diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-11-02 15:41:23 +0000 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-11-25 09:14:05 +0000 |
commit | 2db3fdb4578ca43624acda81b72bc02b08c8ce3a (patch) | |
tree | 3d40f719bf19513b793d05908222cffe81bcc779 /ssl/quic/quic_srt_gen.c | |
parent | 1da7c09f7987a227701b6324e56003a89e9febf2 (diff) |
QUIC SRT GEN: Add SRT generator
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
Diffstat (limited to 'ssl/quic/quic_srt_gen.c')
-rw-r--r-- | ssl/quic/quic_srt_gen.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/ssl/quic/quic_srt_gen.c b/ssl/quic/quic_srt_gen.c new file mode 100644 index 0000000000..e43a55b29e --- /dev/null +++ b/ssl/quic/quic_srt_gen.c @@ -0,0 +1,83 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include "internal/quic_srt_gen.h" +#include <openssl/core_names.h> +#include <openssl/evp.h> + +struct quic_srt_gen_st { + EVP_MAC *mac; + EVP_MAC_CTX *mac_ctx; +}; + +/* + * Simple HMAC-SHA256-based stateless reset token generator. + */ + +QUIC_SRT_GEN *ossl_quic_srt_gen_new(OSSL_LIB_CTX *libctx, const char *propq, + const unsigned char *key, size_t key_len) +{ + QUIC_SRT_GEN *srt_gen; + OSSL_PARAM params[3], *p = params; + + if ((srt_gen = OPENSSL_zalloc(sizeof(*srt_gen))) == NULL) + return NULL; + + if ((srt_gen->mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL) + goto err; + + if ((srt_gen->mac_ctx = EVP_MAC_CTX_new(srt_gen->mac)) == NULL) + goto err; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 7); + if (propq != NULL) + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, + (char *)propq, 0); + *p++ = OSSL_PARAM_construct_end(); + + if (!EVP_MAC_init(srt_gen->mac_ctx, key, key_len, params)) + goto err; + + return srt_gen; + +err: + ossl_quic_srt_gen_free(srt_gen); + return NULL; +} + +void ossl_quic_srt_gen_free(QUIC_SRT_GEN *srt_gen) +{ + if (srt_gen == NULL) + return; + + EVP_MAC_CTX_free(srt_gen->mac_ctx); + EVP_MAC_free(srt_gen->mac); + OPENSSL_free(srt_gen); +} + +int ossl_quic_srt_gen_calculate_token(QUIC_SRT_GEN *srt_gen, + const QUIC_CONN_ID *dcid, + QUIC_STATELESS_RESET_TOKEN *token) +{ + size_t outl = 0; + unsigned char mac[32]; + + if (!EVP_MAC_init(srt_gen->mac_ctx, NULL, 0, NULL)) + return 0; + + if (!EVP_MAC_update(srt_gen->mac_ctx, (const unsigned char *)dcid->id, + dcid->id_len)) + return 0; + + if (!EVP_MAC_final(srt_gen->mac_ctx, mac, &outl, sizeof(mac)) + || outl != sizeof(mac)) + return 0; + + memcpy(token, mac, sizeof(*token)); + return 1; +} |