Mercurial > hg > nginx

comparison src/event/ngx_event_quic_protection.c @ 8645:ae4bffb75df8 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: simplified and streamlined ngx_quic_decrypt(). Both clearflags and badflags are removed. It makes a little sense now to keep them as intermediate storage.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 17 Nov 2020 21:33:16 +0000
parents e953bd2c5bb3
children 4bf332873a83
comparison
equal deleted inserted replaced
8644:e953bd2c5bb3 8645:ae4bffb75df8
1055 1055
1056 1056
1057 ngx_int_t 1057 ngx_int_t
1058 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) 1058 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
1059 { 1059 {
1060 u_char clearflags, *p, *sample; 1060 u_char *p, *sample;
1061 size_t len; 1061 size_t len;
1062 uint8_t badflags;
1063 uint64_t pn, lpn; 1062 uint64_t pn, lpn;
1064 ngx_int_t pnl, rc, key_phase; 1063 ngx_int_t pnl, rc, key_phase;
1065 ngx_str_t in, ad; 1064 ngx_str_t in, ad;
1066 ngx_quic_secret_t *secret; 1065 ngx_quic_secret_t *secret;
1067 ngx_quic_ciphers_t ciphers; 1066 ngx_quic_ciphers_t ciphers;
1095 != NGX_OK) 1094 != NGX_OK)
1096 { 1095 {
1097 return NGX_DECLINED; 1096 return NGX_DECLINED;
1098 } 1097 }
1099 1098
1100 clearflags = pkt->flags ^ (mask[0] & ngx_quic_pkt_hp_mask(pkt->flags)); 1099 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
1101 1100
1102 if (ngx_quic_short_pkt(pkt->flags)) { 1101 if (ngx_quic_short_pkt(pkt->flags)) {
1103 key_phase = (clearflags & NGX_QUIC_PKT_KPHASE) != 0; 1102 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0;
1104 1103
1105 if (key_phase != pkt->key_phase) { 1104 if (key_phase != pkt->key_phase) {
1106 secret = &pkt->keys->next_key.client; 1105 secret = &pkt->keys->next_key.client;
1107 pkt->key_update = 1; 1106 pkt->key_update = 1;
1108 } 1107 }
1109 } 1108 }
1110 1109
1111 lpn = *largest_pn; 1110 lpn = *largest_pn;
1112 1111
1113 pnl = (clearflags & 0x03) + 1; 1112 pnl = (pkt->flags & 0x03) + 1;
1114 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); 1113 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn);
1115 1114
1116 pkt->pn = pn; 1115 pkt->pn = pn;
1117 pkt->flags = clearflags;
1118 1116
1119 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1117 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1120 "quic packet rx clearflags:%xd", clearflags); 1118 "quic packet rx clearflags:%xd", pkt->flags);
1121 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1119 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1122 "quic packet rx number:%uL len:%xi", pn, pnl); 1120 "quic packet rx number:%uL len:%xi", pn, pnl);
1123 1121
1124 /* packet protection */ 1122 /* packet protection */
1125 1123
1126 in.data = p; 1124 in.data = p;
1127 in.len = len - pnl; 1125 in.len = len - pnl;
1128 1126
1129 badflags = clearflags & ngx_quic_pkt_rb_mask(pkt->flags);
1130
1131 ad.len = p - pkt->data; 1127 ad.len = p - pkt->data;
1132 ad.data = pkt->plaintext; 1128 ad.data = pkt->plaintext;
1133 1129
1134 ngx_memcpy(ad.data, pkt->data, ad.len); 1130 ngx_memcpy(ad.data, pkt->data, ad.len);
1135 ad.data[0] = clearflags; 1131 ad.data[0] = pkt->flags;
1136 1132
1137 do { 1133 do {
1138 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256; 1134 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256;
1139 } while (--pnl); 1135 } while (--pnl);
1140 1136
1158 1154
1159 if (rc != NGX_OK) { 1155 if (rc != NGX_OK) {
1160 return NGX_DECLINED; 1156 return NGX_DECLINED;
1161 } 1157 }
1162 1158
1163 if (badflags) { 1159 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) {
1164 /* 1160 /*
1165 * An endpoint MUST treat receipt of a packet that has 1161 * An endpoint MUST treat receipt of a packet that has
1166 * a non-zero value for these bits, after removing both 1162 * a non-zero value for these bits, after removing both
1167 * packet and header protection, as a connection error 1163 * packet and header protection, as a connection error
1168 * of type PROTOCOL_VIOLATION. 1164 * of type PROTOCOL_VIOLATION.