aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_openssl.c256
-rw-r--r--src/event/ngx_event_quic.c56
-rw-r--r--src/event/ngx_event_quic.h3
-rw-r--r--src/http/ngx_http_request.c351
4 files changed, 166 insertions, 500 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 7d12b9625..f9102ecba 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -153,15 +153,6 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
return 0;
}
- size_t hkdfl_len, llen;
- uint8_t hkdfl[20];
- uint8_t *p;
- const char *label;
-#if (NGX_DEBUG)
- u_char buf[512];
- size_t m;
-#endif
-
ngx_str_t *client_key, *client_iv, *client_hp;
ngx_str_t *server_key, *server_iv, *server_hp;
@@ -219,231 +210,60 @@ quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
ngx_memcpy(*wsec, write_secret, secret_len);
- // client keys
-
#ifdef OPENSSL_IS_BORINGSSL
client_key->len = EVP_AEAD_key_length(evp);
-#else
- client_key->len = EVP_CIPHER_key_length(evp);
-#endif
- client_key->data = ngx_pnalloc(c->pool, client_key->len);
- if (client_key->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic key";
- llen = sizeof("tls13 quic key") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = client_key->len / 256;
- hkdfl[1] = client_key->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(client_key->data, client_key->len,
- digest, *rsec, *rlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(client_key) failed");
- return 0;
- }
-
- m = ngx_hex_dump(buf, client_key->data, client_key->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic client key: %*s, len: %uz, level: %d",
- m, buf, client_key->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
+ server_key->len = EVP_AEAD_key_length(evp);
-#ifdef OPENSSL_IS_BORINGSSL
client_iv->len = EVP_AEAD_nonce_length(evp);
-#else
- client_iv->len = EVP_CIPHER_iv_length(evp);
-#endif
- client_iv->data = ngx_pnalloc(c->pool, client_iv->len);
- if (client_iv->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic iv";
- llen = sizeof("tls13 quic iv") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = client_iv->len / 256;
- hkdfl[1] = client_iv->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(client_iv->data, client_iv->len,
- digest, *rsec, *rlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(client_iv) failed");
- return 0;
- }
-
- m = ngx_hex_dump(buf, client_iv->data, client_iv->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic client iv: %*s, len: %uz, level: %d",
- m, buf, client_iv->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
+ server_iv->len = EVP_AEAD_nonce_length(evp);
-#ifdef OPENSSL_IS_BORINGSSL
client_hp->len = EVP_AEAD_key_length(evp);
+ server_hp->len = EVP_AEAD_key_length(evp);
#else
- client_hp->len = EVP_CIPHER_key_length(evp);
-#endif
- client_hp->data = ngx_pnalloc(c->pool, client_hp->len);
- if (client_hp->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic hp";
- llen = sizeof("tls13 quic hp") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = client_hp->len / 256;
- hkdfl[1] = client_hp->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(client_hp->data, client_hp->len,
- digest, *rsec, *rlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(client_hp) failed");
- return 0;
- }
-
- m = ngx_hex_dump(buf, client_hp->data, client_hp->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic client hp: %*s, len: %uz, level: %d",
- m, buf, client_hp->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
-
- // server keys
-
-#ifdef OPENSSL_IS_BORINGSSL
- server_key->len = EVP_AEAD_key_length(evp);
-#else
+ client_key->len = EVP_CIPHER_key_length(evp);
server_key->len = EVP_CIPHER_key_length(evp);
-#endif
- server_key->data = ngx_pnalloc(c->pool, server_key->len);
- if (server_key->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic key";
- llen = sizeof("tls13 quic key") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = server_key->len / 256;
- hkdfl[1] = server_key->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(server_key->data, server_key->len,
- digest, *wsec, *wlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(server_key) failed");
- return 0;
- }
- m = ngx_hex_dump(buf, server_key->data, server_key->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic server key: %*s, len: %uz, level: %d",
- m, buf, server_key->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
-
-#ifdef OPENSSL_IS_BORINGSSL
- server_iv->len = EVP_AEAD_nonce_length(evp);
-#else
+ client_iv->len = EVP_CIPHER_iv_length(evp);
server_iv->len = EVP_CIPHER_iv_length(evp);
-#endif
- server_iv->data = ngx_pnalloc(c->pool, server_iv->len);
- if (server_iv->data == NULL) {
- return 0;
- }
-
- label = "tls13 quic iv";
- llen = sizeof("tls13 quic iv") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = server_iv->len / 256;
- hkdfl[1] = server_iv->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(server_iv->data, server_iv->len,
- digest, *wsec, *wlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(server_iv) failed");
- return 0;
- }
- m = ngx_hex_dump(buf, server_iv->data, server_iv->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic server iv: %*s, len: %uz, level: %d",
- m, buf, server_iv->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
-
-#ifdef OPENSSL_IS_BORINGSSL
- server_hp->len = EVP_AEAD_key_length(evp);
-#else
+ client_hp->len = EVP_CIPHER_key_length(evp);
server_hp->len = EVP_CIPHER_key_length(evp);
#endif
- server_hp->data = ngx_pnalloc(c->pool, server_hp->len);
- if (server_hp->data == NULL) {
- return 0;
- }
- label = "tls13 quic hp";
- llen = sizeof("tls13 quic hp") - 1;
- hkdfl_len = 2 + 1 + llen + 1;
- hkdfl[0] = server_hp->len / 256;
- hkdfl[1] = server_hp->len % 256;
- hkdfl[2] = llen;
- p = ngx_cpymem(&hkdfl[3], label, llen);
- *p = '\0';
-
- if (ngx_hkdf_expand(server_hp->data, server_hp->len,
- digest, *wsec, *wlen, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
- "ngx_hkdf_expand(server_hp) failed");
- return 0;
+ ngx_str_t rss = {
+ .data = *rsec,
+ .len = *rlen
+ };
+
+ ngx_str_t wss = {
+ .data = *wsec,
+ .len = *wlen
+ };
+
+ struct {
+ ngx_str_t id;
+ ngx_str_t *in;
+ ngx_str_t *prk;
+ } seq[] = {
+ { ngx_string("tls13 quic key"), client_key, &rss },
+ { ngx_string("tls13 quic iv"), client_iv, &rss },
+ { ngx_string("tls13 quic hp"), client_hp, &rss },
+ { ngx_string("tls13 quic key"), server_key, &wss },
+ { ngx_string("tls13 quic iv"), server_iv, &wss },
+ { ngx_string("tls13 quic hp"), server_hp, &wss },
+ };
+
+ ngx_uint_t i;
+
+ for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
+
+ if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 1)
+ != NGX_OK)
+ {
+ return 0;
+ }
}
- m = ngx_hex_dump(buf, server_hp->data, server_hp->len) - buf;
- ngx_log_debug4(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "quic server hp: %*s, len: %uz, level: %d",
- m, buf, server_hp->len, level);
- m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "hkdf: %*s, len: %uz", m, buf, hkdfl_len);
-
return 1;
}
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index b453d95f8..71261f690 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -120,6 +120,62 @@ ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest,
ngx_int_t
+ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest, ngx_str_t *out,
+ ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender)
+{
+ uint8_t *p;
+ size_t hkdfl_len;
+ uint8_t hkdfl[20];
+
+#if (NGX_DEBUG)
+ u_char buf[512];
+ size_t m;
+#endif
+
+ out->data = ngx_pnalloc(c->pool, out->len);
+ if (out->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ hkdfl_len = 2 + 1 + name->len + 1;
+
+ if (sender) {
+ hkdfl[0] = out->len / 256;
+ hkdfl[1] = out->len % 256;
+
+ } else {
+ hkdfl[0] = 0;
+ hkdfl[1] = out->len;
+ }
+
+ hkdfl[2] = name->len;
+ p = ngx_cpymem(&hkdfl[3], name->data, name->len);
+ *p = '\0';
+
+ if (ngx_hkdf_expand(out->data, out->len, digest,
+ prk->data, prk->len, hkdfl, hkdfl_len)
+ != NGX_OK)
+ {
+ ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
+ "ngx_hkdf_expand(%V) failed", name);
+ return NGX_ERROR;
+ }
+
+ if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
+ m = ngx_hex_dump(buf, out->data, out->len) - buf;
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "%V: %*s, len: %uz", name, m, buf, out->len);
+
+ m = ngx_hex_dump(buf, hkdfl, hkdfl_len) - buf;
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "%V hkdf: %*s, len: %uz", name, m, buf, hkdfl_len);
+ }
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest,
const u_char *prk, size_t prk_len, const u_char *info, size_t info_len)
{
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
index 1b900208b..21b04d7c1 100644
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -53,6 +53,9 @@ ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
const EVP_MD *digest, const u_char *prk, size_t prk_len,
const u_char *info, size_t info_len);
+ngx_int_t ngx_quic_hkdf_expand(ngx_connection_t *c, const EVP_MD *digest,
+ ngx_str_t *out, ngx_str_t *prk, ngx_str_t *name, ngx_uint_t sender);
+
ngx_int_t ngx_quic_tls_open(ngx_connection_t *c,
const ngx_aead_cipher_t *cipher, ngx_quic_secret_t *s, ngx_str_t *out,
u_char *nonce, ngx_str_t *in, ngx_str_t *ad);
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 8fbc20424..7aa5a6408 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -785,6 +785,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
size_t is_len;
uint8_t is[SHA256_DIGEST_LENGTH];
+ ngx_uint_t i;
const EVP_MD *digest;
const ngx_aead_cipher_t *cipher;
static const uint8_t salt[20] =
@@ -804,6 +805,11 @@ ngx_http_quic_handshake(ngx_event_t *rev)
return;
}
+ ngx_str_t iss = {
+ .data = is,
+ .len = is_len
+ };
+
#if (NGX_DEBUG)
if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
m = ngx_hex_dump(buf, (uint8_t *) salt, sizeof(salt)) - buf;
@@ -816,311 +822,92 @@ ngx_http_quic_handshake(ngx_event_t *rev)
}
#endif
- size_t hkdfl_len;
- uint8_t hkdfl[20];
- uint8_t *p;
-
/* draft-ietf-quic-tls-23#section-5.2 */
-
qc->client_in.secret.len = SHA256_DIGEST_LENGTH;
- qc->client_in.secret.data = ngx_pnalloc(c->pool, qc->client_in.secret.len);
- if (qc->client_in.secret.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 client in") - 1 + 1;
- bzero(hkdfl, sizeof(hkdfl));
- hkdfl[0] = 0;
- hkdfl[1] = qc->client_in.secret.len;
- hkdfl[2] = sizeof("tls13 client in") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 client in", sizeof("tls13 client in") - 1);
- *p = '\0';
-
-#if 0
- ngx_memcpy(hkdfl, "\x00\x20\x0f\x74\x6c\x73\x31\x33\x20\x63"
- "\x6c\x69\x65\x6e\x74\x20\x69\x6e\x00\x00", 20);
-
- m = ngx_hex_dump(buf, hkdfl, sizeof(hkdfl)) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic initial secret hkdf: %*s, len: %uz",
- m, buf, sizeof(hkdfl));
-#endif
-
- if (ngx_hkdf_expand(qc->client_in.secret.data, qc->client_in.secret.len,
- digest, is, is_len, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(client_in) failed");
- ngx_http_close_connection(c);
- return;
- }
-
-#ifdef OPENSSL_IS_BORINGSSL
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic EVP key:%d tag:%d nonce:%d",
- EVP_AEAD_key_length(cipher),
- EVP_AEAD_max_tag_len(cipher),
- EVP_AEAD_nonce_length(cipher));
-#endif
-
+ qc->server_in.secret.len = SHA256_DIGEST_LENGTH;
#ifdef OPENSSL_IS_BORINGSSL
qc->client_in.key.len = EVP_AEAD_key_length(cipher);
-#else
- qc->client_in.key.len = EVP_CIPHER_key_length(cipher);
-#endif
- qc->client_in.key.data = ngx_pnalloc(c->pool, qc->client_in.key.len);
- if (qc->client_in.key.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
- hkdfl[1] = qc->client_in.key.len;
- hkdfl[2] = sizeof("tls13 quic key") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
- *p = '\0';
-
- if (ngx_hkdf_expand(qc->client_in.key.data, qc->client_in.key.len,
- digest, qc->client_in.secret.data, qc->client_in.secret.len,
- hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(client_in.key) failed");
- ngx_http_close_connection(c);
- return;
- }
-
-#ifdef OPENSSL_IS_BORINGSSL
- qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher);
-#else
- qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher);
-#endif
- qc->client_in.iv.data = ngx_pnalloc(c->pool, qc->client_in.iv.len);
- if (qc->client_in.iv.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
- hkdfl[1] = qc->client_in.iv.len;
- hkdfl[2] = sizeof("tls13 quic iv") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
- *p = '\0';
-
- if (ngx_hkdf_expand(qc->client_in.iv.data, qc->client_in.iv.len,
- digest, qc->client_in.secret.data, qc->client_in.secret.len,
- hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(client_in.iv) failed");
- ngx_http_close_connection(c);
- return;
- }
-
- /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
+ qc->server_in.key.len = EVP_AEAD_key_length(cipher);
-#ifdef OPENSSL_IS_BORINGSSL
qc->client_in.hp.len = EVP_AEAD_key_length(cipher);
-#else
- qc->client_in.hp.len = EVP_CIPHER_key_length(cipher);
-#endif
- qc->client_in.hp.data = ngx_pnalloc(c->pool, qc->client_in.hp.len);
- if (qc->client_in.hp.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
- hkdfl[1] = qc->client_in.hp.len;
- hkdfl[2] = sizeof("tls13 quic hp") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
- *p = '\0';
-
- if (ngx_hkdf_expand(qc->client_in.hp.data, qc->client_in.hp.len,
- digest, qc->client_in.secret.data, qc->client_in.secret.len,
- hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(client_in.hp) failed");
- ngx_http_close_connection(c);
- return;
- }
-
-#if (NGX_DEBUG)
- if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
- m = ngx_hex_dump(buf, qc->client_in.secret.data, qc->client_in.secret.len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic client initial secret: %*s, len: %uz",
- m, buf, qc->client_in.secret.len);
-
- m = ngx_hex_dump(buf, qc->client_in.key.data, qc->client_in.key.len)
- - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic client key: %*s, len: %uz",
- m, buf, qc->client_in.key.len);
-
- m = ngx_hex_dump(buf, qc->client_in.iv.data, qc->client_in.iv.len)
- - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic client iv: %*s, len: %uz",
- m, buf, qc->client_in.iv.len);
-
- m = ngx_hex_dump(buf, qc->client_in.hp.data, qc->client_in.hp.len)
- - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic client hp: %*s, len: %uz",
- m, buf, qc->client_in.hp.len);
- }
-#endif
-
-// server initial
-
- /* draft-ietf-quic-tls-23#section-5.2 */
-
- qc->server_in.secret.len = SHA256_DIGEST_LENGTH;
- qc->server_in.secret.data = ngx_pnalloc(c->pool, qc->server_in.secret.len);
- if (qc->server_in.secret.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 server in") - 1 + 1;
- hkdfl[0] = 0;
- hkdfl[1] = qc->server_in.secret.len;
- hkdfl[2] = sizeof("tls13 server in") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 server in", sizeof("tls13 server in") - 1);
- *p = '\0';
-
- if (ngx_hkdf_expand(qc->server_in.secret.data, qc->server_in.secret.len,
- digest, is, is_len, hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(server_in) failed");
- ngx_http_close_connection(c);
- return;
- }
-
- /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
+ qc->server_in.hp.len = EVP_AEAD_key_length(cipher);
-#ifdef OPENSSL_IS_BORINGSSL
- qc->server_in.key.len = EVP_AEAD_key_length(cipher);
+ qc->client_in.iv.len = EVP_AEAD_nonce_length(cipher);
+ qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher);
#else
+ qc->client_in.key.len = EVP_CIPHER_key_length(cipher);
qc->server_in.key.len = EVP_CIPHER_key_length(cipher);
-#endif
- qc->server_in.key.data = ngx_pnalloc(c->pool, qc->server_in.key.len);
- if (qc->server_in.key.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 quic key") - 1 + 1;
- hkdfl[1] = qc->server_in.key.len;
- hkdfl[2] = sizeof("tls13 quic key") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 quic key", sizeof("tls13 quic key") - 1);
- *p = '\0';
- if (ngx_hkdf_expand(qc->server_in.key.data, qc->server_in.key.len,
- digest, qc->server_in.secret.data, qc->server_in.secret.len,
- hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(server_in.key) failed");
- ngx_http_close_connection(c);
- return;
- }
+ qc->client_in.hp.len = EVP_CIPHER_key_length(cipher);
+ qc->server_in.hp.len = EVP_CIPHER_key_length(cipher);
-#ifdef OPENSSL_IS_BORINGSSL
- qc->server_in.iv.len = EVP_AEAD_nonce_length(cipher);
-#else
+ qc->client_in.iv.len = EVP_CIPHER_iv_length(cipher);
qc->server_in.iv.len = EVP_CIPHER_iv_length(cipher);
#endif
- qc->server_in.iv.data = ngx_pnalloc(c->pool, qc->server_in.iv.len);
- if (qc->server_in.iv.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 quic iv") - 1 + 1;
- hkdfl[1] = qc->server_in.iv.len;
- hkdfl[2] = sizeof("tls13 quic iv") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 quic iv", sizeof("tls13 quic iv") - 1);
- *p = '\0';
-
- if (ngx_hkdf_expand(qc->server_in.iv.data, qc->server_in.iv.len,
- digest, qc->server_in.secret.data, qc->server_in.secret.len,
- hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(server_in.iv) failed");
- ngx_http_close_connection(c);
- return;
- }
-
- /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
#ifdef OPENSSL_IS_BORINGSSL
- qc->server_in.hp.len = EVP_AEAD_key_length(cipher);
-#else
- qc->server_in.hp.len = EVP_CIPHER_key_length(cipher);
+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
+ "quic EVP key:%d tag:%d nonce:%d",
+ EVP_AEAD_key_length(cipher),
+ EVP_AEAD_max_tag_len(cipher),
+ EVP_AEAD_nonce_length(cipher));
#endif
- qc->server_in.hp.data = ngx_pnalloc(c->pool, qc->server_in.hp.len);
- if (qc->server_in.hp.data == NULL) {
- ngx_http_close_connection(c);
- return;
- }
-
- hkdfl_len = 2 + 1 + sizeof("tls13 quic hp") - 1 + 1;
- hkdfl[1] = qc->server_in.hp.len;
- hkdfl[2] = sizeof("tls13 quic hp") - 1;
- p = ngx_cpymem(&hkdfl[3], "tls13 quic hp", sizeof("tls13 quic hp") - 1);
- *p = '\0';
- if (ngx_hkdf_expand(qc->server_in.hp.data, qc->server_in.hp.len,
- digest, qc->server_in.secret.data, qc->server_in.secret.len,
- hkdfl, hkdfl_len)
- != NGX_OK)
- {
- ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
- "ngx_hkdf_expand(server_in.hp) failed");
- ngx_http_close_connection(c);
- return;
- }
+ struct {
+ ngx_str_t id;
+ ngx_str_t *in;
+ ngx_str_t *prk;
+ } seq[] = {
-#if (NGX_DEBUG)
- if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
- m = ngx_hex_dump(buf, qc->server_in.secret.data, qc->server_in.secret.len) - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic server initial secret: %*s, len: %uz",
- m, buf, qc->server_in.secret.len);
+ /* draft-ietf-quic-tls-23#section-5.2 */
+ { ngx_string("tls13 client in"), &qc->client_in.secret, &iss },
+ {
+ ngx_string("tls13 quic key"),
+ &qc->client_in.key,
+ &qc->client_in.secret,
+ },
+ {
+ ngx_string("tls13 quic iv"),
+ &qc->client_in.iv,
+ &qc->client_in.secret,
+ },
+ {
+ /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
+ ngx_string("tls13 quic hp"),
+ &qc->client_in.hp,
+ &qc->client_in.secret,
+ },
+ { ngx_string("tls13 server in"), &qc->server_in.secret, &iss },
+ {
+ /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
+ ngx_string("tls13 quic key"),
+ &qc->server_in.key,
+ &qc->server_in.secret,
+ },
+ {
+ ngx_string("tls13 quic iv"),
+ &qc->server_in.iv,
+ &qc->server_in.secret,
+ },
+ {
+ /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
+ ngx_string("tls13 quic hp"),
+ &qc->server_in.hp,
+ &qc->server_in.secret
+ },
- m = ngx_hex_dump(buf, qc->server_in.key.data, qc->server_in.key.len)
- - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic server key: %*s, len: %uz",
- m, buf, qc->server_in.key.len);
+ };
- m = ngx_hex_dump(buf, qc->server_in.iv.data, qc->server_in.iv.len)
- - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic server iv: %*s, len: %uz",
- m, buf, qc->server_in.iv.len);
+ for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
- m = ngx_hex_dump(buf, qc->server_in.hp.data, qc->server_in.hp.len)
- - buf;
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
- "quic server hp: %*s, len: %uz",
- m, buf, qc->server_in.hp.len);
+ if (ngx_quic_hkdf_expand(c, digest, seq[i].in, seq[i].prk, &seq[i].id, 0)
+ != NGX_OK)
+ {
+ ngx_http_close_connection(c);
+ return;
+ }
}
-#endif
// header protection
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 05:55:25 +0000