TLS Early Data key derivation support.

author Sergey Kandaurov <pluknet@nginx.com>

Wed, 1 Apr 2020 10:27:42 +0000 (13:27 +0300)

committer Sergey Kandaurov <pluknet@nginx.com>

Wed, 1 Apr 2020 10:27:42 +0000 (13:27 +0300)
author Sergey Kandaurov <pluknet@nginx.com>
Wed, 1 Apr 2020 10:27:42 +0000 (13:27 +0300)
committer Sergey Kandaurov <pluknet@nginx.com>
Wed, 1 Apr 2020 10:27:42 +0000 (13:27 +0300)
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c

index be86cf3bcd08a27cf3098d63705b9f5bffe22ca8..98474b3dcfb826c7d803d7d3349a221e7ffedfe5 100644 (file)
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -195,7 +195,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
      c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
  
      ngx_quic_hexdump(c->log, "level:%d read", rsecret, secret_len, level);
-    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
  
      rc = ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                          rsecret, secret_len,
@@ -204,6 +203,12 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
          return rc;
      }
  
+    if (level == ssl_encryption_early_data) {
+        return 1;
+    }
+
+    ngx_quic_hexdump(c->log, "level:%d write", wsecret, secret_len, level);
+
      return ngx_quic_set_encryption_secret(c->pool, ssl_conn, level,
                                            wsecret, secret_len,
                                            &c->quic->secrets.server);
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c

index 10c94ff9b48959d2d3a64dab9611b306aa02f159..ba846e63e8e8ed19c30e1e2092dd6536ad4cf16f 100644 (file)
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -620,6 +620,10 @@ ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn,
  
      switch (level) {
  
+    case ssl_encryption_early_data:
+        peer_secret = &qsec->ed;
+        break;
+
      case ssl_encryption_handshake:
          peer_secret = &qsec->hs;
          break;
diff --git a/src/event/ngx_event_quic_protection.h b/src/event/ngx_event_quic_protection.h

index 2763375e4cf342310bacfc6371966a07ecfa4a0c..cf9cd479d53aa1c2b2c2c99cce339e4fae5d8d1b 100644 (file)
--- a/src/event/ngx_event_quic_protection.h
+++ b/src/event/ngx_event_quic_protection.h
@@ -18,6 +18,7 @@ typedef struct ngx_quic_secret_s {
  
  typedef struct {
      ngx_quic_secret_t         in;
+    ngx_quic_secret_t         ed;
      ngx_quic_secret_t         hs;
      ngx_quic_secret_t         ad;
  } ngx_quic_peer_secrets_t;
author	Sergey Kandaurov <pluknet@nginx.com>
	Wed, 1 Apr 2020 10:27:42 +0000 (13:27 +0300)
committer	Sergey Kandaurov <pluknet@nginx.com>
	Wed, 1 Apr 2020 10:27:42 +0000 (13:27 +0300)
src/event/ngx_event_quic.c		patch \| blob \| history
src/event/ngx_event_quic_protection.c		patch \| blob \| history
src/event/ngx_event_quic_protection.h		patch \| blob \| history