Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8360:f175006124d0 quic
Cleaned up hexdumps in debug output.
- the ngx_quic_hexdump0() macro is renamed to ngx_quic_hexdump();
the original ngx_quic_hexdump() macro with variable argument is
removed, extra information is logged normally, with ngx_log_debug()
- all labels in hex dumps are prefixed with "quic"
- the hexdump format is simplified, length is moved forward to avoid
situations when the dump is truncated, and length is not shown
- ngx_quic_flush_flight() function contents is debug-only, placed under
NGX_DEBUG macro to avoid "unused variable" warnings from compiler
- frame names in labels are capitalized, similar to other places
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 24 Apr 2020 11:33:00 +0300 |
parents | 2f900ae486bc |
children | 262396242352 |
comparison
equal
deleted
inserted
replaced
8359:2f900ae486bc | 8360:f175006124d0 |
---|---|
155 .data = is, | 155 .data = is, |
156 .len = is_len | 156 .len = is_len |
157 }; | 157 }; |
158 | 158 |
159 #ifdef NGX_QUIC_DEBUG_CRYPTO | 159 #ifdef NGX_QUIC_DEBUG_CRYPTO |
160 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); | 160 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0, |
161 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); | 161 "quic ngx_quic_set_initial_secret"); |
162 ngx_quic_hexdump(pool->log, "quic salt", salt, sizeof(salt)); | |
163 ngx_quic_hexdump(pool->log, "quic initial secret", is, is_len); | |
162 #endif | 164 #endif |
163 | 165 |
164 /* draft-ietf-quic-tls-23#section-5.2 */ | 166 /* draft-ietf-quic-tls-23#section-5.2 */ |
165 client->secret.len = SHA256_DIGEST_LENGTH; | 167 client->secret.len = SHA256_DIGEST_LENGTH; |
166 server->secret.len = SHA256_DIGEST_LENGTH; | 168 server->secret.len = SHA256_DIGEST_LENGTH; |
264 "ngx_hkdf_expand(%V) failed", label); | 266 "ngx_hkdf_expand(%V) failed", label); |
265 return NGX_ERROR; | 267 return NGX_ERROR; |
266 } | 268 } |
267 | 269 |
268 #ifdef NGX_QUIC_DEBUG_CRYPTO | 270 #ifdef NGX_QUIC_DEBUG_CRYPTO |
269 ngx_quic_hexdump(pool->log, "%V info", info, info_len, label); | 271 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0, |
270 ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label); | 272 "quic ngx_quic_hkdf_expand %V keys", label); |
273 ngx_quic_hexdump(pool->log, "quic info", info, info_len); | |
274 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len); | |
271 #endif | 275 #endif |
272 | 276 |
273 return NGX_OK; | 277 return NGX_OK; |
274 } | 278 } |
275 | 279 |
676 ngx_quic_secrets_t *next) | 680 ngx_quic_secrets_t *next) |
677 { | 681 { |
678 ngx_uint_t i; | 682 ngx_uint_t i; |
679 ngx_quic_ciphers_t ciphers; | 683 ngx_quic_ciphers_t ciphers; |
680 | 684 |
681 ngx_log_debug(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); | 685 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update"); |
682 | 686 |
683 if (ngx_quic_ciphers(c->ssl->connection, &ciphers, | 687 if (ngx_quic_ciphers(c->ssl->connection, &ciphers, |
684 ssl_encryption_application) | 688 ssl_encryption_application) |
685 == NGX_ERROR) | 689 == NGX_ERROR) |
686 { | 690 { |
764 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); | 768 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); |
765 | 769 |
766 out.data = res->data + ad.len; | 770 out.data = res->data + ad.len; |
767 | 771 |
768 #ifdef NGX_QUIC_DEBUG_CRYPTO | 772 #ifdef NGX_QUIC_DEBUG_CRYPTO |
769 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); | 773 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
774 "quic ngx_quic_create_long_packet"); | |
775 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | |
770 #endif | 776 #endif |
771 | 777 |
772 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 778 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
773 return NGX_ERROR; | 779 return NGX_ERROR; |
774 } | 780 } |
775 | 781 |
776 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); | 782 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); |
777 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 783 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
778 | 784 |
779 #ifdef NGX_QUIC_DEBUG_CRYPTO | 785 #ifdef NGX_QUIC_DEBUG_CRYPTO |
780 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); | 786 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12); |
781 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); | 787 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12); |
782 #endif | 788 #endif |
783 | 789 |
784 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, | 790 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, |
785 nonce, &pkt->payload, &ad, pkt->log) | 791 nonce, &pkt->payload, &ad, pkt->log) |
786 != NGX_OK) | 792 != NGX_OK) |
794 { | 800 { |
795 return NGX_ERROR; | 801 return NGX_ERROR; |
796 } | 802 } |
797 | 803 |
798 #ifdef NGX_QUIC_DEBUG_CRYPTO | 804 #ifdef NGX_QUIC_DEBUG_CRYPTO |
799 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 805 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16); |
800 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); | 806 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5); |
801 #endif | 807 #endif |
802 | 808 |
803 /* quic-tls: 5.4.1. Header Protection Application */ | 809 /* quic-tls: 5.4.1. Header Protection Application */ |
804 ad.data[0] ^= mask[0] & 0x0f; | 810 ad.data[0] ^= mask[0] & 0x0f; |
805 | 811 |
829 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); | 835 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); |
830 | 836 |
831 out.data = res->data + ad.len; | 837 out.data = res->data + ad.len; |
832 | 838 |
833 #ifdef NGX_QUIC_DEBUG_CRYPTO | 839 #ifdef NGX_QUIC_DEBUG_CRYPTO |
834 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); | 840 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
841 "quic ngx_quic_create_short_packet"); | |
842 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | |
835 #endif | 843 #endif |
836 | 844 |
837 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 845 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
838 return NGX_ERROR; | 846 return NGX_ERROR; |
839 } | 847 } |
845 | 853 |
846 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); | 854 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); |
847 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 855 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
848 | 856 |
849 #ifdef NGX_QUIC_DEBUG_CRYPTO | 857 #ifdef NGX_QUIC_DEBUG_CRYPTO |
850 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); | 858 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12); |
851 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); | 859 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12); |
852 #endif | 860 #endif |
853 | 861 |
854 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, | 862 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, |
855 nonce, &pkt->payload, &ad, pkt->log) | 863 nonce, &pkt->payload, &ad, pkt->log) |
856 != NGX_OK) | 864 != NGX_OK) |
864 { | 872 { |
865 return NGX_ERROR; | 873 return NGX_ERROR; |
866 } | 874 } |
867 | 875 |
868 #ifdef NGX_QUIC_DEBUG_CRYPTO | 876 #ifdef NGX_QUIC_DEBUG_CRYPTO |
869 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 877 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16); |
870 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); | 878 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5); |
871 #endif | 879 #endif |
872 | 880 |
873 /* quic-tls: 5.4.1. Header Protection Application */ | 881 /* quic-tls: 5.4.1. Header Protection Application */ |
874 ad.data[0] ^= mask[0] & 0x1f; | 882 ad.data[0] ^= mask[0] & 0x1f; |
875 | 883 |
975 */ | 983 */ |
976 | 984 |
977 sample = p + 4; | 985 sample = p + 4; |
978 | 986 |
979 #ifdef NGX_QUIC_DEBUG_CRYPTO | 987 #ifdef NGX_QUIC_DEBUG_CRYPTO |
980 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 988 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
989 "quic ngx_quic_decrypt()"); | |
990 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16); | |
981 #endif | 991 #endif |
982 | 992 |
983 /* header protection */ | 993 /* header protection */ |
984 | 994 |
985 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 995 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
1005 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); | 1015 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); |
1006 | 1016 |
1007 pkt->pn = pn; | 1017 pkt->pn = pn; |
1008 | 1018 |
1009 #ifdef NGX_QUIC_DEBUG_CRYPTO | 1019 #ifdef NGX_QUIC_DEBUG_CRYPTO |
1010 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); | 1020 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5); |
1011 #endif | 1021 #endif |
1012 | 1022 |
1013 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1023 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1014 "quic clear flags: %xi", clearflags); | 1024 "quic clear flags: %xi", clearflags); |
1015 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1025 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1038 | 1048 |
1039 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); | 1049 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
1040 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); | 1050 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
1041 | 1051 |
1042 #ifdef NGX_QUIC_DEBUG_CRYPTO | 1052 #ifdef NGX_QUIC_DEBUG_CRYPTO |
1043 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); | 1053 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12); |
1044 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); | 1054 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); |
1045 #endif | 1055 #endif |
1046 | 1056 |
1047 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; | 1057 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; |
1048 | 1058 |
1049 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) { | 1059 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) { |
1054 | 1064 |
1055 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, | 1065 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
1056 nonce, &in, &ad, pkt->log); | 1066 nonce, &in, &ad, pkt->log); |
1057 | 1067 |
1058 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) | 1068 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) |
1059 ngx_quic_hexdump0(pkt->log, "packet payload", | 1069 ngx_quic_hexdump(pkt->log, "quic packet payload", |
1060 pkt->payload.data, pkt->payload.len); | 1070 pkt->payload.data, pkt->payload.len); |
1061 #endif | 1071 #endif |
1062 | 1072 |
1063 return rc; | 1073 return rc; |
1064 } | 1074 } |
1065 | 1075 |