One Level Up Top Level

src/event/quic/ngx_event_quic_protection.h - nginx source code

Data types defined

Macros defined

Source code


  2. /*
  3. * Copyright (C) Nginx, Inc.
  4. */


  7. #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
  8. #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_


  11. #include <ngx_config.h>
  12. #include <ngx_core.h>

  14. #include <ngx_event_quic_transport.h>


  17. #define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)

  19. /* RFC 5116, 5.1/5.3 and RFC 8439, 2.3/2.5 for all supported ciphers */
  20. #define NGX_QUIC_IV_LEN               12
  21. #define NGX_QUIC_TAG_LEN              16

  23. /* largest hash used in TLS is SHA-384 */
  24. #define NGX_QUIC_MAX_MD_SIZE          48


  27. #ifdef OPENSSL_IS_BORINGSSL
  28. #define ngx_quic_cipher_t             EVP_AEAD
  29. #define ngx_quic_crypto_ctx_t         EVP_AEAD_CTX
  30. #else
  31. #define ngx_quic_cipher_t             EVP_CIPHER
  32. #define ngx_quic_crypto_ctx_t         EVP_CIPHER_CTX
  33. #endif


  36. typedef struct {
  37.     size_t                    len;
  38.     u_char                    data[NGX_QUIC_MAX_MD_SIZE];
  39. } ngx_quic_md_t;


  42. typedef struct {
  43.     size_t                    len;
  44.     u_char                    data[NGX_QUIC_IV_LEN];
  45. } ngx_quic_iv_t;


  48. typedef struct {
  49.     ngx_quic_md_t             secret;
  50.     ngx_quic_iv_t             iv;
  51.     ngx_quic_md_t             hp;
  52.     ngx_quic_crypto_ctx_t    *ctx;
  53.     EVP_CIPHER_CTX           *hp_ctx;
  54. } ngx_quic_secret_t;


  57. typedef struct {
  58.     ngx_quic_secret_t         client;
  59.     ngx_quic_secret_t         server;
  60. } ngx_quic_secrets_t;


  63. struct ngx_quic_keys_s {
  64.     ngx_quic_secrets_t        secrets[NGX_QUIC_ENCRYPTION_LAST];
  65.     ngx_quic_secrets_t        next_key;
  66.     ngx_uint_t                cipher;
  67. };


  70. typedef struct {
  71.     const ngx_quic_cipher_t  *c;
  72.     const EVP_CIPHER         *hp;
  73.     const EVP_MD             *d;
  74. } ngx_quic_ciphers_t;


  77. typedef struct {
  78.     size_t                    out_len;
  79.     u_char                   *out;

  81.     size_t                    prk_len;
  82.     const uint8_t            *prk;

  84.     size_t                    label_len;
  85.     const u_char             *label;
  86. } ngx_quic_hkdf_t;

  88. #define ngx_quic_hkdf_set(seq, _label, _out, _prk)                            \
  89.     (seq)->out_len = (_out)->len; (seq)->out = (_out)->data;                  \
  90.     (seq)->prk_len = (_prk)->len, (seq)->prk = (_prk)->data,                  \
  91.     (seq)->label_len = (sizeof(_label) - 1); (seq)->label = (u_char *)(_label);


  94. ngx_int_t ngx_quic_keys_set_initial_secret(ngx_quic_keys_t *keys,
  95.     ngx_str_t *secret, ngx_log_t *log);
  96. ngx_int_t ngx_quic_keys_set_encryption_secret(ngx_log_t *log,
  97.     ngx_uint_t is_write, ngx_quic_keys_t *keys,
  98.     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
  99.     const uint8_t *secret, size_t secret_len);
  100. ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
  101.     enum ssl_encryption_level_t level, ngx_uint_t is_write);
  102. void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
  103.     enum ssl_encryption_level_t level);
  104. void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
  105. void ngx_quic_keys_update(ngx_event_t *ev);
  106. void ngx_quic_keys_cleanup(ngx_quic_keys_t *keys);
  107. ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
  108. ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
  109. void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
  110. ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers);
  111. ngx_int_t ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher,
  112.     ngx_quic_secret_t *s, ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log);
  113. ngx_int_t ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out,
  114.     const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log);
  115. void ngx_quic_crypto_cleanup(ngx_quic_secret_t *s);
  116. ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest,
  117.     ngx_log_t *log);


  120. #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */

One Level Up Top Level