Mercurial > hg > nginx
comparison src/event/ngx_event_quic.h @ 8221:69345a26ba69 quic
Split transport and crypto parts into separate files.
New files:
src/event/ngx_event_quic_protection.h
src/event/ngx_event_quic_protection.c
The protection.h header provides interface to the crypto part of the QUIC:
2 functions to initialize corresponding secrets:
ngx_quic_set_initial_secret()
ngx_quic_set_encryption_secret()
and 2 functions to deal with packet processing:
ngx_quic_encrypt()
ngx_quic_decrypt()
Also, structures representing secrets are defined there.
All functions require SSL connection and a pool, only crypto operations
inside, no access to nginx connections or events.
Currently pool->log is used for the logging (instead of original c->log).
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 16 Mar 2020 19:00:47 +0300 |
| parents | 38c0898b6df7 |
| children | 61f9b873e2e7 |
comparison
equal
deleted
inserted
replaced
| 8220:7ada2feeac18 | 8221:69345a26ba69 |
|---|---|
| 8 #define _NGX_EVENT_QUIC_H_INCLUDED_ | 8 #define _NGX_EVENT_QUIC_H_INCLUDED_ |
| 9 | 9 |
| 10 | 10 |
| 11 #include <ngx_event_openssl.h> | 11 #include <ngx_event_openssl.h> |
| 12 | 12 |
| 13 | |
| 14 #define quic_version 0xff000018 /* draft-24 */ | |
| 15 | |
| 16 /* 17.2. Long Header Packets */ | |
| 17 | |
| 18 #define NGX_QUIC_PKT_LONG 0x80 | |
| 19 | |
| 20 #define NGX_QUIC_PKT_INITIAL 0xc0 | |
| 21 #define NGX_QUIC_PKT_HANDSHAKE 0xe0 | |
| 22 | |
| 23 | |
| 24 #if (NGX_HAVE_NONALIGNED) | |
| 25 | |
| 26 #define ngx_quic_parse_uint16(p) ntohs(*(uint16_t *) (p)) | |
| 27 #define ngx_quic_parse_uint32(p) ntohl(*(uint32_t *) (p)) | |
| 28 | |
| 29 #define ngx_quic_write_uint16 ngx_quic_write_uint16_aligned | |
| 30 #define ngx_quic_write_uint32 ngx_quic_write_uint32_aligned | |
| 31 | |
| 32 #else | |
| 33 | |
| 34 #define ngx_quic_parse_uint16(p) ((p)[0] << 8 | (p)[1]) | |
| 35 #define ngx_quic_parse_uint32(p) \ | |
| 36 ((uint32_t) (p)[0] << 24 | (p)[1] << 16 | (p)[2] << 8 | (p)[3]) | |
| 37 | |
| 38 #define ngx_quic_write_uint16(p, s) \ | |
| 39 ((p)[0] = (u_char) ((s) >> 8), \ | |
| 40 (p)[1] = (u_char) (s), \ | |
| 41 (p) + sizeof(uint16_t)) | |
| 42 | |
| 43 #define ngx_quic_write_uint32(p, s) \ | |
| 44 ((p)[0] = (u_char) ((s) >> 24), \ | |
| 45 (p)[1] = (u_char) ((s) >> 16), \ | |
| 46 (p)[2] = (u_char) ((s) >> 8), \ | |
| 47 (p)[3] = (u_char) (s), \ | |
| 48 (p) + sizeof(uint32_t)) | |
| 49 | |
| 50 #endif | |
| 51 | |
| 52 | |
| 53 #define ngx_quic_write_uint16_aligned(p, s) \ | |
| 54 (*(uint16_t *) (p) = htons((uint16_t) (s)), (p) + sizeof(uint16_t)) | |
| 55 | |
| 56 #define ngx_quic_write_uint32_aligned(p, s) \ | |
| 57 (*(uint32_t *) (p) = htonl((uint32_t) (s)), (p) + sizeof(uint32_t)) | |
| 58 | |
| 59 #define ngx_quic_varint_len(value) \ | |
| 60 ((value) <= 63 ? 1 \ | |
| 61 : ((uint32_t) value) <= 16383 ? 2 \ | |
| 62 : ((uint64_t) value) <= 1073741823 ? 4 \ | |
| 63 : 8) | |
| 64 | |
| 65 | |
| 13 struct ngx_quic_stream_s { | 66 struct ngx_quic_stream_s { |
| 14 uint64_t id; | 67 uint64_t id; |
| 15 ngx_uint_t unidirectional:1; | 68 ngx_uint_t unidirectional:1; |
| 16 ngx_connection_t *parent; | 69 ngx_connection_t *parent; |
| 17 void *data; | 70 void *data; |
| 18 }; | 71 }; |
| 19 | 72 |
| 20 /* TODO: get rid somehow of ssl argument? */ | 73 typedef struct ngx_quic_secret_s ngx_quic_secret_t; |
| 21 ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_buf_t *b); | 74 typedef enum ssl_encryption_level_t ngx_quic_level_t; |
| 22 ngx_int_t ngx_quic_output(ngx_connection_t *c); | 75 |
| 76 typedef struct { | |
| 77 ngx_quic_secret_t *secret; | |
| 78 ngx_uint_t type; | |
| 79 ngx_uint_t *number; | |
| 80 ngx_uint_t flags; | |
| 81 uint32_t version; | |
| 82 ngx_str_t token; | |
| 83 ngx_quic_level_t level; | |
| 84 | |
| 85 /* filled in by parser */ | |
| 86 ngx_buf_t *raw; /* udp datagram from wire */ | |
| 87 | |
| 88 u_char *data; /* quic packet */ | |
| 89 size_t len; | |
| 90 | |
| 91 /* cleartext fields */ | |
| 92 ngx_str_t dcid; | |
| 93 ngx_str_t scid; | |
| 94 | |
| 95 uint64_t pn; | |
| 96 | |
| 97 ngx_str_t payload; /* decrypted payload */ | |
| 98 | |
| 99 } ngx_quic_header_t; | |
| 100 | |
| 101 void ngx_quic_build_int(u_char **pos, uint64_t value); | |
| 23 | 102 |
| 24 void ngx_quic_init_ssl_methods(SSL_CTX* ctx); | 103 void ngx_quic_init_ssl_methods(SSL_CTX* ctx); |
| 25 | 104 |
| 26 void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout, | 105 void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_msec_t timeout, |
| 27 ngx_connection_handler_pt handler); | 106 ngx_connection_handler_pt handler); |
| 28 ngx_connection_t *ngx_quic_create_uni_stream(ngx_connection_t *c); | 107 ngx_connection_t *ngx_quic_create_uni_stream(ngx_connection_t *c); |
| 29 | 108 |
| 109 | |
| 110 /********************************* DEBUG *************************************/ | |
| 111 | |
| 112 #if (NGX_DEBUG) | |
| 113 | |
| 114 #define ngx_quic_hexdump(log, fmt, data, len, ...) \ | |
| 115 do { \ | |
| 116 ngx_int_t m; \ | |
| 117 u_char buf[2048]; \ | |
| 118 \ | |
| 119 if (log->log_level & NGX_LOG_DEBUG_EVENT) { \ | |
| 120 m = ngx_hex_dump(buf, (u_char *) data, ngx_min(len, 1024)) - buf; \ | |
| 121 ngx_log_debug(NGX_LOG_DEBUG_EVENT, log, 0, \ | |
| 122 "%s: " fmt " %*s%s, len: %uz", \ | |
| 123 __FUNCTION__, __VA_ARGS__, m, buf, \ | |
| 124 len < 2048 ? "" : "...", len); \ | |
| 125 } \ | |
| 126 } while (0) | |
| 127 | |
| 128 #else | |
| 129 | |
| 130 #define ngx_quic_hexdump(log, fmt, data, len, ...) | |
| 131 | |
| 132 #endif | |
| 133 | |
| 134 #define ngx_quic_hexdump0(log, fmt, data, len) \ | |
| 135 ngx_quic_hexdump(log, fmt "%s", data, len, "") \ | |
| 136 | |
| 137 | |
| 30 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ | 138 #endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */ |