return NGX_ERROR;
}
if (ngx_quic_crypto_init(ciphers.c, server, 1, log) == NGX_ERROR) {
goto failed;
}
return NGX_OK; return NGX_OK;
failed:
ngx_quic_keys_cleanup(keys);
return NGX_ERROR;
} }
@ -343,114 +361,9 @@ failed:
} }
static ngx_int_t
ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{
#ifdef OPENSSL_IS_BORINGSSL
EVP_AEAD_CTX *ctx;
ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
EVP_AEAD_DEFAULT_TAG_LENGTH);
if (ctx == NULL) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
return NGX_ERROR;
}
if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
in->data, in->len, ad->data, ad->len)
!= 1)
{
EVP_AEAD_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed");
return NGX_ERROR;
}
EVP_AEAD_CTX_free(ctx);
#else
int len;
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
return NGX_ERROR;
}
if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
return NGX_ERROR;
}
in->len -= NGX_QUIC_TAG_LEN;
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
in->data + in->len)
== 0)
{
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0,
"EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
return NGX_ERROR;
}
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, s->iv.len, NULL)
== 0)
{
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0,
"EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_IVLEN) failed");
return NGX_ERROR;
}
if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
return NGX_ERROR;
}
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
&& EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1)
{
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
return NGX_ERROR;
}
if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
return NGX_ERROR;
}
if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
return NGX_ERROR;
}
out->len = len;
if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
return NGX_ERROR;
}
out->len += len;
EVP_CIPHER_CTX_free(ctx);
#endif
return NGX_OK;
}
ngx_int_t ngx_int_t
ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) ngx_int_t enc, ngx_log_t *log)
{ {
#ifdef OPENSSL_IS_BORINGSSL #ifdef OPENSSL_IS_BORINGSSL
@ -462,19 +375,7 @@ ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
return NGX_ERROR; return NGX_ERROR;
} }
if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
in->data, in->len, ad->data, ad->len)
!= 1)
{
EVP_AEAD_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed");
return NGX_ERROR;
}
EVP_AEAD_CTX_free(ctx);
#else #else
int len;
EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new(); ctx = EVP_CIPHER_CTX_new();
@ -483,9 +384,9 @@ ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
return NGX_ERROR; return NGX_ERROR;
} }
if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) { if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) != 1) {
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
return NGX_ERROR; return NGX_ERROR;
} }
@ -509,28 +410,121 @@ ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
return NGX_ERROR; return NGX_ERROR;
} }
if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) { if (EVP_CipherInit_ex(ctx, NULL, NULL, s->key.data, NULL, enc) != 1) {
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherInit_ex() failed");
return NGX_ERROR;
}
#endif
s->ctx = ctx;
return NGX_OK;
}
static ngx_int_t
ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce,
ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{
ngx_quic_crypto_ctx_t *ctx;
ctx = s->ctx;
#ifdef OPENSSL_IS_BORINGSSL
if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
in->data, in->len, ad->data, ad->len)
!= 1)
{
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed");
return NGX_ERROR;
}
#else
int len;
if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, nonce) != 1) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
return NGX_ERROR;
}
in->len -= NGX_QUIC_TAG_LEN;
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, NGX_QUIC_TAG_LEN,
in->data + in->len)
== 0)
{
ngx_ssl_error(NGX_LOG_INFO, log, 0,
"EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG) failed");
return NGX_ERROR;
}
if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
&& EVP_DecryptUpdate(ctx, NULL, &len, NULL, in->len) != 1)
{
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
return NGX_ERROR;
}
if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
return NGX_ERROR;
}
if (EVP_DecryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
return NGX_ERROR;
}
out->len = len;
if (EVP_DecryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
return NGX_ERROR;
}
out->len += len;
#endif
return NGX_OK;
}
ngx_int_t
ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce,
ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{
ngx_quic_crypto_ctx_t *ctx;
ctx = s->ctx;
#ifdef OPENSSL_IS_BORINGSSL
if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
in->data, in->len, ad->data, ad->len)
!= 1)
{
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed");
return NGX_ERROR;
}
#else
int len;
if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, nonce) != 1) {
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
return NGX_ERROR; return NGX_ERROR;
} }
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
&& EVP_EncryptUpdate(ctx, NULL, &len, NULL, in->len) != 1) && EVP_EncryptUpdate(ctx, NULL, &len, NULL, in->len) != 1)
{ {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
return NGX_ERROR; return NGX_ERROR;
} }
if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) { if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
return NGX_ERROR; return NGX_ERROR;
} }
if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) { if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
return NGX_ERROR; return NGX_ERROR;
} }
@ -538,7 +532,6 @@ ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
out->len = len; out->len = len;
if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) { if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed"); ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed");
return NGX_ERROR; return NGX_ERROR;
} }
@ -549,21 +542,32 @@ ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
out->data + out->len) out->data + out->len)
== 0) == 0)
{ {
EVP_CIPHER_CTX_free(ctx);
ngx_ssl_error(NGX_LOG_INFO, log, 0, ngx_ssl_error(NGX_LOG_INFO, log, 0,
"EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed"); "EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_GET_TAG) failed");
return NGX_ERROR; return NGX_ERROR;
} }
out->len += NGX_QUIC_TAG_LEN; out->len += NGX_QUIC_TAG_LEN;
EVP_CIPHER_CTX_free(ctx);
#endif #endif
return NGX_OK; return NGX_OK;
} }
void
ngx_quic_crypto_cleanup(ngx_quic_secret_t *s)
{
if (s->ctx) {
#ifdef OPENSSL_IS_BORINGSSL
EVP_AEAD_CTX_free(s->ctx);
#else
EVP_CIPHER_CTX_free(s->ctx);
#endif
s->ctx = NULL;
}
}
static ngx_int_t static ngx_int_t
ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher, ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
ngx_quic_secret_t *s, u_char *out, u_char *in) ngx_quic_secret_t *s, u_char *out, u_char *in)
@ -666,6 +670,12 @@ ngx_quic_keys_set_encryption_secret(ngx_log_t *log, ngx_uint_t is_write,
} }
} }
if (ngx_quic_crypto_init(ciphers.c, peer_secret, is_write, log)
== NGX_ERROR)
{
return NGX_ERROR;
}
return NGX_OK; return NGX_OK;
} }
@ -675,10 +685,10 @@ ngx_quic_keys_available(ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level, ngx_uint_t is_write) enum ssl_encryption_level_t level, ngx_uint_t is_write)
{ {
if (is_write == 0) { if (is_write == 0) {
return keys->secrets[level].client.key.len != 0; return keys->secrets[level].client.ctx != NULL;
} }
return keys->secrets[level].server.key.len != 0; return keys->secrets[level].server.ctx != NULL;
} }
@ -686,8 +696,13 @@ void
ngx_quic_keys_discard(ngx_quic_keys_t *keys, ngx_quic_keys_discard(ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level) enum ssl_encryption_level_t level)
{ {
keys->secrets[level].client.key.len = 0; ngx_quic_secret_t *client, *server;
keys->secrets[level].server.key.len = 0;
client = &keys->secrets[level].client;
server = &keys->secrets[level].server;
ngx_quic_crypto_cleanup(client);
ngx_quic_crypto_cleanup(server);
} }
@ -699,6 +714,9 @@ ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys)
current = &keys->secrets[ssl_encryption_application]; current = &keys->secrets[ssl_encryption_application];
next = &keys->next_key; next = &keys->next_key;
ngx_quic_crypto_cleanup(&current->client);
ngx_quic_crypto_cleanup(&current->server);
tmp = *current; tmp = *current;
*current = *next; *current = *next;
*next = tmp; *next = tmp;
@ -762,6 +780,16 @@ ngx_quic_keys_update(ngx_event_t *ev)
} }
} }
if (ngx_quic_crypto_init(ciphers.c, &next->client, 0, c->log) == NGX_ERROR)
{
goto failed;
}
if (ngx_quic_crypto_init(ciphers.c, &next->server, 1, c->log) == NGX_ERROR)
{
goto failed;
}
return; return;
failed: failed:
@ -770,6 +798,23 @@ failed:
} }
void
ngx_quic_keys_cleanup(ngx_quic_keys_t *keys)
{
ngx_uint_t i;
ngx_quic_secrets_t *next;
for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) {
ngx_quic_keys_discard(keys, i);
}
next = &keys->next_key;
ngx_quic_crypto_cleanup(&next->client);
ngx_quic_crypto_cleanup(&next->server);
}
static ngx_int_t static ngx_int_t
ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
{ {
@ -801,8 +846,7 @@ ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
ngx_memcpy(nonce, secret->iv.data, secret->iv.len); ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
if (ngx_quic_crypto_seal(ciphers.c, secret, &out, if (ngx_quic_crypto_seal(secret, &out, nonce, &pkt->payload, &ad, pkt->log)
nonce, &pkt->payload, &ad, pkt->log)
!= NGX_OK) != NGX_OK)
{ {
return NGX_ERROR; return NGX_ERROR;
@ -862,13 +906,19 @@ ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
ngx_memcpy(secret.key.data, key, sizeof(key)); ngx_memcpy(secret.key.data, key, sizeof(key));
secret.iv.len = NGX_QUIC_IV_LEN; secret.iv.len = NGX_QUIC_IV_LEN;
if (ngx_quic_crypto_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, if (ngx_quic_crypto_init(ciphers.c, &secret, 1, pkt->log) == NGX_ERROR) {
pkt->log)
!= NGX_OK)
{
return NGX_ERROR; return NGX_ERROR;
} }
if (ngx_quic_crypto_seal(&secret, &itag, nonce, &in, &ad, pkt->log)
!= NGX_OK)
{
ngx_quic_crypto_cleanup(&secret);
return NGX_ERROR;
}
ngx_quic_crypto_cleanup(&secret);
res->len = itag.data + itag.len - start; res->len = itag.data + itag.len - start;
res->data = start; res->data = start;
@ -999,7 +1049,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
u_char *p, *sample; u_char *p, *sample;
size_t len; size_t len;
uint64_t pn, lpn; uint64_t pn, lpn;
ngx_int_t pnl, rc; ngx_int_t pnl;
ngx_str_t in, ad; ngx_str_t in, ad;
ngx_uint_t key_phase; ngx_uint_t key_phase;
ngx_quic_secret_t *secret; ngx_quic_secret_t *secret;
@ -1088,9 +1138,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
pkt->payload.len = in.len - NGX_QUIC_TAG_LEN; pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
pkt->payload.data = pkt->plaintext + ad.len; pkt->payload.data = pkt->plaintext + ad.len;
rc = ngx_quic_crypto_open(ciphers.c, secret, &pkt->payload, if (ngx_quic_crypto_open(secret, &pkt->payload, nonce, &in, &ad, pkt->log)
nonce, &in, &ad, pkt->log); != NGX_OK)
if (rc != NGX_OK) { {
return NGX_DECLINED; return NGX_DECLINED;
} }

12
src/event/quic/ngx_event_quic_protection.h
View File

@ -26,8 +26,10 @@
#ifdef OPENSSL_IS_BORINGSSL #ifdef OPENSSL_IS_BORINGSSL
#define ngx_quic_cipher_t EVP_AEAD #define ngx_quic_cipher_t EVP_AEAD
#define ngx_quic_crypto_ctx_t EVP_AEAD_CTX
#else #else
#define ngx_quic_cipher_t EVP_CIPHER #define ngx_quic_cipher_t EVP_CIPHER
#define ngx_quic_crypto_ctx_t EVP_CIPHER_CTX
#endif #endif
@ -48,6 +50,7 @@ typedef struct {
ngx_quic_md_t key; ngx_quic_md_t key;
ngx_quic_iv_t iv; ngx_quic_iv_t iv;
ngx_quic_md_t hp; ngx_quic_md_t hp;
ngx_quic_crypto_ctx_t *ctx;
} ngx_quic_secret_t; } ngx_quic_secret_t;
@ -100,14 +103,17 @@ void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level); enum ssl_encryption_level_t level);
void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
void ngx_quic_keys_update(ngx_event_t *ev); void ngx_quic_keys_update(ngx_event_t *ev);
void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys);
ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn); void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers, ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
enum ssl_encryption_level_t level); enum ssl_encryption_level_t level);
ngx_int_t ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher,
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_quic_secret_t *s, ngx_int_t enc, ngx_log_t *log);
ngx_str_t *ad, ngx_log_t *log); ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out,
u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s);
ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest, ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest,
ngx_log_t *log); ngx_log_t *log);