Mercurial > hg > nginx

comparison src/event/ngx_event_quic_protection.c @ 8287:ccb9cc95ad5e quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Logging cleanup. pool->log is replaced with pkt->log or explicit argument passing where possible.
author Vladimir Homutov <vl@nginx.com>
date Thu, 26 Mar 2020 13:54:49 +0300
parents f85749b60e58
children ebd5c71b9f02
comparison
equal deleted inserted replaced
8286:c7185bc5b4d9 8287:ccb9cc95ad5e
40 static ngx_int_t ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn, 40 static ngx_int_t ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn,
41 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level); 41 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level);
42 42
43 static ngx_int_t ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher, 43 static ngx_int_t ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher,
44 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, 44 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
45 ngx_str_t *ad); 45 ngx_str_t *ad, ngx_log_t *log);
46 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, 46 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
47 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, 47 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
48 ngx_str_t *ad, ngx_log_t *log); 48 ngx_str_t *ad, ngx_log_t *log);
49 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, 49 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
50 ngx_quic_secret_t *s, u_char *out, u_char *in); 50 ngx_quic_secret_t *s, u_char *out, u_char *in);
356 356
357 357
358 static ngx_int_t 358 static ngx_int_t
359 ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher, 359 ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher,
360 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, 360 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
361 ngx_str_t *ad) 361 ngx_str_t *ad, ngx_log_t *log)
362 { 362 {
363 ngx_log_t *log;
364
365 log = pool->log; // TODO: pass log ?
366
367 out->len = in->len - EVP_GCM_TLS_TAG_LEN; 363 out->len = in->len - EVP_GCM_TLS_TAG_LEN;
368 out->data = ngx_pnalloc(pool, out->len); 364 out->data = ngx_pnalloc(pool, out->len);
369 if (out->data == NULL) { 365 if (out->data == NULL) {
370 return NGX_ERROR; 366 return NGX_ERROR;
371 } 367 }
827 ngx_quic_header_t *pkt) 823 ngx_quic_header_t *pkt)
828 { 824 {
829 u_char clearflags, *p, *sample; 825 u_char clearflags, *p, *sample;
830 uint8_t *nonce; 826 uint8_t *nonce;
831 uint64_t pn; 827 uint64_t pn;
832 ngx_log_t *log;
833 ngx_int_t pnl, rc; 828 ngx_int_t pnl, rc;
834 ngx_str_t in, ad; 829 ngx_str_t in, ad;
835 ngx_quic_ciphers_t ciphers; 830 ngx_quic_ciphers_t ciphers;
836 uint8_t mask[16]; 831 uint8_t mask[16];
837
838 log = pool->log;
839 832
840 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { 833 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
841 return NGX_ERROR; 834 return NGX_ERROR;
842 } 835 }
843 836
849 * AES-Based and ChaCha20-Based header protections sample 16 bytes 842 * AES-Based and ChaCha20-Based header protections sample 16 bytes
850 */ 843 */
851 844
852 sample = p + 4; 845 sample = p + 4;
853 846
854 ngx_quic_hexdump0(log, "sample", sample, 16); 847 ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
855 848
856 /* header protection */ 849 /* header protection */
857 850
858 if (ngx_quic_tls_hp(log, ciphers.hp, pkt->secret, mask, sample) != NGX_OK) { 851 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
852 != NGX_OK)
853 {
859 return NGX_ERROR; 854 return NGX_ERROR;
860 } 855 }
861 856
862 if (ngx_quic_long_pkt(pkt->flags)) { 857 if (ngx_quic_long_pkt(pkt->flags)) {
863 clearflags = pkt->flags ^ (mask[0] & 0x0f); 858 clearflags = pkt->flags ^ (mask[0] & 0x0f);
869 pnl = (clearflags & 0x03) + 1; 864 pnl = (clearflags & 0x03) + 1;
870 pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); 865 pn = ngx_quic_parse_pn(&p, pnl, &mask[1]);
871 866
872 pkt->pn = pn; 867 pkt->pn = pn;
873 868
874 ngx_quic_hexdump0(log, "mask", mask, 5); 869 ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
875 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, 870 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
876 "quic clear flags: %xi", clearflags); 871 "quic clear flags: %xi", clearflags);
877 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, 872 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
878 "quic packet number: %uL, len: %xi", pn, pnl); 873 "quic packet number: %uL, len: %xi", pn, pnl);
879 874
880 /* packet protection */ 875 /* packet protection */
881 876
882 in.data = p; 877 in.data = p;
902 } while (--pnl); 897 } while (--pnl);
903 898
904 nonce = ngx_pstrdup(pool, &pkt->secret->iv); 899 nonce = ngx_pstrdup(pool, &pkt->secret->iv);
905 nonce[11] ^= pn; 900 nonce[11] ^= pn;
906 901
907 ngx_quic_hexdump0(log, "nonce", nonce, 12); 902 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
908 ngx_quic_hexdump0(log, "ad", ad.data, ad.len); 903 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
909 904
910 rc = ngx_quic_tls_open(pool, ciphers.c, pkt->secret, &pkt->payload, 905 rc = ngx_quic_tls_open(pool, ciphers.c, pkt->secret, &pkt->payload,
911 nonce, &in, &ad); 906 nonce, &in, &ad, pkt->log);
912 907
913 ngx_quic_hexdump0(log, "packet payload", 908 ngx_quic_hexdump0(pkt->log, "packet payload",
914 pkt->payload.data, pkt->payload.len); 909 pkt->payload.data, pkt->payload.len);
915 910
916 return rc; 911 return rc;
917 } 912 }
918 913