summaryrefslogtreecommitdiffhomepage
path: root/src/event
diff options
context:
space:
mode:
Diffstat (limited to 'src/event')
-rw-r--r--src/event/ngx_event_openssl.c256
-rw-r--r--src/event/ngx_event_quic.c56
-rw-r--r--src/event/ngx_event_quic.h3
3 files changed, 97 insertions, 218 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 7d12b9625..f9102ecba 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -153,15 +153,6 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
return 0;
}
- size_t hkdfl_len, llen;
- uint8_t hkdfl[20];
- uint8_t *p;
- const char *label;
-#if (NGX_DEBUG)
- u_char buf[512];
- size_t m;
-#endif
-
ngx_str_t *client_key, *client_iv, *client_hp;
ngx_str_t *server_key, *server_iv, *server_hp;
@@ -219,231 +210,60 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
ngx_memcpy(*wsec, write_secret, secret_len);
- // client keys
-
#ifdef OPENSSL_IS_BORINGSSL
client_key->len = EVP_AEAD_key_length(evp);
-#else
- client_key->len = EVP_CIPHER_key_length(evp);
-#endif
- client_key->data = ngx_pnalloc(c->pool, client_key->len);
- if (client_key->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic key";
- llen = sizeof("tls13 quic key") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = client_key->len / 256;
- hkdfl[1] = client_key->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(client_key->data, client_key->len,
- digest, *rsec, *rlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(client_key) failed");
- return 0;
- }
-
- m = ngx_hex_dump(buf, client_key->data, client_key->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic client key: %*s, len: %uz, level: %d",
- m, buf, client_key->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
+ server_key->len = EVP_AEAD_key_length(evp);
-#ifdef OPENSSL_IS_BORINGSSL
client_iv->len = EVP_AEAD_nonce_length(evp);
-#else
- client_iv->len = EVP_CIPHER_iv_length(evp);
-#endif
- client_iv->data = ngx_pnalloc(c->pool, client_iv->len);
- if (client_iv->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic iv";
- llen = sizeof("tls13 quic iv") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = client_iv->len / 256;
- hkdfl[1] = client_iv->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(client_iv->data, client_iv->len,
- digest, *rsec, *rlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(client_iv) failed");
- return 0;
- }
-
- m = ngx_hex_dump(buf, client_iv->data, client_iv->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic client iv: %*s, len: %uz, level: %d",
- m, buf, client_iv->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
+ server_iv->len = EVP_AEAD_nonce_length(evp);
-#ifdef OPENSSL_IS_BORINGSSL
client_hp->len = EVP_AEAD_key_length(evp);
+ server_hp->len = EVP_AEAD_key_length(evp);
#else
- client_hp->len = EVP_CIPHER_key_length(evp);
-#endif
- client_hp->data = ngx_pnalloc(c->pool, client_hp->len);
- if (client_hp->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic hp";
- llen = sizeof("tls13 quic hp") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = client_hp->len / 256;
- hkdfl[1] = client_hp->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(client_hp->data, client_hp->len,
- digest, *rsec, *rlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(client_hp) failed");
- return 0;
- }
-
- m = ngx_hex_dump(buf, client_hp->data, client_hp->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic client hp: %*s, len: %uz, level: %d",
- m, buf, client_hp->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
-
- // server keys
-
-#ifdef OPENSSL_IS_BORINGSSL
- server_key->len = EVP_AEAD_key_length(evp);
-#else
+ client_key->len = EVP_CIPHER_key_length(evp);
server_key->len = EVP_CIPHER_key_length(evp);
-#endif
- server_key->data = ngx_pnalloc(c->pool, server_key->len);
- if (server_key->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic key";
- llen = sizeof("tls13 quic key") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = server_key->len / 256;
- hkdfl[1] = server_key->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(server_key->data, server_key->len,
- digest, *wsec, *wlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(server_key) failed");
- return 0;
- }
- m = ngx_hex_dump(buf, server_key->data, server_key->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic server key: %*s, len: %uz, level: %d",
- m, buf, server_key->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
-
-#ifdef OPENSSL_IS_BORINGSSL
- server_iv->len = EVP_AEAD_nonce_length(evp);
-#else
+ client_iv->len = EVP_CIPHER_iv_length(evp);
server_iv->len = EVP_CIPHER_iv_length(evp);
-#endif
- server_iv->data = ngx_pnalloc(c->pool, server_iv->len);
- if (server_iv->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic iv";
- llen = sizeof("tls13 quic iv") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = server_iv->len / 256;
- hkdfl[1] = server_iv->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(server_iv->data, server_iv->len,
- digest, *wsec, *wlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(server_iv) failed");
- return 0;
- }
- m = ngx_hex_dump(buf, server_iv->data, server_iv->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic server iv: %*s, len: %uz, level: %d",
- m, buf, server_iv->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
-
-#ifdef OPENSSL_IS_BORINGSSL
- server_hp->len = EVP_AEAD_key_length(evp);
-#else
+ client_hp->len = EVP_CIPHER_key_length(evp);
server_hp->len = EVP_CIPHER_key_length(evp);
#endif
- server_hp->data = ngx_pnalloc(c->pool, server_hp->len);
- if (server_hp->data == NULL) {
- return 0;
- }
- label = "tls13 quic hp";
- llen = sizeof("tls13 quic hp") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = server_hp->len / 256;
- hkdfl[1] = server_hp->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(server_hp->data, server_hp->len,
- digest, *wsec, *wlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(server_hp) failed");
- return 0;
+ ngx_str_t rss = {
+ .data = *rsec,
+ .len = *rlen
+ };
+
+ ngx_str_t wss = {
+ .data = *wsec,
+ .len = *wlen
+ };
+
+ struct {
+ ngx_str_t id;
+ ngx_str_t *in;
+ ngx_str_t *prk;
+ } seq[] = {
+ { ngx_string("tls13 quic key"), client_key, &rss },
+ { ngx_string("tls13 quic iv"), client_iv, &rss },
+ { ngx_string("tls13 quic hp"), client_hp, &rss },
+ { ngx_string("tls13 quic key"), server_key, &wss },
+ { ngx_string("tls13 quic iv"), server_iv, &wss },
+ { ngx_string("tls13 quic hp"), server_hp, &wss },
+ };
+
+ ngx_uint_t i;
+
+ for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
+
+ if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1)
+ != NGX_OK)
+ {
+ return 0;
+ }
}
- m = ngx_hex_dump(buf, server_hp->data, server_hp->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic server hp: %*s, len: %uz, level: %d",
- m, buf, server_hp->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
return 1;
}
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index b453d95f8..71261f690 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -120,6 +120,62 @@ ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
ngx_int_t
+ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
+ ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender)
+{
+ uint8_t *p;
+ size_t hkdfl_len;
+ uint8_t hkdfl[20];
+
+#if (NGX_DEBUG)
+ u_char buf[512];
+ size_t m;
+#endif
+
+ out->data = ngx_pnalloc(c->pool, out->len);
+ if (out->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ hkdfl_len = 2 + 1 + name->len + 1;
+
+ if (sender) {
+ hkdfl[0] = out->len / 256;
+ hkdfl[1] = out->len % 256;
+
+ } else {
+ hkdfl[0] = 0;
+ hkdfl[1] = out->len;
+ }
+
+ hkdfl[2] = name->len;
+ p = ngx_cpymem(&hkdfl[3], name->data, name->len);
+ *p = '\0';
+
+ if (ngx_hkdf_expand(out->data, out->len, digest,
+ prk->data, prk->len, hkdfl, hkdfl_len)
+ != NGX_OK)
+ {
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+ "ngx_hkdf_expand(%V) failed", name);
+ return NGX_ERROR;
+ }
+
+ if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
+ m = ngx_hex_dump(buf, out->data, out->len) - buf;
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "%V: %*s, len: %uz", name, m, buf, out->len);
+
+ m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "%V hkdf: %*s, len: %uz", name, m, buf, hkdfl_len);
+ }
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
const u_char *prk, size_t prk_len, const u_char *info, size_t info_len)
{
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
index 1b900208b..21b04d7c1 100644
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -53,6 +53,9 @@ ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
const EVP_MD *digest, const u_char *prk, size_t prk_len,
const u_char *info, size_t info_len);
+ngx_int_t ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest,
+ ngx_str_t *out, ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender);
+
ngx_int_t ngx_quic_tls_open(ngx_connection_t *c,
const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
generated by cgit (git 2.34.1) at 2026-01-07 15:35:13 +0000