Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8315:fdda518d10ba quic
Proper handling of packet number in header.
- fixed setting of largest received packet number.
- sending properly truncated packet number
- added support for multi-byte packet number
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 03 Apr 2020 14:02:16 +0300 |
parents | c625bde6cb77 |
children | 435fed8e2489 |
comparison
equal
deleted
inserted
replaced
8314:de8981bf2dd5 | 8315:fdda518d10ba |
---|---|
654 ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 654 ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
655 ngx_str_t *res) | 655 ngx_str_t *res) |
656 { | 656 { |
657 u_char *pnp, *sample; | 657 u_char *pnp, *sample; |
658 ngx_str_t ad, out; | 658 ngx_str_t ad, out; |
659 ngx_uint_t i; | |
659 ngx_quic_ciphers_t ciphers; | 660 ngx_quic_ciphers_t ciphers; |
660 u_char nonce[12], mask[16]; | 661 u_char nonce[12], mask[16]; |
661 | 662 |
662 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; | 663 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; |
663 | 664 |
683 != NGX_OK) | 684 != NGX_OK) |
684 { | 685 { |
685 return NGX_ERROR; | 686 return NGX_ERROR; |
686 } | 687 } |
687 | 688 |
688 sample = &out.data[3]; // pnl=0 | 689 sample = &out.data[4 - pkt->num_len]; |
689 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) | 690 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) |
690 != NGX_OK) | 691 != NGX_OK) |
691 { | 692 { |
692 return NGX_ERROR; | 693 return NGX_ERROR; |
693 } | 694 } |
694 | 695 |
695 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 696 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); |
696 ngx_quic_hexdump0(pkt->log, "mask", mask, 16); | 697 ngx_quic_hexdump0(pkt->log, "mask", mask, 16); |
697 ngx_quic_hexdump0(pkt->log, "hp_key", pkt->secret->hp.data, 16); | 698 ngx_quic_hexdump0(pkt->log, "hp_key", pkt->secret->hp.data, 16); |
698 | 699 |
699 // header protection, pnl = 0 | 700 /* quic-tls: 5.4.1. Header Protection Application */ |
700 ad.data[0] ^= mask[0] & 0x0f; | 701 ad.data[0] ^= mask[0] & 0x0f; |
701 *pnp ^= mask[1]; | 702 |
703 for (i = 0; i < pkt->num_len; i++) { | |
704 pnp[i] ^= mask[i + 1]; | |
705 } | |
702 | 706 |
703 res->len = ad.len + out.len; | 707 res->len = ad.len + out.len; |
704 | 708 |
705 return NGX_OK; | 709 return NGX_OK; |
706 } | 710 } |
710 ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 714 ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
711 ngx_str_t *res) | 715 ngx_str_t *res) |
712 { | 716 { |
713 u_char *pnp, *sample; | 717 u_char *pnp, *sample; |
714 ngx_str_t ad, out; | 718 ngx_str_t ad, out; |
719 ngx_uint_t i; | |
715 ngx_quic_ciphers_t ciphers; | 720 ngx_quic_ciphers_t ciphers; |
716 u_char nonce[12], mask[16]; | 721 u_char nonce[12], mask[16]; |
717 | 722 |
718 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; | 723 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN; |
719 | 724 |
741 return NGX_ERROR; | 746 return NGX_ERROR; |
742 } | 747 } |
743 | 748 |
744 ngx_quic_hexdump0(pkt->log, "out", out.data, out.len); | 749 ngx_quic_hexdump0(pkt->log, "out", out.data, out.len); |
745 | 750 |
746 sample = &out.data[3]; // pnl=0 | 751 sample = &out.data[4 - pkt->num_len]; |
747 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) | 752 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample) |
748 != NGX_OK) | 753 != NGX_OK) |
749 { | 754 { |
750 return NGX_ERROR; | 755 return NGX_ERROR; |
751 } | 756 } |
752 | 757 |
753 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); | 758 ngx_quic_hexdump0(pkt->log, "sample", sample, 16); |
754 ngx_quic_hexdump0(pkt->log, "mask", mask, 16); | 759 ngx_quic_hexdump0(pkt->log, "mask", mask, 16); |
755 ngx_quic_hexdump0(pkt->log, "hp_key", pkt->secret->hp.data, 16); | 760 ngx_quic_hexdump0(pkt->log, "hp_key", pkt->secret->hp.data, 16); |
756 | 761 |
757 // header protection, pnl = 0 | 762 /* quic-tls: 5.4.1. Header Protection Application */ |
758 ad.data[0] ^= mask[0] & 0x1f; | 763 ad.data[0] ^= mask[0] & 0x1f; |
759 *pnp ^= mask[1]; | 764 |
765 for (i = 0; i < pkt->num_len; i++) { | |
766 pnp[i] ^= mask[i + 1]; | |
767 } | |
760 | 768 |
761 res->len = ad.len + out.len; | 769 res->len = ad.len + out.len; |
762 | 770 |
763 ngx_quic_hexdump0(pkt->log, "packet", res->data, res->len); | 771 ngx_quic_hexdump0(pkt->log, "packet", res->data, res->len); |
764 | 772 |