# HG changeset patch
# User Yu Zhu <lishu.zy@alibaba-inc.com>
# Date 1668789115 -28800
# Sat Nov 19 00:31:55 2022 +0800
# Branch quic
# Node ID 1a320805265db14904ca9deaae8330f4979619ce
# Parent 6cf8ed15fd00668b7efa0226c06f47d7238f26e8
QUIC: fixed computation of nonce
RFC 9001, 5.3. AEAD Usage
The nonce, N, is formed by combining the packet protection IV with the packet number. The 62 bits of the reconstructed QUIC packet number in network byte order are left-padded with zeros to the size of the IV. The exclusive OR of the padded packet number and the IV forms the AEAD nonce.
diff -r 6cf8ed15fd00 -r 1a320805265d src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c Tue Nov 01 17:00:35 2022 +0400
+++ b/src/event/quic/ngx_event_quic_protection.c Sat Nov 19 00:31:55 2022 +0800
@@ -969,10 +969,11 @@
static void
ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn)
{
- nonce[len - 4] ^= (pn & 0xff000000) >> 24;
- nonce[len - 3] ^= (pn & 0x00ff0000) >> 16;
- nonce[len - 2] ^= (pn & 0x0000ff00) >> 8;
- nonce[len - 1] ^= (pn & 0x000000ff);
+ size_t i;
+
+ for (i = 0; i < 8; i++) {
+ nonce[len - 8 + i] ^= (pn >> (8 - i - 1) * 8) & 0xff;
+ }
}_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org