deps: update ngtcp2

PR-URL: nodejs#138 Reviewed-By: Anna Henningsen <[email protected]>
juanarbol · Dec 17, 2019 · 137c587 · 137c587
1 parent 309b487
commit 137c587
Show file tree

Hide file tree

Showing 16 changed files with 857 additions and 667 deletions.
diff --git a/deps/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h b/deps/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h
@@ -148,6 +148,26 @@ typedef enum ngtcp2_crypto_side {
   NGTCP2_CRYPTO_SIDE_SERVER
 } ngtcp2_crypto_side;
 
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_derive_initial_secrets` derives initial secrets.
+ * |rx_secret| and |tx_secret| must point to the buffer of at least 32
+ * bytes capacity.  rx for read and tx for write.  This function
+ * writes rx and tx secrets into |rx_secret| and |tx_secret|
+ * respectively.  The length of secret is 32 bytes long.
+ * |client_dcid| is the destination connection ID in first Initial
+ * packet of client.  If |initial_secret| is not NULL, the initial
+ * secret is written to it.  It must point to the buffer which has at
+ * least 32 bytes capacity.  The initial secret is 32 bytes long.
+ * |side| specifies the side of application.
+ *
+ * This function returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int ngtcp2_crypto_derive_initial_secrets(
+    uint8_t *rx_secret, uint8_t *tx_secret, uint8_t *initial_secret,
+    const ngtcp2_cid *client_dcid, ngtcp2_crypto_side side);
+
 /**
  * @function
  *
@@ -281,6 +301,20 @@ NGTCP2_EXTERN int ngtcp2_crypto_hp_mask_cb(ngtcp2_conn *conn, uint8_t *dest,
                                            const uint8_t *sample,
                                            void *user_data);
 
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_update_traffic_secret` derives the next generation
+ * of the traffic secret.  |secret| specifies the current secret and
+ * its length is given in |secretlen|.  The length of new key is the
+ * same as the current key.  This function writes new key into the
+ * buffer pointed by |dest|.  |dest| must have the enough capacity to
+ * store the new key.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_update_traffic_secret(uint8_t *dest, const ngtcp2_crypto_md *md,
+                                    const uint8_t *secret, size_t secretlen);
+
 /**
  * @function
  *
@@ -392,7 +426,8 @@ NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_initial_key(
 /**
  * @function
  *
- * `ngtcp2_crypto_update_key` updates traffic keying materials.
+ * `ngtcp2_crypto_update_and_install_key` updates traffic keying
+ * materials and installs keys to |conn|.
  *
  * The new traffic secret for decryption is written to the buffer
  * pointed by |rx_secret|.  The length of secret is |secretlen| bytes,
@@ -402,13 +437,19 @@ NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_initial_key(
  * pointed by |tx_secret|.  The length of secret is |secretlen| bytes,
  * and |tx_secret| must point to the buffer which has enough capacity.
  *
- * The derived packet protection key for decryption is written to the
- * buffer pointed by |rx_key|.  The derived packet protection IV for
- * decryption is written to the buffer pointed by |rx_iv|.
+ * If |rx_key| is not NULL, the derived packet protection key for
+ * decryption is written to the buffer pointed by |rx_key|.  If
+ * |rx_iv| is not NULL, the derived packet protection IV for
+ * decryption is written to the buffer pointed by |rx_iv|.  If |rx_hp|
+ * is not NULL, the derived header protection key for decryption is
+ * written to the buffer pointed by |rx_hp|.
  *
- * The derived packet protection key for encryption is written to the
- * buffer pointed by |tx_key|.  The derived packet protection IV for
- * encryption is written to the buffer pointed by |tx_iv|.
+ * If |tx_key| is not NULL, the derived packet protection key for
+ * encryption is written to the buffer pointed by |tx_key|.  If
+ * |tx_iv| is not NULL, the derived packet protection IV for
+ * encryption is written to the buffer pointed by |tx_iv|.  If |tx_hp|
+ * is not NULL, the derived header protection key for encryption is
+ * written to the buffer pointed by |tx_hp|.
  *
  * |current_rx_secret| and |current_tx_secret| are the current traffic
  * secrets for decryption and encryption.  |secretlen| specifies the
@@ -421,12 +462,11 @@ NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_initial_key(
  *
  * This function returns 0 if it succeeds, or -1.
  */
-NGTCP2_EXTERN int
-ngtcp2_crypto_update_key(ngtcp2_conn *conn, uint8_t *rx_secret,
-                         uint8_t *tx_secret, uint8_t *rx_key, uint8_t *rx_iv,
-                         uint8_t *tx_key, uint8_t *tx_iv,
-                         const uint8_t *current_rx_secret,
-                         const uint8_t *current_tx_secret, size_t secretlen);
+NGTCP2_EXTERN int ngtcp2_crypto_update_and_install_key(
+    ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret, uint8_t *rx_key,
+    uint8_t *rx_iv, uint8_t *tx_key, uint8_t *tx_iv,
+    const uint8_t *current_rx_secret, const uint8_t *current_tx_secret,
+    size_t secretlen);
 
 /**
  * @function
@@ -442,11 +482,7 @@ ngtcp2_crypto_update_key(ngtcp2_conn *conn, uint8_t *rx_secret,
  * libngtcp2_crypto_openssl is linked, |tls| must be a pointer to SSL
  * object.
  *
- * This function returns 0 if it succeeds, or a negative error code.
- * The generic error code is -1 if a specific error code is not
- * suitable.  The error codes less than -10000 are specific to
- * underlying TLS implementation.  For OpenSSL, the error codes are
- * defined in ngtcp2_crypto_openssl.h.
+ * This function returns 0 if it succeeds, or -1.
  */
 NGTCP2_EXTERN int
 ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, void *tls,

diff --git a/deps/ngtcp2/crypto/openssl/openssl.c b/deps/ngtcp2/crypto/openssl/openssl.c
@@ -29,7 +29,6 @@
 #include <assert.h>
 
 #include <ngtcp2/ngtcp2_crypto.h>
-#include <ngtcp2/ngtcp2_crypto_openssl.h>
 
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
@@ -319,10 +318,6 @@ int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, void *tls,
       case SSL_ERROR_WANT_READ:
       case SSL_ERROR_WANT_WRITE:
         return 0;
-      case SSL_ERROR_WANT_CLIENT_HELLO_CB:
-        return NGTCP2_CRYPTO_ERR_TLS_WANT_CLIENT_HELLO_CB;
-      case SSL_ERROR_WANT_X509_LOOKUP:
-        return NGTCP2_CRYPTO_ERR_TLS_WANT_X509_LOOKUP;
       case SSL_ERROR_SSL:
         return -1;
       default:

diff --git a/deps/ngtcp2/crypto/shared.c b/deps/ngtcp2/crypto/shared.c
@@ -22,7 +22,11 @@
  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
-#include "shared.h"
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <ngtcp2/ngtcp2_crypto.h>
 
 #include <string.h>
 
@@ -135,7 +139,7 @@ int ngtcp2_crypto_update_traffic_secret(uint8_t *dest,
                                         const ngtcp2_crypto_md *md,
                                         const uint8_t *secret,
                                         size_t secretlen) {
-  static const uint8_t LABEL[] = "quic ku";
+  static const uint8_t LABEL[] = "traffic upd";
 
   if (ngtcp2_crypto_hkdf_expand_label(dest, secretlen, md, secret, secretlen,
                                       LABEL, sizeof(LABEL) - 1) != 0) {
@@ -325,15 +329,40 @@ int ngtcp2_crypto_derive_and_install_initial_key(
   return 0;
 }
 
-int ngtcp2_crypto_update_key(ngtcp2_conn *conn, uint8_t *rx_secret,
-                             uint8_t *tx_secret, uint8_t *rx_key,
-                             uint8_t *rx_iv, uint8_t *tx_key, uint8_t *tx_iv,
-                             const uint8_t *current_rx_secret,
-                             const uint8_t *current_tx_secret,
-                             size_t secretlen) {
-  const ngtcp2_crypto_ctx *ctx = ngtcp2_conn_get_crypto_ctx(conn);
-  const ngtcp2_crypto_aead *aead = &ctx->aead;
-  const ngtcp2_crypto_md *md = &ctx->md;
+int ngtcp2_crypto_update_and_install_key(ngtcp2_conn *conn, uint8_t *rx_secret,
+                                         uint8_t *tx_secret, uint8_t *rx_key,
+                                         uint8_t *rx_iv, uint8_t *tx_key,
+                                         uint8_t *tx_iv,
+                                         const uint8_t *current_rx_secret,
+                                         const uint8_t *current_tx_secret,
+                                         size_t secretlen) {
+  const ngtcp2_crypto_ctx *ctx;
+  const ngtcp2_crypto_aead *aead;
+  const ngtcp2_crypto_md *md;
+  uint8_t rx_keybuf[64], rx_ivbuf[64];
+  uint8_t tx_keybuf[64], tx_ivbuf[64];
+  size_t keylen;
+  size_t ivlen;
+  int rv;
+
+  if (!rx_key) {
+    rx_key = rx_keybuf;
+  }
+  if (!rx_iv) {
+    rx_iv = rx_ivbuf;
+  }
+  if (!tx_key) {
+    tx_key = tx_keybuf;
+  }
+  if (!tx_iv) {
+    tx_iv = tx_ivbuf;
+  }
+
+  ctx = ngtcp2_conn_get_crypto_ctx(conn);
+  aead = &ctx->aead;
+  md = &ctx->md;
+  keylen = ngtcp2_crypto_aead_keylen(aead);
+  ivlen = ngtcp2_crypto_packet_protection_ivlen(aead);
 
   if (ngtcp2_crypto_update_traffic_secret(rx_secret, md, current_rx_secret,
                                           secretlen) != 0) {
@@ -355,6 +384,12 @@ int ngtcp2_crypto_update_key(ngtcp2_conn *conn, uint8_t *rx_secret,
     return -1;
   }
 
+  rv =
+      ngtcp2_conn_update_key(conn, rx_key, rx_iv, tx_key, tx_iv, keylen, ivlen);
+  if (rv != 0) {
+    return -1;
+  }
+
   return 0;
 }