QUIC: a new constant for AEAD tag length.

author Roman Arutyunyan <arut@nginx.com>

Fri, 9 Jun 2023 06:25:54 +0000 (10:25 +0400)

committer Roman Arutyunyan <arut@nginx.com>

Fri, 9 Jun 2023 06:25:54 +0000 (10:25 +0400)
author Roman Arutyunyan <arut@nginx.com>
Fri, 9 Jun 2023 06:25:54 +0000 (10:25 +0400)
committer Roman Arutyunyan <arut@nginx.com>
Fri, 9 Jun 2023 06:25:54 +0000 (10:25 +0400)
diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c

index 63d380e35bd8167bed263681ba9411ef9301cae1..318feda10f3c954e5f46f4d75f0bb6cbdc559978 100644 (file)
--- a/src/event/quic/ngx_event_quic_openssl_compat.c
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c
@@ -445,7 +445,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
      u_char                     in[NGX_QUIC_COMPAT_RECORD_SIZE + 1];
      u_char                     out[NGX_QUIC_COMPAT_RECORD_SIZE + 1
                                     + SSL3_RT_HEADER_LENGTH
-                                   + EVP_GCM_TLS_TAG_LEN];
+                                   + NGX_QUIC_TAG_LEN];
  
      c = ngx_ssl_get_connection(ssl);
  
@@ -528,7 +528,7 @@ ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec, u_char *out,
  
      } else {
          type = SSL3_RT_APPLICATION_DATA;
-        len += EVP_GCM_TLS_TAG_LEN;
+        len += NGX_QUIC_TAG_LEN;
      }
  
      out[0] = type;
@@ -552,7 +552,7 @@ ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res)
      ad.data = res->data;
      ad.len = ngx_quic_compat_create_header(rec, ad.data, 0);
  
-    out.len = rec->payload.len + EVP_GCM_TLS_TAG_LEN;
+    out.len = rec->payload.len + NGX_QUIC_TAG_LEN;
      out.data = res->data + ad.len;
  
  #ifdef NGX_QUIC_DEBUG_CRYPTO
diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c

index 7f772016b0461b1645e5b3d90acf9af7ceb53c3f..9b967ab0f2899c927a544ec36d789fab56a5b7a5 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -406,7 +406,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
      }
  
      if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
-                          in->len - EVP_GCM_TLS_TAG_LEN)
+                          in->len - NGX_QUIC_TAG_LEN)
          != 1)
      {
          EVP_CIPHER_CTX_free(ctx);
@@ -415,9 +415,9 @@ ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
      }
  
      out->len = len;
-    tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
+    tag = in->data + in->len - NGX_QUIC_TAG_LEN;
  
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, NGX_QUIC_TAG_LEN, tag)
          == 0)
      {
          EVP_CIPHER_CTX_free(ctx);
@@ -519,7 +519,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
  
      out->len += len;
  
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, NGX_QUIC_TAG_LEN,
                              out->data + in->len)
          == 0)
      {
@@ -531,7 +531,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
  
      EVP_CIPHER_CTX_free(ctx);
  
-    out->len += EVP_GCM_TLS_TAG_LEN;
+    out->len += NGX_QUIC_TAG_LEN;
  #endif
      return NGX_OK;
  }
@@ -738,7 +738,7 @@ ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
      ad.data = res->data;
      ad.len = ngx_quic_create_header(pkt, ad.data, &pnp);
  
-    out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
+    out.len = pkt->payload.len + NGX_QUIC_TAG_LEN;
      out.data = res->data + ad.len;
  
  #ifdef NGX_QUIC_DEBUG_CRYPTO
@@ -802,7 +802,7 @@ ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
      ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
  
      itag.data = ad.data + ad.len;
-    itag.len = EVP_GCM_TLS_TAG_LEN;
+    itag.len = NGX_QUIC_TAG_LEN;
  
  #ifdef NGX_QUIC_DEBUG_CRYPTO
      ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
@@ -979,7 +979,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
       * AES and ChaCha20 algorithms sample 16 bytes
       */
  
-    if (len < EVP_GCM_TLS_TAG_LEN + 4) {
+    if (len < NGX_QUIC_TAG_LEN + 4) {
          return NGX_DECLINED;
      }
  
@@ -1039,7 +1039,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
                     "quic ad len:%uz %xV", ad.len, &ad);
  #endif
  
-    pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
+    pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
      pkt->payload.data = pkt->plaintext + ad.len;
  
      rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h

index 27f8617d980f3f662ef082e3639fca2833246dff..0cec1d81adc7660dd265d6364f84bb1aed382a1c 100644 (file)
--- a/src/event/quic/ngx_event_quic_protection.h
+++ b/src/event/quic/ngx_event_quic_protection.h
@@ -16,8 +16,9 @@
  
  #define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)
  
-/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
+/* RFC 5116, 5.1 and RFC 8439, 2.3/2.5 for all supported ciphers */
  #define NGX_QUIC_IV_LEN               12
+#define NGX_QUIC_TAG_LEN              16
  
  /* largest hash used in TLS is SHA-384 */
  #define NGX_QUIC_MAX_MD_SIZE          48
diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c

index b663efbe10c16b36fb787fdf263c598ca0a7b837..fafe85f41bd0b0f4982d334ee0f526f5412b6cef 100644 (file)
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -578,7 +578,7 @@ ngx_quic_payload_size(ngx_quic_header_t *pkt, size_t pkt_len)
  
      if (ngx_quic_short_pkt(pkt->flags)) {
  
-        len = 1 + pkt->dcid.len + pkt->num_len + EVP_GCM_TLS_TAG_LEN;
+        len = 1 + pkt->dcid.len + pkt->num_len + NGX_QUIC_TAG_LEN;
          if (len > pkt_len) {
              return 0;
          }
@@ -596,7 +596,7 @@ ngx_quic_payload_size(ngx_quic_header_t *pkt, size_t pkt_len)
  
      /* (pkt_len - len) is 'remainder' packet length (see RFC 9000, 17.2) */
      len += ngx_quic_varint_len(pkt_len - len)
-           + pkt->num_len + EVP_GCM_TLS_TAG_LEN;
+           + pkt->num_len + NGX_QUIC_TAG_LEN;
  
      if (len > pkt_len) {
          return 0;
@@ -622,7 +622,7 @@ ngx_quic_create_long_header(ngx_quic_header_t *pkt, u_char *out,
      size_t   rem_len;
      u_char  *p, *start;
  
-    rem_len = pkt->num_len + pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
+    rem_len = pkt->num_len + pkt->payload.len + NGX_QUIC_TAG_LEN;
  
      if (out == NULL) {
          return 5 + 2 + pkt->dcid.len + pkt->scid.len
author	Roman Arutyunyan <arut@nginx.com>
	Fri, 9 Jun 2023 06:25:54 +0000 (10:25 +0400)
committer	Roman Arutyunyan <arut@nginx.com>
	Fri, 9 Jun 2023 06:25:54 +0000 (10:25 +0400)
src/event/quic/ngx_event_quic_openssl_compat.c		patch \| blob \| history
src/event/quic/ngx_event_quic_protection.c		patch \| blob \| history
src/event/quic/ngx_event_quic_protection.h		patch \| blob \| history
src/event/quic/ngx_event_quic_transport.c		patch \| blob \| history