Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8644:e953bd2c5bb3 quic
QUIC: merged create_long/short_packet() functions.
They no longer differ.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 17 Nov 2020 21:33:12 +0000 |
| parents | 5fdd0ef42232 |
| children | ae4bffb75df8 |
comparison
equal
deleted
inserted
replaced
| 8643:5fdd0ef42232 | 8644:e953bd2c5bb3 |
|---|---|
| 75 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, | 75 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
| 76 ngx_quic_secret_t *s, u_char *out, u_char *in); | 76 ngx_quic_secret_t *s, u_char *out, u_char *in); |
| 77 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, | 77 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, |
| 78 ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len); | 78 ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len); |
| 79 | 79 |
| 80 static ngx_int_t ngx_quic_create_long_packet(ngx_quic_header_t *pkt, | 80 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
| 81 ngx_str_t *res); | |
| 82 static ngx_int_t ngx_quic_create_short_packet(ngx_quic_header_t *pkt, | |
| 83 ngx_str_t *res); | 81 ngx_str_t *res); |
| 84 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, | 82 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
| 85 ngx_str_t *res); | 83 ngx_str_t *res); |
| 86 | 84 |
| 87 | 85 |
| 823 return NGX_OK; | 821 return NGX_OK; |
| 824 } | 822 } |
| 825 | 823 |
| 826 | 824 |
| 827 static ngx_int_t | 825 static ngx_int_t |
| 828 ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_str_t *res) | 826 ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
| 829 { | |
| 830 u_char *pnp, *sample; | |
| 831 ngx_str_t ad, out; | |
| 832 ngx_uint_t i; | |
| 833 ngx_quic_secret_t *secret; | |
| 834 ngx_quic_ciphers_t ciphers; | |
| 835 u_char nonce[12], mask[16]; | |
| 836 | |
| 837 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; | |
| 838 | |
| 839 ad.data = res->data; | |
| 840 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp); | |
| 841 | |
| 842 out.data = res->data + ad.len; | |
| 843 | |
| 844 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
| 845 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | |
| 846 #endif | |
| 847 | |
| 848 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) | |
| 849 { | |
| 850 return NGX_ERROR; | |
| 851 } | |
| 852 | |
| 853 secret = &pkt->keys->secrets[pkt->level].server; | |
| 854 | |
| 855 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); | |
| 856 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | |
| 857 | |
| 858 if (ngx_quic_tls_seal(ciphers.c, secret, &out, | |
| 859 nonce, &pkt->payload, &ad, pkt->log) | |
| 860 != NGX_OK) | |
| 861 { | |
| 862 return NGX_ERROR; | |
| 863 } | |
| 864 | |
| 865 sample = &out.data[4 - pkt->num_len]; | |
| 866 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | |
| 867 != NGX_OK) | |
| 868 { | |
| 869 return NGX_ERROR; | |
| 870 } | |
| 871 | |
| 872 /* quic-tls: 5.4.1. Header Protection Application */ | |
| 873 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); | |
| 874 | |
| 875 for (i = 0; i < pkt->num_len; i++) { | |
| 876 pnp[i] ^= mask[i + 1]; | |
| 877 } | |
| 878 | |
| 879 res->len = ad.len + out.len; | |
| 880 | |
| 881 return NGX_OK; | |
| 882 } | |
| 883 | |
| 884 | |
| 885 static ngx_int_t | |
| 886 ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_str_t *res) | |
| 887 { | 827 { |
| 888 u_char *pnp, *sample; | 828 u_char *pnp, *sample; |
| 889 ngx_str_t ad, out; | 829 ngx_str_t ad, out; |
| 890 ngx_uint_t i; | 830 ngx_uint_t i; |
| 891 ngx_quic_secret_t *secret; | 831 ngx_quic_secret_t *secret; |
| 1104 | 1044 |
| 1105 | 1045 |
| 1106 ngx_int_t | 1046 ngx_int_t |
| 1107 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) | 1047 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) |
| 1108 { | 1048 { |
| 1109 if (ngx_quic_short_pkt(pkt->flags)) { | |
| 1110 return ngx_quic_create_short_packet(pkt, res); | |
| 1111 } | |
| 1112 | |
| 1113 if (ngx_quic_pkt_retry(pkt->flags)) { | 1049 if (ngx_quic_pkt_retry(pkt->flags)) { |
| 1114 return ngx_quic_create_retry_packet(pkt, res); | 1050 return ngx_quic_create_retry_packet(pkt, res); |
| 1115 } | 1051 } |
| 1116 | 1052 |
| 1117 return ngx_quic_create_long_packet(pkt, res); | 1053 return ngx_quic_create_packet(pkt, res); |
| 1118 } | 1054 } |
| 1119 | 1055 |
| 1120 | 1056 |
| 1121 ngx_int_t | 1057 ngx_int_t |
| 1122 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) | 1058 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |