Mercurial > hg > nginx

annotate src/event/quic/ngx_event_quic_tokens.c @ 9153:8f7e6d8c061e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: use last client dcid to receive initial packets. Previously, original dcid was used to receive initial client packets in case server initial response was lost. However, last dcid should be used instead. These two are the same unless retry is used. In case of retry, client resends initial packet with a new dcid, that is different from the original dcid. If server response is lost, the client resends this packet again with the same dcid. This is shown in RFC 9000, 7.3. Authenticating Connection IDs, Figure 8. The issue manifested itself with creating multiple server sessions in response to each post-retry client initial packet, if server response is lost.
author Roman Arutyunyan <arut@nginx.com>
date Wed, 30 Aug 2023 11:09:21 +0400
parents 77c1418916f7
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
1
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
2 /*
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
3 * Copyright (C) Nginx, Inc.
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
4 */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
5
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
6
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
7 #include <ngx_config.h>
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
8 #include <ngx_core.h>
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
9 #include <ngx_event.h>
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
10 #include <ngx_sha1.h>
8755
b4e6b7049984 QUIC: normalize header inclusion.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8752
diff changeset
11 #include <ngx_event_quic_connection.h>
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
12
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
13
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
14 static void ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
15 ngx_uint_t no_port, u_char buf[20]);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
16
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
17
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
18 ngx_int_t
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
19 ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, u_char *secret,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
20 u_char *token)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
21 {
9015
a2fbae359828 QUIC: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents: 8837
diff changeset
22 ngx_str_t tmp;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
23
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
24 tmp.data = secret;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
25 tmp.len = NGX_QUIC_SR_KEY_LEN;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
26
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
27 if (ngx_quic_derive_key(c->log, "sr_token_key", &tmp, cid, token,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
28 NGX_QUIC_SR_TOKEN_LEN)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
29 != NGX_OK)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
30 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
31 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
32 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
33
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
34 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
35 "quic stateless reset token %*xs",
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
36 (size_t) NGX_QUIC_SR_TOKEN_LEN, token);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
37
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
38 return NGX_OK;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
39 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
40
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
41
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
42 ngx_int_t
9026
3550b00d9dc8 QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents: 9015
diff changeset
43 ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr,
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
44 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
45 time_t exp, ngx_uint_t is_retry)
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
46 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
47 int len, iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
48 u_char *p, *iv;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
49 EVP_CIPHER_CTX *ctx;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
50 const EVP_CIPHER *cipher;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
51
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
52 u_char in[NGX_QUIC_MAX_TOKEN_SIZE];
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
53
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
54 ngx_quic_address_hash(sockaddr, socklen, !is_retry, in);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
55
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
56 p = in + 20;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
57
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
58 p = ngx_cpymem(p, &exp, sizeof(time_t));
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
59
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
60 *p++ = is_retry ? 1 : 0;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
61
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
62 if (odcid) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
63 *p++ = odcid->len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
64 p = ngx_cpymem(p, odcid->data, odcid->len);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
65
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
66 } else {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
67 *p++ = 0;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
68 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
69
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
70 len = p - in;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
71
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
72 cipher = EVP_aes_256_gcm();
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
73 iv_len = NGX_QUIC_AES_256_GCM_IV_LEN;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
74
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
75 if ((size_t) (iv_len + len + NGX_QUIC_AES_256_GCM_TAG_LEN) > token->len) {
9026
3550b00d9dc8 QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents: 9015
diff changeset
76 ngx_log_error(NGX_LOG_ALERT, log, 0, "quic token buffer is too small");
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
77 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
78 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
79
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
80 ctx = EVP_CIPHER_CTX_new();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
81 if (ctx == NULL) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
82 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
83 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
84
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
85 iv = token->data;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
86
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
87 if (RAND_bytes(iv, iv_len) <= 0
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
88 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
89 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
90 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
91 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
92 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
93
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
94 token->len = iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
95
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
96 if (EVP_EncryptUpdate(ctx, token->data + token->len, &len, in, len) != 1) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
97 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
98 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
99 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
100
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
101 token->len += len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
102
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
103 if (EVP_EncryptFinal_ex(ctx, token->data + token->len, &len) <= 0) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
104 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
105 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
106 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
107
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
108 token->len += len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
109
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
110 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
111 NGX_QUIC_AES_256_GCM_TAG_LEN,
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
112 token->data + token->len)
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
113 == 0)
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
114 {
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
115 EVP_CIPHER_CTX_free(ctx);
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
116 return NGX_ERROR;
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
117 }
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
118
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
119 token->len += NGX_QUIC_AES_256_GCM_TAG_LEN;
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
120
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
121 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
122
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
123 #ifdef NGX_QUIC_DEBUG_PACKETS
9026
3550b00d9dc8 QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents: 9015
diff changeset
124 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
125 "quic new token len:%uz %xV", token->len, token);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
126 #endif
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
127
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
128 return NGX_OK;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
129 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
130
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
131
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
132 static void
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
133 ngx_quic_address_hash(struct sockaddr *sockaddr, socklen_t socklen,
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
134 ngx_uint_t no_port, u_char buf[20])
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
135 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
136 size_t len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
137 u_char *data;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
138 ngx_sha1_t sha1;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
139 struct sockaddr_in *sin;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
140 #if (NGX_HAVE_INET6)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
141 struct sockaddr_in6 *sin6;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
142 #endif
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
143
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
144 len = (size_t) socklen;
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
145 data = (u_char *) sockaddr;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
146
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
147 if (no_port) {
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
148 switch (sockaddr->sa_family) {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
149
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
150 #if (NGX_HAVE_INET6)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
151 case AF_INET6:
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
152 sin6 = (struct sockaddr_in6 *) sockaddr;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
153
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
154 len = sizeof(struct in6_addr);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
155 data = sin6->sin6_addr.s6_addr;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
156
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
157 break;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
158 #endif
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
159
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
160 case AF_INET:
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
161 sin = (struct sockaddr_in *) sockaddr;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
162
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
163 len = sizeof(in_addr_t);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
164 data = (u_char *) &sin->sin_addr;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
165
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
166 break;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
167 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
168 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
169
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
170 ngx_sha1_init(&sha1);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
171 ngx_sha1_update(&sha1, data, len);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
172 ngx_sha1_final(buf, &sha1);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
173 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
174
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
175
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
176 ngx_int_t
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
177 ngx_quic_validate_token(ngx_connection_t *c, u_char *key,
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
178 ngx_quic_header_t *pkt)
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
179 {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
180 int len, tlen, iv_len;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
181 u_char *iv, *p;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
182 time_t now, exp;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
183 size_t total;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
184 ngx_str_t odcid;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
185 EVP_CIPHER_CTX *ctx;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
186 const EVP_CIPHER *cipher;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
187
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
188 u_char addr_hash[20];
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
189 u_char tdec[NGX_QUIC_MAX_TOKEN_SIZE];
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
190
9043
5b49f8bac1b4 QUIC: plug MSVC warning about potentially uninitialized variable.
Sergey Kandaurov <pluknet@nginx.com>
parents: 9026
diff changeset
191 #if NGX_SUPPRESS_WARN
5b49f8bac1b4 QUIC: plug MSVC warning about potentially uninitialized variable.
Sergey Kandaurov <pluknet@nginx.com>
parents: 9026
diff changeset
192 ngx_str_null(&odcid);
5b49f8bac1b4 QUIC: plug MSVC warning about potentially uninitialized variable.
Sergey Kandaurov <pluknet@nginx.com>
parents: 9026
diff changeset
193 #endif
5b49f8bac1b4 QUIC: plug MSVC warning about potentially uninitialized variable.
Sergey Kandaurov <pluknet@nginx.com>
parents: 9026
diff changeset
194
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
195 /* Retry token or NEW_TOKEN in a previous connection */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
196
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
197 cipher = EVP_aes_256_gcm();
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
198 iv = pkt->token.data;
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
199 iv_len = NGX_QUIC_AES_256_GCM_IV_LEN;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
200
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
201 /* sanity checks */
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
202
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
203 if (pkt->token.len < (size_t) iv_len + NGX_QUIC_AES_256_GCM_TAG_LEN) {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
204 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
205 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
206
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
207 if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
208 + NGX_QUIC_AES_256_GCM_TAG_LEN)
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
209 {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
210 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
211 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
212
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
213 ctx = EVP_CIPHER_CTX_new();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
214 if (ctx == NULL) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
215 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
216 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
217
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
218 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
219 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
220 return NGX_ERROR;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
221 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
222
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
223 p = pkt->token.data + iv_len;
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
224 len = pkt->token.len - iv_len - NGX_QUIC_AES_256_GCM_TAG_LEN;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
225
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
226 if (EVP_DecryptUpdate(ctx, tdec, &tlen, p, len) != 1) {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
227 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
228 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
229 }
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
230 total = tlen;
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
231
9132
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
232 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
233 NGX_QUIC_AES_256_GCM_TAG_LEN, p + len)
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
234 == 0)
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
235 {
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
236 EVP_CIPHER_CTX_free(ctx);
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
237 goto garbage;
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
238 }
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
239
77c1418916f7 QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents: 9043
diff changeset
240 if (EVP_DecryptFinal_ex(ctx, tdec + tlen, &tlen) <= 0) {
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
241 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
242 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
243 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
244 total += tlen;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
245
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
246 EVP_CIPHER_CTX_free(ctx);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
247
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
248 if (total < (20 + sizeof(time_t) + 2)) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
249 goto garbage;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
250 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
251
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
252 p = tdec + 20;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
253
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
254 ngx_memcpy(&exp, p, sizeof(time_t));
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
255 p += sizeof(time_t);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
256
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
257 pkt->retried = (*p++ == 1);
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
258
8763
4117aa7fa38e QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents: 8755
diff changeset
259 ngx_quic_address_hash(c->sockaddr, c->socklen, !pkt->retried, addr_hash);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
260
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
261 if (ngx_memcmp(tdec, addr_hash, 20) != 0) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
262 goto bad_token;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
263 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
264
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
265 odcid.len = *p++;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
266 if (odcid.len) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
267 if (odcid.len > NGX_QUIC_MAX_CID_LEN) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
268 goto bad_token;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
269 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
270
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
271 if ((size_t)(tdec + total - p) < odcid.len) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
272 goto bad_token;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
273 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
274
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
275 odcid.data = p;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
276 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
277
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
278 now = ngx_time();
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
279
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
280 if (now > exp) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
281 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic expired token");
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
282 return NGX_DECLINED;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
283 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
284
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
285 if (odcid.len) {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
286 pkt->odcid.len = odcid.len;
9026
3550b00d9dc8 QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents: 9015
diff changeset
287 pkt->odcid.data = pkt->odcid_buf;
3550b00d9dc8 QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents: 9015
diff changeset
288 ngx_memcpy(pkt->odcid.data, odcid.data, odcid.len);
8752
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
289
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
290 } else {
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
291 pkt->odcid = pkt->dcid;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
292 }
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
293
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
294 pkt->validated = 1;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
295
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
296 return NGX_OK;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
297
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
298 garbage:
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
299
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
300 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic garbage token");
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
301
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
302 return NGX_ABORT;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
303
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
304 bad_token:
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
305
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
306 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic invalid token");
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
307
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
308 return NGX_DECLINED;
e19723c40d28 QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
309 }