RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-01 22:48:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: Add a function to derive the key update secrets

Browse Source 
This is the function used to derive an n+1th secret from the nth one as
described in RFC9001 par. 6.1.
This commit is contained in:
Frédéric Lécaille 2021-11-30 10:10:24 +01:00
parent fc768ecc88
commit 39484de813
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/haproxy/quic_tls.h
View File

@ -75,6 +75,10 @@ int quic_tls_derive_keys(const EVP_CIPHER *aead, const EVP_CIPHER *hp,
unsigned char *hp_key, size_t hp_keylen, unsigned char *hp_key, size_t hp_keylen,
const unsigned char *secret, size_t secretlen); const unsigned char *secret, size_t secretlen);
int quic_tls_sec_update(const EVP_MD *md,
unsigned char *new_sec, size_t new_seclen,
const unsigned char *sec, size_t seclen);
int quic_aead_iv_build(unsigned char *iv, size_t ivlen, int quic_aead_iv_build(unsigned char *iv, size_t ivlen,
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn); unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);

13
src/quic_tls.c
View File

@ -261,6 +261,19 @@ int quic_tls_derive_initial_secrets(const EVP_MD *md,
return 1; return 1;
} }
/* Update <sec> secret key into <new_sec> according to RFC 9001 6.1.
* Always succeeds.
*/
int quic_tls_sec_update(const EVP_MD *md,
unsigned char *new_sec, size_t new_seclen,
const unsigned char *sec, size_t seclen)
{
const unsigned char ku_label[] = "quic ku";
return quic_hkdf_expand_label(md, new_sec, new_seclen, sec, seclen,
ku_label, sizeof ku_label - 1);
}
/* /*
* Build an IV into <iv> buffer with <ivlen> as size from <aead_iv> with * Build an IV into <iv> buffer with <ivlen> as size from <aead_iv> with
* <aead_ivlen> as size depending on <pn> packet number. * <aead_ivlen> as size depending on <pn> packet number.