Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic_protection.c @ 8063:64a484fd40a9 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: stripped down debug traces that have served its purpose. The most observable remainers are incoming packet and stream payload that could still be useful to debug various QUIC and HTTP/3 frames.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 21 Aug 2020 14:41:41 +0300
parents d0ac4449a07f
children b13141d6d250
comparison
equal deleted inserted replaced
8062:c5a894bd4f53 8063:64a484fd40a9
275 "ngx_hkdf_expand(%V) failed", label); 275 "ngx_hkdf_expand(%V) failed", label);
276 return NGX_ERROR; 276 return NGX_ERROR;
277 } 277 }
278 278
279 #ifdef NGX_QUIC_DEBUG_CRYPTO 279 #ifdef NGX_QUIC_DEBUG_CRYPTO
280 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0, 280 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0, "quic expand %V", label);
281 "quic ngx_quic_hkdf_expand %V keys", label);
282 ngx_quic_hexdump(pool->log, "quic info", info, info_len);
283 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len); 281 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len);
284 #endif 282 #endif
285 283
286 return NGX_OK; 284 return NGX_OK;
287 } 285 }
777 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); 775 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp);
778 776
779 out.data = res->data + ad.len; 777 out.data = res->data + ad.len;
780 778
781 #ifdef NGX_QUIC_DEBUG_CRYPTO 779 #ifdef NGX_QUIC_DEBUG_CRYPTO
782 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
783 "quic ngx_quic_create_long_packet");
784 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); 780 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
785 #endif 781 #endif
786 782
787 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { 783 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
788 return NGX_ERROR; 784 return NGX_ERROR;
789 } 785 }
790 786
791 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); 787 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
792 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); 788 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
793
794 #ifdef NGX_QUIC_DEBUG_CRYPTO
795 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12);
796 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12);
797 #endif
798 789
799 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, 790 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
800 nonce, &pkt->payload, &ad, pkt->log) 791 nonce, &pkt->payload, &ad, pkt->log)
801 != NGX_OK) 792 != NGX_OK)
802 { 793 {
807 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) 798 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
808 != NGX_OK) 799 != NGX_OK)
809 { 800 {
810 return NGX_ERROR; 801 return NGX_ERROR;
811 } 802 }
812
813 #ifdef NGX_QUIC_DEBUG_CRYPTO
814 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16);
815 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5);
816 #endif
817 803
818 /* quic-tls: 5.4.1. Header Protection Application */ 804 /* quic-tls: 5.4.1. Header Protection Application */
819 ad.data[0] ^= mask[0] & 0x0f; 805 ad.data[0] ^= mask[0] & 0x0f;
820 806
821 for (i = 0; i < pkt->num_len; i++) { 807 for (i = 0; i < pkt->num_len; i++) {
844 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); 830 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp);
845 831
846 out.data = res->data + ad.len; 832 out.data = res->data + ad.len;
847 833
848 #ifdef NGX_QUIC_DEBUG_CRYPTO 834 #ifdef NGX_QUIC_DEBUG_CRYPTO
849 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
850 "quic ngx_quic_create_short_packet");
851 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); 835 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
852 #endif 836 #endif
853 837
854 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { 838 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) {
855 return NGX_ERROR; 839 return NGX_ERROR;
856 } 840 }
857
858 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
859 "quic ngx_quic_create_short_packet: number %L,"
860 " encoded %d:0x%xD", pkt->number, (int) pkt->num_len,
861 pkt->trunc);
862 841
863 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); 842 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len);
864 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); 843 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
865
866 #ifdef NGX_QUIC_DEBUG_CRYPTO
867 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12);
868 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12);
869 #endif
870 844
871 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, 845 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out,
872 nonce, &pkt->payload, &ad, pkt->log) 846 nonce, &pkt->payload, &ad, pkt->log)
873 != NGX_OK) 847 != NGX_OK)
874 { 848 {
879 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) 853 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
880 != NGX_OK) 854 != NGX_OK)
881 { 855 {
882 return NGX_ERROR; 856 return NGX_ERROR;
883 } 857 }
884
885 #ifdef NGX_QUIC_DEBUG_CRYPTO
886 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16);
887 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5);
888 #endif
889 858
890 /* quic-tls: 5.4.1. Header Protection Application */ 859 /* quic-tls: 5.4.1. Header Protection Application */
891 ad.data[0] ^= mask[0] & 0x1f; 860 ad.data[0] ^= mask[0] & 0x1f;
892 861
893 for (i = 0; i < pkt->num_len; i++) { 862 for (i = 0; i < pkt->num_len; i++) {
1050 * AES-Based and ChaCha20-Based header protections sample 16 bytes 1019 * AES-Based and ChaCha20-Based header protections sample 16 bytes
1051 */ 1020 */
1052 1021
1053 sample = p + 4; 1022 sample = p + 4;
1054 1023
1055 #ifdef NGX_QUIC_DEBUG_CRYPTO
1056 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1057 "quic ngx_quic_decrypt()");
1058 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16);
1059 #endif
1060
1061 /* header protection */ 1024 /* header protection */
1062 1025
1063 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) 1026 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
1064 != NGX_OK) 1027 != NGX_OK)
1065 { 1028 {
1084 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); 1047 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn);
1085 1048
1086 pkt->pn = pn; 1049 pkt->pn = pn;
1087 pkt->flags = clearflags; 1050 pkt->flags = clearflags;
1088 1051
1089 #ifdef NGX_QUIC_DEBUG_CRYPTO
1090 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5);
1091 #endif
1092
1093 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1052 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1094 "quic clear flags: %xd", clearflags); 1053 "quic clear flags: %xd", clearflags);
1095 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1054 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1096 "quic packet number: %uL, len: %xi", pn, pnl); 1055 "quic packet number: %uL, len: %xi", pn, pnl);
1097 1056
1120 1079
1121 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); 1080 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
1122 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); 1081 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
1123 1082
1124 #ifdef NGX_QUIC_DEBUG_CRYPTO 1083 #ifdef NGX_QUIC_DEBUG_CRYPTO
1125 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12);
1126 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); 1084 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
1127 #endif 1085 #endif
1128 1086
1129 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; 1087 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
1130 1088