MINOR: quic: Add a function to derive the key update secrets

This is the function used to derive an n+1th secret from the nth one as
described in RFC9001 par. 6.1.

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index bf23823dd5663a1c2c6432aadcf061322116b2bd..5a736110be75d750fd8844f22e16ece74bf914d7 100644 (file)
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -75,6 +75,10 @@ int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
                          unsigned char *hp_key, size_t hp_keylen,
                          const unsigned char *secret, size_t secretlen);
 
+int quic_tls_sec_update(const EVP_MD *md,
+                        unsigned char *new_sec, size_t new_seclen,
+                        const unsigned char *sec, size_t seclen);
+
 int quic_aead_iv_build(unsigned char *iv, size_t ivlen,
                        unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);
 

diff --git a/src/quic_tls.c b/src/quic_tls.c
index 491a1bcd7915f3c129157b756ab2f2a275375cd1..2e354430c86f9fcf73c3cc43d578ad661fb2c5c8 100644 (file)
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -261,6 +261,19 @@ int quic_tls_derive_initial_secrets(const EVP_MD *md,
        return 1;
 }
 
+/* Update <sec> secret key into <new_sec> according to RFC 9001 6.1.
+ * Always succeeds.
+ */
+int quic_tls_sec_update(const EVP_MD *md,
+                        unsigned char *new_sec, size_t new_seclen,
+                        const unsigned char *sec, size_t seclen)
+{
+       const unsigned char ku_label[] = "quic ku";
+
+       return quic_hkdf_expand_label(md, new_sec, new_seclen, sec, seclen,
+                                     ku_label, sizeof ku_label - 1);
+}
+
 /*
  * Build an IV into <iv> buffer with <ivlen> as size from <aead_iv> with
  * <aead_ivlen> as size depending on <pn> packet number.