Skip to content
This repository was archived by the owner on Aug 11, 2020. It is now read-only.

Commit 0c0e89d

Browse files
jasnelladdaleax
authored andcommitted
deps: update ngtcp2
PR-URL: #138 Reviewed-By: Anna Henningsen <[email protected]>
1 parent 0088393 commit 0c0e89d

File tree

16 files changed

+2083
-633
lines changed

16 files changed

+2083
-633
lines changed

deps/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h

Lines changed: 513 additions & 0 deletions
Large diffs are not rendered by default.

deps/ngtcp2/crypto/openssl/openssl.c

Lines changed: 374 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,374 @@
1+
/*
2+
* ngtcp2
3+
*
4+
* Copyright (c) 2019 ngtcp2 contributors
5+
*
6+
* Permission is hereby granted, free of charge, to any person obtaining
7+
* a copy of this software and associated documentation files (the
8+
* "Software"), to deal in the Software without restriction, including
9+
* without limitation the rights to use, copy, modify, merge, publish,
10+
* distribute, sublicense, and/or sell copies of the Software, and to
11+
* permit persons to whom the Software is furnished to do so, subject to
12+
* the following conditions:
13+
*
14+
* The above copyright notice and this permission notice shall be
15+
* included in all copies or substantial portions of the Software.
16+
*
17+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18+
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19+
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20+
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21+
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22+
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23+
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
24+
*/
25+
#ifdef HAVE_CONFIG_H
26+
# include <config.h>
27+
#endif /* HAVE_CONFIG_H */
28+
29+
#include <assert.h>
30+
31+
#include <ngtcp2/ngtcp2_crypto.h>
32+
33+
#include <openssl/ssl.h>
34+
#include <openssl/evp.h>
35+
#include <openssl/kdf.h>
36+
37+
ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_initial(ngtcp2_crypto_ctx *ctx) {
38+
ctx->aead.native_handle = (void *)EVP_aes_128_gcm();
39+
ctx->md.native_handle = (void *)EVP_sha256();
40+
ctx->hp.native_handle = (void *)EVP_aes_128_ctr();
41+
return ctx;
42+
}
43+
44+
static const EVP_CIPHER *crypto_ssl_get_aead(SSL *ssl) {
45+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
46+
case TLS1_3_CK_AES_128_GCM_SHA256:
47+
return EVP_aes_128_gcm();
48+
case TLS1_3_CK_AES_256_GCM_SHA384:
49+
return EVP_aes_256_gcm();
50+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
51+
return EVP_chacha20_poly1305();
52+
case TLS1_3_CK_AES_128_CCM_SHA256:
53+
return EVP_aes_128_ccm();
54+
default:
55+
return NULL;
56+
}
57+
}
58+
59+
static const EVP_CIPHER *crypto_ssl_get_hp(SSL *ssl) {
60+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
61+
case TLS1_3_CK_AES_128_GCM_SHA256:
62+
case TLS1_3_CK_AES_128_CCM_SHA256:
63+
return EVP_aes_128_ctr();
64+
case TLS1_3_CK_AES_256_GCM_SHA384:
65+
return EVP_aes_256_ctr();
66+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
67+
return EVP_chacha20();
68+
default:
69+
return NULL;
70+
}
71+
}
72+
73+
static const EVP_MD *crypto_ssl_get_md(SSL *ssl) {
74+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
75+
case TLS1_3_CK_AES_128_GCM_SHA256:
76+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
77+
case TLS1_3_CK_AES_128_CCM_SHA256:
78+
return EVP_sha256();
79+
case TLS1_3_CK_AES_256_GCM_SHA384:
80+
return EVP_sha384();
81+
default:
82+
return NULL;
83+
}
84+
}
85+
86+
ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_tls(ngtcp2_crypto_ctx *ctx,
87+
void *tls_native_handle) {
88+
SSL *ssl = tls_native_handle;
89+
ctx->aead.native_handle = (void *)crypto_ssl_get_aead(ssl);
90+
ctx->md.native_handle = (void *)crypto_ssl_get_md(ssl);
91+
ctx->hp.native_handle = (void *)crypto_ssl_get_hp(ssl);
92+
return ctx;
93+
}
94+
95+
static size_t crypto_aead_keylen(const EVP_CIPHER *aead) {
96+
return (size_t)EVP_CIPHER_key_length(aead);
97+
}
98+
99+
size_t ngtcp2_crypto_aead_keylen(const ngtcp2_crypto_aead *aead) {
100+
return crypto_aead_keylen(aead->native_handle);
101+
}
102+
103+
static size_t crypto_aead_noncelen(const EVP_CIPHER *aead) {
104+
return (size_t)EVP_CIPHER_iv_length(aead);
105+
}
106+
107+
size_t ngtcp2_crypto_aead_noncelen(const ngtcp2_crypto_aead *aead) {
108+
return crypto_aead_noncelen(aead->native_handle);
109+
}
110+
111+
static size_t crypto_aead_taglen(const EVP_CIPHER *aead) {
112+
if (aead == EVP_aes_128_gcm() || aead == EVP_aes_256_gcm()) {
113+
return EVP_GCM_TLS_TAG_LEN;
114+
}
115+
if (aead == EVP_chacha20_poly1305()) {
116+
return EVP_CHACHAPOLY_TLS_TAG_LEN;
117+
}
118+
if (aead == EVP_aes_128_ccm()) {
119+
return EVP_CCM_TLS_TAG_LEN;
120+
}
121+
return 0;
122+
}
123+
124+
size_t ngtcp2_crypto_aead_taglen(const ngtcp2_crypto_aead *aead) {
125+
return crypto_aead_taglen(aead->native_handle);
126+
}
127+
128+
int ngtcp2_crypto_hkdf_extract(uint8_t *dest, size_t destlen,
129+
const ngtcp2_crypto_md *md,
130+
const uint8_t *secret, size_t secretlen,
131+
const uint8_t *salt, size_t saltlen) {
132+
const EVP_MD *prf = md->native_handle;
133+
int rv = 0;
134+
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
135+
if (pctx == NULL) {
136+
return -1;
137+
}
138+
139+
if (EVP_PKEY_derive_init(pctx) != 1 ||
140+
EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != 1 ||
141+
EVP_PKEY_CTX_set_hkdf_md(pctx, prf) != 1 ||
142+
EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, (int)saltlen) != 1 ||
143+
EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, (int)secretlen) != 1 ||
144+
EVP_PKEY_derive(pctx, dest, &destlen) != 1) {
145+
rv = -1;
146+
}
147+
148+
EVP_PKEY_CTX_free(pctx);
149+
150+
return rv;
151+
}
152+
153+
int ngtcp2_crypto_hkdf_expand(uint8_t *dest, size_t destlen,
154+
const ngtcp2_crypto_md *md, const uint8_t *secret,
155+
size_t secretlen, const uint8_t *info,
156+
size_t infolen) {
157+
const EVP_MD *prf = md->native_handle;
158+
int rv = 0;
159+
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
160+
if (pctx == NULL) {
161+
return -1;
162+
}
163+
164+
if (EVP_PKEY_derive_init(pctx) != 1 ||
165+
EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != 1 ||
166+
EVP_PKEY_CTX_set_hkdf_md(pctx, prf) != 1 ||
167+
EVP_PKEY_CTX_set1_hkdf_salt(pctx, "", 0) != 1 ||
168+
EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, (int)secretlen) != 1 ||
169+
EVP_PKEY_CTX_add1_hkdf_info(pctx, info, (int)infolen) != 1 ||
170+
EVP_PKEY_derive(pctx, dest, &destlen) != 1) {
171+
rv = -1;
172+
}
173+
174+
EVP_PKEY_CTX_free(pctx);
175+
176+
return rv;
177+
}
178+
179+
int ngtcp2_crypto_encrypt(uint8_t *dest, const ngtcp2_crypto_aead *aead,
180+
const uint8_t *plaintext, size_t plaintextlen,
181+
const uint8_t *key, const uint8_t *nonce,
182+
size_t noncelen, const uint8_t *ad, size_t adlen) {
183+
const EVP_CIPHER *cipher = aead->native_handle;
184+
size_t taglen = crypto_aead_taglen(cipher);
185+
EVP_CIPHER_CTX *actx;
186+
int rv = 0;
187+
int len;
188+
189+
actx = EVP_CIPHER_CTX_new();
190+
if (actx == NULL) {
191+
return -1;
192+
}
193+
194+
if (!EVP_EncryptInit_ex(actx, cipher, NULL, NULL, NULL) ||
195+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_IVLEN, (int)noncelen,
196+
NULL) ||
197+
(cipher == EVP_aes_128_ccm() &&
198+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen, NULL)) ||
199+
!EVP_EncryptInit_ex(actx, NULL, NULL, key, nonce) ||
200+
(cipher == EVP_aes_128_ccm() &&
201+
!EVP_EncryptUpdate(actx, NULL, &len, NULL, (int)plaintextlen)) ||
202+
!EVP_EncryptUpdate(actx, NULL, &len, ad, (int)adlen) ||
203+
!EVP_EncryptUpdate(actx, dest, &len, plaintext, (int)plaintextlen) ||
204+
!EVP_EncryptFinal_ex(actx, dest + len, &len) ||
205+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_GET_TAG, (int)taglen,
206+
dest + plaintextlen)) {
207+
rv = -1;
208+
}
209+
210+
EVP_CIPHER_CTX_free(actx);
211+
212+
return rv;
213+
}
214+
215+
int ngtcp2_crypto_decrypt(uint8_t *dest, const ngtcp2_crypto_aead *aead,
216+
const uint8_t *ciphertext, size_t ciphertextlen,
217+
const uint8_t *key, const uint8_t *nonce,
218+
size_t noncelen, const uint8_t *ad, size_t adlen) {
219+
const EVP_CIPHER *cipher = aead->native_handle;
220+
size_t taglen = crypto_aead_taglen(cipher);
221+
EVP_CIPHER_CTX *actx;
222+
int rv = 0;
223+
int len;
224+
const uint8_t *tag;
225+
226+
if (taglen > ciphertextlen) {
227+
return -1;
228+
}
229+
230+
ciphertextlen -= taglen;
231+
tag = ciphertext + ciphertextlen;
232+
233+
actx = EVP_CIPHER_CTX_new();
234+
if (actx == NULL) {
235+
return -1;
236+
}
237+
238+
if (!EVP_DecryptInit_ex(actx, cipher, NULL, NULL, NULL) ||
239+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_IVLEN, (int)noncelen,
240+
NULL) ||
241+
(cipher == EVP_aes_128_ccm() &&
242+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen,
243+
(uint8_t *)tag)) ||
244+
!EVP_DecryptInit_ex(actx, NULL, NULL, key, nonce) ||
245+
(cipher == EVP_aes_128_ccm() &&
246+
!EVP_DecryptUpdate(actx, NULL, &len, NULL, (int)ciphertextlen)) ||
247+
!EVP_DecryptUpdate(actx, NULL, &len, ad, (int)adlen) ||
248+
!EVP_DecryptUpdate(actx, dest, &len, ciphertext, (int)ciphertextlen) ||
249+
(cipher != EVP_aes_128_ccm() &&
250+
(!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen,
251+
(uint8_t *)tag) ||
252+
!EVP_DecryptFinal_ex(actx, dest + ciphertextlen, &len)))) {
253+
rv = -1;
254+
}
255+
256+
EVP_CIPHER_CTX_free(actx);
257+
258+
return rv;
259+
}
260+
261+
int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
262+
const uint8_t *hp_key, const uint8_t *sample) {
263+
static const uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00";
264+
const EVP_CIPHER *cipher = hp->native_handle;
265+
EVP_CIPHER_CTX *actx;
266+
int rv = 0;
267+
int len;
268+
269+
actx = EVP_CIPHER_CTX_new();
270+
if (actx == NULL) {
271+
return -1;
272+
}
273+
274+
if (!EVP_EncryptInit_ex(actx, cipher, NULL, hp_key, sample) ||
275+
!EVP_EncryptUpdate(actx, dest, &len, PLAINTEXT, sizeof(PLAINTEXT) - 1) ||
276+
!EVP_EncryptFinal_ex(actx, dest + sizeof(PLAINTEXT) - 1, &len)) {
277+
rv = -1;
278+
}
279+
280+
EVP_CIPHER_CTX_free(actx);
281+
282+
return rv;
283+
}
284+
285+
static OSSL_ENCRYPTION_LEVEL
286+
from_ngtcp2_level(ngtcp2_crypto_level crypto_level) {
287+
switch (crypto_level) {
288+
case NGTCP2_CRYPTO_LEVEL_INITIAL:
289+
return ssl_encryption_initial;
290+
case NGTCP2_CRYPTO_LEVEL_HANDSHAKE:
291+
return ssl_encryption_handshake;
292+
case NGTCP2_CRYPTO_LEVEL_APP:
293+
return ssl_encryption_application;
294+
case NGTCP2_CRYPTO_LEVEL_EARLY:
295+
return ssl_encryption_early_data;
296+
default:
297+
assert(0);
298+
}
299+
}
300+
301+
int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, void *tls,
302+
ngtcp2_crypto_level crypto_level,
303+
const uint8_t *data, size_t datalen) {
304+
SSL *ssl = tls;
305+
int rv;
306+
int err;
307+
308+
if (SSL_provide_quic_data(ssl, from_ngtcp2_level(crypto_level), data,
309+
datalen) != 1) {
310+
return -1;
311+
}
312+
313+
if (!ngtcp2_conn_get_handshake_completed(conn)) {
314+
rv = SSL_do_handshake(ssl);
315+
if (rv <= 0) {
316+
err = SSL_get_error(ssl, rv);
317+
switch (err) {
318+
case SSL_ERROR_WANT_READ:
319+
case SSL_ERROR_WANT_WRITE:
320+
return 0;
321+
case SSL_ERROR_SSL:
322+
return -1;
323+
default:
324+
return -1;
325+
}
326+
}
327+
328+
ngtcp2_conn_handshake_completed(conn);
329+
}
330+
331+
rv = SSL_process_quic_post_handshake(ssl);
332+
if (rv != 1) {
333+
err = SSL_get_error(ssl, rv);
334+
switch (err) {
335+
case SSL_ERROR_WANT_READ:
336+
case SSL_ERROR_WANT_WRITE:
337+
return 0;
338+
case SSL_ERROR_SSL:
339+
case SSL_ERROR_ZERO_RETURN:
340+
return -1;
341+
default:
342+
return -1;
343+
}
344+
}
345+
346+
return 0;
347+
}
348+
349+
int ngtcp2_crypto_set_remote_transport_params(ngtcp2_conn *conn, void *tls,
350+
ngtcp2_crypto_side side) {
351+
SSL *ssl = tls;
352+
ngtcp2_transport_params_type exttype =
353+
side == NGTCP2_CRYPTO_SIDE_CLIENT
354+
? NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS
355+
: NGTCP2_TRANSPORT_PARAMS_TYPE_CLIENT_HELLO;
356+
const uint8_t *tp;
357+
size_t tplen;
358+
ngtcp2_transport_params params;
359+
int rv;
360+
361+
SSL_get_peer_quic_transport_params(ssl, &tp, &tplen);
362+
363+
rv = ngtcp2_decode_transport_params(&params, exttype, tp, tplen);
364+
if (rv != 0) {
365+
return -1;
366+
}
367+
368+
rv = ngtcp2_conn_set_remote_transport_params(conn, &params);
369+
if (rv != 0) {
370+
return -1;
371+
}
372+
373+
return 0;
374+
}

0 commit comments

Comments
 (0)