Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_tokens.c @ 8752:e19723c40d28 quic
QUIC: separate files for tokens related processing.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Tue, 13 Apr 2021 14:41:52 +0300 |
| parents | |
| children | b4e6b7049984 |
| rev | line source |
|---|---|
|
8752
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_event.h> |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_sha1.h> |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 #include <ngx_event_quic_protection.h> |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 #define NGX_QUIC_MAX_TOKEN_SIZE 64 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 static void ngx_quic_address_hash(ngx_connection_t *c, ngx_uint_t no_port, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 u_char buf[20]); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 ngx_int_t |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, u_char *secret, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 u_char *token) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 ngx_str_t tmp; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 tmp.data = secret; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 tmp.len = NGX_QUIC_SR_KEY_LEN; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 if (ngx_quic_derive_key(c->log, "sr_token_key", &tmp, cid, token, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 NGX_QUIC_SR_TOKEN_LEN) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 != NGX_OK) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
38 #if (NGX_DEBUG) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
39 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
40 "quic stateless reset token %*xs", |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 (size_t) NGX_QUIC_SR_TOKEN_LEN, token); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 #endif |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 return NGX_OK; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 ngx_int_t |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 ngx_quic_new_token(ngx_connection_t *c, u_char *key, ngx_str_t *token, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
50 ngx_str_t *odcid, time_t exp, ngx_uint_t is_retry) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 int len, iv_len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 u_char *p, *iv; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 EVP_CIPHER_CTX *ctx; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 const EVP_CIPHER *cipher; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 u_char in[NGX_QUIC_MAX_TOKEN_SIZE]; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
59 ngx_quic_address_hash(c, !is_retry, in); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
60 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
61 p = in + 20; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
62 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
63 p = ngx_cpymem(p, &exp, sizeof(time_t)); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
64 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
65 *p++ = is_retry ? 1 : 0; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
66 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 if (odcid) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 *p++ = odcid->len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 p = ngx_cpymem(p, odcid->data, odcid->len); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 } else { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 *p++ = 0; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
74 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 len = p - in; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 cipher = EVP_aes_256_cbc(); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 iv_len = EVP_CIPHER_iv_length(cipher); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 token->len = iv_len + len + EVP_CIPHER_block_size(cipher); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 token->data = ngx_pnalloc(c->pool, token->len); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 if (token->data == NULL) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
85 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
86 ctx = EVP_CIPHER_CTX_new(); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
87 if (ctx == NULL) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
91 iv = token->data; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 if (RAND_bytes(iv, iv_len) <= 0 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 || !EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
99 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 token->len = iv_len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
102 if (EVP_EncryptUpdate(ctx, token->data + token->len, &len, in, len) != 1) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
103 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
104 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
105 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 token->len += len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
109 if (EVP_EncryptFinal_ex(ctx, token->data + token->len, &len) <= 0) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
111 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 token->len += len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
116 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
118 #ifdef NGX_QUIC_DEBUG_PACKETS |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 "quic new token len:%uz %xV", token->len, token); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 #endif |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
123 return NGX_OK; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
124 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
125 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
126 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
127 static void |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
128 ngx_quic_address_hash(ngx_connection_t *c, ngx_uint_t no_port, u_char buf[20]) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
130 size_t len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
131 u_char *data; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 ngx_sha1_t sha1; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 struct sockaddr_in *sin; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 #if (NGX_HAVE_INET6) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
135 struct sockaddr_in6 *sin6; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 #endif |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 len = (size_t) c->socklen; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 data = (u_char *) c->sockaddr; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 if (no_port) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 switch (c->sockaddr->sa_family) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
144 #if (NGX_HAVE_INET6) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
145 case AF_INET6: |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
146 sin6 = (struct sockaddr_in6 *) c->sockaddr; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 len = sizeof(struct in6_addr); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 data = sin6->sin6_addr.s6_addr; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
150 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 break; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
152 #endif |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 case AF_INET: |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 sin = (struct sockaddr_in *) c->sockaddr; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 len = sizeof(in_addr_t); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 data = (u_char *) &sin->sin_addr; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
159 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
160 break; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
161 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
162 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
163 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 ngx_sha1_init(&sha1); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
165 ngx_sha1_update(&sha1, data, len); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
166 ngx_sha1_final(buf, &sha1); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
167 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
168 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 ngx_int_t |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 ngx_quic_validate_token(ngx_connection_t *c, u_char *key, |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 ngx_quic_header_t *pkt) |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 int len, tlen, iv_len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 u_char *iv, *p; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 time_t now, exp; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 size_t total; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 ngx_str_t odcid; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 EVP_CIPHER_CTX *ctx; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
180 const EVP_CIPHER *cipher; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 u_char addr_hash[20]; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 u_char tdec[NGX_QUIC_MAX_TOKEN_SIZE]; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 /* Retry token or NEW_TOKEN in a previous connection */ |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
186 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
187 cipher = EVP_aes_256_cbc(); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
188 iv = pkt->token.data; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
189 iv_len = EVP_CIPHER_iv_length(cipher); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
190 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
191 /* sanity checks */ |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
192 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
193 if (pkt->token.len < (size_t) iv_len + EVP_CIPHER_block_size(cipher)) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
194 goto garbage; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
195 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
196 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
197 if (pkt->token.len > (size_t) iv_len + NGX_QUIC_MAX_TOKEN_SIZE) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
198 goto garbage; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
199 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
200 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
201 ctx = EVP_CIPHER_CTX_new(); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
202 if (ctx == NULL) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
203 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
204 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
205 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
206 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
207 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
208 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
209 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
210 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
211 p = pkt->token.data + iv_len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
212 len = pkt->token.len - iv_len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
213 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
214 if (EVP_DecryptUpdate(ctx, tdec, &len, p, len) != 1) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
215 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
216 goto garbage; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
217 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
218 total = len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
219 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
220 if (EVP_DecryptFinal_ex(ctx, tdec + len, &tlen) <= 0) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
221 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
222 goto garbage; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
223 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
224 total += tlen; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
225 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
226 EVP_CIPHER_CTX_free(ctx); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
227 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
228 if (total < (20 + sizeof(time_t) + 2)) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
229 goto garbage; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
230 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
231 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
232 p = tdec + 20; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
233 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
234 ngx_memcpy(&exp, p, sizeof(time_t)); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
235 p += sizeof(time_t); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
236 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
237 pkt->retried = (*p++ == 1); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
238 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
239 ngx_quic_address_hash(c, !pkt->retried, addr_hash); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
240 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
241 if (ngx_memcmp(tdec, addr_hash, 20) != 0) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
242 goto bad_token; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
243 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
244 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
245 odcid.len = *p++; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
246 if (odcid.len) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
247 if (odcid.len > NGX_QUIC_MAX_CID_LEN) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
248 goto bad_token; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
249 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
250 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
251 if ((size_t)(tdec + total - p) < odcid.len) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
252 goto bad_token; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
253 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
254 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
255 odcid.data = p; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
256 p += odcid.len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
257 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
258 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 now = ngx_time(); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 if (now > exp) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
262 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic expired token"); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
263 return NGX_DECLINED; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
264 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
265 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
266 if (odcid.len) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
267 pkt->odcid.len = odcid.len; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
268 pkt->odcid.data = ngx_pstrdup(c->pool, &odcid); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
269 if (pkt->odcid.data == NULL) { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
270 return NGX_ERROR; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
271 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
272 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
273 } else { |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
274 pkt->odcid = pkt->dcid; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
275 } |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
276 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
277 pkt->validated = 1; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
278 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
279 return NGX_OK; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
280 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
281 garbage: |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
282 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
283 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic garbage token"); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
284 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
285 return NGX_ABORT; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
286 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
287 bad_token: |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
288 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
289 ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic invalid token"); |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
290 |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
291 return NGX_DECLINED; |
|
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
292 } |