Mercurial > hg > nginx

diff src/event/ngx_event_quic_protection.c @ 8359:2f900ae486bc quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Debug cleanup. + all dumps are moved under one of the following macros (undefined by default): NGX_QUIC_DEBUG_PACKETS NGX_QUIC_DEBUG_FRAMES NGX_QUIC_DEBUG_FRAMES_ALLOC NGX_QUIC_DEBUG_CRYPTO + all QUIC debug messages got "quic " prefix + all input frames are reported as "quic frame in FOO_FRAME bar:1 baz:2" + all outgoing frames re reported as "quic frame out foo bar baz" + all stream operations are prefixed with id, like: "quic stream id 0x33 recv" + all transport parameters are prefixed with "quic tp" (hex dump is moved to caller, to avoid using ngx_cycle->log) + packet flags and some other debug messages are updated to include packet type
author Vladimir Homutov <vl@nginx.com>
date Fri, 24 Apr 2020 10:11:47 +0300
parents aba84d9ab256
children f175006124d0
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -156,8 +156,10 @@ ngx_quic_set_initial_secret(ngx_pool_t *
         .len = is_len
     };
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt));
     ngx_quic_hexdump0(pool->log, "initial secret", is, is_len);
+#endif
 
     /* draft-ietf-quic-tls-23#section-5.2 */
     client->secret.len = SHA256_DIGEST_LENGTH;
@@ -263,8 +265,10 @@ ngx_quic_hkdf_expand(ngx_pool_t *pool, c
         return NGX_ERROR;
     }
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump(pool->log, "%V info", info, info_len, label);
     ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label);
+#endif
 
     return NGX_OK;
 }
@@ -761,21 +765,21 @@ ngx_quic_create_long_packet(ngx_quic_hea
 
     out.data = res->data + ad.len;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
+#endif
 
     if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
         return NGX_ERROR;
     }
 
-    ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
-                   "ngx_quic_create_long_packet: number %L, encoded %d:0x%xD",
-                   pkt->number, (int) pkt->num_len, pkt->trunc);
-
     ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
     ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12);
     ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
+#endif
 
     if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
                           nonce, &pkt->payload, &ad, pkt->log)
@@ -791,8 +795,10 @@ ngx_quic_create_long_packet(ngx_quic_hea
         return NGX_ERROR;
     }
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
     ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
+#endif
 
     /* quic-tls: 5.4.1.  Header Protection Application */
     ad.data[0] ^= mask[0] & 0x0f;
@@ -824,21 +830,26 @@ ngx_quic_create_short_packet(ngx_quic_he
 
     out.data = res->data + ad.len;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
+#endif
 
     if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
         return NGX_ERROR;
     }
 
     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
-                   "ngx_quic_create_short_packet: number %L, encoded %d:0x%xD",
-                   pkt->number, (int) pkt->num_len, pkt->trunc);
+                   "quic ngx_quic_create_short_packet: number %L,"
+                   " encoded %d:0x%xD", pkt->number, (int) pkt->num_len,
+                   pkt->trunc);
 
     ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
     ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12);
     ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
+#endif
 
     if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
                           nonce, &pkt->payload, &ad, pkt->log)
@@ -854,8 +865,10 @@ ngx_quic_create_short_packet(ngx_quic_he
         return NGX_ERROR;
     }
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
     ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
+#endif
 
     /* quic-tls: 5.4.1.  Header Protection Application */
     ad.data[0] ^= mask[0] & 0x1f;
@@ -963,7 +976,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
 
     sample = p + 4;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "sample", sample, 16);
+#endif
 
     /* header protection */
 
@@ -991,7 +1006,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
 
     pkt->pn = pn;
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "mask", mask, 5);
+#endif
+
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
                    "quic clear flags: %xi", clearflags);
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
@@ -1021,8 +1039,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
     ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
 
+#ifdef NGX_QUIC_DEBUG_CRYPTO
     ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12);
     ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len);
+#endif
 
     pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
 
@@ -1035,8 +1055,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
                            nonce, &in, &ad, pkt->log);
 
+#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
     ngx_quic_hexdump0(pkt->log, "packet payload",
                       pkt->payload.data, pkt->payload.len);
+#endif
 
     return rc;
 }