Welcome! Log In Create A New Profile

Advanced

QUIC: fixed computation of nonce

Yu Zhu
November 18, 2022 11:50AM
# HG changeset patch

# User Yu Zhu <lishu.zy@alibaba-inc.com>

# Date 1668789115 -28800

# Sat Nov 19 00:31:55 2022 +0800

# Branch quic

# Node ID 1a320805265db14904ca9deaae8330f4979619ce

# Parent 6cf8ed15fd00668b7efa0226c06f47d7238f26e8

QUIC: fixed computation of nonce




RFC 9001, 5.3. AEAD Usage

The nonce, N, is formed by combining the packet protection IV with the packet number. The 62 bits of the reconstructed QUIC packet number in network byte order are left-padded with zeros to the size of the IV. The exclusive OR of the padded packet number and the IV forms the AEAD nonce.




diff -r 6cf8ed15fd00 -r 1a320805265d src/event/quic/ngx_event_quic_protection.c

--- a/src/event/quic/ngx_event_quic_protection.c Tue Nov 01 17:00:35 2022 +0400

+++ b/src/event/quic/ngx_event_quic_protection.c Sat Nov 19 00:31:55 2022 +0800

@@ -969,10 +969,11 @@

static void

ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn)

{

- nonce[len - 4] ^= (pn & 0xff000000) >> 24;

- nonce[len - 3] ^= (pn & 0x00ff0000) >> 16;

- nonce[len - 2] ^= (pn & 0x0000ff00) >> 8;

- nonce[len - 1] ^= (pn & 0x000000ff);

+ size_t i;

+

+ for (i = 0; i < 8; i++) {

+ nonce[len - 8 + i] ^= (pn >> (8 - i - 1) * 8) & 0xff;

+ }

}_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

QUIC: fixed computation of nonce

Yu Zhu 697 November 18, 2022 11:50AM

Re: QUIC: fixed computation of nonce

Sergey Kandaurov 145 November 22, 2022 05:32AM

Re: QUIC: fixed computation of nonce

Roman Arutyunyan 217 November 24, 2022 10:36AM

Re: QUIC: fixed computation of nonce

Sergey Kandaurov 203 November 25, 2022 07:02AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 77
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready