trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mas...@apache.org
Subject [trafficserver] branch quic-latest updated: Separate out QUIC specific function from ts/HDKF
Date Mon, 19 Feb 2018 04:56:09 GMT
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/quic-latest by this push:
     new e957bbf  Separate out QUIC specific function from ts/HDKF
e957bbf is described below

commit e957bbf555146d5f9f9aa8785f1443d1195c3b11
Author: Masakazu Kitajo <maskit@apache.org>
AuthorDate: Mon Feb 19 13:55:20 2018 +0900

    Separate out QUIC specific function from ts/HDKF
---
 iocore/net/quic/Makefile.am                   |  1 +
 iocore/net/quic/QUICCrypto.cc                 |  2 +-
 lib/ts/HKDF.cc => iocore/net/quic/QUICHKDF.cc | 11 +++++------
 iocore/net/quic/QUICKeyGenerator.cc           | 27 +++++++++++++--------------
 iocore/net/quic/QUICKeyGenerator.h            | 16 +++++++++-------
 iocore/net/quic/test/Makefile.am              |  9 +++++++++
 lib/ts/HKDF.h                                 |  6 +-----
 lib/ts/Makefile.am                            |  1 -
 8 files changed, 39 insertions(+), 34 deletions(-)

diff --git a/iocore/net/quic/Makefile.am b/iocore/net/quic/Makefile.am
index 9201472..999f07c 100644
--- a/iocore/net/quic/Makefile.am
+++ b/iocore/net/quic/Makefile.am
@@ -61,6 +61,7 @@ libquic_a_SOURCES = \
   QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
   QUICKeyGenerator.cc \
+  QUICHKDF.cc \
   QUICTransportParameters.cc \
   QUICConnectionTable.cc \
   QUICAckFrameCreator.cc \
diff --git a/iocore/net/quic/QUICCrypto.cc b/iocore/net/quic/QUICCrypto.cc
index a09c5d6..1e7681f 100644
--- a/iocore/net/quic/QUICCrypto.cc
+++ b/iocore/net/quic/QUICCrypto.cc
@@ -27,10 +27,10 @@
 #include <openssl/ssl.h>
 #include <openssl/bio.h>
 
-#include "ts/HKDF.h"
 #include "ts/Diags.h"
 #include "ts/string_view.h"
 #include "QUICTypes.h"
+#include "QUICHKDF.h"
 
 constexpr static char tag[] = "quic_crypto";
 
diff --git a/lib/ts/HKDF.cc b/iocore/net/quic/QUICHKDF.cc
similarity index 77%
rename from lib/ts/HKDF.cc
rename to iocore/net/quic/QUICHKDF.cc
index 5971ce1..adb2cff 100644
--- a/lib/ts/HKDF.cc
+++ b/iocore/net/quic/QUICHKDF.cc
@@ -20,13 +20,13 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
-#include "HKDF.h"
+#include "QUICHKDF.h"
 #include <cstdio>
 #include <cstring>
 
 int
-HKDF::expand_label(uint8_t *dst, size_t *dst_len, const uint8_t *secret, size_t secret_len,
const char *label, size_t label_len,
-                   const char *hash_value, size_t hash_value_len, uint16_t length)
+QUICHKDF::expand(uint8_t *dst, size_t *dst_len, const uint8_t *secret, size_t secret_len,
const char *label, size_t label_len,
+                 uint16_t length)
 {
   // Create HKDF label
   uint8_t hkdf_label[512]; // 2 + 255 + 255
@@ -39,9 +39,8 @@ HKDF::expand_label(uint8_t *dst, size_t *dst_len, const uint8_t *secret,
size_t
   hkdf_label_len += sprintf(reinterpret_cast<char *>(hkdf_label + hkdf_label_len),
"%cQUIC %.*s", static_cast<int>(5 + label_len),
                             static_cast<int>(label_len), label);
   // Hash Value
-  hkdf_label_len += sprintf(reinterpret_cast<char *>(hkdf_label + hkdf_label_len),
"%c%.*s", static_cast<int>(hash_value_len),
-                            static_cast<int>(hash_value_len), hash_value);
+  hkdf_label_len += sprintf(reinterpret_cast<char *>(hkdf_label + hkdf_label_len),
"%c%.*s", 0, 0, "");
 
-  this->expand(dst, dst_len, secret, secret_len, hkdf_label, hkdf_label_len, length);
+  HKDF::expand(dst, dst_len, secret, secret_len, hkdf_label, hkdf_label_len, length);
   return 1;
 }
diff --git a/iocore/net/quic/QUICKeyGenerator.cc b/iocore/net/quic/QUICKeyGenerator.cc
index 06ba3b4..7f824f7 100644
--- a/iocore/net/quic/QUICKeyGenerator.cc
+++ b/iocore/net/quic/QUICKeyGenerator.cc
@@ -24,7 +24,7 @@
 #include <openssl/ssl.h>
 #include "QUICKeyGenerator.h"
 #include "ts/ink_assert.h"
-#include "ts/HKDF.h"
+#include "QUICHKDF.h"
 
 constexpr static uint8_t QUIC_VERSION_1_SALT[] = {
   0xaf, 0xc8, 0x24, 0xec, 0x5f, 0xc7, 0x7e, 0xca, 0x1e, 0x9d, 0x36, 0xf3, 0x7f, 0xb2, 0xd4,
0x65, 0x18, 0xc3, 0x66, 0x39,
@@ -45,7 +45,7 @@ QUICKeyGenerator::generate(QUICConnectionId cid)
   const EVP_MD *md              = EVP_sha256();
   uint8_t secret[512];
   size_t secret_len = sizeof(secret);
-  HKDF hkdf(md);
+  QUICHKDF hkdf(md);
 
   switch (this->_ctx) {
   case Context::CLIENT:
@@ -72,7 +72,7 @@ QUICKeyGenerator::generate(SSL *ssl)
   const EVP_MD *md              = _get_handshake_digest(ssl);
   uint8_t secret[512];
   size_t secret_len = sizeof(secret);
-  HKDF hkdf(md);
+  QUICHKDF hkdf(md);
 
   switch (this->_ctx) {
   case Context::CLIENT:
@@ -91,12 +91,12 @@ QUICKeyGenerator::generate(SSL *ssl)
 }
 
 int
-QUICKeyGenerator::_generate(uint8_t *key, size_t *key_len, uint8_t *iv, size_t *iv_len, HKDF
&hkdf, const uint8_t *secret,
+QUICKeyGenerator::_generate(uint8_t *key, size_t *key_len, uint8_t *iv, size_t *iv_len, QUICHKDF
&hkdf, const uint8_t *secret,
                             size_t secret_len, const QUIC_EVP_CIPHER *cipher)
 {
   // Generate a key and a IV
-  //   key = HKDF-Expand-Label(S, "key", "", key_length)
-  //   iv  = HKDF-Expand-Label(S, "iv", "", iv_length)
+  //   key = QHKDF-Expand(S, "key", "", key_length)
+  //   iv  = QHKDF-Expand(S, "iv", "", iv_length)
   this->_generate_key(key, key_len, hkdf, secret, secret_len, this->_get_key_len(cipher));
   this->_generate_iv(iv, iv_len, hkdf, secret, secret_len, this->_get_iv_len(cipher));
 
@@ -104,7 +104,7 @@ QUICKeyGenerator::_generate(uint8_t *key, size_t *key_len, uint8_t *iv,
size_t *
 }
 
 int
-QUICKeyGenerator::_generate_cleartext_secret(uint8_t *out, size_t *out_len, HKDF &hkdf,
QUICConnectionId cid, const char *label,
+QUICKeyGenerator::_generate_cleartext_secret(uint8_t *out, size_t *out_len, QUICHKDF &hkdf,
QUICConnectionId cid, const char *label,
                                              size_t label_len, size_t length)
 {
   uint8_t client_connection_id[8];
@@ -118,13 +118,12 @@ QUICKeyGenerator::_generate_cleartext_secret(uint8_t *out, size_t *out_len,
HKDF
     return -1;
   }
 
-  hkdf.expand_label(out, out_len, cleartext_secret, cleartext_secret_len, reinterpret_cast<const
char *>(label), label_len, "", 0,
-                    length);
+  hkdf.expand(out, out_len, cleartext_secret, cleartext_secret_len, reinterpret_cast<const
char *>(label), label_len, length);
   return 0;
 }
 
 int
-QUICKeyGenerator::_generate_pp_secret(uint8_t *out, size_t *out_len, HKDF &hkdf, SSL
*ssl, const char *label, size_t label_len,
+QUICKeyGenerator::_generate_pp_secret(uint8_t *out, size_t *out_len, QUICHKDF &hkdf,
SSL *ssl, const char *label, size_t label_len,
                                       size_t length)
 {
   *out_len = length;
@@ -141,15 +140,15 @@ QUICKeyGenerator::_generate_pp_secret(uint8_t *out, size_t *out_len,
HKDF &hkdf,
 }
 
 int
-QUICKeyGenerator::_generate_key(uint8_t *out, size_t *out_len, HKDF &hkdf, const uint8_t
*secret, size_t secret_len,
+QUICKeyGenerator::_generate_key(uint8_t *out, size_t *out_len, QUICHKDF &hkdf, const
uint8_t *secret, size_t secret_len,
                                 size_t key_length) const
 {
-  return hkdf.expand_label(out, out_len, secret, secret_len, LABEL_FOR_KEY.data(), LABEL_FOR_KEY.length(),
"", 0, key_length);
+  return hkdf.expand(out, out_len, secret, secret_len, LABEL_FOR_KEY.data(), LABEL_FOR_KEY.length(),
key_length);
 }
 
 int
-QUICKeyGenerator::_generate_iv(uint8_t *out, size_t *out_len, HKDF &hkdf, const uint8_t
*secret, size_t secret_len,
+QUICKeyGenerator::_generate_iv(uint8_t *out, size_t *out_len, QUICHKDF &hkdf, const uint8_t
*secret, size_t secret_len,
                                size_t iv_length) const
 {
-  return hkdf.expand_label(out, out_len, secret, secret_len, LABEL_FOR_IV.data(), LABEL_FOR_IV.length(),
"", 0, iv_length);
+  return hkdf.expand(out, out_len, secret, secret_len, LABEL_FOR_IV.data(), LABEL_FOR_IV.length(),
iv_length);
 }
diff --git a/iocore/net/quic/QUICKeyGenerator.h b/iocore/net/quic/QUICKeyGenerator.h
index 31aa622..3dcfdf3 100644
--- a/iocore/net/quic/QUICKeyGenerator.h
+++ b/iocore/net/quic/QUICKeyGenerator.h
@@ -24,7 +24,7 @@
 
 #include <openssl/evp.h>
 #include "QUICTypes.h"
-#include "ts/HKDF.h"
+#include "QUICHKDF.h"
 
 #ifdef OPENSSL_IS_BORINGSSL
 typedef EVP_AEAD QUIC_EVP_CIPHER;
@@ -69,13 +69,15 @@ private:
   uint8_t _last_secret[256];
   size_t _last_secret_len = 0;
 
-  int _generate(uint8_t *key, size_t *key_len, uint8_t *iv, size_t *iv_len, HKDF &hkdf,
const uint8_t *secret, size_t secret_len,
-                const QUIC_EVP_CIPHER *cipher);
-  int _generate_cleartext_secret(uint8_t *out, size_t *out_len, HKDF &hkdf, QUICConnectionId
cid, const char *label,
+  int _generate(uint8_t *key, size_t *key_len, uint8_t *iv, size_t *iv_len, QUICHKDF &hkdf,
const uint8_t *secret,
+                size_t secret_len, const QUIC_EVP_CIPHER *cipher);
+  int _generate_cleartext_secret(uint8_t *out, size_t *out_len, QUICHKDF &hkdf, QUICConnectionId
cid, const char *label,
                                  size_t label_len, size_t length);
-  int _generate_pp_secret(uint8_t *out, size_t *out_len, HKDF &hkdf, SSL *ssl, const
char *label, size_t label_len, size_t length);
-  int _generate_key(uint8_t *out, size_t *out_len, HKDF &hkdf, const uint8_t *secret,
size_t secret_len, size_t key_length) const;
-  int _generate_iv(uint8_t *out, size_t *out_len, HKDF &hkdf, const uint8_t *secret,
size_t secret_len, size_t iv_length) const;
+  int _generate_pp_secret(uint8_t *out, size_t *out_len, QUICHKDF &hkdf, SSL *ssl, const
char *label, size_t label_len,
+                          size_t length);
+  int _generate_key(uint8_t *out, size_t *out_len, QUICHKDF &hkdf, const uint8_t *secret,
size_t secret_len,
+                    size_t key_length) const;
+  int _generate_iv(uint8_t *out, size_t *out_len, QUICHKDF &hkdf, const uint8_t *secret,
size_t secret_len, size_t iv_length) const;
   size_t _get_key_len(const QUIC_EVP_CIPHER *cipher) const;
   size_t _get_iv_len(const QUIC_EVP_CIPHER *cipher) const;
   const QUIC_EVP_CIPHER *_get_cipher_for_cleartext() const;
diff --git a/iocore/net/quic/test/Makefile.am b/iocore/net/quic/test/Makefile.am
index 51c1c19..bbfdd7b 100644
--- a/iocore/net/quic/test/Makefile.am
+++ b/iocore/net/quic/test/Makefile.am
@@ -133,6 +133,7 @@ test_QUICFrame_SOURCES = \
   ../QUICPacket.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICCrypto.cc \
   $(QUICCrypto_impl) \
   ../QUICTypes.cc \
@@ -185,6 +186,7 @@ test_QUICFrameDispatcher_SOURCES = \
   $(QUICCrypto_impl) \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../../SSLNextProtocolSet.cc
 
 test_QUICFrameDispatcher_LDADD = \
@@ -306,6 +308,7 @@ test_QUICTransportParameters_SOURCES = \
   $(QUICCrypto_impl) \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICStream.cc \
   ../QUICIncomingFrameBuffer.cc \
   ../QUICStreamState.cc \
@@ -347,6 +350,7 @@ test_QUICKeyGenerator_SOURCES = \
   test_QUICKeyGenerator.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICTypes.cc
 
 #
@@ -372,6 +376,7 @@ test_QUICCrypto_SOURCES = \
   test_QUICCrypto.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICCrypto.cc \
   $(QUICCrypto_impl) \
   ../QUICCrypto.h \
@@ -437,6 +442,7 @@ test_QUICTypeUtil_SOURCES = \
   ../QUICPacket.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICCrypto.cc \
   $(QUICCrypto_impl) \
   ../QUICTypes.cc
@@ -472,6 +478,7 @@ test_QUICAckFrameCreator_SOURCES = \
   ../QUICDebugNames.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICCrypto.cc \
   $(QUICCrypto_impl) \
   ../../SSLNextProtocolSet.cc
@@ -503,6 +510,7 @@ test_QUICVersionNegotiator_SOURCES = \
   ../QUICPacket.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICCrypto.cc \
   $(QUICCrypto_impl) \
   ../QUICApplication.cc \
@@ -551,6 +559,7 @@ test_QUICFlowController_SOURCES = \
   ../QUICPacket.cc \
   ../QUICKeyGenerator.cc \
   $(QUICKeyGenerator_impl) \
+  ../QUICHKDF.cc \
   ../QUICCrypto.cc \
   $(QUICCrypto_impl) \
   ../QUICFrame.cc
diff --git a/lib/ts/HKDF.h b/lib/ts/HKDF.h
index 2905299..8bdf0b7 100644
--- a/lib/ts/HKDF.h
+++ b/lib/ts/HKDF.h
@@ -38,11 +38,7 @@ public:
   int expand(uint8_t *dst, size_t *dst_len, const uint8_t *prk, size_t prk_len, const uint8_t
*info, size_t info_len,
              uint16_t length);
 
-  // This function is technically a part of TLS 1.3
-  int expand_label(uint8_t *dst, size_t *dst_len, const uint8_t *secret, size_t secret_len,
const char *label, size_t label_len,
-                   const char *hash_value, size_t hash_value_len, uint16_t length);
-
-private:
+protected:
   const EVP_MD *_digest = nullptr;
   EVP_PKEY_CTX *_pctx   = nullptr;
 };
diff --git a/lib/ts/Makefile.am b/lib/ts/Makefile.am
index b6488a3..18ee5c1 100644
--- a/lib/ts/Makefile.am
+++ b/lib/ts/Makefile.am
@@ -212,7 +212,6 @@ HKDF_impl = HKDF_openssl.cc
 endif
 libtsutil_la_SOURCES += \
   HKDF.h \
-  HKDF.cc \
   $(HKDF_impl)
 endif
 

-- 
To stop receiving notification emails like this one, please contact
maskit@apache.org.

Mime
View raw message