Mercurial > hg > nginx

changeset 8644:e953bd2c5bb3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: merged create_long/short_packet() functions. They no longer differ.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 17 Nov 2020 21:33:12 +0000
parents 5fdd0ef42232
children ae4bffb75df8
files src/event/ngx_event_quic_protection.c
diffstat 1 files changed, 3 insertions(+), 67 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -77,9 +77,7 @@ static ngx_int_t ngx_quic_tls_hp(ngx_log
 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t *pool, const EVP_MD *digest,
     ngx_str_t *out, ngx_str_t *label, const uint8_t *prk, size_t prk_len);
 
-static ngx_int_t ngx_quic_create_long_packet(ngx_quic_header_t *pkt,
-    ngx_str_t *res);
-static ngx_int_t ngx_quic_create_short_packet(ngx_quic_header_t *pkt,
+static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
     ngx_str_t *res);
 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt,
     ngx_str_t *res);
@@ -825,65 +823,7 @@ ngx_quic_keys_update(ngx_connection_t *c
 
 
 static ngx_int_t
-ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
-{
-    u_char              *pnp, *sample;
-    ngx_str_t            ad, out;
-    ngx_uint_t           i;
-    ngx_quic_secret_t   *secret;
-    ngx_quic_ciphers_t   ciphers;
-    u_char               nonce[12], mask[16];
-
-    out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
-
-    ad.data = res->data;
-    ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp);
-
-    out.data = res->data + ad.len;
-
-#ifdef NGX_QUIC_DEBUG_CRYPTO
-    ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
-#endif
-
-    if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
-    {
-        return NGX_ERROR;
-    }
-
-    secret = &pkt->keys->secrets[pkt->level].server;
-
-    ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
-    ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
-
-    if (ngx_quic_tls_seal(ciphers.c, secret, &out,
-                          nonce, &pkt->payload, &ad, pkt->log)
-        != NGX_OK)
-    {
-        return NGX_ERROR;
-    }
-
-    sample = &out.data[4 - pkt->num_len];
-    if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
-        != NGX_OK)
-    {
-        return NGX_ERROR;
-    }
-
-    /* quic-tls: 5.4.1.  Header Protection Application */
-    ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
-
-    for (i = 0; i < pkt->num_len; i++) {
-        pnp[i] ^= mask[i + 1];
-    }
-
-    res->len = ad.len + out.len;
-
-    return NGX_OK;
-}
-
-
-static ngx_int_t
-ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
+ngx_quic_create_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
 {
     u_char              *pnp, *sample;
     ngx_str_t            ad, out;
@@ -1106,15 +1046,11 @@ ngx_quic_compute_nonce(u_char *nonce, si
 ngx_int_t
 ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res)
 {
-    if (ngx_quic_short_pkt(pkt->flags)) {
-        return ngx_quic_create_short_packet(pkt, res);
-    }
-
     if (ngx_quic_pkt_retry(pkt->flags)) {
         return ngx_quic_create_retry_packet(pkt, res);
     }
 
-    return ngx_quic_create_long_packet(pkt, res);
+    return ngx_quic_create_packet(pkt, res);
 }