diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2020-11-17 21:32:22 +0000 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2020-11-17 21:32:22 +0000 |
| commit | cb158c264d201afaa4f5233f4362946a834dfc67 (patch) | |
| tree | 26bd5e3bee8fc64e218276ea12d544a4c5237b75 /src | |
| parent | 97dcde97991169da1106117da464516445c36a77 (diff) | |
| download | nginx-cb158c264d201afaa4f5233f4362946a834dfc67.tar.gz nginx-cb158c264d201afaa4f5233f4362946a834dfc67.zip | |
QUIC: macros for manipulating header protection and reserved bits.
This gets rid of magic numbers from quic protection and allows to push down
header construction specifics further to quic transport.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_quic_protection.c | 17 | ||||
| -rw-r--r-- | src/event/ngx_event_quic_transport.h | 8 |
2 files changed, 10 insertions, 15 deletions
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c index 0b491d976..422853310 100644 --- a/src/event/ngx_event_quic_protection.c +++ b/src/event/ngx_event_quic_protection.c @@ -870,7 +870,7 @@ ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_str_t *res) } /* quic-tls: 5.4.1. Header Protection Application */ - ad.data[0] ^= mask[0] & 0x0f; + ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); for (i = 0; i < pkt->num_len; i++) { pnp[i] ^= mask[i + 1]; @@ -928,7 +928,7 @@ ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_str_t *res) } /* quic-tls: 5.4.1. Header Protection Application */ - ad.data[0] ^= mask[0] & 0x1f; + ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); for (i = 0; i < pkt->num_len; i++) { pnp[i] ^= mask[i + 1]; @@ -1161,11 +1161,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) return NGX_DECLINED; } - if (ngx_quic_long_pkt(pkt->flags)) { - clearflags = pkt->flags ^ (mask[0] & 0x0f); + clearflags = pkt->flags ^ (mask[0] & ngx_quic_pkt_hp_mask(pkt->flags)); - } else { - clearflags = pkt->flags ^ (mask[0] & 0x1f); + if (ngx_quic_short_pkt(pkt->flags)) { key_phase = (clearflags & NGX_QUIC_PKT_KPHASE) != 0; if (key_phase != pkt->key_phase) { @@ -1192,12 +1190,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) in.data = p; in.len = len - pnl; - if (ngx_quic_long_pkt(pkt->flags)) { - badflags = clearflags & NGX_QUIC_PKT_LONG_RESERVED_BIT; - - } else { - badflags = clearflags & NGX_QUIC_PKT_SHORT_RESERVED_BIT; - } + badflags = clearflags & ngx_quic_pkt_rb_mask(pkt->flags); ad.len = p - pkt->data; ad.data = pkt->plaintext; diff --git a/src/event/ngx_event_quic_transport.h b/src/event/ngx_event_quic_transport.h index ee89855bd..2e7a6f953 100644 --- a/src/event/ngx_event_quic_transport.h +++ b/src/event/ngx_event_quic_transport.h @@ -19,9 +19,6 @@ #define NGX_QUIC_PKT_TYPE 0x30 /* in long packet */ #define NGX_QUIC_PKT_KPHASE 0x04 /* in short packet */ -#define NGX_QUIC_PKT_LONG_RESERVED_BIT 0x0C -#define NGX_QUIC_PKT_SHORT_RESERVED_BIT 0x18 - #define ngx_quic_long_pkt(flags) ((flags) & NGX_QUIC_PKT_LONG) #define ngx_quic_short_pkt(flags) (((flags) & NGX_QUIC_PKT_LONG) == 0) @@ -40,6 +37,11 @@ #define ngx_quic_pkt_retry(flags) \ (((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_RETRY) +#define ngx_quic_pkt_rb_mask(flags) \ + (ngx_quic_long_pkt(flags) ? 0x0C : 0x18) +#define ngx_quic_pkt_hp_mask(flags) \ + (ngx_quic_long_pkt(flags) ? 0x0F : 0x1F) + #define ngx_quic_level_name(lvl) \ (lvl == ssl_encryption_application) ? "app" \ : (lvl == ssl_encryption_initial) ? "init" \ |