mirror of
https://github.com/nginx/nginx.git
synced 2024-12-13 19:19:00 +08:00
Cleanup.
This commit is contained in:
parent
eb464a7feb
commit
ef8b06b186
@ -98,15 +98,11 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
|||||||
const uint8_t *write_secret, size_t secret_len)
|
const uint8_t *write_secret, size_t secret_len)
|
||||||
{
|
{
|
||||||
u_char *name;
|
u_char *name;
|
||||||
size_t *rlen, *wlen;
|
ngx_uint_t i;
|
||||||
uint8_t **rsec, **wsec;
|
|
||||||
const EVP_MD *digest;
|
const EVP_MD *digest;
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
const EVP_CIPHER *cipher;
|
||||||
const EVP_AEAD *evp;
|
|
||||||
#else
|
|
||||||
const EVP_CIPHER *evp;
|
|
||||||
#endif
|
|
||||||
ngx_connection_t *c;
|
ngx_connection_t *c;
|
||||||
|
ngx_quic_secret_t *client, *server;
|
||||||
|
|
||||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||||
|
|
||||||
@ -134,59 +130,29 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
|||||||
if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
|
if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
|
||||||
|| ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
|
|| ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
cipher = EVP_aes_128_gcm();
|
||||||
evp = EVP_aead_aes_128_gcm();
|
|
||||||
#else
|
|
||||||
evp = EVP_aes_128_gcm();
|
|
||||||
#endif
|
|
||||||
digest = EVP_sha256();
|
digest = EVP_sha256();
|
||||||
|
|
||||||
} else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
|
} else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
cipher = EVP_aes_256_gcm();
|
||||||
evp = EVP_aead_aes_256_gcm();
|
|
||||||
#else
|
|
||||||
evp = EVP_aes_256_gcm();
|
|
||||||
#endif
|
|
||||||
digest = EVP_sha384();
|
digest = EVP_sha384();
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
ngx_ssl_error(NGX_LOG_INFO, c->log, 0, "unexpected cipher");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ngx_str_t *client_key, *client_iv, *client_hp;
|
|
||||||
ngx_str_t *server_key, *server_iv, *server_hp;
|
|
||||||
|
|
||||||
switch (level) {
|
switch (level) {
|
||||||
|
|
||||||
case ssl_encryption_handshake:
|
case ssl_encryption_handshake:
|
||||||
rlen = &c->quic->client_hs.secret.len;
|
client = &c->quic->client_hs;
|
||||||
rsec = &c->quic->client_hs.secret.data;
|
server = &c->quic->server_hs;
|
||||||
wlen = &c->quic->server_hs.secret.len;
|
|
||||||
wsec = &c->quic->server_hs.secret.data;
|
|
||||||
|
|
||||||
client_key = &c->quic->client_hs.key;
|
|
||||||
client_iv = &c->quic->client_hs.iv;
|
|
||||||
client_hp = &c->quic->client_hs.hp;
|
|
||||||
|
|
||||||
server_key = &c->quic->server_hs.key;
|
|
||||||
server_iv = &c->quic->server_hs.iv;
|
|
||||||
server_hp = &c->quic->server_hs.hp;
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ssl_encryption_application:
|
case ssl_encryption_application:
|
||||||
rlen = &c->quic->client_ad.secret.len;
|
client = &c->quic->client_ad;
|
||||||
rsec = &c->quic->client_ad.secret.data;
|
server = &c->quic->server_ad;
|
||||||
wlen = &c->quic->server_ad.secret.len;
|
|
||||||
wsec = &c->quic->server_ad.secret.data;
|
|
||||||
|
|
||||||
client_key = &c->quic->client_ad.key;
|
|
||||||
client_iv = &c->quic->client_ad.iv;
|
|
||||||
client_hp = &c->quic->client_ad.hp;
|
|
||||||
|
|
||||||
server_key = &c->quic->server_ad.key;
|
|
||||||
server_iv = &c->quic->server_ad.iv;
|
|
||||||
server_hp = &c->quic->server_ad.hp;
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -194,70 +160,32 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
*rlen = *wlen = secret_len;
|
client->key.len = EVP_CIPHER_key_length(cipher);
|
||||||
|
server->key.len = EVP_CIPHER_key_length(cipher);
|
||||||
|
|
||||||
*rsec = ngx_pnalloc(c->pool, secret_len);
|
client->iv.len = EVP_CIPHER_iv_length(cipher);
|
||||||
if (*rsec == NULL) {
|
server->iv.len = EVP_CIPHER_iv_length(cipher);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
ngx_memcpy(*rsec, read_secret, secret_len);
|
client->hp.len = EVP_CIPHER_key_length(cipher);
|
||||||
|
server->hp.len = EVP_CIPHER_key_length(cipher);
|
||||||
*wsec = ngx_pnalloc(c->pool, secret_len);
|
|
||||||
if (*wsec == NULL) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
ngx_memcpy(*wsec, write_secret, secret_len);
|
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
client_key->len = EVP_AEAD_key_length(evp);
|
|
||||||
server_key->len = EVP_AEAD_key_length(evp);
|
|
||||||
|
|
||||||
client_iv->len = EVP_AEAD_nonce_length(evp);
|
|
||||||
server_iv->len = EVP_AEAD_nonce_length(evp);
|
|
||||||
|
|
||||||
client_hp->len = EVP_AEAD_key_length(evp);
|
|
||||||
server_hp->len = EVP_AEAD_key_length(evp);
|
|
||||||
#else
|
|
||||||
client_key->len = EVP_CIPHER_key_length(evp);
|
|
||||||
server_key->len = EVP_CIPHER_key_length(evp);
|
|
||||||
|
|
||||||
client_iv->len = EVP_CIPHER_iv_length(evp);
|
|
||||||
server_iv->len = EVP_CIPHER_iv_length(evp);
|
|
||||||
|
|
||||||
client_hp->len = EVP_CIPHER_key_length(evp);
|
|
||||||
server_hp->len = EVP_CIPHER_key_length(evp);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
ngx_str_t rss = {
|
|
||||||
.data = *rsec,
|
|
||||||
.len = *rlen
|
|
||||||
};
|
|
||||||
|
|
||||||
ngx_str_t wss = {
|
|
||||||
.data = *wsec,
|
|
||||||
.len = *wlen
|
|
||||||
};
|
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
ngx_str_t id;
|
ngx_str_t label;
|
||||||
ngx_str_t *in;
|
ngx_str_t *key;
|
||||||
ngx_str_t *prk;
|
const uint8_t *secret;
|
||||||
} seq[] = {
|
} seq[] = {
|
||||||
{ ngx_string("tls13 quic key"), client_key, &rss },
|
{ ngx_string("tls13 quic key"), &client->key, read_secret },
|
||||||
{ ngx_string("tls13 quic iv"), client_iv, &rss },
|
{ ngx_string("tls13 quic iv"), &client->iv, read_secret },
|
||||||
{ ngx_string("tls13 quic hp"), client_hp, &rss },
|
{ ngx_string("tls13 quic hp"), &client->hp, read_secret },
|
||||||
{ ngx_string("tls13 quic key"), server_key, &wss },
|
{ ngx_string("tls13 quic key"), &server->key, write_secret },
|
||||||
{ ngx_string("tls13 quic iv"), server_iv, &wss },
|
{ ngx_string("tls13 quic iv"), &server->iv, write_secret },
|
||||||
{ ngx_string("tls13 quic hp"), server_hp, &wss },
|
{ ngx_string("tls13 quic hp"), &server->hp, write_secret },
|
||||||
};
|
};
|
||||||
|
|
||||||
ngx_uint_t i;
|
|
||||||
|
|
||||||
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
|
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
|
||||||
|
|
||||||
if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1)
|
if (ngx_quic_hkdf_expand(c, digest, seq[i].key, &seq[i].label,
|
||||||
|
seq[i].secret, secret_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
@ -272,21 +200,21 @@ static int
|
|||||||
quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
||||||
enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
|
enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
|
||||||
{
|
{
|
||||||
u_char buf[2048], *p, *name;
|
u_char *p, *pnp, *name, *nonce, *sample;
|
||||||
ngx_int_t m;
|
ngx_int_t m;
|
||||||
ngx_str_t in, out, ad;
|
ngx_str_t in, out, ad;
|
||||||
ngx_quic_secret_t *secret;
|
static int pn;
|
||||||
|
const EVP_CIPHER *cipher;
|
||||||
ngx_connection_t *c;
|
ngx_connection_t *c;
|
||||||
|
ngx_quic_secret_t *secret;
|
||||||
ngx_quic_connection_t *qc;
|
ngx_quic_connection_t *qc;
|
||||||
const ngx_aead_cipher_t *cipher;
|
u_char buf[2048], mask[16];
|
||||||
static int pn = 0;
|
|
||||||
|
|
||||||
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||||
|
qc = c->quic;
|
||||||
|
|
||||||
ngx_ssl_handshake_log(c);
|
ngx_ssl_handshake_log(c);
|
||||||
|
|
||||||
qc = c->quic;
|
|
||||||
|
|
||||||
switch (level) {
|
switch (level) {
|
||||||
|
|
||||||
case ssl_encryption_initial:
|
case ssl_encryption_initial:
|
||||||
@ -355,7 +283,7 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
|||||||
ngx_quic_build_int(&p, 0); // token length
|
ngx_quic_build_int(&p, 0); // token length
|
||||||
}
|
}
|
||||||
ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl)
|
ngx_quic_build_int(&p, out.len + 1); // length (inc. pnl)
|
||||||
u_char *pnp = p;
|
pnp = p;
|
||||||
|
|
||||||
if (level == ssl_encryption_initial) {
|
if (level == ssl_encryption_initial) {
|
||||||
*p++ = 0; // packet number 0
|
*p++ = 0; // packet number 0
|
||||||
@ -377,24 +305,16 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
|||||||
if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
|
if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
|
||||||
|| ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
|
|| ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
cipher = EVP_aead_aes_128_gcm();
|
|
||||||
#else
|
|
||||||
cipher = EVP_aes_128_gcm();
|
cipher = EVP_aes_128_gcm();
|
||||||
#endif
|
|
||||||
|
|
||||||
} else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
|
} else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
cipher = EVP_aead_aes_256_gcm();
|
|
||||||
#else
|
|
||||||
cipher = EVP_aes_256_gcm();
|
cipher = EVP_aes_256_gcm();
|
||||||
#endif
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t *nonce = ngx_pstrdup(c->pool, &secret->iv);
|
nonce = ngx_pstrdup(c->pool, &secret->iv);
|
||||||
if (level == ssl_encryption_handshake) {
|
if (level == ssl_encryption_handshake) {
|
||||||
nonce[11] ^= (pn - 1);
|
nonce[11] ^= (pn - 1);
|
||||||
}
|
}
|
||||||
@ -413,8 +333,7 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
u_char *sample = &out.data[3]; // pnl=0
|
sample = &out.data[3]; // pnl=0
|
||||||
uint8_t mask[16];
|
|
||||||
if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) {
|
if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), secret, mask, sample) != NGX_OK) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -438,8 +357,6 @@ quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
|
|||||||
ad.data[0] ^= mask[0] & 0x0f;
|
ad.data[0] ^= mask[0] & 0x0f;
|
||||||
*pnp ^= mask[1];
|
*pnp ^= mask[1];
|
||||||
|
|
||||||
printf("clear_len %ld ciphertext_len %ld ad_len %ld\n", in.len, out.len, ad.len);
|
|
||||||
|
|
||||||
u_char *packet = ngx_alloc(ad.len + out.len, c->log);
|
u_char *packet = ngx_alloc(ad.len + out.len, c->log);
|
||||||
if (packet == 0) {
|
if (packet == 0) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -462,7 +379,12 @@ printf("clear_len %ld ciphertext_len %ld ad_len %ld\n", in.len, out.len, ad.len)
|
|||||||
static int
|
static int
|
||||||
quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
|
quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
|
||||||
{
|
{
|
||||||
printf("quic_flush_flight()\n");
|
ngx_connection_t *c;
|
||||||
|
|
||||||
|
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||||
|
|
||||||
|
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic_flush_flight()");
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -471,7 +393,14 @@ static int
|
|||||||
quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
|
quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
|
||||||
uint8_t alert)
|
uint8_t alert)
|
||||||
{
|
{
|
||||||
printf("quic_send_alert(), lvl=%d, alert=%d\n", level, alert);
|
ngx_connection_t *c;
|
||||||
|
|
||||||
|
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
|
||||||
|
|
||||||
|
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||||
|
"quic_send_alert(), lvl=%d, alert=%d",
|
||||||
|
(int) level, (int) alert);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1865,7 +1794,6 @@ ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
|
|||||||
#if NGX_OPENSSL_QUIC
|
#if NGX_OPENSSL_QUIC
|
||||||
|
|
||||||
SSL_CTX_set_quic_method(ssl->ctx, &quic_method);
|
SSL_CTX_set_quic_method(ssl->ctx, &quic_method);
|
||||||
printf("%s\n", __func__);
|
|
||||||
return NGX_OK;
|
return NGX_OK;
|
||||||
|
|
||||||
#else
|
#else
|
||||||
|
@ -121,11 +121,11 @@ ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
|
|||||||
|
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
|
ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
|
||||||
ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender)
|
ngx_str_t *label, const uint8_t *prk, size_t prk_len)
|
||||||
{
|
{
|
||||||
uint8_t *p;
|
uint8_t *p;
|
||||||
size_t hkdfl_len;
|
size_t info_len;
|
||||||
uint8_t hkdfl[20];
|
uint8_t info[20];
|
||||||
|
|
||||||
#if (NGX_DEBUG)
|
#if (NGX_DEBUG)
|
||||||
u_char buf[512];
|
u_char buf[512];
|
||||||
@ -137,38 +137,31 @@ ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
hkdfl_len = 2 + 1 + name->len + 1;
|
info_len = 2 + 1 + label->len + 1;
|
||||||
|
|
||||||
if (sender) {
|
info[0] = 0;
|
||||||
hkdfl[0] = out->len / 256;
|
info[1] = out->len;
|
||||||
hkdfl[1] = out->len % 256;
|
info[2] = label->len;
|
||||||
|
p = ngx_cpymem(&info[3], label->data, label->len);
|
||||||
} else {
|
|
||||||
hkdfl[0] = 0;
|
|
||||||
hkdfl[1] = out->len;
|
|
||||||
}
|
|
||||||
|
|
||||||
hkdfl[2] = name->len;
|
|
||||||
p = ngx_cpymem(&hkdfl[3], name->data, name->len);
|
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
if (ngx_hkdf_expand(out->data, out->len, digest,
|
if (ngx_hkdf_expand(out->data, out->len, digest,
|
||||||
prk->data, prk->len, hkdfl, hkdfl_len)
|
prk, prk_len, info, info_len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
|
ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
|
||||||
"ngx_hkdf_expand(%V) failed", name);
|
"ngx_hkdf_expand(%V) failed", label);
|
||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
|
||||||
|
m = ngx_hex_dump(buf, info, info_len) - buf;
|
||||||
|
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||||
|
"%V info: %*s, len: %uz", label, m, buf, info_len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, out->data, out->len) - buf;
|
m = ngx_hex_dump(buf, out->data, out->len) - buf;
|
||||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||||
"%V: %*s, len: %uz", name, m, buf, out->len);
|
"%V key: %*s, len: %uz", label, m, buf, out->len);
|
||||||
|
|
||||||
m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
|
|
||||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
|
||||||
"%V hkdf: %*s, len: %uz", name, m, buf, hkdfl_len);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return NGX_OK;
|
return NGX_OK;
|
||||||
@ -177,7 +170,7 @@ ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
|
|||||||
|
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
|
ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
|
||||||
const u_char *prk, size_t prk_len, const u_char *info, size_t info_len)
|
const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
|
if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
|
||||||
@ -222,7 +215,7 @@ ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
|
|||||||
|
|
||||||
|
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
|
ngx_quic_tls_open(ngx_connection_t *c, const EVP_CIPHER *cipher,
|
||||||
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
|
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
|
||||||
ngx_str_t *ad)
|
ngx_str_t *ad)
|
||||||
{
|
{
|
||||||
@ -232,7 +225,7 @@ ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSLL
|
||||||
EVP_AEAD_CTX *ctx;
|
EVP_AEAD_CTX *ctx;
|
||||||
|
|
||||||
ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
|
ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
|
||||||
@ -327,7 +320,7 @@ ngx_quic_tls_open(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
|
|||||||
|
|
||||||
|
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
ngx_quic_tls_seal(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
|
ngx_quic_tls_seal(ngx_connection_t *c, const EVP_CIPHER *cipher,
|
||||||
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
|
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
|
||||||
ngx_str_t *ad)
|
ngx_str_t *ad)
|
||||||
{
|
{
|
||||||
@ -337,7 +330,7 @@ ngx_quic_tls_seal(ngx_connection_t *c, const ngx_aead_cipher_t *cipher,
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
#ifdef OPENSSL_IS_BORINGSSLL
|
||||||
EVP_AEAD_CTX *ctx;
|
EVP_AEAD_CTX *ctx;
|
||||||
|
|
||||||
ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
|
ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
|
||||||
|
@ -11,15 +11,6 @@
|
|||||||
#include <ngx_event_openssl.h>
|
#include <ngx_event_openssl.h>
|
||||||
|
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
#define ngx_aead_cipher_t EVP_AEAD
|
|
||||||
#define NGX_QUIC_INITIAL_CIPHER EVP_aead_aes_128_gcm()
|
|
||||||
#else
|
|
||||||
#define ngx_aead_cipher_t EVP_CIPHER
|
|
||||||
#define NGX_QUIC_INITIAL_CIPHER EVP_aes_128_gcm()
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
ngx_str_t secret;
|
ngx_str_t secret;
|
||||||
ngx_str_t key;
|
ngx_str_t key;
|
||||||
@ -54,13 +45,13 @@ ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
|
|||||||
const u_char *info, size_t info_len);
|
const u_char *info, size_t info_len);
|
||||||
|
|
||||||
ngx_int_t ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest,
|
ngx_int_t ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest,
|
||||||
ngx_str_t *out, ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender);
|
ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len);
|
||||||
|
|
||||||
ngx_int_t ngx_quic_tls_open(ngx_connection_t *c,
|
ngx_int_t ngx_quic_tls_open(ngx_connection_t *c,
|
||||||
const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
|
const EVP_CIPHER *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
|
||||||
u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
|
u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
|
||||||
ngx_int_t ngx_quic_tls_seal(ngx_connection_t *c,
|
ngx_int_t ngx_quic_tls_seal(ngx_connection_t *c,
|
||||||
const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
|
const EVP_CIPHER *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
|
||||||
u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
|
u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
|
||||||
|
|
||||||
ngx_int_t
|
ngx_int_t
|
||||||
|
@ -706,7 +706,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("ngx_ssl_create\n");
|
|
||||||
if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
|
if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
|
||||||
return NGX_CONF_ERROR;
|
return NGX_CONF_ERROR;
|
||||||
}
|
}
|
||||||
@ -1156,7 +1155,6 @@ ngx_http_ssl_init(ngx_conf_t *cf)
|
|||||||
|
|
||||||
addr = port[p].addrs.elts;
|
addr = port[p].addrs.elts;
|
||||||
for (a = 0; a < port[p].addrs.nelts; a++) {
|
for (a = 0; a < port[p].addrs.nelts; a++) {
|
||||||
printf("ssl %d http3 %d\n", addr[a].opt.ssl, addr[a].opt.http3);
|
|
||||||
|
|
||||||
if (!addr[a].opt.ssl && !addr[a].opt.http3) {
|
if (!addr[a].opt.ssl && !addr[a].opt.http3) {
|
||||||
continue;
|
continue;
|
||||||
@ -1164,7 +1162,6 @@ printf("ssl %d http3 %d\n", addr[a].opt.ssl, addr[a].opt.http3);
|
|||||||
|
|
||||||
cscf = addr[a].default_server;
|
cscf = addr[a].default_server;
|
||||||
sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
|
sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
|
||||||
printf("sscf->protocols %lx\n", sscf->protocols);
|
|
||||||
|
|
||||||
if (sscf->certificates == NULL) {
|
if (sscf->certificates == NULL) {
|
||||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||||
|
@ -678,16 +678,6 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
hc = c->data;
|
hc = c->data;
|
||||||
b = c->buffer;
|
b = c->buffer;
|
||||||
|
|
||||||
qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
|
|
||||||
if (qc == NULL) {
|
|
||||||
ngx_http_close_connection(c);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
c->quic = qc;
|
|
||||||
|
|
||||||
printf("buffer %p %p:%p:%p:%p \n", b, b->start, b->pos, b->last, b->end);
|
|
||||||
|
|
||||||
if ((b->pos[0] & 0xf0) != 0xc0) {
|
if ((b->pos[0] & 0xf0) != 0xc0) {
|
||||||
ngx_log_error(NGX_LOG_INFO, rev->log, 0, "invalid initial packet");
|
ngx_log_error(NGX_LOG_INFO, rev->log, 0, "invalid initial packet");
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
@ -713,6 +703,14 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
|
||||||
|
if (qc == NULL) {
|
||||||
|
ngx_http_close_connection(c);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
c->quic = qc;
|
||||||
|
|
||||||
qc->dcid.len = *b->pos++;
|
qc->dcid.len = *b->pos++;
|
||||||
qc->dcid.data = ngx_pnalloc(c->pool, qc->dcid.len);
|
qc->dcid.data = ngx_pnalloc(c->pool, qc->dcid.len);
|
||||||
if (qc->dcid.data == NULL) {
|
if (qc->dcid.data == NULL) {
|
||||||
@ -787,14 +785,14 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
uint8_t is[SHA256_DIGEST_LENGTH];
|
uint8_t is[SHA256_DIGEST_LENGTH];
|
||||||
ngx_uint_t i;
|
ngx_uint_t i;
|
||||||
const EVP_MD *digest;
|
const EVP_MD *digest;
|
||||||
const ngx_aead_cipher_t *cipher;
|
const EVP_CIPHER *cipher;
|
||||||
static const uint8_t salt[20] =
|
static const uint8_t salt[20] =
|
||||||
"\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7"
|
"\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7"
|
||||||
"\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02";
|
"\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02";
|
||||||
|
|
||||||
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
|
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
|
||||||
|
|
||||||
cipher = NGX_QUIC_INITIAL_CIPHER;
|
cipher = EVP_aes_128_gcm();
|
||||||
digest = EVP_sha256();
|
digest = EVP_sha256();
|
||||||
|
|
||||||
if (ngx_hkdf_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len,
|
if (ngx_hkdf_extract(is, &is_len, digest, qc->dcid.data, qc->dcid.len,
|
||||||
@ -826,16 +824,6 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
qc->client_in.secret.len = SHA256_DIGEST_LENGTH;
|
qc->client_in.secret.len = SHA256_DIGEST_LENGTH;
|
||||||
qc->server_in.secret.len = SHA256_DIGEST_LENGTH;
|
qc->server_in.secret.len = SHA256_DIGEST_LENGTH;
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
qc->client_in.key.len = EVP_AEAD_key_length(cipher);
|
|
||||||
qc->server_in.key.len = EVP_AEAD_key_length(cipher);
|
|
||||||
|
|
||||||
qc->client_in.hp.len = EVP_AEAD_key_length(cipher);
|
|
||||||
qc->server_in.hp.len = EVP_AEAD_key_length(cipher);
|
|
||||||
|
|
||||||
qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher);
|
|
||||||
qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher);
|
|
||||||
#else
|
|
||||||
qc->client_in.key.len = EVP_CIPHER_key_length(cipher);
|
qc->client_in.key.len = EVP_CIPHER_key_length(cipher);
|
||||||
qc->server_in.key.len = EVP_CIPHER_key_length(cipher);
|
qc->server_in.key.len = EVP_CIPHER_key_length(cipher);
|
||||||
|
|
||||||
@ -844,19 +832,10 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
|
|
||||||
qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher);
|
qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher);
|
||||||
qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher);
|
qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher);
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
|
||||||
"quic EVP key:%d tag:%d nonce:%d",
|
|
||||||
EVP_AEAD_key_length(cipher),
|
|
||||||
EVP_AEAD_max_tag_len(cipher),
|
|
||||||
EVP_AEAD_nonce_length(cipher));
|
|
||||||
#endif
|
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
ngx_str_t id;
|
ngx_str_t label;
|
||||||
ngx_str_t *in;
|
ngx_str_t *key;
|
||||||
ngx_str_t *prk;
|
ngx_str_t *prk;
|
||||||
} seq[] = {
|
} seq[] = {
|
||||||
|
|
||||||
@ -894,14 +873,15 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
|
/* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
|
||||||
ngx_string("tls13 quic hp"),
|
ngx_string("tls13 quic hp"),
|
||||||
&qc->server_in.hp,
|
&qc->server_in.hp,
|
||||||
&qc->server_in.secret
|
&qc->server_in.secret,
|
||||||
},
|
},
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
|
for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
|
||||||
|
|
||||||
if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 0)
|
if (ngx_quic_hkdf_expand(c, digest, seq[i].key, &seq[i].label,
|
||||||
|
seq[i].prk->data, seq[i].prk->len)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
@ -973,7 +953,8 @@ ngx_http_quic_handshake(ngx_event_t *rev)
|
|||||||
|
|
||||||
ngx_str_t out;
|
ngx_str_t out;
|
||||||
|
|
||||||
if (ngx_quic_tls_open(c, cipher, &qc->client_in, &out, nonce, &in, &ad)
|
if (ngx_quic_tls_open(c, EVP_aes_128_gcm(), &qc->client_in, &out, nonce,
|
||||||
|
&in, &ad)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
ngx_http_close_connection(c);
|
ngx_http_close_connection(c);
|
||||||
@ -1090,7 +1071,9 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
{
|
{
|
||||||
size_t m;
|
size_t m;
|
||||||
ssize_t n;
|
ssize_t n;
|
||||||
|
ngx_str_t out;
|
||||||
ngx_connection_t *c;
|
ngx_connection_t *c;
|
||||||
|
const EVP_CIPHER *cipher;
|
||||||
ngx_quic_connection_t *qc;
|
ngx_quic_connection_t *qc;
|
||||||
u_char buf[4096], b[512], *p;
|
u_char buf[4096], b[512], *p;
|
||||||
|
|
||||||
@ -1249,8 +1232,6 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
const ngx_aead_cipher_t *cipher;
|
|
||||||
|
|
||||||
u_char *name = (u_char *) SSL_get_cipher(c->ssl->connection);
|
u_char *name = (u_char *) SSL_get_cipher(c->ssl->connection);
|
||||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0,
|
||||||
"quic ssl cipher: %s", name);
|
"quic ssl cipher: %s", name);
|
||||||
@ -1258,18 +1239,10 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
|
if (ngx_strcasecmp(name, (u_char *) "TLS_AES_128_GCM_SHA256") == 0
|
||||||
|| ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
|
|| ngx_strcasecmp(name, (u_char *) "(NONE)") == 0)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
cipher = EVP_aead_aes_128_gcm();
|
|
||||||
#else
|
|
||||||
cipher = EVP_aes_128_gcm();
|
cipher = EVP_aes_128_gcm();
|
||||||
#endif
|
|
||||||
|
|
||||||
} else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
|
} else if (ngx_strcasecmp(name, (u_char *) "TLS_AES_256_GCM_SHA384") == 0) {
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
cipher = EVP_aead_aes_256_gcm();
|
|
||||||
#else
|
|
||||||
cipher = EVP_aes_256_gcm();
|
cipher = EVP_aes_256_gcm();
|
||||||
#endif
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "unexpected cipher");
|
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, "unexpected cipher");
|
||||||
@ -1277,8 +1250,6 @@ ngx_http_quic_handshake_handler(ngx_event_t *rev)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
ngx_str_t out;
|
|
||||||
|
|
||||||
if (ngx_quic_tls_open(c, cipher, &qc->client_hs, &out, nonce, &in, &ad)
|
if (ngx_quic_tls_open(c, cipher, &qc->client_hs, &out, nonce, &in, &ad)
|
||||||
!= NGX_OK)
|
!= NGX_OK)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user