From 74caa0eece1cc3a8b35f1d34674ea5f357819314 Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Fri, 30 Aug 2024 14:14:24 +0200 Subject: [PATCH] MINOR: quic: Implement quic_tls_derive_token_secret(). This is function is similar to quic_tls_derive_retry_token_secret(). Its aim is to derive the secret used to cipher the token to be used for future connections. This patch renames quic_tls_derive_retry_token_secret() to a more and reuses its code to produce a more generic one: quic_do_tls_derive_token_secret(). Two arguments are added to this latter to produce both quic_tls_derive_retry_token_secret() and quic_tls_derive_token_secret() new function which calls quic_do_tls_derive_token_secret(). --- include/haproxy/quic_tls.h | 6 +++++ src/quic_tls.c | 47 ++++++++++++++++++++++++++++++-------- 2 files changed, 44 insertions(+), 9 deletions(-) diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h index 757b78fb4..d8bdf7134 100644 --- a/include/haproxy/quic_tls.h +++ b/include/haproxy/quic_tls.h @@ -90,6 +90,12 @@ int quic_tls_derive_retry_token_secret(const EVP_MD *md, const unsigned char *salt, size_t saltlen, const unsigned char *secret, size_t secretlen); +int quic_tls_derive_token_secret(const EVP_MD *md, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen, + const unsigned char *salt, size_t saltlen, + const unsigned char *secret, size_t secretlen); + int quic_hkdf_expand(const EVP_MD *md, unsigned char *buf, size_t buflen, const unsigned char *key, size_t keylen, diff --git a/src/quic_tls.c b/src/quic_tls.c index e1f5f2175..af087dc76 100644 --- a/src/quic_tls.c +++ b/src/quic_tls.c @@ -950,27 +950,56 @@ int quic_tls_decrypt2(unsigned char *out, * with which is not pseudo-random. * Return 1 if succeeded, 0 if not. */ -int quic_tls_derive_retry_token_secret(const EVP_MD *md, - unsigned char *key, size_t keylen, - unsigned char *iv, size_t ivlen, - const unsigned char *salt, size_t saltlen, - const unsigned char *secret, size_t secretlen) +static inline int quic_do_tls_derive_token_secret(const EVP_MD *md, unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen, + const unsigned char *salt, size_t saltlen, + const unsigned char *secret, size_t secretlen, + const unsigned char *klabel, size_t klabellen, + const unsigned char *ivlabel, size_t ivlabellen) { unsigned char tmpkey[QUIC_TLS_KEY_LEN]; - const unsigned char key_label[] = "retry token key"; - const unsigned char iv_label[] = "retry token iv"; if (!quic_hkdf_extract(md, tmpkey, sizeof tmpkey, secret, secretlen, salt, saltlen) || !quic_hkdf_expand(md, key, keylen, tmpkey, sizeof tmpkey, - key_label, sizeof key_label - 1) || + klabel, klabellen) || !quic_hkdf_expand(md, iv, ivlen, tmpkey, sizeof tmpkey, - iv_label, sizeof iv_label - 1)) + ivlabel, ivlabellen)) return 0; return 1; } +int quic_tls_derive_retry_token_secret(const EVP_MD *md, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen, + const unsigned char *salt, size_t saltlen, + const unsigned char *secret, size_t secretlen) +{ + const unsigned char key_label[] = "retry token key"; + const unsigned char iv_label[] = "retry token iv"; + + return quic_do_tls_derive_token_secret(md, key, keylen, iv, ivlen, + salt, saltlen, secret, secretlen, + key_label, sizeof(key_label) - 1, + iv_label, sizeof(iv_label) -1); +} + +int quic_tls_derive_token_secret(const EVP_MD *md, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen, + const unsigned char *salt, size_t saltlen, + const unsigned char *secret, size_t secretlen) +{ + const unsigned char key_label[] = "token key"; + const unsigned char iv_label[] = "token iv"; + + return quic_do_tls_derive_token_secret(md, key, keylen, iv, ivlen, + salt, saltlen, secret, secretlen, + key_label, sizeof(key_label) - 1, + iv_label, sizeof(iv_label) -1); +} + /* Generate the AEAD tag for the Retry packet of bytes and * write it to . The tag is written just after the area. It should * be at least 16 bytes longs. is the CID of the Initial packet -- 2.47.3