Compile with the latest ngtcp2
This commit is contained in:
parent
a2e2e46af3
commit
39b1a51ff4
|
@ -471,8 +471,8 @@ int handshake_completed(ngtcp2_conn *conn, void *user_data) {
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
int Http3Upstream::handshake_completed() {
|
int Http3Upstream::handshake_completed() {
|
||||||
std::array<uint8_t, SHRPX_QUIC_MAX_TOKENLEN> token;
|
std::array<uint8_t, NGTCP2_CRYPTO_MAX_REGULAR_TOKENLEN> token;
|
||||||
size_t tokenlen = token.size();
|
size_t tokenlen;
|
||||||
|
|
||||||
auto path = ngtcp2_conn_get_path(conn_);
|
auto path = ngtcp2_conn_get_path(conn_);
|
||||||
auto worker = handler_->get_worker();
|
auto worker = handler_->get_worker();
|
||||||
|
|
|
@ -173,11 +173,8 @@ int generate_quic_connection_id(ngtcp2_cid *cid, size_t cidlen,
|
||||||
int generate_quic_stateless_reset_token(uint8_t *token, const ngtcp2_cid *cid,
|
int generate_quic_stateless_reset_token(uint8_t *token, const ngtcp2_cid *cid,
|
||||||
const uint8_t *secret,
|
const uint8_t *secret,
|
||||||
size_t secretlen) {
|
size_t secretlen) {
|
||||||
ngtcp2_crypto_md md;
|
if (ngtcp2_crypto_generate_stateless_reset_token(token, secret, secretlen,
|
||||||
ngtcp2_crypto_md_init(&md, const_cast<EVP_MD *>(EVP_sha256()));
|
cid) != 0) {
|
||||||
|
|
||||||
if (ngtcp2_crypto_generate_stateless_reset_token(token, &md, secret,
|
|
||||||
secretlen, cid) != 0) {
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -200,117 +197,21 @@ int generate_quic_token_secret(uint8_t *secret) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace {
|
|
||||||
int derive_token_key(uint8_t *key, size_t &keylen, uint8_t *iv, size_t &ivlen,
|
|
||||||
const uint8_t *token_secret, const uint8_t *rand_data,
|
|
||||||
size_t rand_datalen, const ngtcp2_crypto_aead *aead,
|
|
||||||
const ngtcp2_crypto_md *md) {
|
|
||||||
std::array<uint8_t, 32> secret;
|
|
||||||
|
|
||||||
if (ngtcp2_crypto_hkdf_extract(secret.data(), md, token_secret,
|
|
||||||
SHRPX_QUIC_TOKEN_SECRETLEN, rand_data,
|
|
||||||
rand_datalen) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto aead_keylen = ngtcp2_crypto_aead_keylen(aead);
|
|
||||||
if (keylen < aead_keylen) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
keylen = aead_keylen;
|
|
||||||
|
|
||||||
auto aead_ivlen = ngtcp2_crypto_packet_protection_ivlen(aead);
|
|
||||||
if (ivlen < aead_ivlen) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ivlen = aead_ivlen;
|
|
||||||
|
|
||||||
if (ngtcp2_crypto_derive_packet_protection_key(
|
|
||||||
key, iv, nullptr, aead, md, secret.data(), secret.size()) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
} // namespace
|
|
||||||
|
|
||||||
namespace {
|
|
||||||
size_t generate_retry_token_aad(uint8_t *dest, size_t destlen,
|
|
||||||
const sockaddr *sa, socklen_t salen,
|
|
||||||
const ngtcp2_cid *retry_scid) {
|
|
||||||
assert(destlen >= salen + retry_scid->datalen);
|
|
||||||
|
|
||||||
auto p = std::copy_n(reinterpret_cast<const uint8_t *>(sa), salen, dest);
|
|
||||||
p = std::copy_n(retry_scid->data, retry_scid->datalen, p);
|
|
||||||
|
|
||||||
return p - dest;
|
|
||||||
}
|
|
||||||
} // namespace
|
|
||||||
|
|
||||||
int generate_retry_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
|
int generate_retry_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
|
||||||
socklen_t salen, const ngtcp2_cid *retry_scid,
|
socklen_t salen, const ngtcp2_cid *retry_scid,
|
||||||
const ngtcp2_cid *odcid, const uint8_t *token_secret) {
|
const ngtcp2_cid *odcid, const uint8_t *token_secret) {
|
||||||
std::array<uint8_t, 4096> plaintext;
|
auto t = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
||||||
|
std::chrono::system_clock::now().time_since_epoch())
|
||||||
|
.count();
|
||||||
|
|
||||||
uint64_t t = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
auto stokenlen = ngtcp2_crypto_generate_retry_token(
|
||||||
std::chrono::system_clock::now().time_since_epoch())
|
token, token_secret, SHRPX_QUIC_TOKEN_SECRETLEN, sa, salen, retry_scid,
|
||||||
.count();
|
odcid, t);
|
||||||
|
if (stokenlen < 0) {
|
||||||
auto p = std::begin(plaintext);
|
|
||||||
// Host byte order
|
|
||||||
p = std::copy_n(reinterpret_cast<uint8_t *>(&t), sizeof(t), p);
|
|
||||||
p = std::copy_n(odcid->data, odcid->datalen, p);
|
|
||||||
|
|
||||||
std::array<uint8_t, SHRPX_QUIC_TOKEN_RAND_DATALEN> rand_data;
|
|
||||||
std::array<uint8_t, 32> key, iv;
|
|
||||||
auto keylen = key.size();
|
|
||||||
auto ivlen = iv.size();
|
|
||||||
|
|
||||||
if (RAND_bytes(rand_data.data(), rand_data.size()) != 1) {
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ngtcp2_crypto_aead aead;
|
tokenlen = stokenlen;
|
||||||
ngtcp2_crypto_aead_init(&aead, const_cast<EVP_CIPHER *>(EVP_aes_128_gcm()));
|
|
||||||
|
|
||||||
ngtcp2_crypto_md md;
|
|
||||||
ngtcp2_crypto_md_init(&md, const_cast<EVP_MD *>(EVP_sha256()));
|
|
||||||
|
|
||||||
if (derive_token_key(key.data(), keylen, iv.data(), ivlen, token_secret,
|
|
||||||
rand_data.data(), rand_data.size(), &aead, &md) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto plaintextlen = std::distance(std::begin(plaintext), p);
|
|
||||||
|
|
||||||
std::array<uint8_t, 256> aad;
|
|
||||||
auto aadlen =
|
|
||||||
generate_retry_token_aad(aad.data(), aad.size(), sa, salen, retry_scid);
|
|
||||||
|
|
||||||
token[0] = SHRPX_QUIC_RETRY_TOKEN_MAGIC;
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx aead_ctx;
|
|
||||||
if (ngtcp2_crypto_aead_ctx_encrypt_init(&aead_ctx, &aead, key.data(),
|
|
||||||
ivlen) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto rv =
|
|
||||||
ngtcp2_crypto_encrypt(token + 1, &aead, &aead_ctx, plaintext.data(),
|
|
||||||
plaintextlen, iv.data(), ivlen, aad.data(), aadlen);
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx_free(&aead_ctx);
|
|
||||||
|
|
||||||
if (rv != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* 1 for magic byte */
|
|
||||||
tokenlen = 1 + plaintextlen + aead.max_overhead;
|
|
||||||
memcpy(token + tokenlen, rand_data.data(), rand_data.size());
|
|
||||||
tokenlen += rand_data.size();
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -318,267 +219,46 @@ int generate_retry_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
|
||||||
int verify_retry_token(ngtcp2_cid *odcid, const uint8_t *token, size_t tokenlen,
|
int verify_retry_token(ngtcp2_cid *odcid, const uint8_t *token, size_t tokenlen,
|
||||||
const ngtcp2_cid *dcid, const sockaddr *sa,
|
const ngtcp2_cid *dcid, const sockaddr *sa,
|
||||||
socklen_t salen, const uint8_t *token_secret) {
|
socklen_t salen, const uint8_t *token_secret) {
|
||||||
std::array<char, NI_MAXHOST> host;
|
|
||||||
std::array<char, NI_MAXSERV> port;
|
|
||||||
|
|
||||||
if (getnameinfo(sa, salen, host.data(), host.size(), port.data(), port.size(),
|
auto t = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
||||||
NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
|
std::chrono::system_clock::now().time_since_epoch())
|
||||||
|
.count();
|
||||||
|
|
||||||
|
if (ngtcp2_crypto_verify_retry_token(odcid, token, tokenlen, token_secret,
|
||||||
|
SHRPX_QUIC_TOKEN_SECRETLEN, sa, salen,
|
||||||
|
dcid, 10 * NGTCP2_SECONDS, t) != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* 1 for SHRPX_QUIC_RETRY_TOKEN_MAGIC */
|
|
||||||
if (tokenlen < SHRPX_QUIC_TOKEN_RAND_DATALEN + 1) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (tokenlen > SHRPX_QUIC_MAX_RETRY_TOKENLEN) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert(token[0] == SHRPX_QUIC_RETRY_TOKEN_MAGIC);
|
|
||||||
|
|
||||||
auto rand_data = token + tokenlen - SHRPX_QUIC_TOKEN_RAND_DATALEN;
|
|
||||||
auto ciphertext = token + 1;
|
|
||||||
auto ciphertextlen = tokenlen - SHRPX_QUIC_TOKEN_RAND_DATALEN - 1;
|
|
||||||
|
|
||||||
std::array<uint8_t, 32> key, iv;
|
|
||||||
auto keylen = key.size();
|
|
||||||
auto ivlen = iv.size();
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead aead;
|
|
||||||
ngtcp2_crypto_aead_init(&aead, const_cast<EVP_CIPHER *>(EVP_aes_128_gcm()));
|
|
||||||
|
|
||||||
ngtcp2_crypto_md md;
|
|
||||||
ngtcp2_crypto_md_init(&md, const_cast<EVP_MD *>(EVP_sha256()));
|
|
||||||
|
|
||||||
if (derive_token_key(key.data(), keylen, iv.data(), ivlen, token_secret,
|
|
||||||
rand_data, SHRPX_QUIC_TOKEN_RAND_DATALEN, &aead,
|
|
||||||
&md) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
std::array<uint8_t, 256> aad;
|
|
||||||
auto aadlen =
|
|
||||||
generate_retry_token_aad(aad.data(), aad.size(), sa, salen, dcid);
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx aead_ctx;
|
|
||||||
if (ngtcp2_crypto_aead_ctx_decrypt_init(&aead_ctx, &aead, key.data(),
|
|
||||||
ivlen) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
std::array<uint8_t, SHRPX_QUIC_MAX_RETRY_TOKENLEN> plaintext;
|
|
||||||
|
|
||||||
auto rv = ngtcp2_crypto_decrypt(plaintext.data(), &aead, &aead_ctx,
|
|
||||||
ciphertext, ciphertextlen, iv.data(), ivlen,
|
|
||||||
aad.data(), aadlen);
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx_free(&aead_ctx);
|
|
||||||
|
|
||||||
if (rv != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert(ciphertextlen >= aead.max_overhead);
|
|
||||||
|
|
||||||
auto plaintextlen = ciphertextlen - aead.max_overhead;
|
|
||||||
if (plaintextlen < sizeof(uint64_t)) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto cil = plaintextlen - sizeof(uint64_t);
|
|
||||||
if (cil != 0 && (cil < NGTCP2_MIN_CIDLEN || cil > NGTCP2_MAX_CIDLEN)) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint64_t t;
|
|
||||||
memcpy(&t, plaintext.data(), sizeof(uint64_t));
|
|
||||||
|
|
||||||
uint64_t now = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
|
||||||
std::chrono::system_clock::now().time_since_epoch())
|
|
||||||
.count();
|
|
||||||
|
|
||||||
// Allow 10 seconds window
|
|
||||||
if (t + 10ULL * NGTCP2_SECONDS < now) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ngtcp2_cid_init(odcid, plaintext.data() + sizeof(uint64_t), cil);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace {
|
|
||||||
size_t generate_token_aad(uint8_t *dest, size_t destlen, const sockaddr *sa,
|
|
||||||
size_t salen) {
|
|
||||||
const uint8_t *addr;
|
|
||||||
size_t addrlen;
|
|
||||||
|
|
||||||
switch (sa->sa_family) {
|
|
||||||
case AF_INET:
|
|
||||||
addr = reinterpret_cast<const uint8_t *>(
|
|
||||||
&reinterpret_cast<const sockaddr_in *>(sa)->sin_addr);
|
|
||||||
addrlen = sizeof(reinterpret_cast<const sockaddr_in *>(sa)->sin_addr);
|
|
||||||
break;
|
|
||||||
case AF_INET6:
|
|
||||||
addr = reinterpret_cast<const uint8_t *>(
|
|
||||||
&reinterpret_cast<const sockaddr_in6 *>(sa)->sin6_addr);
|
|
||||||
addrlen = sizeof(reinterpret_cast<const sockaddr_in6 *>(sa)->sin6_addr);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert(destlen >= addrlen);
|
|
||||||
|
|
||||||
return std::copy_n(addr, addrlen, dest) - dest;
|
|
||||||
}
|
|
||||||
} // namespace
|
|
||||||
|
|
||||||
int generate_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
|
int generate_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
|
||||||
size_t salen, const uint8_t *token_secret) {
|
size_t salen, const uint8_t *token_secret) {
|
||||||
std::array<uint8_t, 8> plaintext;
|
auto t = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
||||||
|
std::chrono::system_clock::now().time_since_epoch())
|
||||||
|
.count();
|
||||||
|
|
||||||
uint64_t t = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
auto stokenlen = ngtcp2_crypto_generate_regular_token(
|
||||||
std::chrono::system_clock::now().time_since_epoch())
|
token, token_secret, SHRPX_QUIC_TOKEN_SECRETLEN, sa, salen, t);
|
||||||
.count();
|
if (stokenlen < 0) {
|
||||||
|
|
||||||
std::array<uint8_t, 256> aad;
|
|
||||||
auto aadlen = generate_token_aad(aad.data(), aad.size(), sa, salen);
|
|
||||||
if (aadlen == 0) {
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
auto p = std::begin(plaintext);
|
tokenlen = stokenlen;
|
||||||
// Host byte order
|
|
||||||
p = std::copy_n(reinterpret_cast<uint8_t *>(&t), sizeof(t), p);
|
|
||||||
|
|
||||||
std::array<uint8_t, SHRPX_QUIC_TOKEN_RAND_DATALEN> rand_data;
|
|
||||||
std::array<uint8_t, 32> key, iv;
|
|
||||||
auto keylen = key.size();
|
|
||||||
auto ivlen = iv.size();
|
|
||||||
|
|
||||||
if (RAND_bytes(rand_data.data(), rand_data.size()) != 1) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead aead;
|
|
||||||
ngtcp2_crypto_aead_init(&aead, const_cast<EVP_CIPHER *>(EVP_aes_128_gcm()));
|
|
||||||
|
|
||||||
ngtcp2_crypto_md md;
|
|
||||||
ngtcp2_crypto_md_init(&md, const_cast<EVP_MD *>(EVP_sha256()));
|
|
||||||
|
|
||||||
if (derive_token_key(key.data(), keylen, iv.data(), ivlen, token_secret,
|
|
||||||
rand_data.data(), rand_data.size(), &aead, &md) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto plaintextlen = std::distance(std::begin(plaintext), p);
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx aead_ctx;
|
|
||||||
if (ngtcp2_crypto_aead_ctx_encrypt_init(&aead_ctx, &aead, key.data(),
|
|
||||||
ivlen) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
token[0] = SHRPX_QUIC_TOKEN_MAGIC;
|
|
||||||
auto rv =
|
|
||||||
ngtcp2_crypto_encrypt(token + 1, &aead, &aead_ctx, plaintext.data(),
|
|
||||||
plaintextlen, iv.data(), ivlen, aad.data(), aadlen);
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx_free(&aead_ctx);
|
|
||||||
|
|
||||||
if (rv != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* 1 for magic byte */
|
|
||||||
tokenlen = 1 + plaintextlen + aead.max_overhead;
|
|
||||||
memcpy(token + tokenlen, rand_data.data(), rand_data.size());
|
|
||||||
tokenlen += rand_data.size();
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int verify_token(const uint8_t *token, size_t tokenlen, const sockaddr *sa,
|
int verify_token(const uint8_t *token, size_t tokenlen, const sockaddr *sa,
|
||||||
socklen_t salen, const uint8_t *token_secret) {
|
socklen_t salen, const uint8_t *token_secret) {
|
||||||
std::array<char, NI_MAXHOST> host;
|
auto t = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
||||||
std::array<char, NI_MAXSERV> port;
|
std::chrono::system_clock::now().time_since_epoch())
|
||||||
|
.count();
|
||||||
|
|
||||||
if (getnameinfo(sa, salen, host.data(), host.size(), port.data(), port.size(),
|
if (ngtcp2_crypto_verify_regular_token(token, tokenlen, token_secret,
|
||||||
NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
|
SHRPX_QUIC_TOKEN_SECRETLEN, sa, salen,
|
||||||
return -1;
|
3600 * NGTCP2_SECONDS, t) != 0) {
|
||||||
}
|
|
||||||
|
|
||||||
/* 1 for TOKEN_MAGIC */
|
|
||||||
if (tokenlen < SHRPX_QUIC_TOKEN_RAND_DATALEN + 1) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (tokenlen > SHRPX_QUIC_MAX_TOKENLEN) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert(token[0] == SHRPX_QUIC_TOKEN_MAGIC);
|
|
||||||
|
|
||||||
std::array<uint8_t, 256> aad;
|
|
||||||
auto aadlen = generate_token_aad(aad.data(), aad.size(), sa, salen);
|
|
||||||
if (aadlen == 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto rand_data = token + tokenlen - SHRPX_QUIC_TOKEN_RAND_DATALEN;
|
|
||||||
auto ciphertext = token + 1;
|
|
||||||
auto ciphertextlen = tokenlen - SHRPX_QUIC_TOKEN_RAND_DATALEN - 1;
|
|
||||||
|
|
||||||
std::array<uint8_t, 32> key, iv;
|
|
||||||
auto keylen = key.size();
|
|
||||||
auto ivlen = iv.size();
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead aead;
|
|
||||||
ngtcp2_crypto_aead_init(&aead, const_cast<EVP_CIPHER *>(EVP_aes_128_gcm()));
|
|
||||||
|
|
||||||
ngtcp2_crypto_md md;
|
|
||||||
ngtcp2_crypto_md_init(&md, const_cast<EVP_MD *>(EVP_sha256()));
|
|
||||||
|
|
||||||
if (derive_token_key(key.data(), keylen, iv.data(), ivlen, token_secret,
|
|
||||||
rand_data, SHRPX_QUIC_TOKEN_RAND_DATALEN, &aead,
|
|
||||||
&md) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx aead_ctx;
|
|
||||||
if (ngtcp2_crypto_aead_ctx_decrypt_init(&aead_ctx, &aead, key.data(),
|
|
||||||
ivlen) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
std::array<uint8_t, SHRPX_QUIC_MAX_TOKENLEN> plaintext;
|
|
||||||
|
|
||||||
auto rv = ngtcp2_crypto_decrypt(plaintext.data(), &aead, &aead_ctx,
|
|
||||||
ciphertext, ciphertextlen, iv.data(), ivlen,
|
|
||||||
aad.data(), aadlen);
|
|
||||||
|
|
||||||
ngtcp2_crypto_aead_ctx_free(&aead_ctx);
|
|
||||||
|
|
||||||
if (rv != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert(ciphertextlen >= aead.max_overhead);
|
|
||||||
|
|
||||||
auto plaintextlen = ciphertextlen - aead.max_overhead;
|
|
||||||
if (plaintextlen != sizeof(uint64_t)) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint64_t t;
|
|
||||||
memcpy(&t, plaintext.data(), sizeof(uint64_t));
|
|
||||||
|
|
||||||
uint64_t now = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
|
||||||
std::chrono::system_clock::now().time_since_epoch())
|
|
||||||
.count();
|
|
||||||
|
|
||||||
// Allow 1 hour window
|
|
||||||
if (t + 3600ULL * NGTCP2_SECONDS < now) {
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -62,24 +62,9 @@ constexpr size_t SHRPX_QUIC_CID_PREFIXLEN = 8;
|
||||||
constexpr size_t SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE = 1472;
|
constexpr size_t SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE = 1472;
|
||||||
constexpr size_t SHRPX_QUIC_STATELESS_RESET_SECRETLEN = 32;
|
constexpr size_t SHRPX_QUIC_STATELESS_RESET_SECRETLEN = 32;
|
||||||
constexpr size_t SHRPX_QUIC_TOKEN_SECRETLEN = 32;
|
constexpr size_t SHRPX_QUIC_TOKEN_SECRETLEN = 32;
|
||||||
constexpr size_t SHRPX_QUIC_TOKEN_RAND_DATALEN = 16;
|
|
||||||
constexpr size_t SHRPX_QUIC_CONN_CLOSE_PKTLEN = 256;
|
constexpr size_t SHRPX_QUIC_CONN_CLOSE_PKTLEN = 256;
|
||||||
constexpr size_t SHRPX_QUIC_STATELESS_RESET_BURST = 100;
|
constexpr size_t SHRPX_QUIC_STATELESS_RESET_BURST = 100;
|
||||||
|
|
||||||
// SHRPX_QUIC_RETRY_TOKEN_MAGIC is the magic byte of Retry token.
|
|
||||||
// Sent in plaintext.
|
|
||||||
constexpr uint8_t SHRPX_QUIC_RETRY_TOKEN_MAGIC = 0xb6;
|
|
||||||
constexpr size_t SHRPX_QUIC_MAX_RETRY_TOKENLEN =
|
|
||||||
/* magic */ 1 + sizeof(uint64_t) + NGTCP2_MAX_CIDLEN +
|
|
||||||
/* aead tag */ 16 + SHRPX_QUIC_TOKEN_RAND_DATALEN;
|
|
||||||
|
|
||||||
// SHRPX_QUIC_TOKEN_MAGIC is the magic byte of token which is sent in
|
|
||||||
// NEW_TOKEN frame. Sent in plaintext.
|
|
||||||
constexpr uint8_t SHRPX_QUIC_TOKEN_MAGIC = 0x36;
|
|
||||||
constexpr size_t SHRPX_QUIC_MAX_TOKENLEN =
|
|
||||||
/* magic */ 1 + sizeof(uint64_t) + /* aead tag */ 16 +
|
|
||||||
SHRPX_QUIC_TOKEN_RAND_DATALEN;
|
|
||||||
|
|
||||||
ngtcp2_tstamp quic_timestamp();
|
ngtcp2_tstamp quic_timestamp();
|
||||||
|
|
||||||
int quic_send_packet(const UpstreamAddr *faddr, const sockaddr *remote_sa,
|
int quic_send_packet(const UpstreamAddr *faddr, const sockaddr *remote_sa,
|
||||||
|
|
|
@ -152,7 +152,7 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
|
||||||
auto &secret = quic_secret->token_secret;
|
auto &secret = quic_secret->token_secret;
|
||||||
|
|
||||||
switch (hd.token.base[0]) {
|
switch (hd.token.base[0]) {
|
||||||
case SHRPX_QUIC_RETRY_TOKEN_MAGIC:
|
case NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY:
|
||||||
if (verify_retry_token(&odcid, hd.token.base, hd.token.len, &hd.dcid,
|
if (verify_retry_token(&odcid, hd.token.base, hd.token.len, &hd.dcid,
|
||||||
&remote_addr.su.sa, remote_addr.len,
|
&remote_addr.su.sa, remote_addr.len,
|
||||||
secret.data()) != 0) {
|
secret.data()) != 0) {
|
||||||
|
@ -178,7 +178,7 @@ int QUICConnectionHandler::handle_packet(const UpstreamAddr *faddr,
|
||||||
tokenlen = hd.token.len;
|
tokenlen = hd.token.len;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case SHRPX_QUIC_TOKEN_MAGIC:
|
case NGTCP2_CRYPTO_TOKEN_MAGIC_REGULAR:
|
||||||
if (verify_token(hd.token.base, hd.token.len, &remote_addr.su.sa,
|
if (verify_token(hd.token.base, hd.token.len, &remote_addr.su.sa,
|
||||||
remote_addr.len, secret.data()) != 0) {
|
remote_addr.len, secret.data()) != 0) {
|
||||||
if (LOG_ENABLED(INFO)) {
|
if (LOG_ENABLED(INFO)) {
|
||||||
|
@ -356,8 +356,8 @@ int QUICConnectionHandler::send_retry(
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::array<uint8_t, SHRPX_QUIC_MAX_RETRY_TOKENLEN> token;
|
std::array<uint8_t, NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN> token;
|
||||||
size_t tokenlen = token.size();
|
size_t tokenlen;
|
||||||
|
|
||||||
ngtcp2_cid idcid, iscid;
|
ngtcp2_cid idcid, iscid;
|
||||||
ngtcp2_cid_init(&idcid, ini_dcid, ini_dcidlen);
|
ngtcp2_cid_init(&idcid, ini_dcid, ini_dcidlen);
|
||||||
|
|
Loading…
Reference in New Issue