diff options
| author |  Anshul Gupta <ansg191@anshulg.com>
| 2023-11-07 11:52:41 -0800 |
|---|---|---|
| committer | Anshul Gupta <ansg191@anshulg.com>
| 2023-11-12 13:07:51 -0800 |
| commit | 3e2bd61a4cf2196860c8bfb3d355cf6cd444c48c (patch) | |
| tree | 34efc2ddc84760e1923ee60b938c815f3fb575a8 | |
| parent | 4b7d8fcafce4d485a0a62ae26158e67d98543bcc (diff) | |
| download | quiche-3e2bd61a4cf2196860c8bfb3d355cf6cd444c48c.tar.gz quiche-3e2bd61a4cf2196860c8bfb3d355cf6cd444c48c.tar.zst quiche-3e2bd61a4cf2196860c8bfb3d355cf6cd444c48c.zip | |
Removes ring from packet.rs
| -rw-r--r-- | quiche/src/crypto.rs | 16 | ||||
| -rw-r--r-- | quiche/src/packet.rs | 38 |
2 files changed, 33 insertions, 21 deletions
diff --git a/quiche/src/crypto.rs b/quiche/src/crypto.rs index dfb9825d..b1b1b802 100644 --- a/quiche/src/crypto.rs +++ b/quiche/src/crypto.rs @@ -657,6 +657,19 @@ fn chacha_mask(key: &[u8], sample: &[u8; 16]) -> Result<[u8; 5]> { Ok(out) } +pub fn constant_time_eq(a: impl AsRef<[u8]>, b: impl AsRef<[u8]>) -> bool { + let a = a.as_ref(); + let b = b.as_ref(); + + if a.len() != b.len() { + return false; + } + + let rc = + unsafe { CRYPTO_memcmp(a.as_ptr().cast(), b.as_ptr().cast(), a.len()) }; + rc == 0 +} + #[allow(non_camel_case_types)] #[repr(transparent)] pub struct EVP_AEAD(c_void); @@ -896,6 +909,9 @@ extern { out: *mut u8, inp: *const u8, in_len: usize, key: *const [u8; 32], nonce: *const [u8; 12], counter: u32, ); + + // memcmp + fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, len: usize) -> c_int; } #[cfg(test)] diff --git a/quiche/src/packet.rs b/quiche/src/packet.rs index b785f6ee..3d6b085f 100644 --- a/quiche/src/packet.rs +++ b/quiche/src/packet.rs @@ -30,12 +30,11 @@ use std::ops::IndexMut; use std::ops::RangeInclusive; use std::time; -use ring::aead; - use crate::Error; use crate::Result; use crate::crypto; +use crate::crypto::Algorithm; use crate::rand; use crate::ranges; use crate::stream; @@ -404,11 +403,11 @@ impl<'a> Header<'a> { Type::Retry => { // Exclude the integrity tag from the token. - if b.cap() < aead::AES_128_GCM.tag_len() { + if b.cap() < Algorithm::AES128_GCM.tag_len() { return Err(Error::InvalidPacket); } - let token_len = b.cap() - aead::AES_128_GCM.tag_len(); + let token_len = b.cap() - Algorithm::AES128_GCM.tag_len(); token = Some(b.get_bytes(token_len)?.to_vec()); }, @@ -786,24 +785,25 @@ pub fn verify_retry_integrity( ) -> Result<()> { let tag = compute_retry_integrity_tag(b, odcid, version)?; - ring::constant_time::verify_slices_are_equal( - &b.as_ref()[..aead::AES_128_GCM.tag_len()], - tag.as_ref(), - ) - .map_err(|_| Error::CryptoFail)?; - - Ok(()) + if crypto::constant_time_eq( + &b.as_ref()[..Algorithm::AES128_GCM.tag_len()], + tag, + ) { + Ok(()) + } else { + Err(Error::CryptoFail) + } } fn compute_retry_integrity_tag( b: &octets::OctetsMut, odcid: &[u8], version: u32, -) -> Result<aead::Tag> { +) -> Result<[u8; 16]> { const RETRY_INTEGRITY_KEY_V1: [u8; 16] = [ 0xbe, 0x0c, 0x69, 0x0b, 0x9f, 0x66, 0x57, 0x5a, 0x1d, 0x76, 0x6b, 0x54, 0xe3, 0x68, 0xc8, 0x4e, ]; - const RETRY_INTEGRITY_NONCE_V1: [u8; aead::NONCE_LEN] = [ + const RETRY_INTEGRITY_NONCE_V1: [u8; 12] = [ 0x46, 0x15, 0x99, 0xd3, 0x5d, 0x63, 0x2b, 0xf2, 0x23, 0x98, 0x25, 0xbb, ]; @@ -824,17 +824,13 @@ fn compute_retry_integrity_tag( pb.put_bytes(odcid)?; pb.put_bytes(&b.buf()[..hdr_len])?; - let key = aead::LessSafeKey::new( - aead::UnboundKey::new(&aead::AES_128_GCM, key) - .map_err(|_| Error::CryptoFail)?, - ); + let ctx = crypto::EVP_AEAD_CTX::new(Algorithm::AES128_GCM, key)?; - let nonce = aead::Nonce::assume_unique_for_key(nonce); + let mut tag = [0; 16]; - let aad = aead::Aad::from(&pseudo); + ctx.seal_scatter(&mut [], &mut tag, &nonce, None, &pseudo)?; - key.seal_in_place_separate_tag(nonce, aad, &mut []) - .map_err(|_| Error::CryptoFail) + Ok(tag) } pub struct KeyUpdate { |