ssl/quic/quic_record_util.c

   1 /*
   2  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "internal/quic_record_util.h"
  11 #include "internal/quic_wire_pkt.h"
  12 #include <openssl/kdf.h>
  13 #include <openssl/core_names.h>
  14
  15 /*
  16  * QUIC Key Derivation Utilities
  17  * =============================
  18  */
  19 int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx,
  20                            const char *propq,
  21                            const EVP_MD *md,
  22                            const unsigned char *salt, size_t salt_len,
  23                            const unsigned char *ikm, size_t ikm_len,
  24                            unsigned char *out, size_t out_len)
  25 {
  26     int ret = 0;
  27     EVP_KDF *kdf = NULL;
  28     EVP_KDF_CTX *kctx = NULL;
  29     OSSL_PARAM params[7], *p = params;
  30     int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
  31     const char *md_name;
  32
  33     if ((md_name = EVP_MD_get0_name(md)) == NULL
  34         || (kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_HKDF, propq)) == NULL
  35         || (kctx = EVP_KDF_CTX_new(kdf)) == NULL)
  36         goto err;
  37
  38     *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
  39     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
  40                                             (char *)md_name, 0);
  41     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
  42                                              (unsigned char *)salt, salt_len);
  43     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
  44                                              (unsigned char *)ikm, ikm_len);
  45     *p++ = OSSL_PARAM_construct_end();
  46
  47     ret = EVP_KDF_derive(kctx, out, out_len, params);
  48
  49 err:
  50     EVP_KDF_CTX_free(kctx);
  51     EVP_KDF_free(kdf);
  52     return ret;
  53 }
  54
  55 /*
  56  * QUIC Record Layer Ciphersuite Info
  57  * ==================================
  58  */
  59
  60 struct suite_info {
  61     const char *cipher_name, *md_name;
  62     uint32_t secret_len, cipher_key_len, cipher_iv_len, cipher_tag_len;
  63     uint32_t hdr_prot_key_len, hdr_prot_cipher_id;
  64 };
  65
  66 static const struct suite_info suite_aes128gcm = {
  67     "AES-128-GCM", "SHA256", 32, 16, 12, 16, 16,
  68     QUIC_HDR_PROT_CIPHER_AES_128
  69 };
  70
  71 static const struct suite_info suite_aes256gcm = {
  72     "AES-256-GCM", "SHA384", 48, 32, 12, 16, 32,
  73     QUIC_HDR_PROT_CIPHER_AES_256
  74 };
  75
  76 static const struct suite_info suite_chacha20poly1305 = {
  77     "ChaCha20-Poly1305", "SHA256", 32, 32, 12, 16, 32,
  78     QUIC_HDR_PROT_CIPHER_CHACHA
  79 };
  80
  81 static const struct suite_info *get_suite(uint32_t suite_id)
  82 {
  83     switch (suite_id) {
  84         case QRL_SUITE_AES128GCM:
  85             return &suite_aes128gcm;
  86         case QRL_SUITE_AES256GCM:
  87             return &suite_aes256gcm;
  88         case QRL_SUITE_CHACHA20POLY1305:
  89             return &suite_chacha20poly1305;
  90         default:
  91             return NULL;
  92     }
  93 }
  94
  95 const char *ossl_qrl_get_suite_cipher_name(uint32_t suite_id)
  96 {
  97     const struct suite_info *c = get_suite(suite_id);
  98     return c != NULL ? c->cipher_name : NULL;
  99 }
 100
 101 const char *ossl_qrl_get_suite_md_name(uint32_t suite_id)
 102 {
 103     const struct suite_info *c = get_suite(suite_id);
 104     return c != NULL ? c->md_name : NULL;
 105 }
 106
 107 uint32_t ossl_qrl_get_suite_secret_len(uint32_t suite_id)
 108 {
 109     const struct suite_info *c = get_suite(suite_id);
 110     return c != NULL ? c->secret_len : 0;
 111 }
 112
 113 uint32_t ossl_qrl_get_suite_cipher_key_len(uint32_t suite_id)
 114 {
 115     const struct suite_info *c = get_suite(suite_id);
 116     return c != NULL ? c->cipher_key_len : 0;
 117 }
 118
 119 uint32_t ossl_qrl_get_suite_cipher_iv_len(uint32_t suite_id)
 120 {
 121     const struct suite_info *c = get_suite(suite_id);
 122     return c != NULL ? c->cipher_iv_len : 0;
 123 }
 124
 125 uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id)
 126 {
 127     const struct suite_info *c = get_suite(suite_id);
 128     return c != NULL ? c->cipher_tag_len : 0;
 129 }
 130
 131 uint32_t ossl_qrl_get_suite_hdr_prot_cipher_id(uint32_t suite_id)
 132 {
 133     const struct suite_info *c = get_suite(suite_id);
 134     return c != NULL ? c->hdr_prot_cipher_id : 0;
 135 }
 136
 137 uint32_t ossl_qrl_get_suite_hdr_prot_key_len(uint32_t suite_id)
 138 {
 139     const struct suite_info *c = get_suite(suite_id);
 140     return c != NULL ? c->hdr_prot_key_len : 0;
 141 }