Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8287:ccb9cc95ad5e quic
Logging cleanup.
pool->log is replaced with pkt->log or explicit argument passing where
possible.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 26 Mar 2020 13:54:49 +0300 |
parents | f85749b60e58 |
children | ebd5c71b9f02 |
comparison
equal
deleted
inserted
replaced
8286:c7185bc5b4d9 | 8287:ccb9cc95ad5e |
---|---|
40 static ngx_int_t ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn, | 40 static ngx_int_t ngx_quic_ciphers(ngx_ssl_conn_t *ssl_conn, |
41 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level); | 41 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level); |
42 | 42 |
43 static ngx_int_t ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher, | 43 static ngx_int_t ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher, |
44 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | 44 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
45 ngx_str_t *ad); | 45 ngx_str_t *ad, ngx_log_t *log); |
46 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, | 46 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, |
47 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | 47 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
48 ngx_str_t *ad, ngx_log_t *log); | 48 ngx_str_t *ad, ngx_log_t *log); |
49 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, | 49 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
50 ngx_quic_secret_t *s, u_char *out, u_char *in); | 50 ngx_quic_secret_t *s, u_char *out, u_char *in); |
356 | 356 |
357 | 357 |
358 static ngx_int_t | 358 static ngx_int_t |
359 ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher, | 359 ngx_quic_tls_open(ngx_pool_t *pool, const ngx_quic_cipher_t *cipher, |
360 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, | 360 ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in, |
361 ngx_str_t *ad) | 361 ngx_str_t *ad, ngx_log_t *log) |
362 { | 362 { |
363 ngx_log_t *log; | |
364 | |
365 log = pool->log; // TODO: pass log ? | |
366 | |
367 out->len = in->len - EVP_GCM_TLS_TAG_LEN; | 363 out->len = in->len - EVP_GCM_TLS_TAG_LEN; |
368 out->data = ngx_pnalloc(pool, out->len); | 364 out->data = ngx_pnalloc(pool, out->len); |
369 if (out->data == NULL) { | 365 if (out->data == NULL) { |
370 return NGX_ERROR; | 366 return NGX_ERROR; |
371 } | 367 } |
827 ngx_quic_header_t *pkt) | 823 ngx_quic_header_t *pkt) |
828 { | 824 { |
829 u_char clearflags, *p, *sample; | 825 u_char clearflags, *p, *sample; |
830 uint8_t *nonce; | 826 uint8_t *nonce; |
831 uint64_t pn; | 827 uint64_t pn; |
832 ngx_log_t *log; | |
833 ngx_int_t pnl, rc; | 828 ngx_int_t pnl, rc; |
834 ngx_str_t in, ad; | 829 ngx_str_t in, ad; |
835 ngx_quic_ciphers_t ciphers; | 830 ngx_quic_ciphers_t ciphers; |
836 uint8_t mask[16]; | 831 uint8_t mask[16]; |
837 | |
838 log = pool->log; | |
839 | 832 |
840 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { | 833 if (ngx_quic_ciphers(ssl_conn, &ciphers, pkt->level) == NGX_ERROR) { |
841 return NGX_ERROR; | 834 return NGX_ERROR; |
842 } | 835 } |
843 | 836 |
849 * AES-Based and ChaCha20-Based header protections sample 16 bytes | 842 * AES-Based and ChaCha20-Based header protections sample 16 bytes |
850 */ | 843 */ |
851 | 844 |
852 sample = p + 4; | 845 sample = p + 4; |
853 | 846 |
854 ngx_quic_hexdump0(log, "sample", sample, 16); | 847 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); |
855 | 848 |
856 /* header protection */ | 849 /* header protection */ |
857 | 850 |
858 if (ngx_quic_tls_hp(log, ciphers.hp, pkt->secret, mask, sample) != NGX_OK) { | 851 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) |
852 != NGX_OK) | |
853 { | |
859 return NGX_ERROR; | 854 return NGX_ERROR; |
860 } | 855 } |
861 | 856 |
862 if (ngx_quic_long_pkt(pkt->flags)) { | 857 if (ngx_quic_long_pkt(pkt->flags)) { |
863 clearflags = pkt->flags ^ (mask[0] & 0x0f); | 858 clearflags = pkt->flags ^ (mask[0] & 0x0f); |
869 pnl = (clearflags & 0x03) + 1; | 864 pnl = (clearflags & 0x03) + 1; |
870 pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); | 865 pn = ngx_quic_parse_pn(&p, pnl, &mask[1]); |
871 | 866 |
872 pkt->pn = pn; | 867 pkt->pn = pn; |
873 | 868 |
874 ngx_quic_hexdump0(log, "mask", mask, 5); | 869 ngx_quic_hexdump0(pkt->log, "mask", mask, 5); |
875 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, | 870 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
876 "quic clear flags: %xi", clearflags); | 871 "quic clear flags: %xi", clearflags); |
877 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, | 872 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
878 "quic packet number: %uL, len: %xi", pn, pnl); | 873 "quic packet number: %uL, len: %xi", pn, pnl); |
879 | 874 |
880 /* packet protection */ | 875 /* packet protection */ |
881 | 876 |
882 in.data = p; | 877 in.data = p; |
902 } while (--pnl); | 897 } while (--pnl); |
903 | 898 |
904 nonce = ngx_pstrdup(pool, &pkt->secret->iv); | 899 nonce = ngx_pstrdup(pool, &pkt->secret->iv); |
905 nonce[11] ^= pn; | 900 nonce[11] ^= pn; |
906 | 901 |
907 ngx_quic_hexdump0(log, "nonce", nonce, 12); | 902 ngx_quic_hexdump0(pkt->log, "nonce", nonce, 12); |
908 ngx_quic_hexdump0(log, "ad", ad.data, ad.len); | 903 ngx_quic_hexdump0(pkt->log, "ad", ad.data, ad.len); |
909 | 904 |
910 rc = ngx_quic_tls_open(pool, ciphers.c, pkt->secret, &pkt->payload, | 905 rc = ngx_quic_tls_open(pool, ciphers.c, pkt->secret, &pkt->payload, |
911 nonce, &in, &ad); | 906 nonce, &in, &ad, pkt->log); |
912 | 907 |
913 ngx_quic_hexdump0(log, "packet payload", | 908 ngx_quic_hexdump0(pkt->log, "packet payload", |
914 pkt->payload.data, pkt->payload.len); | 909 pkt->payload.data, pkt->payload.len); |
915 | 910 |
916 return rc; | 911 return rc; |
917 } | 912 } |
918 | 913 |