Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 7816:aba84d9ab256 quic
Parsing of truncated packet numbers.
For sample decoding algorithm, see quic-transport-27#appendix-A.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 16 Apr 2020 12:46:48 +0300 |
parents | 0f9e9786b90d |
children | efc0a65424e8 |
comparison
equal
deleted
inserted
replaced
7815:0f9e9786b90d | 7816:aba84d9ab256 |
---|---|
63 */ | 63 */ |
64 typedef struct { | 64 typedef struct { |
65 ngx_quic_secret_t client_secret; | 65 ngx_quic_secret_t client_secret; |
66 ngx_quic_secret_t server_secret; | 66 ngx_quic_secret_t server_secret; |
67 | 67 |
68 uint64_t pnum; | 68 uint64_t pnum; /* packet number to send */ |
69 uint64_t largest_ack; /* number received from peer */ | 69 uint64_t largest_ack; /* number received from peer */ |
70 uint64_t largest_pn; /* number received from peer */ | |
70 | 71 |
71 ngx_queue_t frames; | 72 ngx_queue_t frames; |
72 ngx_queue_t sent; | 73 ngx_queue_t sent; |
73 } ngx_quic_send_ctx_t; | 74 } ngx_quic_send_ctx_t; |
74 | 75 |
471 ngx_quic_header_t *pkt, ngx_connection_handler_pt handler) | 472 ngx_quic_header_t *pkt, ngx_connection_handler_pt handler) |
472 { | 473 { |
473 ngx_uint_t i; | 474 ngx_uint_t i; |
474 ngx_quic_tp_t *ctp; | 475 ngx_quic_tp_t *ctp; |
475 ngx_quic_secrets_t *keys; | 476 ngx_quic_secrets_t *keys; |
477 ngx_quic_send_ctx_t *ctx; | |
476 ngx_quic_connection_t *qc; | 478 ngx_quic_connection_t *qc; |
477 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 479 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
478 | 480 |
479 if (ngx_buf_size(pkt->raw) < 1200) { | 481 if (ngx_buf_size(pkt->raw) < 1200) { |
480 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); | 482 ngx_log_error(NGX_LOG_INFO, c->log, 0, "too small UDP datagram"); |
508 ngx_quic_rbtree_insert_stream); | 510 ngx_quic_rbtree_insert_stream); |
509 | 511 |
510 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { | 512 for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) { |
511 ngx_queue_init(&qc->send_ctx[i].frames); | 513 ngx_queue_init(&qc->send_ctx[i].frames); |
512 ngx_queue_init(&qc->send_ctx[i].sent); | 514 ngx_queue_init(&qc->send_ctx[i].sent); |
515 qc->send_ctx[i].largest_pn = (uint64_t) -1; | |
513 } | 516 } |
514 | 517 |
515 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) { | 518 for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) { |
516 ngx_queue_init(&qc->crypto[i].frames); | 519 ngx_queue_init(&qc->crypto[i].frames); |
517 } | 520 } |
572 | 575 |
573 pkt->secret = &keys->client; | 576 pkt->secret = &keys->client; |
574 pkt->level = ssl_encryption_initial; | 577 pkt->level = ssl_encryption_initial; |
575 pkt->plaintext = buf; | 578 pkt->plaintext = buf; |
576 | 579 |
577 if (ngx_quic_decrypt(pkt, NULL) != NGX_OK) { | 580 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
581 | |
582 if (ngx_quic_decrypt(pkt, NULL, &ctx->largest_pn) != NGX_OK) { | |
578 return NGX_ERROR; | 583 return NGX_ERROR; |
579 } | 584 } |
580 | 585 |
581 if (pkt->pn != 0) { | 586 if (pkt->pn != 0) { |
582 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 587 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
905 | 910 |
906 | 911 |
907 static ngx_int_t | 912 static ngx_int_t |
908 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 913 ngx_quic_initial_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
909 { | 914 { |
910 ngx_ssl_conn_t *ssl_conn; | 915 ngx_ssl_conn_t *ssl_conn; |
911 ngx_quic_secrets_t *keys; | 916 ngx_quic_secrets_t *keys; |
912 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 917 ngx_quic_send_ctx_t *ctx; |
918 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | |
913 | 919 |
914 c->log->action = "processing initial quic packet"; | 920 c->log->action = "processing initial quic packet"; |
915 | 921 |
916 ssl_conn = c->ssl->connection; | 922 ssl_conn = c->ssl->connection; |
917 | 923 |
927 | 933 |
928 pkt->secret = &keys->client; | 934 pkt->secret = &keys->client; |
929 pkt->level = ssl_encryption_initial; | 935 pkt->level = ssl_encryption_initial; |
930 pkt->plaintext = buf; | 936 pkt->plaintext = buf; |
931 | 937 |
932 if (ngx_quic_decrypt(pkt, ssl_conn) != NGX_OK) { | 938 ctx = ngx_quic_get_send_ctx(c->quic, pkt->level); |
939 | |
940 if (ngx_quic_decrypt(pkt, ssl_conn, &ctx->largest_pn) != NGX_OK) { | |
933 return NGX_ERROR; | 941 return NGX_ERROR; |
934 } | 942 } |
935 | 943 |
936 return ngx_quic_payload_handler(c, pkt); | 944 return ngx_quic_payload_handler(c, pkt); |
937 } | 945 } |
939 | 947 |
940 static ngx_int_t | 948 static ngx_int_t |
941 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 949 ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
942 { | 950 { |
943 ngx_quic_secrets_t *keys; | 951 ngx_quic_secrets_t *keys; |
952 ngx_quic_send_ctx_t *ctx; | |
944 ngx_quic_connection_t *qc; | 953 ngx_quic_connection_t *qc; |
945 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 954 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
946 | 955 |
947 c->log->action = "processing handshake quic packet"; | 956 c->log->action = "processing handshake quic packet"; |
948 | 957 |
993 | 1002 |
994 pkt->secret = &keys->client; | 1003 pkt->secret = &keys->client; |
995 pkt->level = ssl_encryption_handshake; | 1004 pkt->level = ssl_encryption_handshake; |
996 pkt->plaintext = buf; | 1005 pkt->plaintext = buf; |
997 | 1006 |
998 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { | 1007 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1008 | |
1009 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | |
999 return NGX_ERROR; | 1010 return NGX_ERROR; |
1000 } | 1011 } |
1001 | 1012 |
1002 return ngx_quic_payload_handler(c, pkt); | 1013 return ngx_quic_payload_handler(c, pkt); |
1003 } | 1014 } |
1005 | 1016 |
1006 static ngx_int_t | 1017 static ngx_int_t |
1007 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 1018 ngx_quic_early_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1008 { | 1019 { |
1009 ngx_quic_secrets_t *keys; | 1020 ngx_quic_secrets_t *keys; |
1021 ngx_quic_send_ctx_t *ctx; | |
1010 ngx_quic_connection_t *qc; | 1022 ngx_quic_connection_t *qc; |
1011 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 1023 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
1012 | 1024 |
1013 c->log->action = "processing early data quic packet"; | 1025 c->log->action = "processing early data quic packet"; |
1014 | 1026 |
1058 | 1070 |
1059 pkt->secret = &keys->client; | 1071 pkt->secret = &keys->client; |
1060 pkt->level = ssl_encryption_early_data; | 1072 pkt->level = ssl_encryption_early_data; |
1061 pkt->plaintext = buf; | 1073 pkt->plaintext = buf; |
1062 | 1074 |
1063 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { | 1075 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1076 | |
1077 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | |
1064 return NGX_ERROR; | 1078 return NGX_ERROR; |
1065 } | 1079 } |
1066 | 1080 |
1067 return ngx_quic_payload_handler(c, pkt); | 1081 return ngx_quic_payload_handler(c, pkt); |
1068 } | 1082 } |
1071 static ngx_int_t | 1085 static ngx_int_t |
1072 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) | 1086 ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt) |
1073 { | 1087 { |
1074 ngx_int_t rc; | 1088 ngx_int_t rc; |
1075 ngx_quic_secrets_t *keys, *next, tmp; | 1089 ngx_quic_secrets_t *keys, *next, tmp; |
1090 ngx_quic_send_ctx_t *ctx; | |
1076 ngx_quic_connection_t *qc; | 1091 ngx_quic_connection_t *qc; |
1077 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; | 1092 static u_char buf[NGX_QUIC_DEFAULT_MAX_PACKET_SIZE]; |
1078 | 1093 |
1079 c->log->action = "processing application data quic packet"; | 1094 c->log->action = "processing application data quic packet"; |
1080 | 1095 |
1097 pkt->next = &next->client; | 1112 pkt->next = &next->client; |
1098 pkt->key_phase = c->quic->key_phase; | 1113 pkt->key_phase = c->quic->key_phase; |
1099 pkt->level = ssl_encryption_application; | 1114 pkt->level = ssl_encryption_application; |
1100 pkt->plaintext = buf; | 1115 pkt->plaintext = buf; |
1101 | 1116 |
1102 if (ngx_quic_decrypt(pkt, c->ssl->connection) != NGX_OK) { | 1117 ctx = ngx_quic_get_send_ctx(qc, pkt->level); |
1118 | |
1119 if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) { | |
1103 return NGX_ERROR; | 1120 return NGX_ERROR; |
1104 } | 1121 } |
1105 | 1122 |
1106 /* switch keys on Key Phase change */ | 1123 /* switch keys on Key Phase change */ |
1107 | 1124 |