diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2020-11-17 21:32:22 +0000 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2020-11-17 21:32:22 +0000 |
| commit | cb158c264d201afaa4f5233f4362946a834dfc67 (patch) | |
| tree | 26bd5e3bee8fc64e218276ea12d544a4c5237b75 | |
| parent | 97dcde97991169da1106117da464516445c36a77 (diff) | |
| download | nginx-cb158c264d201afaa4f5233f4362946a834dfc67.tar.gz nginx-cb158c264d201afaa4f5233f4362946a834dfc67.tar.bz2 | |
QUIC: macros for manipulating header protection and reserved bits.
This gets rid of magic numbers from quic protection and allows to push down
header construction specifics further to quic transport.
| -rw-r--r-- | src/event/ngx_event_quic_protection.c | 17 | ||||
| -rw-r--r-- | src/event/ngx_event_quic_transport.h | 8 |
2 files changed, 10 insertions, 15 deletions
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c index 0b491d976..422853310 100644 --- a/src/event/ngx_event_quic_protection.c +++ b/src/event/ngx_event_quic_protection.c @@ -870,7 +870,7 @@ ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_str_t *res) } /* quic-tls: 5.4.1. Header Protection Application */ - ad.data[0] ^= mask[0] & 0x0f; + ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); for (i = 0; i < pkt->num_len; i++) { pnp[i] ^= mask[i + 1]; @@ -928,7 +928,7 @@ ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_str_t *res) } /* quic-tls: 5.4.1. Header Protection Application */ - ad.data[0] ^= mask[0] & 0x1f; + ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags); for (i = 0; i < pkt->num_len; i++) { pnp[i] ^= mask[i + 1]; @@ -1161,11 +1161,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) return NGX_DECLINED; } - if (ngx_quic_long_pkt(pkt->flags)) { - clearflags = pkt->flags ^ (mask[0] & 0x0f); + clearflags = pkt->flags ^ (mask[0] & ngx_quic_pkt_hp_mask(pkt->flags)); - } else { - clearflags = pkt->flags ^ (mask[0] & 0x1f); + if (ngx_quic_short_pkt(pkt->flags)) { key_phase = (clearflags & NGX_QUIC_PKT_KPHASE) != 0; if (key_phase != pkt->key_phase) { @@ -1192,12 +1190,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) in.data = p; in.len = len - pnl; - if (ngx_quic_long_pkt(pkt->flags)) { - badflags = clearflags & NGX_QUIC_PKT_LONG_RESERVED_BIT; - - } else { - badflags = clearflags & NGX_QUIC_PKT_SHORT_RESERVED_BIT; - } + badflags = clearflags & ngx_quic_pkt_rb_mask(pkt->flags); ad.len = p - pkt->data; ad.data = pkt->plaintext; diff --git a/src/event/ngx_event_quic_transport.h b/src/event/ngx_event_quic_transport.h index ee89855bd..2e7a6f953 100644 --- a/src/event/ngx_event_quic_transport.h +++ b/src/event/ngx_event_quic_transport.h @@ -19,9 +19,6 @@ #define NGX_QUIC_PKT_TYPE 0x30 /* in long packet */ #define NGX_QUIC_PKT_KPHASE 0x04 /* in short packet */ -#define NGX_QUIC_PKT_LONG_RESERVED_BIT 0x0C -#define NGX_QUIC_PKT_SHORT_RESERVED_BIT 0x18 - #define ngx_quic_long_pkt(flags) ((flags) & NGX_QUIC_PKT_LONG) #define ngx_quic_short_pkt(flags) (((flags) & NGX_QUIC_PKT_LONG) == 0) @@ -40,6 +37,11 @@ #define ngx_quic_pkt_retry(flags) \ (((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_RETRY) +#define ngx_quic_pkt_rb_mask(flags) \ + (ngx_quic_long_pkt(flags) ? 0x0C : 0x18) +#define ngx_quic_pkt_hp_mask(flags) \ + (ngx_quic_long_pkt(flags) ? 0x0F : 0x1F) + #define ngx_quic_level_name(lvl) \ (lvl == ssl_encryption_application) ? "app" \ : (lvl == ssl_encryption_initial) ? "init" \ |