protocol-quic 0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data/ext/ngtcp2/AUTHORS +44 -0
- data/ext/ngtcp2/CMakeLists.txt +431 -0
- data/ext/ngtcp2/CMakeOptions.txt +17 -0
- data/ext/ngtcp2/COPYING +22 -0
- data/ext/ngtcp2/ChangeLog +0 -0
- data/ext/ngtcp2/Makefile.am +60 -0
- data/ext/ngtcp2/NEWS +0 -0
- data/ext/ngtcp2/README +1 -0
- data/ext/ngtcp2/README.rst +258 -0
- data/ext/ngtcp2/ci/build_boringssl.sh +10 -0
- data/ext/ngtcp2/ci/build_nghttp3.sh +9 -0
- data/ext/ngtcp2/ci/build_openssl1.sh +8 -0
- data/ext/ngtcp2/ci/build_openssl1_cross.sh +9 -0
- data/ext/ngtcp2/ci/build_openssl3.sh +8 -0
- data/ext/ngtcp2/ci/build_picotls.sh +26 -0
- data/ext/ngtcp2/ci/build_wolfssl.sh +9 -0
- data/ext/ngtcp2/ci/gen-certificate.sh +8 -0
- data/ext/ngtcp2/cmake/ExtractValidFlags.cmake +31 -0
- data/ext/ngtcp2/cmake/FindCUnit.cmake +40 -0
- data/ext/ngtcp2/cmake/FindJemalloc.cmake +40 -0
- data/ext/ngtcp2/cmake/FindLibev.cmake +38 -0
- data/ext/ngtcp2/cmake/FindLibnghttp3.cmake +41 -0
- data/ext/ngtcp2/cmake/Findwolfssl.cmake +41 -0
- data/ext/ngtcp2/cmake/Version.cmake +11 -0
- data/ext/ngtcp2/cmakeconfig.h.in +36 -0
- data/ext/ngtcp2/configure.ac +755 -0
- data/ext/ngtcp2/crypto/CMakeLists.txt +56 -0
- data/ext/ngtcp2/crypto/Makefile.am +49 -0
- data/ext/ngtcp2/crypto/boringssl/CMakeLists.txt +64 -0
- data/ext/ngtcp2/crypto/boringssl/Makefile.am +39 -0
- data/ext/ngtcp2/crypto/boringssl/boringssl.c +630 -0
- data/ext/ngtcp2/crypto/boringssl/libngtcp2_crypto_boringssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/gnutls/CMakeLists.txt +86 -0
- data/ext/ngtcp2/crypto/gnutls/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/gnutls/gnutls.c +644 -0
- data/ext/ngtcp2/crypto/gnutls/libngtcp2_crypto_gnutls.pc.in +33 -0
- data/ext/ngtcp2/crypto/includes/CMakeLists.txt +56 -0
- data/ext/ngtcp2/crypto/includes/Makefile.am +45 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h +893 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_boringssl.h +104 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_gnutls.h +107 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_openssl.h +132 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_picotls.h +246 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_wolfssl.h +106 -0
- data/ext/ngtcp2/crypto/openssl/CMakeLists.txt +86 -0
- data/ext/ngtcp2/crypto/openssl/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/openssl/libngtcp2_crypto_openssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/openssl/openssl.c +807 -0
- data/ext/ngtcp2/crypto/picotls/CMakeLists.txt +65 -0
- data/ext/ngtcp2/crypto/picotls/Makefile.am +39 -0
- data/ext/ngtcp2/crypto/picotls/libngtcp2_crypto_picotls.pc.in +33 -0
- data/ext/ngtcp2/crypto/picotls/picotls.c +707 -0
- data/ext/ngtcp2/crypto/shared.c +1431 -0
- data/ext/ngtcp2/crypto/shared.h +350 -0
- data/ext/ngtcp2/crypto/wolfssl/CMakeLists.txt +84 -0
- data/ext/ngtcp2/crypto/wolfssl/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/wolfssl/libngtcp2_crypto_wolfssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/wolfssl/wolfssl.c +534 -0
- data/ext/ngtcp2/doc/Makefile.am +65 -0
- data/ext/ngtcp2/doc/make.bat +35 -0
- data/ext/ngtcp2/doc/mkapiref.py +356 -0
- data/ext/ngtcp2/doc/source/conf.py.in +94 -0
- data/ext/ngtcp2/doc/source/index.rst +22 -0
- data/ext/ngtcp2/doc/source/programmers-guide.rst +476 -0
- data/ext/ngtcp2/docker/Dockerfile +39 -0
- data/ext/ngtcp2/examples/CMakeLists.txt +361 -0
- data/ext/ngtcp2/examples/Makefile.am +228 -0
- data/ext/ngtcp2/examples/client.cc +3049 -0
- data/ext/ngtcp2/examples/client.h +192 -0
- data/ext/ngtcp2/examples/client_base.cc +202 -0
- data/ext/ngtcp2/examples/client_base.h +213 -0
- data/ext/ngtcp2/examples/debug.cc +298 -0
- data/ext/ngtcp2/examples/debug.h +124 -0
- data/ext/ngtcp2/examples/examplestest.cc +84 -0
- data/ext/ngtcp2/examples/gtlssimpleclient.c +720 -0
- data/ext/ngtcp2/examples/h09client.cc +2601 -0
- data/ext/ngtcp2/examples/h09client.h +196 -0
- data/ext/ngtcp2/examples/h09server.cc +3024 -0
- data/ext/ngtcp2/examples/h09server.h +237 -0
- data/ext/ngtcp2/examples/http.cc +138 -0
- data/ext/ngtcp2/examples/http.h +44 -0
- data/ext/ngtcp2/examples/network.h +80 -0
- data/ext/ngtcp2/examples/server.cc +3731 -0
- data/ext/ngtcp2/examples/server.h +256 -0
- data/ext/ngtcp2/examples/server_base.cc +58 -0
- data/ext/ngtcp2/examples/server_base.h +195 -0
- data/ext/ngtcp2/examples/shared.cc +385 -0
- data/ext/ngtcp2/examples/shared.h +96 -0
- data/ext/ngtcp2/examples/simpleclient.c +683 -0
- data/ext/ngtcp2/examples/template.h +71 -0
- data/ext/ngtcp2/examples/tests/README.rst +60 -0
- data/ext/ngtcp2/examples/tests/__init__.py +0 -0
- data/ext/ngtcp2/examples/tests/config.ini.in +32 -0
- data/ext/ngtcp2/examples/tests/conftest.py +28 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/__init__.py +6 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/certs.py +476 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/client.py +187 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/env.py +191 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/log.py +101 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/server.py +137 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/tls.py +983 -0
- data/ext/ngtcp2/examples/tests/test_01_handshake.py +30 -0
- data/ext/ngtcp2/examples/tests/test_02_resume.py +46 -0
- data/ext/ngtcp2/examples/tests/test_03_earlydata.py +56 -0
- data/ext/ngtcp2/examples/tests/test_04_clientcert.py +57 -0
- data/ext/ngtcp2/examples/tests/test_05_ciphers.py +46 -0
- data/ext/ngtcp2/examples/tls_client_context.h +52 -0
- data/ext/ngtcp2/examples/tls_client_context_boringssl.cc +126 -0
- data/ext/ngtcp2/examples/tls_client_context_boringssl.h +49 -0
- data/ext/ngtcp2/examples/tls_client_context_gnutls.cc +74 -0
- data/ext/ngtcp2/examples/tls_client_context_gnutls.h +50 -0
- data/ext/ngtcp2/examples/tls_client_context_openssl.cc +137 -0
- data/ext/ngtcp2/examples/tls_client_context_openssl.h +49 -0
- data/ext/ngtcp2/examples/tls_client_context_picotls.cc +158 -0
- data/ext/ngtcp2/examples/tls_client_context_picotls.h +53 -0
- data/ext/ngtcp2/examples/tls_client_context_wolfssl.cc +177 -0
- data/ext/ngtcp2/examples/tls_client_context_wolfssl.h +51 -0
- data/ext/ngtcp2/examples/tls_client_session.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_boringssl.cc +110 -0
- data/ext/ngtcp2/examples/tls_client_session_boringssl.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_gnutls.cc +190 -0
- data/ext/ngtcp2/examples/tls_client_session_gnutls.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_openssl.cc +113 -0
- data/ext/ngtcp2/examples/tls_client_session_openssl.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_picotls.cc +147 -0
- data/ext/ngtcp2/examples/tls_client_session_picotls.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_wolfssl.cc +160 -0
- data/ext/ngtcp2/examples/tls_client_session_wolfssl.h +52 -0
- data/ext/ngtcp2/examples/tls_server_context.h +52 -0
- data/ext/ngtcp2/examples/tls_server_context_boringssl.cc +257 -0
- data/ext/ngtcp2/examples/tls_server_context_boringssl.h +54 -0
- data/ext/ngtcp2/examples/tls_server_context_gnutls.cc +99 -0
- data/ext/ngtcp2/examples/tls_server_context_gnutls.h +59 -0
- data/ext/ngtcp2/examples/tls_server_context_openssl.cc +338 -0
- data/ext/ngtcp2/examples/tls_server_context_openssl.h +54 -0
- data/ext/ngtcp2/examples/tls_server_context_picotls.cc +321 -0
- data/ext/ngtcp2/examples/tls_server_context_picotls.h +58 -0
- data/ext/ngtcp2/examples/tls_server_context_wolfssl.cc +284 -0
- data/ext/ngtcp2/examples/tls_server_context_wolfssl.h +55 -0
- data/ext/ngtcp2/examples/tls_server_session.h +52 -0
- data/ext/ngtcp2/examples/tls_server_session_boringssl.cc +84 -0
- data/ext/ngtcp2/examples/tls_server_session_boringssl.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_gnutls.cc +155 -0
- data/ext/ngtcp2/examples/tls_server_session_gnutls.h +46 -0
- data/ext/ngtcp2/examples/tls_server_session_openssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_server_session_openssl.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_picotls.cc +70 -0
- data/ext/ngtcp2/examples/tls_server_session_picotls.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_wolfssl.cc +55 -0
- data/ext/ngtcp2/examples/tls_server_session_wolfssl.h +47 -0
- data/ext/ngtcp2/examples/tls_session_base_gnutls.cc +87 -0
- data/ext/ngtcp2/examples/tls_session_base_gnutls.h +51 -0
- data/ext/ngtcp2/examples/tls_session_base_openssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_session_base_openssl.h +52 -0
- data/ext/ngtcp2/examples/tls_session_base_picotls.cc +56 -0
- data/ext/ngtcp2/examples/tls_session_base_picotls.h +54 -0
- data/ext/ngtcp2/examples/tls_session_base_wolfssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_session_base_wolfssl.h +54 -0
- data/ext/ngtcp2/examples/tls_shared_picotls.cc +59 -0
- data/ext/ngtcp2/examples/tls_shared_picotls.h +36 -0
- data/ext/ngtcp2/examples/util.cc +646 -0
- data/ext/ngtcp2/examples/util.h +361 -0
- data/ext/ngtcp2/examples/util_gnutls.cc +136 -0
- data/ext/ngtcp2/examples/util_openssl.cc +131 -0
- data/ext/ngtcp2/examples/util_test.cc +237 -0
- data/ext/ngtcp2/examples/util_test.h +45 -0
- data/ext/ngtcp2/examples/util_wolfssl.cc +130 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/ack +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/ack_ecn +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/connection_close +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/crypto +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/data_blocked +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/datagram +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/datagram_len +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_data +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_stream_data +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_streams +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/new_connection_id +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/new_token +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/path_challenge +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/path_response +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/reset_stream +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/retire_connection_id +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stop_sending +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream_data_blocked +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream_len +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/streams_blocked +0 -0
- data/ext/ngtcp2/fuzz/corpus/ksl/random +0 -0
- data/ext/ngtcp2/fuzz/decode_frame.cc +25 -0
- data/ext/ngtcp2/fuzz/ksl.cc +77 -0
- data/ext/ngtcp2/interop/Dockerfile +39 -0
- data/ext/ngtcp2/interop/run_endpoint.sh +93 -0
- data/ext/ngtcp2/lib/CMakeLists.txt +110 -0
- data/ext/ngtcp2/lib/Makefile.am +122 -0
- data/ext/ngtcp2/lib/includes/CMakeLists.txt +4 -0
- data/ext/ngtcp2/lib/includes/Makefile.am +25 -0
- data/ext/ngtcp2/lib/includes/ngtcp2/ngtcp2.h +5843 -0
- data/ext/ngtcp2/lib/includes/ngtcp2/version.h.in +51 -0
- data/ext/ngtcp2/lib/libngtcp2.pc.in +33 -0
- data/ext/ngtcp2/lib/ngtcp2_acktr.c +335 -0
- data/ext/ngtcp2/lib/ngtcp2_acktr.h +221 -0
- data/ext/ngtcp2/lib/ngtcp2_addr.c +117 -0
- data/ext/ngtcp2/lib/ngtcp2_addr.h +69 -0
- data/ext/ngtcp2/lib/ngtcp2_balloc.c +90 -0
- data/ext/ngtcp2/lib/ngtcp2_balloc.h +91 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr.c +693 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr.h +157 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr2.c +1490 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr2.h +149 -0
- data/ext/ngtcp2/lib/ngtcp2_buf.c +56 -0
- data/ext/ngtcp2/lib/ngtcp2_buf.h +108 -0
- data/ext/ngtcp2/lib/ngtcp2_cc.c +616 -0
- data/ext/ngtcp2/lib/ngtcp2_cc.h +422 -0
- data/ext/ngtcp2/lib/ngtcp2_cid.c +147 -0
- data/ext/ngtcp2/lib/ngtcp2_cid.h +175 -0
- data/ext/ngtcp2/lib/ngtcp2_conn.c +13731 -0
- data/ext/ngtcp2/lib/ngtcp2_conn.h +1119 -0
- data/ext/ngtcp2/lib/ngtcp2_conn_stat.h +131 -0
- data/ext/ngtcp2/lib/ngtcp2_conv.c +291 -0
- data/ext/ngtcp2/lib/ngtcp2_conv.h +208 -0
- data/ext/ngtcp2/lib/ngtcp2_crypto.c +895 -0
- data/ext/ngtcp2/lib/ngtcp2_crypto.h +148 -0
- data/ext/ngtcp2/lib/ngtcp2_err.c +154 -0
- data/ext/ngtcp2/lib/ngtcp2_err.h +34 -0
- data/ext/ngtcp2/lib/ngtcp2_gaptr.c +167 -0
- data/ext/ngtcp2/lib/ngtcp2_gaptr.h +98 -0
- data/ext/ngtcp2/lib/ngtcp2_idtr.c +79 -0
- data/ext/ngtcp2/lib/ngtcp2_idtr.h +89 -0
- data/ext/ngtcp2/lib/ngtcp2_ksl.c +819 -0
- data/ext/ngtcp2/lib/ngtcp2_ksl.h +345 -0
- data/ext/ngtcp2/lib/ngtcp2_log.c +822 -0
- data/ext/ngtcp2/lib/ngtcp2_log.h +123 -0
- data/ext/ngtcp2/lib/ngtcp2_macro.h +58 -0
- data/ext/ngtcp2/lib/ngtcp2_map.c +336 -0
- data/ext/ngtcp2/lib/ngtcp2_map.h +136 -0
- data/ext/ngtcp2/lib/ngtcp2_mem.c +113 -0
- data/ext/ngtcp2/lib/ngtcp2_mem.h +72 -0
- data/ext/ngtcp2/lib/ngtcp2_net.h +136 -0
- data/ext/ngtcp2/lib/ngtcp2_objalloc.c +40 -0
- data/ext/ngtcp2/lib/ngtcp2_objalloc.h +140 -0
- data/ext/ngtcp2/lib/ngtcp2_opl.c +46 -0
- data/ext/ngtcp2/lib/ngtcp2_opl.h +65 -0
- data/ext/ngtcp2/lib/ngtcp2_path.c +77 -0
- data/ext/ngtcp2/lib/ngtcp2_path.h +49 -0
- data/ext/ngtcp2/lib/ngtcp2_pkt.c +2527 -0
- data/ext/ngtcp2/lib/ngtcp2_pkt.h +1235 -0
- data/ext/ngtcp2/lib/ngtcp2_pmtud.c +160 -0
- data/ext/ngtcp2/lib/ngtcp2_pmtud.h +123 -0
- data/ext/ngtcp2/lib/ngtcp2_ppe.c +230 -0
- data/ext/ngtcp2/lib/ngtcp2_ppe.h +153 -0
- data/ext/ngtcp2/lib/ngtcp2_pq.c +164 -0
- data/ext/ngtcp2/lib/ngtcp2_pq.h +126 -0
- data/ext/ngtcp2/lib/ngtcp2_pv.c +172 -0
- data/ext/ngtcp2/lib/ngtcp2_pv.h +194 -0
- data/ext/ngtcp2/lib/ngtcp2_qlog.c +1219 -0
- data/ext/ngtcp2/lib/ngtcp2_qlog.h +161 -0
- data/ext/ngtcp2/lib/ngtcp2_range.c +61 -0
- data/ext/ngtcp2/lib/ngtcp2_range.h +80 -0
- data/ext/ngtcp2/lib/ngtcp2_rcvry.h +40 -0
- data/ext/ngtcp2/lib/ngtcp2_ringbuf.c +121 -0
- data/ext/ngtcp2/lib/ngtcp2_ringbuf.h +132 -0
- data/ext/ngtcp2/lib/ngtcp2_rob.c +319 -0
- data/ext/ngtcp2/lib/ngtcp2_rob.h +197 -0
- data/ext/ngtcp2/lib/ngtcp2_rst.c +138 -0
- data/ext/ngtcp2/lib/ngtcp2_rst.h +86 -0
- data/ext/ngtcp2/lib/ngtcp2_rtb.c +1676 -0
- data/ext/ngtcp2/lib/ngtcp2_rtb.h +468 -0
- data/ext/ngtcp2/lib/ngtcp2_str.c +233 -0
- data/ext/ngtcp2/lib/ngtcp2_str.h +94 -0
- data/ext/ngtcp2/lib/ngtcp2_strm.c +698 -0
- data/ext/ngtcp2/lib/ngtcp2_strm.h +310 -0
- data/ext/ngtcp2/lib/ngtcp2_unreachable.c +71 -0
- data/ext/ngtcp2/lib/ngtcp2_unreachable.h +46 -0
- data/ext/ngtcp2/lib/ngtcp2_vec.c +243 -0
- data/ext/ngtcp2/lib/ngtcp2_vec.h +120 -0
- data/ext/ngtcp2/lib/ngtcp2_version.c +39 -0
- data/ext/ngtcp2/lib/ngtcp2_window_filter.c +99 -0
- data/ext/ngtcp2/lib/ngtcp2_window_filter.h +65 -0
- data/ext/ngtcp2/m4/ax_check_compile_flag.m4 +74 -0
- data/ext/ngtcp2/m4/ax_cxx_compile_stdcxx.m4 +1009 -0
- data/ext/ngtcp2/tests/CMakeLists.txt +68 -0
- data/ext/ngtcp2/tests/Makefile.am +94 -0
- data/ext/ngtcp2/tests/main.c +358 -0
- data/ext/ngtcp2/tests/ngtcp2_acktr_test.c +367 -0
- data/ext/ngtcp2/tests/ngtcp2_acktr_test.h +37 -0
- data/ext/ngtcp2/tests/ngtcp2_conn_test.c +9821 -0
- data/ext/ngtcp2/tests/ngtcp2_conn_test.h +104 -0
- data/ext/ngtcp2/tests/ngtcp2_conv_test.c +430 -0
- data/ext/ngtcp2/tests/ngtcp2_conv_test.h +46 -0
- data/ext/ngtcp2/tests/ngtcp2_crypto_test.c +667 -0
- data/ext/ngtcp2/tests/ngtcp2_crypto_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_gaptr_test.c +127 -0
- data/ext/ngtcp2/tests/ngtcp2_gaptr_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_idtr_test.c +79 -0
- data/ext/ngtcp2/tests/ngtcp2_idtr_test.h +34 -0
- data/ext/ngtcp2/tests/ngtcp2_ksl_test.c +502 -0
- data/ext/ngtcp2/tests/ngtcp2_ksl_test.h +39 -0
- data/ext/ngtcp2/tests/ngtcp2_map_test.c +206 -0
- data/ext/ngtcp2/tests/ngtcp2_map_test.h +38 -0
- data/ext/ngtcp2/tests/ngtcp2_pkt_test.c +1645 -0
- data/ext/ngtcp2/tests/ngtcp2_pkt_test.h +68 -0
- data/ext/ngtcp2/tests/ngtcp2_pmtud_test.c +153 -0
- data/ext/ngtcp2/tests/ngtcp2_pmtud_test.h +34 -0
- data/ext/ngtcp2/tests/ngtcp2_pv_test.c +129 -0
- data/ext/ngtcp2/tests/ngtcp2_pv_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_range_test.c +105 -0
- data/ext/ngtcp2/tests/ngtcp2_range_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_ringbuf_test.c +91 -0
- data/ext/ngtcp2/tests/ngtcp2_ringbuf_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_rob_test.c +552 -0
- data/ext/ngtcp2/tests/ngtcp2_rob_test.h +37 -0
- data/ext/ngtcp2/tests/ngtcp2_rtb_test.c +470 -0
- data/ext/ngtcp2/tests/ngtcp2_rtb_test.h +38 -0
- data/ext/ngtcp2/tests/ngtcp2_str_test.c +96 -0
- data/ext/ngtcp2/tests/ngtcp2_str_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_strm_test.c +575 -0
- data/ext/ngtcp2/tests/ngtcp2_strm_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_test_helper.c +404 -0
- data/ext/ngtcp2/tests/ngtcp2_test_helper.h +191 -0
- data/ext/ngtcp2/tests/ngtcp2_vec_test.c +426 -0
- data/ext/ngtcp2/tests/ngtcp2_vec_test.h +36 -0
- data/ext/ngtcp2/third-party/CMakeLists.txt +34 -0
- data/ext/ngtcp2/third-party/Makefile.am +31 -0
- data/ext/ngtcp2/third-party/http-parser/AUTHORS +68 -0
- data/ext/ngtcp2/third-party/http-parser/LICENSE-MIT +23 -0
- data/ext/ngtcp2/third-party/http-parser/Makefile +157 -0
- data/ext/ngtcp2/third-party/http-parser/README.md +246 -0
- data/ext/ngtcp2/third-party/http-parser/bench.c +111 -0
- data/ext/ngtcp2/third-party/http-parser/contrib/parsertrace.c +160 -0
- data/ext/ngtcp2/third-party/http-parser/contrib/url_parser.c +47 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.c +2419 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.gyp +111 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.h +431 -0
- data/ext/ngtcp2/third-party/http-parser/test.c +4411 -0
- data/lib/protocol/quic/version.rb +10 -0
- data/lib/protocol/quic.rb +9 -0
- data/license.md +21 -0
- data.tar.gz.sig +1 -0
- metadata +424 -0
- metadata.gz.sig +1 -0
|
@@ -0,0 +1,807 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* ngtcp2
|
|
3
|
+
*
|
|
4
|
+
* Copyright (c) 2019 ngtcp2 contributors
|
|
5
|
+
*
|
|
6
|
+
* Permission is hereby granted, free of charge, to any person obtaining
|
|
7
|
+
* a copy of this software and associated documentation files (the
|
|
8
|
+
* "Software"), to deal in the Software without restriction, including
|
|
9
|
+
* without limitation the rights to use, copy, modify, merge, publish,
|
|
10
|
+
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
11
|
+
* permit persons to whom the Software is furnished to do so, subject to
|
|
12
|
+
* the following conditions:
|
|
13
|
+
*
|
|
14
|
+
* The above copyright notice and this permission notice shall be
|
|
15
|
+
* included in all copies or substantial portions of the Software.
|
|
16
|
+
*
|
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
18
|
+
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
19
|
+
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
20
|
+
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
21
|
+
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
22
|
+
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
23
|
+
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
24
|
+
*/
|
|
25
|
+
#ifdef HAVE_CONFIG_H
|
|
26
|
+
# include <config.h>
|
|
27
|
+
#endif /* HAVE_CONFIG_H */
|
|
28
|
+
|
|
29
|
+
#include <assert.h>
|
|
30
|
+
|
|
31
|
+
#include <ngtcp2/ngtcp2_crypto.h>
|
|
32
|
+
#include <ngtcp2/ngtcp2_crypto_openssl.h>
|
|
33
|
+
|
|
34
|
+
#include <openssl/ssl.h>
|
|
35
|
+
#include <openssl/evp.h>
|
|
36
|
+
#include <openssl/kdf.h>
|
|
37
|
+
#include <openssl/rand.h>
|
|
38
|
+
|
|
39
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
40
|
+
# include <openssl/core_names.h>
|
|
41
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
42
|
+
|
|
43
|
+
#include "shared.h"
|
|
44
|
+
|
|
45
|
+
static size_t crypto_aead_max_overhead(const EVP_CIPHER *aead) {
|
|
46
|
+
switch (EVP_CIPHER_nid(aead)) {
|
|
47
|
+
case NID_aes_128_gcm:
|
|
48
|
+
case NID_aes_256_gcm:
|
|
49
|
+
return EVP_GCM_TLS_TAG_LEN;
|
|
50
|
+
case NID_chacha20_poly1305:
|
|
51
|
+
return EVP_CHACHAPOLY_TLS_TAG_LEN;
|
|
52
|
+
case NID_aes_128_ccm:
|
|
53
|
+
return EVP_CCM_TLS_TAG_LEN;
|
|
54
|
+
default:
|
|
55
|
+
assert(0);
|
|
56
|
+
abort(); /* if NDEBUG is set */
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
ngtcp2_crypto_aead *ngtcp2_crypto_aead_aes_128_gcm(ngtcp2_crypto_aead *aead) {
|
|
61
|
+
return ngtcp2_crypto_aead_init(aead, (void *)EVP_aes_128_gcm());
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
ngtcp2_crypto_md *ngtcp2_crypto_md_sha256(ngtcp2_crypto_md *md) {
|
|
65
|
+
md->native_handle = (void *)EVP_sha256();
|
|
66
|
+
return md;
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_initial(ngtcp2_crypto_ctx *ctx) {
|
|
70
|
+
ngtcp2_crypto_aead_init(&ctx->aead, (void *)EVP_aes_128_gcm());
|
|
71
|
+
ctx->md.native_handle = (void *)EVP_sha256();
|
|
72
|
+
ctx->hp.native_handle = (void *)EVP_aes_128_ctr();
|
|
73
|
+
ctx->max_encryption = 0;
|
|
74
|
+
ctx->max_decryption_failure = 0;
|
|
75
|
+
return ctx;
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
ngtcp2_crypto_aead *ngtcp2_crypto_aead_init(ngtcp2_crypto_aead *aead,
|
|
79
|
+
void *aead_native_handle) {
|
|
80
|
+
aead->native_handle = aead_native_handle;
|
|
81
|
+
aead->max_overhead = crypto_aead_max_overhead(aead_native_handle);
|
|
82
|
+
return aead;
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
ngtcp2_crypto_aead *ngtcp2_crypto_aead_retry(ngtcp2_crypto_aead *aead) {
|
|
86
|
+
return ngtcp2_crypto_aead_init(aead, (void *)EVP_aes_128_gcm());
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
static const EVP_CIPHER *crypto_ssl_get_aead(SSL *ssl) {
|
|
90
|
+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
|
|
91
|
+
case TLS1_3_CK_AES_128_GCM_SHA256:
|
|
92
|
+
return EVP_aes_128_gcm();
|
|
93
|
+
case TLS1_3_CK_AES_256_GCM_SHA384:
|
|
94
|
+
return EVP_aes_256_gcm();
|
|
95
|
+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
|
|
96
|
+
return EVP_chacha20_poly1305();
|
|
97
|
+
case TLS1_3_CK_AES_128_CCM_SHA256:
|
|
98
|
+
return EVP_aes_128_ccm();
|
|
99
|
+
default:
|
|
100
|
+
return NULL;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
static uint64_t crypto_ssl_get_aead_max_encryption(SSL *ssl) {
|
|
105
|
+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
|
|
106
|
+
case TLS1_3_CK_AES_128_GCM_SHA256:
|
|
107
|
+
case TLS1_3_CK_AES_256_GCM_SHA384:
|
|
108
|
+
return NGTCP2_CRYPTO_MAX_ENCRYPTION_AES_GCM;
|
|
109
|
+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
|
|
110
|
+
return NGTCP2_CRYPTO_MAX_ENCRYPTION_CHACHA20_POLY1305;
|
|
111
|
+
case TLS1_3_CK_AES_128_CCM_SHA256:
|
|
112
|
+
return NGTCP2_CRYPTO_MAX_ENCRYPTION_AES_CCM;
|
|
113
|
+
default:
|
|
114
|
+
return 0;
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
static uint64_t crypto_ssl_get_aead_max_decryption_failure(SSL *ssl) {
|
|
119
|
+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
|
|
120
|
+
case TLS1_3_CK_AES_128_GCM_SHA256:
|
|
121
|
+
case TLS1_3_CK_AES_256_GCM_SHA384:
|
|
122
|
+
return NGTCP2_CRYPTO_MAX_DECRYPTION_FAILURE_AES_GCM;
|
|
123
|
+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
|
|
124
|
+
return NGTCP2_CRYPTO_MAX_DECRYPTION_FAILURE_CHACHA20_POLY1305;
|
|
125
|
+
case TLS1_3_CK_AES_128_CCM_SHA256:
|
|
126
|
+
return NGTCP2_CRYPTO_MAX_DECRYPTION_FAILURE_AES_CCM;
|
|
127
|
+
default:
|
|
128
|
+
return 0;
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
static const EVP_CIPHER *crypto_ssl_get_hp(SSL *ssl) {
|
|
133
|
+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
|
|
134
|
+
case TLS1_3_CK_AES_128_GCM_SHA256:
|
|
135
|
+
case TLS1_3_CK_AES_128_CCM_SHA256:
|
|
136
|
+
return EVP_aes_128_ctr();
|
|
137
|
+
case TLS1_3_CK_AES_256_GCM_SHA384:
|
|
138
|
+
return EVP_aes_256_ctr();
|
|
139
|
+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
|
|
140
|
+
return EVP_chacha20();
|
|
141
|
+
default:
|
|
142
|
+
return NULL;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
static const EVP_MD *crypto_ssl_get_md(SSL *ssl) {
|
|
147
|
+
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
|
|
148
|
+
case TLS1_3_CK_AES_128_GCM_SHA256:
|
|
149
|
+
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
|
|
150
|
+
case TLS1_3_CK_AES_128_CCM_SHA256:
|
|
151
|
+
return EVP_sha256();
|
|
152
|
+
case TLS1_3_CK_AES_256_GCM_SHA384:
|
|
153
|
+
return EVP_sha384();
|
|
154
|
+
default:
|
|
155
|
+
return NULL;
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_tls(ngtcp2_crypto_ctx *ctx,
|
|
160
|
+
void *tls_native_handle) {
|
|
161
|
+
SSL *ssl = tls_native_handle;
|
|
162
|
+
ngtcp2_crypto_aead_init(&ctx->aead, (void *)crypto_ssl_get_aead(ssl));
|
|
163
|
+
ctx->md.native_handle = (void *)crypto_ssl_get_md(ssl);
|
|
164
|
+
ctx->hp.native_handle = (void *)crypto_ssl_get_hp(ssl);
|
|
165
|
+
ctx->max_encryption = crypto_ssl_get_aead_max_encryption(ssl);
|
|
166
|
+
ctx->max_decryption_failure = crypto_ssl_get_aead_max_decryption_failure(ssl);
|
|
167
|
+
return ctx;
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_tls_early(ngtcp2_crypto_ctx *ctx,
|
|
171
|
+
void *tls_native_handle) {
|
|
172
|
+
return ngtcp2_crypto_ctx_tls(ctx, tls_native_handle);
|
|
173
|
+
}
|
|
174
|
+
|
|
175
|
+
static size_t crypto_md_hashlen(const EVP_MD *md) {
|
|
176
|
+
return (size_t)EVP_MD_size(md);
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
size_t ngtcp2_crypto_md_hashlen(const ngtcp2_crypto_md *md) {
|
|
180
|
+
return crypto_md_hashlen(md->native_handle);
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
static size_t crypto_aead_keylen(const EVP_CIPHER *aead) {
|
|
184
|
+
return (size_t)EVP_CIPHER_key_length(aead);
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
size_t ngtcp2_crypto_aead_keylen(const ngtcp2_crypto_aead *aead) {
|
|
188
|
+
return crypto_aead_keylen(aead->native_handle);
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
static size_t crypto_aead_noncelen(const EVP_CIPHER *aead) {
|
|
192
|
+
return (size_t)EVP_CIPHER_iv_length(aead);
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
size_t ngtcp2_crypto_aead_noncelen(const ngtcp2_crypto_aead *aead) {
|
|
196
|
+
return crypto_aead_noncelen(aead->native_handle);
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
int ngtcp2_crypto_aead_ctx_encrypt_init(ngtcp2_crypto_aead_ctx *aead_ctx,
|
|
200
|
+
const ngtcp2_crypto_aead *aead,
|
|
201
|
+
const uint8_t *key, size_t noncelen) {
|
|
202
|
+
const EVP_CIPHER *cipher = aead->native_handle;
|
|
203
|
+
int cipher_nid = EVP_CIPHER_nid(cipher);
|
|
204
|
+
EVP_CIPHER_CTX *actx;
|
|
205
|
+
size_t taglen = crypto_aead_max_overhead(cipher);
|
|
206
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
207
|
+
OSSL_PARAM params[3];
|
|
208
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
209
|
+
|
|
210
|
+
actx = EVP_CIPHER_CTX_new();
|
|
211
|
+
if (actx == NULL) {
|
|
212
|
+
return -1;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
216
|
+
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &noncelen);
|
|
217
|
+
|
|
218
|
+
if (cipher_nid == NID_aes_128_ccm) {
|
|
219
|
+
params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
|
220
|
+
NULL, taglen);
|
|
221
|
+
params[2] = OSSL_PARAM_construct_end();
|
|
222
|
+
} else {
|
|
223
|
+
params[1] = OSSL_PARAM_construct_end();
|
|
224
|
+
}
|
|
225
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
226
|
+
|
|
227
|
+
if (!EVP_EncryptInit_ex(actx, cipher, NULL, NULL, NULL) ||
|
|
228
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
229
|
+
!EVP_CIPHER_CTX_set_params(actx, params) ||
|
|
230
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
231
|
+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_IVLEN, (int)noncelen,
|
|
232
|
+
NULL) ||
|
|
233
|
+
(cipher_nid == NID_aes_128_ccm &&
|
|
234
|
+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen, NULL)) ||
|
|
235
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
236
|
+
!EVP_EncryptInit_ex(actx, NULL, NULL, key, NULL)) {
|
|
237
|
+
EVP_CIPHER_CTX_free(actx);
|
|
238
|
+
return -1;
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
aead_ctx->native_handle = actx;
|
|
242
|
+
|
|
243
|
+
return 0;
|
|
244
|
+
}
|
|
245
|
+
|
|
246
|
+
int ngtcp2_crypto_aead_ctx_decrypt_init(ngtcp2_crypto_aead_ctx *aead_ctx,
|
|
247
|
+
const ngtcp2_crypto_aead *aead,
|
|
248
|
+
const uint8_t *key, size_t noncelen) {
|
|
249
|
+
const EVP_CIPHER *cipher = aead->native_handle;
|
|
250
|
+
int cipher_nid = EVP_CIPHER_nid(cipher);
|
|
251
|
+
EVP_CIPHER_CTX *actx;
|
|
252
|
+
size_t taglen = crypto_aead_max_overhead(cipher);
|
|
253
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
254
|
+
OSSL_PARAM params[3];
|
|
255
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
256
|
+
|
|
257
|
+
actx = EVP_CIPHER_CTX_new();
|
|
258
|
+
if (actx == NULL) {
|
|
259
|
+
return -1;
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
263
|
+
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &noncelen);
|
|
264
|
+
|
|
265
|
+
if (cipher_nid == NID_aes_128_ccm) {
|
|
266
|
+
params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
|
267
|
+
NULL, taglen);
|
|
268
|
+
params[2] = OSSL_PARAM_construct_end();
|
|
269
|
+
} else {
|
|
270
|
+
params[1] = OSSL_PARAM_construct_end();
|
|
271
|
+
}
|
|
272
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
273
|
+
|
|
274
|
+
if (!EVP_DecryptInit_ex(actx, cipher, NULL, NULL, NULL) ||
|
|
275
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
276
|
+
!EVP_CIPHER_CTX_set_params(actx, params) ||
|
|
277
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
278
|
+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_IVLEN, (int)noncelen,
|
|
279
|
+
NULL) ||
|
|
280
|
+
(cipher_nid == NID_aes_128_ccm &&
|
|
281
|
+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen, NULL)) ||
|
|
282
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
283
|
+
!EVP_DecryptInit_ex(actx, NULL, NULL, key, NULL)) {
|
|
284
|
+
EVP_CIPHER_CTX_free(actx);
|
|
285
|
+
return -1;
|
|
286
|
+
}
|
|
287
|
+
|
|
288
|
+
aead_ctx->native_handle = actx;
|
|
289
|
+
|
|
290
|
+
return 0;
|
|
291
|
+
}
|
|
292
|
+
|
|
293
|
+
void ngtcp2_crypto_aead_ctx_free(ngtcp2_crypto_aead_ctx *aead_ctx) {
|
|
294
|
+
if (aead_ctx->native_handle) {
|
|
295
|
+
EVP_CIPHER_CTX_free(aead_ctx->native_handle);
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
|
|
299
|
+
int ngtcp2_crypto_cipher_ctx_encrypt_init(ngtcp2_crypto_cipher_ctx *cipher_ctx,
|
|
300
|
+
const ngtcp2_crypto_cipher *cipher,
|
|
301
|
+
const uint8_t *key) {
|
|
302
|
+
EVP_CIPHER_CTX *actx;
|
|
303
|
+
|
|
304
|
+
actx = EVP_CIPHER_CTX_new();
|
|
305
|
+
if (actx == NULL) {
|
|
306
|
+
return -1;
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
if (!EVP_EncryptInit_ex(actx, cipher->native_handle, NULL, key, NULL)) {
|
|
310
|
+
EVP_CIPHER_CTX_free(actx);
|
|
311
|
+
return -1;
|
|
312
|
+
}
|
|
313
|
+
|
|
314
|
+
cipher_ctx->native_handle = actx;
|
|
315
|
+
|
|
316
|
+
return 0;
|
|
317
|
+
}
|
|
318
|
+
|
|
319
|
+
void ngtcp2_crypto_cipher_ctx_free(ngtcp2_crypto_cipher_ctx *cipher_ctx) {
|
|
320
|
+
if (cipher_ctx->native_handle) {
|
|
321
|
+
EVP_CIPHER_CTX_free(cipher_ctx->native_handle);
|
|
322
|
+
}
|
|
323
|
+
}
|
|
324
|
+
|
|
325
|
+
int ngtcp2_crypto_hkdf_extract(uint8_t *dest, const ngtcp2_crypto_md *md,
|
|
326
|
+
const uint8_t *secret, size_t secretlen,
|
|
327
|
+
const uint8_t *salt, size_t saltlen) {
|
|
328
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
329
|
+
const EVP_MD *prf = md->native_handle;
|
|
330
|
+
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "hkdf", NULL);
|
|
331
|
+
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
|
|
332
|
+
int mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
|
|
333
|
+
OSSL_PARAM params[] = {
|
|
334
|
+
OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode),
|
|
335
|
+
OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
|
|
336
|
+
(char *)EVP_MD_get0_name(prf), 0),
|
|
337
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (void *)secret,
|
|
338
|
+
secretlen),
|
|
339
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, (void *)salt,
|
|
340
|
+
saltlen),
|
|
341
|
+
OSSL_PARAM_construct_end(),
|
|
342
|
+
};
|
|
343
|
+
int rv = 0;
|
|
344
|
+
|
|
345
|
+
EVP_KDF_free(kdf);
|
|
346
|
+
|
|
347
|
+
if (EVP_KDF_derive(kctx, dest, (size_t)EVP_MD_size(prf), params) <= 0) {
|
|
348
|
+
rv = -1;
|
|
349
|
+
}
|
|
350
|
+
|
|
351
|
+
EVP_KDF_CTX_free(kctx);
|
|
352
|
+
|
|
353
|
+
return rv;
|
|
354
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
355
|
+
const EVP_MD *prf = md->native_handle;
|
|
356
|
+
int rv = 0;
|
|
357
|
+
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
|
358
|
+
size_t destlen = (size_t)EVP_MD_size(prf);
|
|
359
|
+
|
|
360
|
+
if (pctx == NULL) {
|
|
361
|
+
return -1;
|
|
362
|
+
}
|
|
363
|
+
|
|
364
|
+
if (EVP_PKEY_derive_init(pctx) != 1 ||
|
|
365
|
+
EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != 1 ||
|
|
366
|
+
EVP_PKEY_CTX_set_hkdf_md(pctx, prf) != 1 ||
|
|
367
|
+
EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, (int)saltlen) != 1 ||
|
|
368
|
+
EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, (int)secretlen) != 1 ||
|
|
369
|
+
EVP_PKEY_derive(pctx, dest, &destlen) != 1) {
|
|
370
|
+
rv = -1;
|
|
371
|
+
}
|
|
372
|
+
|
|
373
|
+
EVP_PKEY_CTX_free(pctx);
|
|
374
|
+
|
|
375
|
+
return rv;
|
|
376
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
377
|
+
}
|
|
378
|
+
|
|
379
|
+
int ngtcp2_crypto_hkdf_expand(uint8_t *dest, size_t destlen,
|
|
380
|
+
const ngtcp2_crypto_md *md, const uint8_t *secret,
|
|
381
|
+
size_t secretlen, const uint8_t *info,
|
|
382
|
+
size_t infolen) {
|
|
383
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
384
|
+
const EVP_MD *prf = md->native_handle;
|
|
385
|
+
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "hkdf", NULL);
|
|
386
|
+
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
|
|
387
|
+
int mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
|
|
388
|
+
OSSL_PARAM params[] = {
|
|
389
|
+
OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode),
|
|
390
|
+
OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
|
|
391
|
+
(char *)EVP_MD_get0_name(prf), 0),
|
|
392
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (void *)secret,
|
|
393
|
+
secretlen),
|
|
394
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, (void *)info,
|
|
395
|
+
infolen),
|
|
396
|
+
OSSL_PARAM_construct_end(),
|
|
397
|
+
};
|
|
398
|
+
int rv = 0;
|
|
399
|
+
|
|
400
|
+
EVP_KDF_free(kdf);
|
|
401
|
+
|
|
402
|
+
if (EVP_KDF_derive(kctx, dest, destlen, params) <= 0) {
|
|
403
|
+
rv = -1;
|
|
404
|
+
}
|
|
405
|
+
|
|
406
|
+
EVP_KDF_CTX_free(kctx);
|
|
407
|
+
|
|
408
|
+
return rv;
|
|
409
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
410
|
+
const EVP_MD *prf = md->native_handle;
|
|
411
|
+
int rv = 0;
|
|
412
|
+
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
|
413
|
+
if (pctx == NULL) {
|
|
414
|
+
return -1;
|
|
415
|
+
}
|
|
416
|
+
|
|
417
|
+
if (EVP_PKEY_derive_init(pctx) != 1 ||
|
|
418
|
+
EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != 1 ||
|
|
419
|
+
EVP_PKEY_CTX_set_hkdf_md(pctx, prf) != 1 ||
|
|
420
|
+
EVP_PKEY_CTX_set1_hkdf_salt(pctx, (const unsigned char *)"", 0) != 1 ||
|
|
421
|
+
EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, (int)secretlen) != 1 ||
|
|
422
|
+
EVP_PKEY_CTX_add1_hkdf_info(pctx, info, (int)infolen) != 1 ||
|
|
423
|
+
EVP_PKEY_derive(pctx, dest, &destlen) != 1) {
|
|
424
|
+
rv = -1;
|
|
425
|
+
}
|
|
426
|
+
|
|
427
|
+
EVP_PKEY_CTX_free(pctx);
|
|
428
|
+
|
|
429
|
+
return rv;
|
|
430
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
431
|
+
}
|
|
432
|
+
|
|
433
|
+
int ngtcp2_crypto_hkdf(uint8_t *dest, size_t destlen,
|
|
434
|
+
const ngtcp2_crypto_md *md, const uint8_t *secret,
|
|
435
|
+
size_t secretlen, const uint8_t *salt, size_t saltlen,
|
|
436
|
+
const uint8_t *info, size_t infolen) {
|
|
437
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
438
|
+
const EVP_MD *prf = md->native_handle;
|
|
439
|
+
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "hkdf", NULL);
|
|
440
|
+
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
|
|
441
|
+
OSSL_PARAM params[] = {
|
|
442
|
+
OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
|
|
443
|
+
(char *)EVP_MD_get0_name(prf), 0),
|
|
444
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (void *)secret,
|
|
445
|
+
secretlen),
|
|
446
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, (void *)salt,
|
|
447
|
+
saltlen),
|
|
448
|
+
OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, (void *)info,
|
|
449
|
+
infolen),
|
|
450
|
+
OSSL_PARAM_construct_end(),
|
|
451
|
+
};
|
|
452
|
+
int rv = 0;
|
|
453
|
+
|
|
454
|
+
EVP_KDF_free(kdf);
|
|
455
|
+
|
|
456
|
+
if (EVP_KDF_derive(kctx, dest, destlen, params) <= 0) {
|
|
457
|
+
rv = -1;
|
|
458
|
+
}
|
|
459
|
+
|
|
460
|
+
EVP_KDF_CTX_free(kctx);
|
|
461
|
+
|
|
462
|
+
return rv;
|
|
463
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
464
|
+
const EVP_MD *prf = md->native_handle;
|
|
465
|
+
int rv = 0;
|
|
466
|
+
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
|
467
|
+
if (pctx == NULL) {
|
|
468
|
+
return -1;
|
|
469
|
+
}
|
|
470
|
+
|
|
471
|
+
if (EVP_PKEY_derive_init(pctx) != 1 ||
|
|
472
|
+
EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) !=
|
|
473
|
+
1 ||
|
|
474
|
+
EVP_PKEY_CTX_set_hkdf_md(pctx, prf) != 1 ||
|
|
475
|
+
EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, (int)saltlen) != 1 ||
|
|
476
|
+
EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, (int)secretlen) != 1 ||
|
|
477
|
+
EVP_PKEY_CTX_add1_hkdf_info(pctx, info, (int)infolen) != 1 ||
|
|
478
|
+
EVP_PKEY_derive(pctx, dest, &destlen) != 1) {
|
|
479
|
+
rv = -1;
|
|
480
|
+
}
|
|
481
|
+
|
|
482
|
+
EVP_PKEY_CTX_free(pctx);
|
|
483
|
+
|
|
484
|
+
return rv;
|
|
485
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
486
|
+
}
|
|
487
|
+
|
|
488
|
+
int ngtcp2_crypto_encrypt(uint8_t *dest, const ngtcp2_crypto_aead *aead,
|
|
489
|
+
const ngtcp2_crypto_aead_ctx *aead_ctx,
|
|
490
|
+
const uint8_t *plaintext, size_t plaintextlen,
|
|
491
|
+
const uint8_t *nonce, size_t noncelen,
|
|
492
|
+
const uint8_t *aad, size_t aadlen) {
|
|
493
|
+
const EVP_CIPHER *cipher = aead->native_handle;
|
|
494
|
+
size_t taglen = crypto_aead_max_overhead(cipher);
|
|
495
|
+
int cipher_nid = EVP_CIPHER_nid(cipher);
|
|
496
|
+
EVP_CIPHER_CTX *actx = aead_ctx->native_handle;
|
|
497
|
+
int len;
|
|
498
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
499
|
+
OSSL_PARAM params[] = {
|
|
500
|
+
OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
|
501
|
+
dest + plaintextlen, taglen),
|
|
502
|
+
OSSL_PARAM_construct_end(),
|
|
503
|
+
};
|
|
504
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
505
|
+
|
|
506
|
+
(void)noncelen;
|
|
507
|
+
|
|
508
|
+
if (!EVP_EncryptInit_ex(actx, NULL, NULL, NULL, nonce) ||
|
|
509
|
+
(cipher_nid == NID_aes_128_ccm &&
|
|
510
|
+
!EVP_EncryptUpdate(actx, NULL, &len, NULL, (int)plaintextlen)) ||
|
|
511
|
+
!EVP_EncryptUpdate(actx, NULL, &len, aad, (int)aadlen) ||
|
|
512
|
+
!EVP_EncryptUpdate(actx, dest, &len, plaintext, (int)plaintextlen) ||
|
|
513
|
+
!EVP_EncryptFinal_ex(actx, dest + len, &len) ||
|
|
514
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
515
|
+
!EVP_CIPHER_CTX_get_params(actx, params)
|
|
516
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
517
|
+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_GET_TAG, (int)taglen,
|
|
518
|
+
dest + plaintextlen)
|
|
519
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
520
|
+
) {
|
|
521
|
+
return -1;
|
|
522
|
+
}
|
|
523
|
+
|
|
524
|
+
return 0;
|
|
525
|
+
}
|
|
526
|
+
|
|
527
|
+
int ngtcp2_crypto_decrypt(uint8_t *dest, const ngtcp2_crypto_aead *aead,
|
|
528
|
+
const ngtcp2_crypto_aead_ctx *aead_ctx,
|
|
529
|
+
const uint8_t *ciphertext, size_t ciphertextlen,
|
|
530
|
+
const uint8_t *nonce, size_t noncelen,
|
|
531
|
+
const uint8_t *aad, size_t aadlen) {
|
|
532
|
+
const EVP_CIPHER *cipher = aead->native_handle;
|
|
533
|
+
size_t taglen = crypto_aead_max_overhead(cipher);
|
|
534
|
+
int cipher_nid = EVP_CIPHER_nid(cipher);
|
|
535
|
+
EVP_CIPHER_CTX *actx = aead_ctx->native_handle;
|
|
536
|
+
int len;
|
|
537
|
+
const uint8_t *tag;
|
|
538
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
539
|
+
OSSL_PARAM params[2];
|
|
540
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
541
|
+
|
|
542
|
+
(void)noncelen;
|
|
543
|
+
|
|
544
|
+
if (taglen > ciphertextlen) {
|
|
545
|
+
return -1;
|
|
546
|
+
}
|
|
547
|
+
|
|
548
|
+
ciphertextlen -= taglen;
|
|
549
|
+
tag = ciphertext + ciphertextlen;
|
|
550
|
+
|
|
551
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
552
|
+
params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
|
|
553
|
+
(void *)tag, taglen);
|
|
554
|
+
params[1] = OSSL_PARAM_construct_end();
|
|
555
|
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
|
556
|
+
|
|
557
|
+
if (!EVP_DecryptInit_ex(actx, NULL, NULL, NULL, nonce) ||
|
|
558
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
559
|
+
!EVP_CIPHER_CTX_set_params(actx, params) ||
|
|
560
|
+
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
561
|
+
!EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen,
|
|
562
|
+
(uint8_t *)tag) ||
|
|
563
|
+
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
|
|
564
|
+
(cipher_nid == NID_aes_128_ccm &&
|
|
565
|
+
!EVP_DecryptUpdate(actx, NULL, &len, NULL, (int)ciphertextlen)) ||
|
|
566
|
+
!EVP_DecryptUpdate(actx, NULL, &len, aad, (int)aadlen) ||
|
|
567
|
+
!EVP_DecryptUpdate(actx, dest, &len, ciphertext, (int)ciphertextlen) ||
|
|
568
|
+
(cipher_nid != NID_aes_128_ccm &&
|
|
569
|
+
!EVP_DecryptFinal_ex(actx, dest + ciphertextlen, &len))) {
|
|
570
|
+
return -1;
|
|
571
|
+
}
|
|
572
|
+
|
|
573
|
+
return 0;
|
|
574
|
+
}
|
|
575
|
+
|
|
576
|
+
int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
|
|
577
|
+
const ngtcp2_crypto_cipher_ctx *hp_ctx,
|
|
578
|
+
const uint8_t *sample) {
|
|
579
|
+
static const uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00";
|
|
580
|
+
EVP_CIPHER_CTX *actx = hp_ctx->native_handle;
|
|
581
|
+
int len;
|
|
582
|
+
|
|
583
|
+
(void)hp;
|
|
584
|
+
|
|
585
|
+
if (!EVP_EncryptInit_ex(actx, NULL, NULL, NULL, sample) ||
|
|
586
|
+
!EVP_EncryptUpdate(actx, dest, &len, PLAINTEXT, sizeof(PLAINTEXT) - 1) ||
|
|
587
|
+
!EVP_EncryptFinal_ex(actx, dest + sizeof(PLAINTEXT) - 1, &len)) {
|
|
588
|
+
return -1;
|
|
589
|
+
}
|
|
590
|
+
|
|
591
|
+
return 0;
|
|
592
|
+
}
|
|
593
|
+
|
|
594
|
+
int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
|
|
595
|
+
ngtcp2_crypto_level crypto_level,
|
|
596
|
+
const uint8_t *data, size_t datalen) {
|
|
597
|
+
SSL *ssl = ngtcp2_conn_get_tls_native_handle(conn);
|
|
598
|
+
int rv;
|
|
599
|
+
int err;
|
|
600
|
+
|
|
601
|
+
if (SSL_provide_quic_data(
|
|
602
|
+
ssl, ngtcp2_crypto_openssl_from_ngtcp2_crypto_level(crypto_level),
|
|
603
|
+
data, datalen) != 1) {
|
|
604
|
+
return -1;
|
|
605
|
+
}
|
|
606
|
+
|
|
607
|
+
if (!ngtcp2_conn_get_handshake_completed(conn)) {
|
|
608
|
+
rv = SSL_do_handshake(ssl);
|
|
609
|
+
if (rv <= 0) {
|
|
610
|
+
err = SSL_get_error(ssl, rv);
|
|
611
|
+
switch (err) {
|
|
612
|
+
case SSL_ERROR_WANT_READ:
|
|
613
|
+
case SSL_ERROR_WANT_WRITE:
|
|
614
|
+
return 0;
|
|
615
|
+
case SSL_ERROR_WANT_CLIENT_HELLO_CB:
|
|
616
|
+
return NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB;
|
|
617
|
+
case SSL_ERROR_WANT_X509_LOOKUP:
|
|
618
|
+
return NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP;
|
|
619
|
+
case SSL_ERROR_SSL:
|
|
620
|
+
return -1;
|
|
621
|
+
default:
|
|
622
|
+
return -1;
|
|
623
|
+
}
|
|
624
|
+
}
|
|
625
|
+
|
|
626
|
+
ngtcp2_conn_handshake_completed(conn);
|
|
627
|
+
}
|
|
628
|
+
|
|
629
|
+
rv = SSL_process_quic_post_handshake(ssl);
|
|
630
|
+
if (rv != 1) {
|
|
631
|
+
err = SSL_get_error(ssl, rv);
|
|
632
|
+
switch (err) {
|
|
633
|
+
case SSL_ERROR_WANT_READ:
|
|
634
|
+
case SSL_ERROR_WANT_WRITE:
|
|
635
|
+
return 0;
|
|
636
|
+
case SSL_ERROR_SSL:
|
|
637
|
+
case SSL_ERROR_ZERO_RETURN:
|
|
638
|
+
return -1;
|
|
639
|
+
default:
|
|
640
|
+
return -1;
|
|
641
|
+
}
|
|
642
|
+
}
|
|
643
|
+
|
|
644
|
+
return 0;
|
|
645
|
+
}
|
|
646
|
+
|
|
647
|
+
int ngtcp2_crypto_set_remote_transport_params(ngtcp2_conn *conn, void *tls) {
|
|
648
|
+
SSL *ssl = tls;
|
|
649
|
+
const uint8_t *tp;
|
|
650
|
+
size_t tplen;
|
|
651
|
+
int rv;
|
|
652
|
+
|
|
653
|
+
SSL_get_peer_quic_transport_params(ssl, &tp, &tplen);
|
|
654
|
+
|
|
655
|
+
rv = ngtcp2_conn_decode_remote_transport_params(conn, tp, tplen);
|
|
656
|
+
if (rv != 0) {
|
|
657
|
+
ngtcp2_conn_set_tls_error(conn, rv);
|
|
658
|
+
return -1;
|
|
659
|
+
}
|
|
660
|
+
|
|
661
|
+
return 0;
|
|
662
|
+
}
|
|
663
|
+
|
|
664
|
+
int ngtcp2_crypto_set_local_transport_params(void *tls, const uint8_t *buf,
|
|
665
|
+
size_t len) {
|
|
666
|
+
if (SSL_set_quic_transport_params(tls, buf, len) != 1) {
|
|
667
|
+
return -1;
|
|
668
|
+
}
|
|
669
|
+
|
|
670
|
+
return 0;
|
|
671
|
+
}
|
|
672
|
+
|
|
673
|
+
ngtcp2_crypto_level ngtcp2_crypto_openssl_from_ossl_encryption_level(
|
|
674
|
+
OSSL_ENCRYPTION_LEVEL ossl_level) {
|
|
675
|
+
switch (ossl_level) {
|
|
676
|
+
case ssl_encryption_initial:
|
|
677
|
+
return NGTCP2_CRYPTO_LEVEL_INITIAL;
|
|
678
|
+
case ssl_encryption_early_data:
|
|
679
|
+
return NGTCP2_CRYPTO_LEVEL_EARLY;
|
|
680
|
+
case ssl_encryption_handshake:
|
|
681
|
+
return NGTCP2_CRYPTO_LEVEL_HANDSHAKE;
|
|
682
|
+
case ssl_encryption_application:
|
|
683
|
+
return NGTCP2_CRYPTO_LEVEL_APPLICATION;
|
|
684
|
+
default:
|
|
685
|
+
assert(0);
|
|
686
|
+
abort(); /* if NDEBUG is set */
|
|
687
|
+
}
|
|
688
|
+
}
|
|
689
|
+
|
|
690
|
+
OSSL_ENCRYPTION_LEVEL
|
|
691
|
+
ngtcp2_crypto_openssl_from_ngtcp2_crypto_level(
|
|
692
|
+
ngtcp2_crypto_level crypto_level) {
|
|
693
|
+
switch (crypto_level) {
|
|
694
|
+
case NGTCP2_CRYPTO_LEVEL_INITIAL:
|
|
695
|
+
return ssl_encryption_initial;
|
|
696
|
+
case NGTCP2_CRYPTO_LEVEL_HANDSHAKE:
|
|
697
|
+
return ssl_encryption_handshake;
|
|
698
|
+
case NGTCP2_CRYPTO_LEVEL_APPLICATION:
|
|
699
|
+
return ssl_encryption_application;
|
|
700
|
+
case NGTCP2_CRYPTO_LEVEL_EARLY:
|
|
701
|
+
return ssl_encryption_early_data;
|
|
702
|
+
default:
|
|
703
|
+
assert(0);
|
|
704
|
+
abort(); /* if NDEBUG is set */
|
|
705
|
+
}
|
|
706
|
+
}
|
|
707
|
+
|
|
708
|
+
int ngtcp2_crypto_get_path_challenge_data_cb(ngtcp2_conn *conn, uint8_t *data,
|
|
709
|
+
void *user_data) {
|
|
710
|
+
(void)conn;
|
|
711
|
+
(void)user_data;
|
|
712
|
+
|
|
713
|
+
if (RAND_bytes(data, NGTCP2_PATH_CHALLENGE_DATALEN) != 1) {
|
|
714
|
+
return NGTCP2_ERR_CALLBACK_FAILURE;
|
|
715
|
+
}
|
|
716
|
+
|
|
717
|
+
return 0;
|
|
718
|
+
}
|
|
719
|
+
|
|
720
|
+
int ngtcp2_crypto_random(uint8_t *data, size_t datalen) {
|
|
721
|
+
if (RAND_bytes(data, (int)datalen) != 1) {
|
|
722
|
+
return -1;
|
|
723
|
+
}
|
|
724
|
+
|
|
725
|
+
return 0;
|
|
726
|
+
}
|
|
727
|
+
|
|
728
|
+
static int set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
|
|
729
|
+
const uint8_t *rx_secret,
|
|
730
|
+
const uint8_t *tx_secret, size_t secretlen) {
|
|
731
|
+
ngtcp2_crypto_conn_ref *conn_ref = SSL_get_app_data(ssl);
|
|
732
|
+
ngtcp2_conn *conn = conn_ref->get_conn(conn_ref);
|
|
733
|
+
ngtcp2_crypto_level level =
|
|
734
|
+
ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
|
|
735
|
+
|
|
736
|
+
if (rx_secret &&
|
|
737
|
+
ngtcp2_crypto_derive_and_install_rx_key(conn, NULL, NULL, NULL, level,
|
|
738
|
+
rx_secret, secretlen) != 0) {
|
|
739
|
+
return 0;
|
|
740
|
+
}
|
|
741
|
+
|
|
742
|
+
if (tx_secret &&
|
|
743
|
+
ngtcp2_crypto_derive_and_install_tx_key(conn, NULL, NULL, NULL, level,
|
|
744
|
+
tx_secret, secretlen) != 0) {
|
|
745
|
+
return 0;
|
|
746
|
+
}
|
|
747
|
+
|
|
748
|
+
return 1;
|
|
749
|
+
}
|
|
750
|
+
|
|
751
|
+
static int add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
|
|
752
|
+
const uint8_t *data, size_t datalen) {
|
|
753
|
+
ngtcp2_crypto_conn_ref *conn_ref = SSL_get_app_data(ssl);
|
|
754
|
+
ngtcp2_conn *conn = conn_ref->get_conn(conn_ref);
|
|
755
|
+
ngtcp2_crypto_level level =
|
|
756
|
+
ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
|
|
757
|
+
int rv;
|
|
758
|
+
|
|
759
|
+
rv = ngtcp2_conn_submit_crypto_data(conn, level, data, datalen);
|
|
760
|
+
if (rv != 0) {
|
|
761
|
+
ngtcp2_conn_set_tls_error(conn, rv);
|
|
762
|
+
return 0;
|
|
763
|
+
}
|
|
764
|
+
|
|
765
|
+
return 1;
|
|
766
|
+
}
|
|
767
|
+
|
|
768
|
+
static int flush_flight(SSL *ssl) {
|
|
769
|
+
(void)ssl;
|
|
770
|
+
return 1;
|
|
771
|
+
}
|
|
772
|
+
|
|
773
|
+
static int send_alert(SSL *ssl, enum ssl_encryption_level_t level,
|
|
774
|
+
uint8_t alert) {
|
|
775
|
+
ngtcp2_crypto_conn_ref *conn_ref = SSL_get_app_data(ssl);
|
|
776
|
+
ngtcp2_conn *conn = conn_ref->get_conn(conn_ref);
|
|
777
|
+
(void)level;
|
|
778
|
+
|
|
779
|
+
ngtcp2_conn_set_tls_alert(conn, alert);
|
|
780
|
+
|
|
781
|
+
return 1;
|
|
782
|
+
}
|
|
783
|
+
|
|
784
|
+
static SSL_QUIC_METHOD quic_method = {
|
|
785
|
+
set_encryption_secrets,
|
|
786
|
+
add_handshake_data,
|
|
787
|
+
flush_flight,
|
|
788
|
+
send_alert,
|
|
789
|
+
};
|
|
790
|
+
|
|
791
|
+
static void crypto_openssl_configure_context(SSL_CTX *ssl_ctx) {
|
|
792
|
+
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
|
|
793
|
+
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);
|
|
794
|
+
SSL_CTX_set_quic_method(ssl_ctx, &quic_method);
|
|
795
|
+
}
|
|
796
|
+
|
|
797
|
+
int ngtcp2_crypto_openssl_configure_server_context(SSL_CTX *ssl_ctx) {
|
|
798
|
+
crypto_openssl_configure_context(ssl_ctx);
|
|
799
|
+
|
|
800
|
+
return 0;
|
|
801
|
+
}
|
|
802
|
+
|
|
803
|
+
int ngtcp2_crypto_openssl_configure_client_context(SSL_CTX *ssl_ctx) {
|
|
804
|
+
crypto_openssl_configure_context(ssl_ctx);
|
|
805
|
+
|
|
806
|
+
return 0;
|
|
807
|
+
}
|