You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/03/18 12:15:47 UTC
[trafficserver] branch quic-latest updated: Use negotiated cipher
suite
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push:
new 5f04fd1 Use negotiated cipher suite
5f04fd1 is described below
commit 5f04fd1bc14d79e920c36ceb87d1615b855aacc8
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Sun Mar 18 21:13:46 2018 +0900
Use negotiated cipher suite
It was broken when we add 0rtt support because the logic checked whether
handshake is complete.
---
iocore/net/quic/QUICTLS.cc | 16 +++-----
iocore/net/quic/QUICTLS.h | 22 +++++-----
iocore/net/quic/QUICTLS_openssl.cc | 82 ++++++++++++++++++++++----------------
3 files changed, 67 insertions(+), 53 deletions(-)
diff --git a/iocore/net/quic/QUICTLS.cc b/iocore/net/quic/QUICTLS.cc
index 46ac529..949a916 100644
--- a/iocore/net/quic/QUICTLS.cc
+++ b/iocore/net/quic/QUICTLS.cc
@@ -191,9 +191,6 @@ QUICTLS::initialize_key_materials(QUICConnectionId cid)
}
this->_server_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT);
- // Update algorithm
- this->_aead = _get_evp_aead();
-
return 1;
}
@@ -242,9 +239,6 @@ QUICTLS::update_key_materials()
}
this->_server_pp->set_key(std::move(km), next_key_phase);
- // Update algorithm
- this->_aead = _get_evp_aead();
-
return 1;
}
@@ -307,14 +301,15 @@ QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, con
return false;
}
- size_t tag_len = this->_get_aead_tag_len();
+ size_t tag_len = this->_get_aead_tag_len(phase);
const KeyMaterial *km = pp->get_key(phase);
if (!km) {
Debug(tag, "Failed to encrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
return false;
}
+ const EVP_CIPHER *aead = this->_get_evp_aead(phase);
- bool ret = _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad, ad_len, *km, tag_len);
+ bool ret = _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad, ad_len, *km, aead, tag_len);
if (!ret) {
Debug(tag, "Failed to encrypt a packet: pkt_num=%" PRIu64, pkt_num);
}
@@ -342,13 +337,14 @@ QUICTLS::decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
return false;
}
- size_t tag_len = this->_get_aead_tag_len();
+ size_t tag_len = this->_get_aead_tag_len(phase);
const KeyMaterial *km = pp->get_key(phase);
if (!km) {
Debug(tag, "Failed to decrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
return false;
}
- bool ret = _decrypt(plain, plain_len, max_plain_len, cipher, cipher_len, pkt_num, ad, ad_len, *km, tag_len);
+ const EVP_CIPHER *aead = this->_get_evp_aead(phase);
+ bool ret = _decrypt(plain, plain_len, max_plain_len, cipher, cipher_len, pkt_num, ad, ad_len, *km, aead, tag_len);
if (!ret) {
Debug(tag, "Failed to decrypt a packet: pkt_num=%" PRIu64, pkt_num);
}
diff --git a/iocore/net/quic/QUICTLS.h b/iocore/net/quic/QUICTLS.h
index 4c6ebef..0cbf520 100644
--- a/iocore/net/quic/QUICTLS.h
+++ b/iocore/net/quic/QUICTLS.h
@@ -64,21 +64,25 @@ private:
#ifdef OPENSSL_IS_BORINGSSL
const EVP_AEAD *_get_evp_aead() const;
#else
- const EVP_CIPHER *_get_evp_aead() const;
+ const EVP_CIPHER *_get_evp_aead(QUICKeyPhase phase) const;
#endif // OPENSSL_IS_BORINGSSL
- size_t _get_aead_tag_len() const;
+ size_t _get_aead_tag_len(QUICKeyPhase phase) const;
+#ifdef OPENSSL_IS_BORINGSSL
bool _encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len,
- uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, size_t tag_len) const;
+ uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_AEAD *aead,
+ size_t tag_len) const;
bool _decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t *cipher, size_t cipher_len, uint64_t pkt_num,
- const uint8_t *ad, size_t ad_len, const KeyMaterial &km, size_t tag_len) const;
-
- SSL *_ssl = nullptr;
-#ifdef OPENSSL_IS_BORINGSSL
- const EVP_AEAD *_aead = nullptr;
+ const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_AEAD *aead, size_t tag_len) const;
#else
- const EVP_CIPHER *_aead = nullptr;
+ bool _encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len,
+ uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_CIPHER *aead,
+ size_t tag_len) const;
+ bool _decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t *cipher, size_t cipher_len, uint64_t pkt_num,
+ const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_CIPHER *aead, size_t tag_len) const;
#endif // OPENSSL_IS_BORINGSSL
+
+ SSL *_ssl = nullptr;
QUICPacketProtection *_client_pp = nullptr;
QUICPacketProtection *_server_pp = nullptr;
NetVConnectionContext_t _netvc_context = NET_VCONNECTION_UNSET;
diff --git a/iocore/net/quic/QUICTLS_openssl.cc b/iocore/net/quic/QUICTLS_openssl.cc
index 7dafc65..c92116a 100644
--- a/iocore/net/quic/QUICTLS_openssl.cc
+++ b/iocore/net/quic/QUICTLS_openssl.cc
@@ -31,54 +31,67 @@
static constexpr char tag[] = "quic_tls";
const EVP_CIPHER *
-QUICTLS::_get_evp_aead() const
+QUICTLS::_get_evp_aead(QUICKeyPhase phase) const
{
- if (this->is_handshake_finished()) {
- switch (SSL_CIPHER_get_id(SSL_get_current_cipher(this->_ssl))) {
- case TLS1_3_CK_AES_128_GCM_SHA256:
- return EVP_aes_128_gcm();
- case TLS1_3_CK_AES_256_GCM_SHA384:
- return EVP_aes_256_gcm();
- case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
- return EVP_chacha20_poly1305();
- case TLS1_3_CK_AES_128_CCM_SHA256:
- case TLS1_3_CK_AES_128_CCM_8_SHA256:
- return EVP_aes_128_ccm();
- default:
+ if (phase == QUICKeyPhase::CLEARTEXT) {
+ return EVP_aes_128_gcm();
+ } else {
+ const SSL_CIPHER *cipher = SSL_get_current_cipher(this->_ssl);
+ if (cipher) {
+ switch (SSL_CIPHER_get_id(cipher)) {
+ case TLS1_3_CK_AES_128_GCM_SHA256:
+ return EVP_aes_128_gcm();
+ case TLS1_3_CK_AES_256_GCM_SHA384:
+ return EVP_aes_256_gcm();
+ case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
+ return EVP_chacha20_poly1305();
+ case TLS1_3_CK_AES_128_CCM_SHA256:
+ case TLS1_3_CK_AES_128_CCM_8_SHA256:
+ return EVP_aes_128_ccm();
+ default:
+ ink_assert(false);
+ return nullptr;
+ }
+ } else {
ink_assert(false);
return nullptr;
}
- } else {
- return EVP_aes_128_gcm();
}
}
size_t
-QUICTLS::_get_aead_tag_len() const
+QUICTLS::_get_aead_tag_len(QUICKeyPhase phase) const
{
- if (this->is_handshake_finished()) {
- switch (SSL_CIPHER_get_id(SSL_get_current_cipher(this->_ssl))) {
- case TLS1_3_CK_AES_128_GCM_SHA256:
- case TLS1_3_CK_AES_256_GCM_SHA384:
- return EVP_GCM_TLS_TAG_LEN;
- case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
- return EVP_CHACHAPOLY_TLS_TAG_LEN;
- case TLS1_3_CK_AES_128_CCM_SHA256:
- return EVP_CCM_TLS_TAG_LEN;
- case TLS1_3_CK_AES_128_CCM_8_SHA256:
- return EVP_CCM8_TLS_TAG_LEN;
- default:
+ if (phase == QUICKeyPhase::CLEARTEXT) {
+ return EVP_GCM_TLS_TAG_LEN;
+ } else {
+ const SSL_CIPHER *cipher = SSL_get_current_cipher(this->_ssl);
+ if (cipher) {
+ switch (SSL_CIPHER_get_id(cipher)) {
+ case TLS1_3_CK_AES_128_GCM_SHA256:
+ case TLS1_3_CK_AES_256_GCM_SHA384:
+ return EVP_GCM_TLS_TAG_LEN;
+ case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
+ return EVP_CHACHAPOLY_TLS_TAG_LEN;
+ case TLS1_3_CK_AES_128_CCM_SHA256:
+ return EVP_CCM_TLS_TAG_LEN;
+ case TLS1_3_CK_AES_128_CCM_8_SHA256:
+ return EVP_CCM8_TLS_TAG_LEN;
+ default:
+ ink_assert(false);
+ return -1;
+ }
+ } else {
ink_assert(false);
return -1;
}
- } else {
- return EVP_GCM_TLS_TAG_LEN;
}
}
bool
QUICTLS::_encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len,
- uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, size_t tag_len) const
+ uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_CIPHER *aead,
+ size_t tag_len) const
{
uint8_t nonce[EVP_MAX_IV_LENGTH] = {0};
size_t nonce_len = 0;
@@ -90,7 +103,7 @@ QUICTLS::_encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, co
if (!(aead_ctx = EVP_CIPHER_CTX_new())) {
return false;
}
- if (!EVP_EncryptInit_ex(aead_ctx, this->_aead, nullptr, nullptr, nullptr)) {
+ if (!EVP_EncryptInit_ex(aead_ctx, aead, nullptr, nullptr, nullptr)) {
return false;
}
if (!EVP_CIPHER_CTX_ctrl(aead_ctx, EVP_CTRL_AEAD_SET_IVLEN, nonce_len, nullptr)) {
@@ -127,7 +140,8 @@ QUICTLS::_encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, co
bool
QUICTLS::_decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t *cipher, size_t cipher_len,
- uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, size_t tag_len) const
+ uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_CIPHER *aead,
+ size_t tag_len) const
{
uint8_t nonce[EVP_MAX_IV_LENGTH] = {0};
size_t nonce_len = 0;
@@ -139,7 +153,7 @@ QUICTLS::_decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
if (!(aead_ctx = EVP_CIPHER_CTX_new())) {
return false;
}
- if (!EVP_DecryptInit_ex(aead_ctx, this->_aead, nullptr, nullptr, nullptr)) {
+ if (!EVP_DecryptInit_ex(aead_ctx, aead, nullptr, nullptr, nullptr)) {
return false;
}
if (!EVP_CIPHER_CTX_ctrl(aead_ctx, EVP_CTRL_AEAD_SET_IVLEN, nonce_len, nullptr)) {
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.