Mercurial > hg > nginx

comparison src/event/ngx_event_quic_protection.c @ 8360:f175006124d0 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleaned up hexdumps in debug output. - the ngx_quic_hexdump0() macro is renamed to ngx_quic_hexdump(); the original ngx_quic_hexdump() macro with variable argument is removed, extra information is logged normally, with ngx_log_debug() - all labels in hex dumps are prefixed with "quic" - the hexdump format is simplified, length is moved forward to avoid situations when the dump is truncated, and length is not shown - ngx_quic_flush_flight() function contents is debug-only, placed under NGX_DEBUG macro to avoid "unused variable" warnings from compiler - frame names in labels are capitalized, similar to other places
author Vladimir Homutov <vl@nginx.com>
date Fri, 24 Apr 2020 11:33:00 +0300
parents 2f900ae486bc
children 262396242352
comparison
equal deleted inserted replaced
8359:2f900ae486bc 8360:f175006124d0
155 .data = is, 155 .data = is,
156 .len = is_len 156 .len = is_len
157 }; 157 };
158 158
159 #ifdef NGX_QUIC_DEBUG_CRYPTO 159 #ifdef NGX_QUIC_DEBUG_CRYPTO
160 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); 160 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0,
161 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); 161 "quic ngx_quic_set_initial_secret");
162 ngx_quic_hexdump(pool->log, "quic salt", salt, sizeof(salt));
163 ngx_quic_hexdump(pool->log, "quic initial secret", is, is_len);
162 #endif 164 #endif
163 165
164 /* draft-ietf-quic-tls-23#section-5.2 */ 166 /* draft-ietf-quic-tls-23#section-5.2 */
165 client->secret.len = SHA256_DIGEST_LENGTH; 167 client->secret.len = SHA256_DIGEST_LENGTH;
166 server->secret.len = SHA256_DIGEST_LENGTH; 168 server->secret.len = SHA256_DIGEST_LENGTH;
264 "ngx_hkdf_expand(%V) failed", label); 266 "ngx_hkdf_expand(%V) failed", label);
265 return NGX_ERROR; 267 return NGX_ERROR;
266 } 268 }
267 269
268 #ifdef NGX_QUIC_DEBUG_CRYPTO 270 #ifdef NGX_QUIC_DEBUG_CRYPTO
269 ngx_quic_hexdump(pool->log, "%V info", info, info_len, label); 271 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0,
270 ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label); 272 "quic ngx_quic_hkdf_expand %V keys", label);
273 ngx_quic_hexdump(pool->log, "quic info", info, info_len);
274 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len);
271 #endif 275 #endif
272 276
273 return NGX_OK; 277 return NGX_OK;
274 } 278 }
275 279
676 ngx_quic_secrets_t *next) 680 ngx_quic_secrets_t *next)
677 { 681 {
678 ngx_uint_t i; 682 ngx_uint_t i;
679 ngx_quic_ciphers_t ciphers; 683 ngx_quic_ciphers_t ciphers;
680 684
681 ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); 685 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
682 686
683 if (ngx_quic_ciphers(c->ssl->connection, &ciphers, 687 if (ngx_quic_ciphers(c->ssl->connection, &ciphers,
684 ssl_encryption_application) 688 ssl_encryption_application)
685 == NGX_ERROR) 689 == NGX_ERROR)
686 { 690 {
764 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); 768 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp);
765 769
766 out.data = res->data + ad.len; 770 out.data = res->data + ad.len;
767 771
768 #ifdef NGX_QUIC_DEBUG_CRYPTO 772 #ifdef NGX_QUIC_DEBUG_CRYPTO
769 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); 773 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
774 "quic ngx_quic_create_long_packet");
775 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
770 #endif 776 #endif
771 777
772 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { 778 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
773 return NGX_ERROR; 779 return NGX_ERROR;
774 } 780 }
775 781
776 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); 782 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
777 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); 783 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
778 784
779 #ifdef NGX_QUIC_DEBUG_CRYPTO 785 #ifdef NGX_QUIC_DEBUG_CRYPTO
780 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); 786 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12);
781 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); 787 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12);
782 #endif 788 #endif
783 789
784 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, 790 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
785 nonce, &pkt->payload, &ad, pkt->log) 791 nonce, &pkt->payload, &ad, pkt->log)
786 != NGX_OK) 792 != NGX_OK)
794 { 800 {
795 return NGX_ERROR; 801 return NGX_ERROR;
796 } 802 }
797 803
798 #ifdef NGX_QUIC_DEBUG_CRYPTO 804 #ifdef NGX_QUIC_DEBUG_CRYPTO
799 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); 805 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16);
800 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); 806 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5);
801 #endif 807 #endif
802 808
803 /* quic-tls: 5.4.1. Header Protection Application */ 809 /* quic-tls: 5.4.1. Header Protection Application */
804 ad.data[0] ^= mask[0] & 0x0f; 810 ad.data[0] ^= mask[0] & 0x0f;
805 811
829 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); 835 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp);
830 836
831 out.data = res->data + ad.len; 837 out.data = res->data + ad.len;
832 838
833 #ifdef NGX_QUIC_DEBUG_CRYPTO 839 #ifdef NGX_QUIC_DEBUG_CRYPTO
834 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); 840 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
841 "quic ngx_quic_create_short_packet");
842 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
835 #endif 843 #endif
836 844
837 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { 845 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
838 return NGX_ERROR; 846 return NGX_ERROR;
839 } 847 }
845 853
846 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); 854 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
847 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); 855 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
848 856
849 #ifdef NGX_QUIC_DEBUG_CRYPTO 857 #ifdef NGX_QUIC_DEBUG_CRYPTO
850 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); 858 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12);
851 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); 859 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12);
852 #endif 860 #endif
853 861
854 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, 862 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
855 nonce, &pkt->payload, &ad, pkt->log) 863 nonce, &pkt->payload, &ad, pkt->log)
856 != NGX_OK) 864 != NGX_OK)
864 { 872 {
865 return NGX_ERROR; 873 return NGX_ERROR;
866 } 874 }
867 875
868 #ifdef NGX_QUIC_DEBUG_CRYPTO 876 #ifdef NGX_QUIC_DEBUG_CRYPTO
869 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); 877 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16);
870 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); 878 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5);
871 #endif 879 #endif
872 880
873 /* quic-tls: 5.4.1. Header Protection Application */ 881 /* quic-tls: 5.4.1. Header Protection Application */
874 ad.data[0] ^= mask[0] & 0x1f; 882 ad.data[0] ^= mask[0] & 0x1f;
875 883
975 */ 983 */
976 984
977 sample = p + 4; 985 sample = p + 4;
978 986
979 #ifdef NGX_QUIC_DEBUG_CRYPTO 987 #ifdef NGX_QUIC_DEBUG_CRYPTO
980 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); 988 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
989 "quic ngx_quic_decrypt()");
990 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16);
981 #endif 991 #endif
982 992
983 /* header protection */ 993 /* header protection */
984 994
985 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) 995 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
1005 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); 1015 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn);
1006 1016
1007 pkt->pn = pn; 1017 pkt->pn = pn;
1008 1018
1009 #ifdef NGX_QUIC_DEBUG_CRYPTO 1019 #ifdef NGX_QUIC_DEBUG_CRYPTO
1010 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); 1020 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5);
1011 #endif 1021 #endif
1012 1022
1013 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1023 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1014 "quic clear flags: %xi", clearflags); 1024 "quic clear flags: %xi", clearflags);
1015 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1025 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1038 1048
1039 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); 1049 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
1040 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); 1050 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
1041 1051
1042 #ifdef NGX_QUIC_DEBUG_CRYPTO 1052 #ifdef NGX_QUIC_DEBUG_CRYPTO
1043 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); 1053 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12);
1044 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); 1054 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
1045 #endif 1055 #endif
1046 1056
1047 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; 1057 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
1048 1058
1049 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) { 1059 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) {
1054 1064
1055 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, 1065 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
1056 nonce, &in, &ad, pkt->log); 1066 nonce, &in, &ad, pkt->log);
1057 1067
1058 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) 1068 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
1059 ngx_quic_hexdump0(pkt->log, "packet payload", 1069 ngx_quic_hexdump(pkt->log, "quic packet payload",
1060 pkt->payload.data, pkt->payload.len); 1070 pkt->payload.data, pkt->payload.len);
1061 #endif 1071 #endif
1062 1072
1063 return rc; 1073 return rc;
1064 } 1074 }
1065 1075