You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/01/09 03:16:17 UTC

[trafficserver] branch quic-latest updated: Move some code for BoringSSL to not lost them

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/quic-latest by this push:
     new 1cb8e69  Move some code for BoringSSL to not lost them
1cb8e69 is described below

commit 1cb8e693b1341b7b9da260523627dcac15c048c9
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Jan 9 12:14:27 2018 +0900

    Move some code for BoringSSL to not lost them
---
 iocore/net/quic/QUICCrypto_boringssl.cc       | 16 ------
 iocore/net/quic/QUICKeyGenerator_boringssl.cc | 78 +++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 16 deletions(-)

diff --git a/iocore/net/quic/QUICCrypto_boringssl.cc b/iocore/net/quic/QUICCrypto_boringssl.cc
index 2cf16e0..4d848fd 100644
--- a/iocore/net/quic/QUICCrypto_boringssl.cc
+++ b/iocore/net/quic/QUICCrypto_boringssl.cc
@@ -49,22 +49,6 @@ QUICCryptoTls::_get_evp_aead(const SSL_CIPHER *cipher) const
   }
 }
 
-// SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA384 are defind in `ssl/internal.h` of BoringSSL
-const EVP_MD *
-QUICCryptoTls::_get_handshake_digest(const SSL_CIPHER *cipher) const
-{
-  switch (cipher->algorithm_prf) {
-  case 0x2:
-    // SSL_HANDSHAKE_MAC_SHA256:
-    return EVP_sha256();
-  case 0x4:
-    // SSL_HANDSHAKE_MAC_SHA384:
-    return EVP_sha384();
-  default:
-    return nullptr;
-  }
-}
-
 size_t
 QUICCryptoTls::_get_aead_tag_len(const SSL_CIPHER * /* cipher */) const
 {
diff --git a/iocore/net/quic/QUICKeyGenerator_boringssl.cc b/iocore/net/quic/QUICKeyGenerator_boringssl.cc
new file mode 100644
index 0000000..2f11aab
--- /dev/null
+++ b/iocore/net/quic/QUICKeyGenerator_boringssl.cc
@@ -0,0 +1,78 @@
+/** @file
+ *
+ *  A key generator for QUIC connection (BoringSSL specific parts)
+ *
+ *  @section license License
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+#include "ts/ink_assert.h"
+#include "QUICKeyGenerator.h"
+
+#include <openssl/ssl.h>
+size_t
+QUICKeyGenerator::_get_key_len(const QUIC_EVP_CIPHER *cipher) const
+{
+  return EVP_AEAD_key_length(cipher);
+}
+
+size_t
+QUICKeyGenerator::_get_iv_len(const QUIC_EVP_CIPHER *cipher) const
+{
+  return EVP_AEAD_nonce_length(cipher);
+}
+
+const QUIC_EVP_CIPHER *
+QUICKeyGenerator::_get_cipher_for_cleartext() const
+{
+  return EVP_aes_128_gcm();
+  return EVP_aead_aes_128_gcm();
+}
+
+const QUIC_EVP_CIPHER *
+QUICKeyGenerator::_get_cipher_for_protected_packet(const SSL *ssl) const
+{
+  ink_assert(SSL_CIPHER_is_AEAD(ssl));
+
+  if (SSL_CIPHER_is_AES128GCM(ssl)) {
+    return EVP_aead_aes_128_gcm();
+  } else if ((cipher->algorithm_enc & 0x00000010L) != 0) {
+    // SSL_AES256GCM is 0x00000010L ( defined in `ssl/internal.h` ).
+    // There're no `SSL_CIPHER_is_AES256GCM(const SSL_CIPHER *cipher)`.
+    return EVP_aead_aes_256_gcm();
+  } else if (SSL_CIPHER_is_CHACHA20POLY1305(ssl)) {
+    return EVP_aead_chacha20_poly1305();
+  } else {
+    return nullptr;
+  }
+}
+
+// SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA384 are defind in `ssl/internal.h` of BoringSSL
+const EVP_MD *
+QUICKeyGenerator::_get_handshake_digest(const SSL *ssl) const
+{
+  switch (ssl->algorithm_prf) {
+  case 0x2:
+    // SSL_HANDSHAKE_MAC_SHA256:
+    return EVP_sha256();
+  case 0x4:
+    // SSL_HANDSHAKE_MAC_SHA384:
+    return EVP_sha384();
+  default:
+    return nullptr;
+  }
+}

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].