Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_protection.c @ 7836:2f900ae486bc quic
Debug cleanup.
+ all dumps are moved under one of the following macros (undefined by default):
NGX_QUIC_DEBUG_PACKETS
NGX_QUIC_DEBUG_FRAMES
NGX_QUIC_DEBUG_FRAMES_ALLOC
NGX_QUIC_DEBUG_CRYPTO
+ all QUIC debug messages got "quic " prefix
+ all input frames are reported as "quic frame in FOO_FRAME bar:1 baz:2"
+ all outgoing frames re reported as "quic frame out foo bar baz"
+ all stream operations are prefixed with id, like: "quic stream id 0x33 recv"
+ all transport parameters are prefixed with "quic tp"
(hex dump is moved to caller, to avoid using ngx_cycle->log)
+ packet flags and some other debug messages are updated to
include packet type
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 24 Apr 2020 10:11:47 +0300 |
parents | aba84d9ab256 |
children | f175006124d0 |
comparison
equal
deleted
inserted
replaced
7835:2a6e91a1691d | 7836:2f900ae486bc |
---|---|
154 ngx_str_t iss = { | 154 ngx_str_t iss = { |
155 .data = is, | 155 .data = is, |
156 .len = is_len | 156 .len = is_len |
157 }; | 157 }; |
158 | 158 |
159 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
159 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); | 160 ngx_quic_hexdump0(pool->log, "salt", salt, sizeof(salt)); |
160 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); | 161 ngx_quic_hexdump0(pool->log, "initial secret", is, is_len); |
162 #endif | |
161 | 163 |
162 /* draft-ietf-quic-tls-23#section-5.2 */ | 164 /* draft-ietf-quic-tls-23#section-5.2 */ |
163 client->secret.len = SHA256_DIGEST_LENGTH; | 165 client->secret.len = SHA256_DIGEST_LENGTH; |
164 server->secret.len = SHA256_DIGEST_LENGTH; | 166 server->secret.len = SHA256_DIGEST_LENGTH; |
165 | 167 |
261 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, | 263 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, |
262 "ngx_hkdf_expand(%V) failed", label); | 264 "ngx_hkdf_expand(%V) failed", label); |
263 return NGX_ERROR; | 265 return NGX_ERROR; |
264 } | 266 } |
265 | 267 |
268 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
266 ngx_quic_hexdump(pool->log, "%V info", info, info_len, label); | 269 ngx_quic_hexdump(pool->log, "%V info", info, info_len, label); |
267 ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label); | 270 ngx_quic_hexdump(pool->log, "%V key", out->data, out->len, label); |
271 #endif | |
268 | 272 |
269 return NGX_OK; | 273 return NGX_OK; |
270 } | 274 } |
271 | 275 |
272 | 276 |
759 ad.data = res->data; | 763 ad.data = res->data; |
760 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); | 764 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); |
761 | 765 |
762 out.data = res->data + ad.len; | 766 out.data = res->data + ad.len; |
763 | 767 |
768 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
764 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); | 769 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); |
770 #endif | |
765 | 771 |
766 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 772 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
767 return NGX_ERROR; | 773 return NGX_ERROR; |
768 } | 774 } |
769 | |
770 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | |
771 "ngx_quic_create_long_packet: number %L, encoded %d:0x%xD", | |
772 pkt->number, (int) pkt->num_len, pkt->trunc); | |
773 | 775 |
774 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); | 776 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); |
775 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 777 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
776 | 778 |
779 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
777 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); | 780 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); |
778 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); | 781 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); |
782 #endif | |
779 | 783 |
780 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, | 784 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, |
781 nonce, &pkt->payload, &ad, pkt->log) | 785 nonce, &pkt->payload, &ad, pkt->log) |
782 != NGX_OK) | 786 != NGX_OK) |
783 { | 787 { |
789 != NGX_OK) | 793 != NGX_OK) |
790 { | 794 { |
791 return NGX_ERROR; | 795 return NGX_ERROR; |
792 } | 796 } |
793 | 797 |
798 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
794 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 799 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); |
795 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); | 800 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); |
801 #endif | |
796 | 802 |
797 /* quic-tls: 5.4.1. Header Protection Application */ | 803 /* quic-tls: 5.4.1. Header Protection Application */ |
798 ad.data[0] ^= mask[0] & 0x0f; | 804 ad.data[0] ^= mask[0] & 0x0f; |
799 | 805 |
800 for (i = 0; i < pkt->num_len; i++) { | 806 for (i = 0; i < pkt->num_len; i++) { |
822 ad.data = res->data; | 828 ad.data = res->data; |
823 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); | 829 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); |
824 | 830 |
825 out.data = res->data + ad.len; | 831 out.data = res->data + ad.len; |
826 | 832 |
833 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
827 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); | 834 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); |
835 #endif | |
828 | 836 |
829 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 837 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
830 return NGX_ERROR; | 838 return NGX_ERROR; |
831 } | 839 } |
832 | 840 |
833 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 841 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
834 "ngx_quic_create_short_packet: number %L, encoded %d:0x%xD", | 842 "quic ngx_quic_create_short_packet: number %L," |
835 pkt->number, (int) pkt->num_len, pkt->trunc); | 843 " encoded %d:0x%xD", pkt->number, (int) pkt->num_len, |
844 pkt->trunc); | |
836 | 845 |
837 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); | 846 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); |
838 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 847 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
839 | 848 |
849 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
840 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); | 850 ngx_quic_hexdump0(pkt->log, "server_iv", pkt->secret->iv.data, 12); |
841 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); | 851 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); |
852 #endif | |
842 | 853 |
843 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, | 854 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, |
844 nonce, &pkt->payload, &ad, pkt->log) | 855 nonce, &pkt->payload, &ad, pkt->log) |
845 != NGX_OK) | 856 != NGX_OK) |
846 { | 857 { |
852 != NGX_OK) | 863 != NGX_OK) |
853 { | 864 { |
854 return NGX_ERROR; | 865 return NGX_ERROR; |
855 } | 866 } |
856 | 867 |
868 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
857 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 869 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); |
858 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); | 870 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); |
871 #endif | |
859 | 872 |
860 /* quic-tls: 5.4.1. Header Protection Application */ | 873 /* quic-tls: 5.4.1. Header Protection Application */ |
861 ad.data[0] ^= mask[0] & 0x1f; | 874 ad.data[0] ^= mask[0] & 0x1f; |
862 | 875 |
863 for (i = 0; i < pkt->num_len; i++) { | 876 for (i = 0; i < pkt->num_len; i++) { |
961 * AES-Based and ChaCha20-Based header protections sample 16 bytes | 974 * AES-Based and ChaCha20-Based header protections sample 16 bytes |
962 */ | 975 */ |
963 | 976 |
964 sample = p + 4; | 977 sample = p + 4; |
965 | 978 |
979 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
966 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 980 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); |
981 #endif | |
967 | 982 |
968 /* header protection */ | 983 /* header protection */ |
969 | 984 |
970 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 985 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
971 != NGX_OK) | 986 != NGX_OK) |
989 pnl = (clearflags & 0x03) + 1; | 1004 pnl = (clearflags & 0x03) + 1; |
990 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); | 1005 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); |
991 | 1006 |
992 pkt->pn = pn; | 1007 pkt->pn = pn; |
993 | 1008 |
1009 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
994 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); | 1010 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); |
1011 #endif | |
1012 | |
995 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1013 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
996 "quic clear flags: %xi", clearflags); | 1014 "quic clear flags: %xi", clearflags); |
997 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1015 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
998 "quic packet number: %uL, len: %xi", pn, pnl); | 1016 "quic packet number: %uL, len: %xi", pn, pnl); |
999 | 1017 |
1019 } while (--pnl); | 1037 } while (--pnl); |
1020 | 1038 |
1021 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); | 1039 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
1022 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); | 1040 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
1023 | 1041 |
1042 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
1024 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); | 1043 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); |
1025 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); | 1044 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); |
1045 #endif | |
1026 | 1046 |
1027 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; | 1047 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; |
1028 | 1048 |
1029 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) { | 1049 if (NGX_QUIC_DEFAULT_MAX_PACKET_SIZE - ad.len < pkt->payload.len) { |
1030 return NGX_ERROR; | 1050 return NGX_ERROR; |
1033 pkt->payload.data = pkt->plaintext + ad.len; | 1053 pkt->payload.data = pkt->plaintext + ad.len; |
1034 | 1054 |
1035 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, | 1055 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
1036 nonce, &in, &ad, pkt->log); | 1056 nonce, &in, &ad, pkt->log); |
1037 | 1057 |
1058 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) | |
1038 ngx_quic_hexdump0(pkt->log, "packet payload", | 1059 ngx_quic_hexdump0(pkt->log, "packet payload", |
1039 pkt->payload.data, pkt->payload.len); | 1060 pkt->payload.data, pkt->payload.len); |
1061 #endif | |
1040 | 1062 |
1041 return rc; | 1063 return rc; |
1042 } | 1064 } |
1043 | 1065 |