Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8178:a9ff4392ecde quic
QUIC header protection routines, introduced ngx_quic_tls_hp().
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:52 +0300 |
parents | 76e29ff31cd3 |
children | 7ee1ada04c8a |
comparison
equal
deleted
inserted
replaced
8177:76e29ff31cd3 | 8178:a9ff4392ecde |
---|---|
1122 } | 1122 } |
1123 #endif | 1123 #endif |
1124 | 1124 |
1125 // header protection | 1125 // header protection |
1126 | 1126 |
1127 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); | |
1128 uint8_t mask[16]; | 1127 uint8_t mask[16]; |
1129 int outlen; | 1128 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_in, mask, sample) |
1130 | 1129 != NGX_OK) |
1131 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, | |
1132 qc->client_in.hp.data, NULL) | |
1133 != 1) | |
1134 { | 1130 { |
1135 EVP_CIPHER_CTX_free(ctx); | 1131 ngx_http_close_connection(c); |
1136 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1132 return; |
1137 "EVP_EncryptInit_ex() failed"); | 1133 } |
1138 ngx_http_close_connection(c); | |
1139 return; | |
1140 } | |
1141 | |
1142 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) { | |
1143 EVP_CIPHER_CTX_free(ctx); | |
1144 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | |
1145 "EVP_EncryptUpdate() failed"); | |
1146 ngx_http_close_connection(c); | |
1147 return; | |
1148 } | |
1149 | |
1150 EVP_CIPHER_CTX_free(ctx); | |
1151 | 1134 |
1152 u_char clearflags = flags ^ (mask[0] & 0x0f); | 1135 u_char clearflags = flags ^ (mask[0] & 0x0f); |
1153 ngx_int_t pnl = (clearflags & 0x03) + 1; | 1136 ngx_int_t pnl = (clearflags & 0x03) + 1; |
1154 uint64_t pn = ngx_quic_parse_pn(&b->pos, pnl, &mask[1]); | 1137 uint64_t pn = ngx_quic_parse_pn(&b->pos, pnl, &mask[1]); |
1155 | 1138 |
1420 m = ngx_hex_dump(buf, sample, 16) - buf; | 1403 m = ngx_hex_dump(buf, sample, 16) - buf; |
1421 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic sample: %*s", m, buf); | 1404 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, rev->log, 0, "quic sample: %*s", m, buf); |
1422 | 1405 |
1423 // header protection | 1406 // header protection |
1424 | 1407 |
1425 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); | |
1426 uint8_t mask[16]; | 1408 uint8_t mask[16]; |
1427 int outlen; | 1409 if (ngx_quic_tls_hp(c, EVP_aes_128_ecb(), &qc->client_hs, mask, sample) |
1428 | 1410 != NGX_OK) |
1429 if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, | |
1430 qc->client_hs.hp.data, NULL) | |
1431 != 1) | |
1432 { | 1411 { |
1433 EVP_CIPHER_CTX_free(ctx); | 1412 ngx_http_close_connection(c); |
1434 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | 1413 return; |
1435 "EVP_EncryptInit_ex() failed"); | 1414 } |
1436 ngx_http_close_connection(c); | |
1437 return; | |
1438 } | |
1439 | |
1440 if (!EVP_EncryptUpdate(ctx, mask, &outlen, sample, 16)) { | |
1441 EVP_CIPHER_CTX_free(ctx); | |
1442 ngx_ssl_error(NGX_LOG_INFO, rev->log, 0, | |
1443 "EVP_EncryptUpdate() failed"); | |
1444 ngx_http_close_connection(c); | |
1445 return; | |
1446 } | |
1447 | |
1448 EVP_CIPHER_CTX_free(ctx); | |
1449 | 1415 |
1450 u_char clearflags = flags ^ (mask[0] & 0x0f); | 1416 u_char clearflags = flags ^ (mask[0] & 0x0f); |
1451 ngx_int_t pnl = (clearflags & 0x03) + 1; | 1417 ngx_int_t pnl = (clearflags & 0x03) + 1; |
1452 uint64_t pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); | 1418 uint64_t pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); |
1453 | 1419 |