trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mas...@apache.org
Subject [trafficserver] branch quic-latest updated: Use negotiated cipher suite
Date Sun, 18 Mar 2018 12:15:47 GMT
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/quic-latest by this push:
     new 5f04fd1  Use negotiated cipher suite
5f04fd1 is described below

commit 5f04fd1bc14d79e920c36ceb87d1615b855aacc8
Author: Masakazu Kitajo <maskit@apache.org>
AuthorDate: Sun Mar 18 21:13:46 2018 +0900

    Use negotiated cipher suite
    
    It was broken when we add 0rtt support because the logic checked whether
    handshake is complete.
---
 iocore/net/quic/QUICTLS.cc         | 16 +++-----
 iocore/net/quic/QUICTLS.h          | 22 +++++-----
 iocore/net/quic/QUICTLS_openssl.cc | 82 ++++++++++++++++++++++----------------
 3 files changed, 67 insertions(+), 53 deletions(-)

diff --git a/iocore/net/quic/QUICTLS.cc b/iocore/net/quic/QUICTLS.cc
index 46ac529..949a916 100644
--- a/iocore/net/quic/QUICTLS.cc
+++ b/iocore/net/quic/QUICTLS.cc
@@ -191,9 +191,6 @@ QUICTLS::initialize_key_materials(QUICConnectionId cid)
   }
   this->_server_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT);
 
-  // Update algorithm
-  this->_aead = _get_evp_aead();
-
   return 1;
 }
 
@@ -242,9 +239,6 @@ QUICTLS::update_key_materials()
   }
   this->_server_pp->set_key(std::move(km), next_key_phase);
 
-  // Update algorithm
-  this->_aead = _get_evp_aead();
-
   return 1;
 }
 
@@ -307,14 +301,15 @@ QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len,
con
     return false;
   }
 
-  size_t tag_len        = this->_get_aead_tag_len();
+  size_t tag_len        = this->_get_aead_tag_len(phase);
   const KeyMaterial *km = pp->get_key(phase);
   if (!km) {
     Debug(tag, "Failed to encrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
     return false;
   }
+  const EVP_CIPHER *aead = this->_get_evp_aead(phase);
 
-  bool ret = _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad,
ad_len, *km, tag_len);
+  bool ret = _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad,
ad_len, *km, aead, tag_len);
   if (!ret) {
     Debug(tag, "Failed to encrypt a packet: pkt_num=%" PRIu64, pkt_num);
   }
@@ -342,13 +337,14 @@ QUICTLS::decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len,
const
     return false;
   }
 
-  size_t tag_len        = this->_get_aead_tag_len();
+  size_t tag_len        = this->_get_aead_tag_len(phase);
   const KeyMaterial *km = pp->get_key(phase);
   if (!km) {
     Debug(tag, "Failed to decrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
     return false;
   }
-  bool ret = _decrypt(plain, plain_len, max_plain_len, cipher, cipher_len, pkt_num, ad, ad_len,
*km, tag_len);
+  const EVP_CIPHER *aead = this->_get_evp_aead(phase);
+  bool ret               = _decrypt(plain, plain_len, max_plain_len, cipher, cipher_len,
pkt_num, ad, ad_len, *km, aead, tag_len);
   if (!ret) {
     Debug(tag, "Failed to decrypt a packet: pkt_num=%" PRIu64, pkt_num);
   }
diff --git a/iocore/net/quic/QUICTLS.h b/iocore/net/quic/QUICTLS.h
index 4c6ebef..0cbf520 100644
--- a/iocore/net/quic/QUICTLS.h
+++ b/iocore/net/quic/QUICTLS.h
@@ -64,21 +64,25 @@ private:
 #ifdef OPENSSL_IS_BORINGSSL
   const EVP_AEAD *_get_evp_aead() const;
 #else
-  const EVP_CIPHER *_get_evp_aead() const;
+  const EVP_CIPHER *_get_evp_aead(QUICKeyPhase phase) const;
 #endif // OPENSSL_IS_BORINGSSL
-  size_t _get_aead_tag_len() const;
+  size_t _get_aead_tag_len(QUICKeyPhase phase) const;
 
+#ifdef OPENSSL_IS_BORINGSSL
   bool _encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t
*plain, size_t plain_len,
-                uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
size_t tag_len) const;
+                uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
const EVP_AEAD *aead,
+                size_t tag_len) const;
   bool _decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t
*cipher, size_t cipher_len, uint64_t pkt_num,
-                const uint8_t *ad, size_t ad_len, const KeyMaterial &km, size_t tag_len)
const;
-
-  SSL *_ssl = nullptr;
-#ifdef OPENSSL_IS_BORINGSSL
-  const EVP_AEAD *_aead = nullptr;
+                const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_AEAD
*aead, size_t tag_len) const;
 #else
-  const EVP_CIPHER *_aead = nullptr;
+  bool _encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t
*plain, size_t plain_len,
+                uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
const EVP_CIPHER *aead,
+                size_t tag_len) const;
+  bool _decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t
*cipher, size_t cipher_len, uint64_t pkt_num,
+                const uint8_t *ad, size_t ad_len, const KeyMaterial &km, const EVP_CIPHER
*aead, size_t tag_len) const;
 #endif // OPENSSL_IS_BORINGSSL
+
+  SSL *_ssl                              = nullptr;
   QUICPacketProtection *_client_pp       = nullptr;
   QUICPacketProtection *_server_pp       = nullptr;
   NetVConnectionContext_t _netvc_context = NET_VCONNECTION_UNSET;
diff --git a/iocore/net/quic/QUICTLS_openssl.cc b/iocore/net/quic/QUICTLS_openssl.cc
index 7dafc65..c92116a 100644
--- a/iocore/net/quic/QUICTLS_openssl.cc
+++ b/iocore/net/quic/QUICTLS_openssl.cc
@@ -31,54 +31,67 @@
 static constexpr char tag[] = "quic_tls";
 
 const EVP_CIPHER *
-QUICTLS::_get_evp_aead() const
+QUICTLS::_get_evp_aead(QUICKeyPhase phase) const
 {
-  if (this->is_handshake_finished()) {
-    switch (SSL_CIPHER_get_id(SSL_get_current_cipher(this->_ssl))) {
-    case TLS1_3_CK_AES_128_GCM_SHA256:
-      return EVP_aes_128_gcm();
-    case TLS1_3_CK_AES_256_GCM_SHA384:
-      return EVP_aes_256_gcm();
-    case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
-      return EVP_chacha20_poly1305();
-    case TLS1_3_CK_AES_128_CCM_SHA256:
-    case TLS1_3_CK_AES_128_CCM_8_SHA256:
-      return EVP_aes_128_ccm();
-    default:
+  if (phase == QUICKeyPhase::CLEARTEXT) {
+    return EVP_aes_128_gcm();
+  } else {
+    const SSL_CIPHER *cipher = SSL_get_current_cipher(this->_ssl);
+    if (cipher) {
+      switch (SSL_CIPHER_get_id(cipher)) {
+      case TLS1_3_CK_AES_128_GCM_SHA256:
+        return EVP_aes_128_gcm();
+      case TLS1_3_CK_AES_256_GCM_SHA384:
+        return EVP_aes_256_gcm();
+      case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
+        return EVP_chacha20_poly1305();
+      case TLS1_3_CK_AES_128_CCM_SHA256:
+      case TLS1_3_CK_AES_128_CCM_8_SHA256:
+        return EVP_aes_128_ccm();
+      default:
+        ink_assert(false);
+        return nullptr;
+      }
+    } else {
       ink_assert(false);
       return nullptr;
     }
-  } else {
-    return EVP_aes_128_gcm();
   }
 }
 
 size_t
-QUICTLS::_get_aead_tag_len() const
+QUICTLS::_get_aead_tag_len(QUICKeyPhase phase) const
 {
-  if (this->is_handshake_finished()) {
-    switch (SSL_CIPHER_get_id(SSL_get_current_cipher(this->_ssl))) {
-    case TLS1_3_CK_AES_128_GCM_SHA256:
-    case TLS1_3_CK_AES_256_GCM_SHA384:
-      return EVP_GCM_TLS_TAG_LEN;
-    case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
-      return EVP_CHACHAPOLY_TLS_TAG_LEN;
-    case TLS1_3_CK_AES_128_CCM_SHA256:
-      return EVP_CCM_TLS_TAG_LEN;
-    case TLS1_3_CK_AES_128_CCM_8_SHA256:
-      return EVP_CCM8_TLS_TAG_LEN;
-    default:
+  if (phase == QUICKeyPhase::CLEARTEXT) {
+    return EVP_GCM_TLS_TAG_LEN;
+  } else {
+    const SSL_CIPHER *cipher = SSL_get_current_cipher(this->_ssl);
+    if (cipher) {
+      switch (SSL_CIPHER_get_id(cipher)) {
+      case TLS1_3_CK_AES_128_GCM_SHA256:
+      case TLS1_3_CK_AES_256_GCM_SHA384:
+        return EVP_GCM_TLS_TAG_LEN;
+      case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
+        return EVP_CHACHAPOLY_TLS_TAG_LEN;
+      case TLS1_3_CK_AES_128_CCM_SHA256:
+        return EVP_CCM_TLS_TAG_LEN;
+      case TLS1_3_CK_AES_128_CCM_8_SHA256:
+        return EVP_CCM8_TLS_TAG_LEN;
+      default:
+        ink_assert(false);
+        return -1;
+      }
+    } else {
       ink_assert(false);
       return -1;
     }
-  } else {
-    return EVP_GCM_TLS_TAG_LEN;
   }
 }
 
 bool
 QUICTLS::_encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t
*plain, size_t plain_len,
-                  uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
size_t tag_len) const
+                  uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
const EVP_CIPHER *aead,
+                  size_t tag_len) const
 {
   uint8_t nonce[EVP_MAX_IV_LENGTH] = {0};
   size_t nonce_len                 = 0;
@@ -90,7 +103,7 @@ QUICTLS::_encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len,
co
   if (!(aead_ctx = EVP_CIPHER_CTX_new())) {
     return false;
   }
-  if (!EVP_EncryptInit_ex(aead_ctx, this->_aead, nullptr, nullptr, nullptr)) {
+  if (!EVP_EncryptInit_ex(aead_ctx, aead, nullptr, nullptr, nullptr)) {
     return false;
   }
   if (!EVP_CIPHER_CTX_ctrl(aead_ctx, EVP_CTRL_AEAD_SET_IVLEN, nonce_len, nullptr)) {
@@ -127,7 +140,8 @@ QUICTLS::_encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len,
co
 
 bool
 QUICTLS::_decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const uint8_t
*cipher, size_t cipher_len,
-                  uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
size_t tag_len) const
+                  uint64_t pkt_num, const uint8_t *ad, size_t ad_len, const KeyMaterial &km,
const EVP_CIPHER *aead,
+                  size_t tag_len) const
 {
   uint8_t nonce[EVP_MAX_IV_LENGTH] = {0};
   size_t nonce_len                 = 0;
@@ -139,7 +153,7 @@ QUICTLS::_decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len,
const
   if (!(aead_ctx = EVP_CIPHER_CTX_new())) {
     return false;
   }
-  if (!EVP_DecryptInit_ex(aead_ctx, this->_aead, nullptr, nullptr, nullptr)) {
+  if (!EVP_DecryptInit_ex(aead_ctx, aead, nullptr, nullptr, nullptr)) {
     return false;
   }
   if (!EVP_CIPHER_CTX_ctrl(aead_ctx, EVP_CTRL_AEAD_SET_IVLEN, nonce_len, nullptr)) {

-- 
To stop receiving notification emails like this one, please contact
maskit@apache.org.

Mime
View raw message