openssl/ssl/quic/quic_srt_gen.c

85 lines
2.4 KiB
C
Raw Normal View History

/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/quic_srt_gen.h"
#include <openssl/core_names.h>
#include <openssl/evp.h>
struct quic_srt_gen_st {
EVP_MAC *mac;
EVP_MAC_CTX *mac_ctx;
};
/*
* Simple HMAC-SHA256-based stateless reset token generator.
*/
QUIC_SRT_GEN *ossl_quic_srt_gen_new(OSSL_LIB_CTX *libctx, const char *propq,
const unsigned char *key, size_t key_len)
{
QUIC_SRT_GEN *srt_gen;
OSSL_PARAM params[3], *p = params;
if ((srt_gen = OPENSSL_zalloc(sizeof(*srt_gen))) == NULL)
return NULL;
if ((srt_gen->mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL)
goto err;
if ((srt_gen->mac_ctx = EVP_MAC_CTX_new(srt_gen->mac)) == NULL)
goto err;
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 7);
if (propq != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
(char *)propq, 0);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_MAC_init(srt_gen->mac_ctx, key, key_len, params))
goto err;
return srt_gen;
err:
ossl_quic_srt_gen_free(srt_gen);
return NULL;
}
void ossl_quic_srt_gen_free(QUIC_SRT_GEN *srt_gen)
{
if (srt_gen == NULL)
return;
EVP_MAC_CTX_free(srt_gen->mac_ctx);
EVP_MAC_free(srt_gen->mac);
OPENSSL_free(srt_gen);
}
int ossl_quic_srt_gen_calculate_token(QUIC_SRT_GEN *srt_gen,
const QUIC_CONN_ID *dcid,
QUIC_STATELESS_RESET_TOKEN *token)
{
size_t outl = 0;
unsigned char mac[SHA256_DIGEST_LENGTH];
if (!EVP_MAC_init(srt_gen->mac_ctx, NULL, 0, NULL))
return 0;
if (!EVP_MAC_update(srt_gen->mac_ctx, (const unsigned char *)dcid->id,
dcid->id_len))
return 0;
if (!EVP_MAC_final(srt_gen->mac_ctx, mac, &outl, sizeof(mac))
|| outl != sizeof(mac))
return 0;
assert(sizeof(mac) >= sizeof(token->token));
memcpy(token->token, mac, sizeof(token->token));
return 1;
}