[nginx] QUIC: a new constant for AEAD tag length.
Roman Arutyunyan
arut at nginx.com
Tue Jun 20 13:51:24 UTC 2023
details: https://hg.nginx.org/nginx/rev/29a6c0e11f75
branches:
changeset: 9126:29a6c0e11f75
user: Roman Arutyunyan <arut at nginx.com>
date: Fri Jun 09 10:25:54 2023 +0400
description:
QUIC: a new constant for AEAD tag length.
Previously used constant EVP_GCM_TLS_TAG_LEN had misleading name since it was
used not only with GCM, but also with CHACHAPOLY. Now a new constant
NGX_QUIC_TAG_LEN introduced. Luckily all AEAD algorithms used by QUIC have
the same tag length of 16.
diffstat:
src/event/quic/ngx_event_quic_openssl_compat.c | 6 +++---
src/event/quic/ngx_event_quic_protection.c | 18 +++++++++---------
src/event/quic/ngx_event_quic_protection.h | 3 ++-
src/event/quic/ngx_event_quic_transport.c | 6 +++---
4 files changed, 17 insertions(+), 16 deletions(-)
diffs (152 lines):
diff -r 31c8c1a713bc -r 29a6c0e11f75 src/event/quic/ngx_event_quic_openssl_compat.c
--- a/src/event/quic/ngx_event_quic_openssl_compat.c Tue Jun 20 17:01:00 2023 +0400
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c Fri Jun 09 10:25:54 2023 +0400
@@ -445,7 +445,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl
u_char in[NGX_QUIC_COMPAT_RECORD_SIZE + 1];
u_char out[NGX_QUIC_COMPAT_RECORD_SIZE + 1
+ SSL3_RT_HEADER_LENGTH
- + EVP_GCM_TLS_TAG_LEN];
+ + NGX_QUIC_TAG_LEN];
c = ngx_ssl_get_connection(ssl);
@@ -528,7 +528,7 @@ ngx_quic_compat_create_header(ngx_quic_c
} else {
type = SSL3_RT_APPLICATION_DATA;
- len += EVP_GCM_TLS_TAG_LEN;
+ len += NGX_QUIC_TAG_LEN;
}
out[0] = type;
@@ -552,7 +552,7 @@ ngx_quic_compat_create_record(ngx_quic_c
ad.data = res->data;
ad.len = ngx_quic_compat_create_header(rec, ad.data, 0);
- out.len = rec->payload.len + EVP_GCM_TLS_TAG_LEN;
+ out.len = rec->payload.len + NGX_QUIC_TAG_LEN;
out.data = res->data + ad.len;
#ifdef NGX_QUIC_DEBUG_CRYPTO
diff -r 31c8c1a713bc -r 29a6c0e11f75 src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c Tue Jun 20 17:01:00 2023 +0400
+++ b/src/event/quic/ngx_event_quic_protection.c Fri Jun 09 10:25:54 2023 +0400
@@ -406,7 +406,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_
}
if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
- in->len - EVP_GCM_TLS_TAG_LEN)
+ in->len - NGX_QUIC_TAG_LEN)
!= 1)
{
EVP_CIPHER_CTX_free(ctx);
@@ -415,9 +415,9 @@ ngx_quic_tls_open(const ngx_quic_cipher_
}
out->len = len;
- tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
+ tag = in->data + in->len - NGX_QUIC_TAG_LEN;
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, NGX_QUIC_TAG_LEN, tag)
== 0)
{
EVP_CIPHER_CTX_free(ctx);
@@ -519,7 +519,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_
out->len += len;
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, NGX_QUIC_TAG_LEN,
out->data + in->len)
== 0)
{
@@ -531,7 +531,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_
EVP_CIPHER_CTX_free(ctx);
- out->len += EVP_GCM_TLS_TAG_LEN;
+ out->len += NGX_QUIC_TAG_LEN;
#endif
return NGX_OK;
}
@@ -738,7 +738,7 @@ ngx_quic_create_packet(ngx_quic_header_t
ad.data = res->data;
ad.len = ngx_quic_create_header(pkt, ad.data, &pnp);
- out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
+ out.len = pkt->payload.len + NGX_QUIC_TAG_LEN;
out.data = res->data + ad.len;
#ifdef NGX_QUIC_DEBUG_CRYPTO
@@ -802,7 +802,7 @@ ngx_quic_create_retry_packet(ngx_quic_he
ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
itag.data = ad.data + ad.len;
- itag.len = EVP_GCM_TLS_TAG_LEN;
+ itag.len = NGX_QUIC_TAG_LEN;
#ifdef NGX_QUIC_DEBUG_CRYPTO
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
@@ -979,7 +979,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
* AES and ChaCha20 algorithms sample 16 bytes
*/
- if (len < EVP_GCM_TLS_TAG_LEN + 4) {
+ if (len < NGX_QUIC_TAG_LEN + 4) {
return NGX_DECLINED;
}
@@ -1039,7 +1039,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
"quic ad len:%uz %xV", ad.len, &ad);
#endif
- pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
+ pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
pkt->payload.data = pkt->plaintext + ad.len;
rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
diff -r 31c8c1a713bc -r 29a6c0e11f75 src/event/quic/ngx_event_quic_protection.h
--- a/src/event/quic/ngx_event_quic_protection.h Tue Jun 20 17:01:00 2023 +0400
+++ b/src/event/quic/ngx_event_quic_protection.h Fri Jun 09 10:25:54 2023 +0400
@@ -16,8 +16,9 @@
#define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1)
-/* RFC 5116, 5.1 and RFC 8439, 2.3 for all supported ciphers */
+/* RFC 5116, 5.1 and RFC 8439, 2.3/2.5 for all supported ciphers */
#define NGX_QUIC_IV_LEN 12
+#define NGX_QUIC_TAG_LEN 16
/* largest hash used in TLS is SHA-384 */
#define NGX_QUIC_MAX_MD_SIZE 48
diff -r 31c8c1a713bc -r 29a6c0e11f75 src/event/quic/ngx_event_quic_transport.c
--- a/src/event/quic/ngx_event_quic_transport.c Tue Jun 20 17:01:00 2023 +0400
+++ b/src/event/quic/ngx_event_quic_transport.c Fri Jun 09 10:25:54 2023 +0400
@@ -578,7 +578,7 @@ ngx_quic_payload_size(ngx_quic_header_t
if (ngx_quic_short_pkt(pkt->flags)) {
- len = 1 + pkt->dcid.len + pkt->num_len + EVP_GCM_TLS_TAG_LEN;
+ len = 1 + pkt->dcid.len + pkt->num_len + NGX_QUIC_TAG_LEN;
if (len > pkt_len) {
return 0;
}
@@ -596,7 +596,7 @@ ngx_quic_payload_size(ngx_quic_header_t
/* (pkt_len - len) is 'remainder' packet length (see RFC 9000, 17.2) */
len += ngx_quic_varint_len(pkt_len - len)
- + pkt->num_len + EVP_GCM_TLS_TAG_LEN;
+ + pkt->num_len + NGX_QUIC_TAG_LEN;
if (len > pkt_len) {
return 0;
@@ -622,7 +622,7 @@ ngx_quic_create_long_header(ngx_quic_hea
size_t rem_len;
u_char *p, *start;
- rem_len = pkt->num_len + pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
+ rem_len = pkt->num_len + pkt->payload.len + NGX_QUIC_TAG_LEN;
if (out == NULL) {
return 5 + 2 + pkt->dcid.len + pkt->scid.len
More information about the nginx-devel
mailing list