Mercurial > hg > nginx

diff src/event/ngx_event_quic_protection.c @ 8315:fdda518d10ba quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Proper handling of packet number in header. - fixed setting of largest received packet number. - sending properly truncated packet number - added support for multi-byte packet number
author Vladimir Homutov <vl@nginx.com>
date Fri, 03 Apr 2020 14:02:16 +0300
parents c625bde6cb77
children 435fed8e2489
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -656,6 +656,7 @@ ngx_quic_create_long_packet(ngx_quic_hea
 {
     u_char              *pnp, *sample;
     ngx_str_t            ad, out;
+    ngx_uint_t           i;
     ngx_quic_ciphers_t   ciphers;
     u_char               nonce[12], mask[16];
 
@@ -685,7 +686,7 @@ ngx_quic_create_long_packet(ngx_quic_hea
         return NGX_ERROR;
     }
 
-    sample = &out.data[3]; // pnl=0
+    sample = &out.data[4 - pkt->num_len];
     if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
         != NGX_OK)
     {
@@ -696,9 +697,12 @@ ngx_quic_create_long_packet(ngx_quic_hea
     ngx_quic_hexdump0(pkt->log, "mask", mask, 16);
     ngx_quic_hexdump0(pkt->log, "hp_key", pkt->secret->hp.data, 16);
 
-    // header protection, pnl = 0
+    /* quic-tls: 5.4.1.  Header Protection Application */
     ad.data[0] ^= mask[0] & 0x0f;
-    *pnp ^= mask[1];
+
+    for (i = 0; i < pkt->num_len; i++) {
+        pnp[i] ^= mask[i + 1];
+    }
 
     res->len = ad.len + out.len;
 
@@ -712,6 +716,7 @@ ngx_quic_create_short_packet(ngx_quic_he
 {
     u_char              *pnp, *sample;
     ngx_str_t            ad, out;
+    ngx_uint_t           i;
     ngx_quic_ciphers_t   ciphers;
     u_char               nonce[12], mask[16];
 
@@ -743,7 +748,7 @@ ngx_quic_create_short_packet(ngx_quic_he
 
     ngx_quic_hexdump0(pkt->log, "out", out.data, out.len);
 
-    sample = &out.data[3]; // pnl=0
+    sample = &out.data[4 - pkt->num_len];
     if (ngx_quic_tls_hp(pkt->log, ciphers.hp, pkt->secret, mask, sample)
         != NGX_OK)
     {
@@ -754,9 +759,12 @@ ngx_quic_create_short_packet(ngx_quic_he
     ngx_quic_hexdump0(pkt->log, "mask", mask, 16);
     ngx_quic_hexdump0(pkt->log, "hp_key", pkt->secret->hp.data, 16);
 
-    // header protection, pnl = 0
+    /* quic-tls: 5.4.1.  Header Protection Application */
     ad.data[0] ^= mask[0] & 0x1f;
-    *pnp ^= mask[1];
+
+    for (i = 0; i < pkt->num_len; i++) {
+        pnp[i] ^= mask[i + 1];
+    }
 
     res->len = ad.len + out.len;