Mercurial > hg > nginx
comparison src/event/ngx_event_quic.h @ 8221:69345a26ba69 quic
Split transport and crypto parts into separate files.
New files:
src/event/ngx_event_quic_protection.h
src/event/ngx_event_quic_protection.c
The protection.h header provides interface to the crypto part of the QUIC:
2 functions to initialize corresponding secrets:
ngx_quic_set_initial_secret()
ngx_quic_set_encryption_secret()
and 2 functions to deal with packet processing:
ngx_quic_encrypt()
ngx_quic_decrypt()
Also, structures representing secrets are defined there.
All functions require SSL connection and a pool, only crypto operations
inside, no access to nginx connections or events.
Currently pool->log is used for the logging (instead of original c->log).
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 16 Mar 2020 19:00:47 +0300 |
parents | 38c0898b6df7 |
children | 61f9b873e2e7 |
comparison
equal
deleted
inserted
replaced
8220:7ada2feeac18 | 8221:69345a26ba69 |
---|---|
8 #define _NGX_EVENT_QUIC_H_INCLUDED_ | 8 #define _NGX_EVENT_QUIC_H_INCLUDED_ |
9 | 9 |
10 | 10 |
11 #include <ngx_event_openssl.h> | 11 #include <ngx_event_openssl.h> |
12 | 12 |
13 | |
14 #define quic_version 0xff000018 /* draft-24 */ | |
15 | |
16 /* 17.2. Long Header Packets */ | |
17 | |
18 #define NGX_QUIC_PKT_LONG 0x80 | |
19 | |
20 #define NGX_QUIC_PKT_INITIAL 0xc0 | |
21 #define NGX_QUIC_PKT_HANDSHAKE 0xe0 | |
22 | |
23 | |
24 #if (NGX_HAVE_NONALIGNED) | |
25 | |
26 #define ngx_quic_parse_uint16(p) ntohs(*(uint16_t *) (p)) | |
27 #define ngx_quic_parse_uint32(p) ntohl(*(uint32_t *) (p)) | |
28 | |
29 #define ngx_quic_write_uint16 ngx_quic_write_uint16_aligned | |
30 #define ngx_quic_write_uint32 ngx_quic_write_uint32_aligned | |
31 | |
32 #else | |
33 | |
34 #define ngx_quic_parse_uint16(p) ((p)[0] << 8 | (p)[1]) | |
35 #define ngx_quic_parse_uint32(p) \ | |
36 ((uint32_t) (p)[0] << 24 | (p)[1] << 16 | (p)[2] << 8 | (p)[3]) | |
37 | |
38 #define ngx_quic_write_uint16(p, s) \ | |
39 ((p)[0] = (u_char) ((s) >> 8), \ | |
40 (p)[1] = (u_char) (s), \ | |
41 (p) + sizeof(uint16_t)) | |
42 | |
43 #define ngx_quic_write_uint32(p, s) \ | |
44 ((p)[0] = (u_char) ((s) >> 24), \ | |
45 (p)[1] = (u_char) ((s) >> 16), \ | |
46 (p)[2] = (u_char) ((s) >> 8), \ | |
47 (p)[3] = (u_char) (s), \ | |
48 (p) + sizeof(uint32_t)) | |
49 | |
50 #endif | |
51 | |
52 | |
53 #define ngx_quic_write_uint16_aligned(p, s) \ | |
54 (*(uint16_t *) (p) = htons((uint16_t) (s)), (p) + sizeof(uint16_t)) | |
55 | |
56 #define ngx_quic_write_uint32_aligned(p, s) \ | |
57 (*(uint32_t *) (p) = htonl((uint32_t) (s)), (p) + sizeof(uint32_t)) | |
58 | |
59 #define ngx_quic_varint_len(value) \ | |
60 ((value) <= 63 ? 1 \ | |
61 : ((uint32_t) value) <= 16383 ? 2 \ | |
62 : ((uint64_t) value) <= 1073741823 ? 4 \ | |
63 : 8) | |
64 | |
65 | |
13 struct ngx_quic_stream_s { | 66 struct ngx_quic_stream_s { |
14 uint64_t id; | 67 uint64_t id; |
15 ngx_uint_t unidirectional:1; | 68 ngx_uint_t unidirectional:1; |
16 ngx_connection_t *parent; | 69 ngx_connection_t *parent; |
17 void *data; | 70 void *data; |
18 }; | 71 }; |
19 | 72 |
20 /* TODO: get rid somehow of ssl argument? */ | 73 typedef struct ngx_quic_secret_s ngx_quic_secret_t; |
21 ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_buf_t *b); | 74 typedef enum ssl_encryption_level_t ngx_quic_level_t; |
22 ngx_int_t ngx_quic_output(ngx_connection_t *c); | 75 |
76 typedef struct { | |
77 ngx_quic_secret_t *secret; | |
78 ngx_uint_t type; | |
79 ngx_uint_t *number; | |
80 ngx_uint_t flags; | |
81 uint32_t version; | |
82 ngx_str_t token; | |
83 ngx_quic_level_t level; | |
84 | |
85 /* filled in by parser */ | |
86 ngx_buf_t *raw; /* udp datagram from wire */ | |
87 | |
88 u_char *data; /* quic packet */ | |
89 size_t len; | |
90 | |
91 /* cleartext fields */ | |
92 ngx_str_t dcid; | |
93 ngx_str_t scid; | |
94 | |
95 uint64_t pn; | |
96 | |
97 ngx_str_t payload; /* decrypted payload */ | |
98 | |
99 } ngx_quic_header_t; | |
100 | |
101 void ngx_quic_build_int(u_char **pos, uint64_t value); | |
23 | 102 |
24 void ngx_quic_init_ssl_methods(SSL_CTX* ctx); | 103 void ngx_quic_init_ssl_methods(SSL_CTX* ctx); |
25 | 104 |
26 void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout, | 105 void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout, |
27 ngx_connection_handler_pt handler); | 106 ngx_connection_handler_pt handler); |
28 ngx_connection_t *ngx_quic_create_uni_stream(ngx_connection_t *c); | 107 ngx_connection_t *ngx_quic_create_uni_stream(ngx_connection_t *c); |
29 | 108 |
109 | |
110 /********************************* DEBUG *************************************/ | |
111 | |
112 #if (NGX_DEBUG) | |
113 | |
114 #define ngx_quic_hexdump(log, fmt, data, len, ...) \ | |
115 do { \ | |
116 ngx_int_t m; \ | |
117 u_char buf[2048]; \ | |
118 \ | |
119 if (log->log_level & NGX_LOG_DEBUG_EVENT) { \ | |
120 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 1024)) - buf; \ | |
121 ngx_log_debug(NGX_LOG_DEBUG_EVENT, log, 0, \ | |
122 "%s: " fmt " %*s%s, len: %uz", \ | |
123 __FUNCTION__, __VA_ARGS__, m, buf, \ | |
124 len < 2048 ? "" : "...", len); \ | |
125 } \ | |
126 } while (0) | |
127 | |
128 #else | |
129 | |
130 #define ngx_quic_hexdump(log, fmt, data, len, ...) | |
131 | |
132 #endif | |
133 | |
134 #define ngx_quic_hexdump0(log, fmt, data, len) \ | |
135 ngx_quic_hexdump(log, fmt "%s", data, len, "") \ | |
136 | |
137 | |
30 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ | 138 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ |