Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8645:ae4bffb75df8 quic
QUIC: simplified and streamlined ngx_quic_decrypt().
Both clearflags and badflags are removed. It makes a little sense now
to keep them as intermediate storage.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 17 Nov 2020 21:33:16 +0000 |
parents | e953bd2c5bb3 |
children | 4bf332873a83 |
comparison
equal
deleted
inserted
replaced
8644:e953bd2c5bb3 | 8645:ae4bffb75df8 |
---|---|
1055 | 1055 |
1056 | 1056 |
1057 ngx_int_t | 1057 ngx_int_t |
1058 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) | 1058 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |
1059 { | 1059 { |
1060 u_char clearflags, *p, *sample; | 1060 u_char *p, *sample; |
1061 size_t len; | 1061 size_t len; |
1062 uint8_t badflags; | |
1063 uint64_t pn, lpn; | 1062 uint64_t pn, lpn; |
1064 ngx_int_t pnl, rc, key_phase; | 1063 ngx_int_t pnl, rc, key_phase; |
1065 ngx_str_t in, ad; | 1064 ngx_str_t in, ad; |
1066 ngx_quic_secret_t *secret; | 1065 ngx_quic_secret_t *secret; |
1067 ngx_quic_ciphers_t ciphers; | 1066 ngx_quic_ciphers_t ciphers; |
1095 != NGX_OK) | 1094 != NGX_OK) |
1096 { | 1095 { |
1097 return NGX_DECLINED; | 1096 return NGX_DECLINED; |
1098 } | 1097 } |
1099 | 1098 |
1100 clearflags = pkt->flags ^ (mask[0] & ngx_quic_pkt_hp_mask(pkt->flags)); | 1099 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); |
1101 | 1100 |
1102 if (ngx_quic_short_pkt(pkt->flags)) { | 1101 if (ngx_quic_short_pkt(pkt->flags)) { |
1103 key_phase = (clearflags & NGX_QUIC_PKT_KPHASE) != 0; | 1102 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0; |
1104 | 1103 |
1105 if (key_phase != pkt->key_phase) { | 1104 if (key_phase != pkt->key_phase) { |
1106 secret = &pkt->keys->next_key.client; | 1105 secret = &pkt->keys->next_key.client; |
1107 pkt->key_update = 1; | 1106 pkt->key_update = 1; |
1108 } | 1107 } |
1109 } | 1108 } |
1110 | 1109 |
1111 lpn = *largest_pn; | 1110 lpn = *largest_pn; |
1112 | 1111 |
1113 pnl = (clearflags & 0x03) + 1; | 1112 pnl = (pkt->flags & 0x03) + 1; |
1114 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); | 1113 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); |
1115 | 1114 |
1116 pkt->pn = pn; | 1115 pkt->pn = pn; |
1117 pkt->flags = clearflags; | |
1118 | 1116 |
1119 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1117 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1120 "quic packet rx clearflags:%xd", clearflags); | 1118 "quic packet rx clearflags:%xd", pkt->flags); |
1121 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1119 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1122 "quic packet rx number:%uL len:%xi", pn, pnl); | 1120 "quic packet rx number:%uL len:%xi", pn, pnl); |
1123 | 1121 |
1124 /* packet protection */ | 1122 /* packet protection */ |
1125 | 1123 |
1126 in.data = p; | 1124 in.data = p; |
1127 in.len = len - pnl; | 1125 in.len = len - pnl; |
1128 | 1126 |
1129 badflags = clearflags & ngx_quic_pkt_rb_mask(pkt->flags); | |
1130 | |
1131 ad.len = p - pkt->data; | 1127 ad.len = p - pkt->data; |
1132 ad.data = pkt->plaintext; | 1128 ad.data = pkt->plaintext; |
1133 | 1129 |
1134 ngx_memcpy(ad.data, pkt->data, ad.len); | 1130 ngx_memcpy(ad.data, pkt->data, ad.len); |
1135 ad.data[0] = clearflags; | 1131 ad.data[0] = pkt->flags; |
1136 | 1132 |
1137 do { | 1133 do { |
1138 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; | 1134 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; |
1139 } while (--pnl); | 1135 } while (--pnl); |
1140 | 1136 |
1158 | 1154 |
1159 if (rc != NGX_OK) { | 1155 if (rc != NGX_OK) { |
1160 return NGX_DECLINED; | 1156 return NGX_DECLINED; |
1161 } | 1157 } |
1162 | 1158 |
1163 if (badflags) { | 1159 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { |
1164 /* | 1160 /* |
1165 * An endpoint MUST treat receipt of a packet that has | 1161 * An endpoint MUST treat receipt of a packet that has |
1166 * a non-zero value for these bits, after removing both | 1162 * a non-zero value for these bits, after removing both |
1167 * packet and header protection, as a connection error | 1163 * packet and header protection, as a connection error |
1168 * of type PROTOCOL_VIOLATION. | 1164 * of type PROTOCOL_VIOLATION. |