Mercurial > hg > nginx

comparison src/http/ngx_http_request.c @ 8178:a9ff4392ecde quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC header protection routines, introduced ngx_quic_tls_hp().
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 Feb 2020 13:09:52 +0300
parents 76e29ff31cd3
children 7ee1ada04c8a
comparison
equal deleted inserted replaced
8177:76e29ff31cd3 8178:a9ff4392ecde
1122 } 1122 }
1123 #endif 1123 #endif
1124 1124
1125 // header protection 1125 // header protection
1126 1126
1127 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
1128 uint8_t mask[16]; 1127 uint8_t mask[16];
1129 int outlen; 1128 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_in, mask, sample)
1130 1129 != NGX_OK)
1131 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
1132 qc->client_in.hp.data, NULL)
1133 != 1)
1134 { 1130 {
1135 EVP_CIPHER_CTX_free(ctx); 1131 ngx_http_close_connection(c);
1136 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1132 return;
1137 "EVP_EncryptInit_ex() failed"); 1133 }
1138 ngx_http_close_connection(c);
1139 return;
1140 }
1141
1142 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) {
1143 EVP_CIPHER_CTX_free(ctx);
1144 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1145 "EVP_EncryptUpdate() failed");
1146 ngx_http_close_connection(c);
1147 return;
1148 }
1149
1150 EVP_CIPHER_CTX_free(ctx);
1151 1134
1152 u_char clearflags = flags ^ (mask[0] & 0x0f); 1135 u_char clearflags = flags ^ (mask[0] & 0x0f);
1153 ngx_int_t pnl = (clearflags & 0x03) + 1; 1136 ngx_int_t pnl = (clearflags & 0x03) + 1;
1154 uint64_t pn = ngx_quic_parse_pn(&b->pos, pnl, &mask[1]); 1137 uint64_t pn = ngx_quic_parse_pn(&b->pos, pnl, &mask[1]);
1155 1138
1420 m = ngx_hex_dump(buf, sample, 16) - buf; 1403 m = ngx_hex_dump(buf, sample, 16) - buf;
1421 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic sample: %*s", m, buf); 1404 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic sample: %*s", m, buf);
1422 1405
1423 // header protection 1406 // header protection
1424 1407
1425 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
1426 uint8_t mask[16]; 1408 uint8_t mask[16];
1427 int outlen; 1409 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_hs, mask, sample)
1428 1410 != NGX_OK)
1429 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL,
1430 qc->client_hs.hp.data, NULL)
1431 != 1)
1432 { 1411 {
1433 EVP_CIPHER_CTX_free(ctx); 1412 ngx_http_close_connection(c);
1434 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, 1413 return;
1435 "EVP_EncryptInit_ex() failed"); 1414 }
1436 ngx_http_close_connection(c);
1437 return;
1438 }
1439
1440 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) {
1441 EVP_CIPHER_CTX_free(ctx);
1442 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
1443 "EVP_EncryptUpdate() failed");
1444 ngx_http_close_connection(c);
1445 return;
1446 }
1447
1448 EVP_CIPHER_CTX_free(ctx);
1449 1415
1450 u_char clearflags = flags ^ (mask[0] & 0x0f); 1416 u_char clearflags = flags ^ (mask[0] & 0x0f);
1451 ngx_int_t pnl = (clearflags & 0x03) + 1; 1417 ngx_int_t pnl = (clearflags & 0x03) + 1;
1452 uint64_t pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); 1418 uint64_t pn = ngx_quic_parse_pn(&p, pnl, &mask[1]);
1453 1419