Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8644:e953bd2c5bb3 quic
QUIC: merged create_long/short_packet() functions.
They no longer differ.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 17 Nov 2020 21:33:12 +0000 |
parents | 5fdd0ef42232 |
children | ae4bffb75df8 |
comparison
equal
deleted
inserted
replaced
8643:5fdd0ef42232 | 8644:e953bd2c5bb3 |
---|---|
75 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, | 75 static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher, |
76 ngx_quic_secret_t *s, u_char *out, u_char *in); | 76 ngx_quic_secret_t *s, u_char *out, u_char *in); |
77 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, | 77 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest, |
78 ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len); | 78 ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len); |
79 | 79 |
80 static ngx_int_t ngx_quic_create_long_packet(ngx_quic_header_t *pkt, | 80 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt, |
81 ngx_str_t *res); | |
82 static ngx_int_t ngx_quic_create_short_packet(ngx_quic_header_t *pkt, | |
83 ngx_str_t *res); | 81 ngx_str_t *res); |
84 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, | 82 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, |
85 ngx_str_t *res); | 83 ngx_str_t *res); |
86 | 84 |
87 | 85 |
823 return NGX_OK; | 821 return NGX_OK; |
824 } | 822 } |
825 | 823 |
826 | 824 |
827 static ngx_int_t | 825 static ngx_int_t |
828 ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_str_t *res) | 826 ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res) |
829 { | |
830 u_char *pnp, *sample; | |
831 ngx_str_t ad, out; | |
832 ngx_uint_t i; | |
833 ngx_quic_secret_t *secret; | |
834 ngx_quic_ciphers_t ciphers; | |
835 u_char nonce[12], mask[16]; | |
836 | |
837 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; | |
838 | |
839 ad.data = res->data; | |
840 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp); | |
841 | |
842 out.data = res->data + ad.len; | |
843 | |
844 #ifdef NGX_QUIC_DEBUG_CRYPTO | |
845 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len); | |
846 #endif | |
847 | |
848 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR) | |
849 { | |
850 return NGX_ERROR; | |
851 } | |
852 | |
853 secret = &pkt->keys->secrets[pkt->level].server; | |
854 | |
855 ngx_memcpy(nonce, secret->iv.data, secret->iv.len); | |
856 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number); | |
857 | |
858 if (ngx_quic_tls_seal(ciphers.c, secret, &out, | |
859 nonce, &pkt->payload, &ad, pkt->log) | |
860 != NGX_OK) | |
861 { | |
862 return NGX_ERROR; | |
863 } | |
864 | |
865 sample = &out.data[4 - pkt->num_len]; | |
866 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | |
867 != NGX_OK) | |
868 { | |
869 return NGX_ERROR; | |
870 } | |
871 | |
872 /* quic-tls: 5.4.1. Header Protection Application */ | |
873 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); | |
874 | |
875 for (i = 0; i < pkt->num_len; i++) { | |
876 pnp[i] ^= mask[i + 1]; | |
877 } | |
878 | |
879 res->len = ad.len + out.len; | |
880 | |
881 return NGX_OK; | |
882 } | |
883 | |
884 | |
885 static ngx_int_t | |
886 ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_str_t *res) | |
887 { | 827 { |
888 u_char *pnp, *sample; | 828 u_char *pnp, *sample; |
889 ngx_str_t ad, out; | 829 ngx_str_t ad, out; |
890 ngx_uint_t i; | 830 ngx_uint_t i; |
891 ngx_quic_secret_t *secret; | 831 ngx_quic_secret_t *secret; |
1104 | 1044 |
1105 | 1045 |
1106 ngx_int_t | 1046 ngx_int_t |
1107 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) | 1047 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res) |
1108 { | 1048 { |
1109 if (ngx_quic_short_pkt(pkt->flags)) { | |
1110 return ngx_quic_create_short_packet(pkt, res); | |
1111 } | |
1112 | |
1113 if (ngx_quic_pkt_retry(pkt->flags)) { | 1049 if (ngx_quic_pkt_retry(pkt->flags)) { |
1114 return ngx_quic_create_retry_packet(pkt, res); | 1050 return ngx_quic_create_retry_packet(pkt, res); |
1115 } | 1051 } |
1116 | 1052 |
1117 return ngx_quic_create_long_packet(pkt, res); | 1053 return ngx_quic_create_packet(pkt, res); |
1118 } | 1054 } |
1119 | 1055 |
1120 | 1056 |
1121 ngx_int_t | 1057 ngx_int_t |
1122 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) | 1058 ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) |