Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_protection.c @ 8063:64a484fd40a9 quic
QUIC: stripped down debug traces that have served its purpose.
The most observable remainers are incoming packet and stream payload
that could still be useful to debug various QUIC and HTTP/3 frames.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 21 Aug 2020 14:41:41 +0300 |
parents | d0ac4449a07f |
children | b13141d6d250 |
comparison
equal
deleted
inserted
replaced
8062:c5a894bd4f53 | 8063:64a484fd40a9 |
---|---|
275 "ngx_hkdf_expand(%V) failed", label); | 275 "ngx_hkdf_expand(%V) failed", label); |
276 return NGX_ERROR; | 276 return NGX_ERROR; |
277 } | 277 } |
278 | 278 |
279 #ifdef NGX_QUIC_DEBUG_CRYPTO | 279 #ifdef NGX_QUIC_DEBUG_CRYPTO |
280 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0, | 280 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0, "quic expand %V", label); |
281 "quic ngx_quic_hkdf_expand %V keys", label); | |
282 ngx_quic_hexdump(pool->log, "quic info", info, info_len); | |
283 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len); | 281 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len); |
284 #endif | 282 #endif |
285 | 283 |
286 return NGX_OK; | 284 return NGX_OK; |
287 } | 285 } |
777 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); | 775 ad.len = ngx_quic_create_long_header(pkt, ad.data, out.len, &pnp); |
778 | 776 |
779 out.data = res->data + ad.len; | 777 out.data = res->data + ad.len; |
780 | 778 |
781 #ifdef NGX_QUIC_DEBUG_CRYPTO | 779 #ifdef NGX_QUIC_DEBUG_CRYPTO |
782 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | |
783 "quic ngx_quic_create_long_packet"); | |
784 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | 780 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); |
785 #endif | 781 #endif |
786 | 782 |
787 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 783 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
788 return NGX_ERROR; | 784 return NGX_ERROR; |
789 } | 785 } |
790 | 786 |
791 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); | 787 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); |
792 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 788 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
793 | |
794 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
795 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12); | |
796 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12); | |
797 #endif | |
798 | 789 |
799 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, | 790 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, |
800 nonce, &pkt->payload, &ad, pkt->log) | 791 nonce, &pkt->payload, &ad, pkt->log) |
801 != NGX_OK) | 792 != NGX_OK) |
802 { | 793 { |
807 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) | 798 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) |
808 != NGX_OK) | 799 != NGX_OK) |
809 { | 800 { |
810 return NGX_ERROR; | 801 return NGX_ERROR; |
811 } | 802 } |
812 | |
813 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
814 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16); | |
815 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5); | |
816 #endif | |
817 | 803 |
818 /* quic-tls: 5.4.1. Header Protection Application */ | 804 /* quic-tls: 5.4.1. Header Protection Application */ |
819 ad.data[0] ^= mask[0] & 0x0f; | 805 ad.data[0] ^= mask[0] & 0x0f; |
820 | 806 |
821 for (i = 0; i < pkt->num_len; i++) { | 807 for (i = 0; i < pkt->num_len; i++) { |
844 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); | 830 ad.len = ngx_quic_create_short_header(pkt, ad.data, out.len, &pnp); |
845 | 831 |
846 out.data = res->data + ad.len; | 832 out.data = res->data + ad.len; |
847 | 833 |
848 #ifdef NGX_QUIC_DEBUG_CRYPTO | 834 #ifdef NGX_QUIC_DEBUG_CRYPTO |
849 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | |
850 "quic ngx_quic_create_short_packet"); | |
851 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | 835 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); |
852 #endif | 836 #endif |
853 | 837 |
854 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 838 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
855 return NGX_ERROR; | 839 return NGX_ERROR; |
856 } | 840 } |
857 | |
858 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | |
859 "quic ngx_quic_create_short_packet: number %L," | |
860 " encoded %d:0x%xD", pkt->number, (int) pkt->num_len, | |
861 pkt->trunc); | |
862 | 841 |
863 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); | 842 ngx_memcpy(nonce, pkt->secret->iv.data, pkt->secret->iv.len); |
864 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | 843 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); |
865 | |
866 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
867 ngx_quic_hexdump(pkt->log, "quic server_iv", pkt->secret->iv.data, 12); | |
868 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12); | |
869 #endif | |
870 | 844 |
871 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, | 845 if (ngx_quic_tls_seal(ciphers.c, pkt->secret, &out, |
872 nonce, &pkt->payload, &ad, pkt->log) | 846 nonce, &pkt->payload, &ad, pkt->log) |
873 != NGX_OK) | 847 != NGX_OK) |
874 { | 848 { |
879 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) | 853 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) |
880 != NGX_OK) | 854 != NGX_OK) |
881 { | 855 { |
882 return NGX_ERROR; | 856 return NGX_ERROR; |
883 } | 857 } |
884 | |
885 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
886 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16); | |
887 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5); | |
888 #endif | |
889 | 858 |
890 /* quic-tls: 5.4.1. Header Protection Application */ | 859 /* quic-tls: 5.4.1. Header Protection Application */ |
891 ad.data[0] ^= mask[0] & 0x1f; | 860 ad.data[0] ^= mask[0] & 0x1f; |
892 | 861 |
893 for (i = 0; i < pkt->num_len; i++) { | 862 for (i = 0; i < pkt->num_len; i++) { |
1050 * AES-Based and ChaCha20-Based header protections sample 16 bytes | 1019 * AES-Based and ChaCha20-Based header protections sample 16 bytes |
1051 */ | 1020 */ |
1052 | 1021 |
1053 sample = p + 4; | 1022 sample = p + 4; |
1054 | 1023 |
1055 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
1056 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | |
1057 "quic ngx_quic_decrypt()"); | |
1058 ngx_quic_hexdump(pkt->log, "quic sample", sample, 16); | |
1059 #endif | |
1060 | |
1061 /* header protection */ | 1024 /* header protection */ |
1062 | 1025 |
1063 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 1026 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |
1064 != NGX_OK) | 1027 != NGX_OK) |
1065 { | 1028 { |
1084 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); | 1047 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); |
1085 | 1048 |
1086 pkt->pn = pn; | 1049 pkt->pn = pn; |
1087 pkt->flags = clearflags; | 1050 pkt->flags = clearflags; |
1088 | 1051 |
1089 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
1090 ngx_quic_hexdump(pkt->log, "quic mask", mask, 5); | |
1091 #endif | |
1092 | |
1093 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1052 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1094 "quic clear flags: %xd", clearflags); | 1053 "quic clear flags: %xd", clearflags); |
1095 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1054 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1096 "quic packet number: %uL, len: %xi", pn, pnl); | 1055 "quic packet number: %uL, len: %xi", pn, pnl); |
1097 | 1056 |
1120 | 1079 |
1121 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); | 1080 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); |
1122 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); | 1081 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn); |
1123 | 1082 |
1124 #ifdef NGX_QUIC_DEBUG_CRYPTO | 1083 #ifdef NGX_QUIC_DEBUG_CRYPTO |
1125 ngx_quic_hexdump(pkt->log, "quic nonce", nonce, 12); | |
1126 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | 1084 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); |
1127 #endif | 1085 #endif |
1128 | 1086 |
1129 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; | 1087 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; |
1130 | 1088 |