Welcome! Log In Create A New Profile

Advanced

Re: [PATCH 4 of 8] QUIC: renamed protection functions

Roman Arutyunyan
September 21, 2023 09:32AM
Hi,

On Thu, Sep 07, 2023 at 07:13:56PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov <pluknet@nginx.com>
> # Date 1694099421 -14400
> # Thu Sep 07 19:10:21 2023 +0400
> # Node ID 24e5d652ecc861f0c68607d20941abbf3726fdf1
> # Parent b05feba278a8b766cddd4cc35d73ff43e8d77092
> QUIC: renamed protection functions.
>
> Now these functions have names ngx_quic_crypto_XXX():
>
> - ngx_quic_tls_open() -> ngx_quic_crypto_open()
> - ngx_quic_tls_seal() -> ngx_quic_crypto_seal()
> - ngx_quic_tls_hp() -> ngx_quic_crypto_hp()
>
> diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
> --- a/src/event/quic/ngx_event_quic_openssl_compat.c
> +++ b/src/event/quic/ngx_event_quic_openssl_compat.c
> @@ -568,8 +568,8 @@ ngx_quic_compat_create_record(ngx_quic_c
> ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
> ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number);
>
> - if (ngx_quic_tls_seal(ciphers.c, secret, &out,
> - nonce, &rec->payload, &ad, rec->log)
> + if (ngx_quic_crypto_seal(ciphers.c, secret, &out,
> + nonce, &rec->payload, &ad, rec->log)
> != NGX_OK)
> {
> return NGX_ERROR;
> diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
> --- a/src/event/quic/ngx_event_quic_protection.c
> +++ b/src/event/quic/ngx_event_quic_protection.c
> @@ -26,10 +26,10 @@ static ngx_int_t ngx_hkdf_extract(u_char
> static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask,
> uint64_t *largest_pn);
>
> -static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher,
> +static ngx_int_t ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher,
> ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
> ngx_str_t *ad, ngx_log_t *log);
> -static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
> +static ngx_int_t ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
> ngx_quic_secret_t *s, u_char *out, u_char *in);
>
> static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
> @@ -344,7 +344,7 @@ failed:
>
>
> static ngx_int_t
> -ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
> +ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
> ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
> {
>
> @@ -449,7 +449,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_
>
>
> ngx_int_t
> -ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
> +ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
> ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
> {
>
> @@ -565,7 +565,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_
>
>
> static ngx_int_t
> -ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
> +ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
> ngx_quic_secret_t *s, u_char *out, u_char *in)
> {
> int outlen;
> @@ -801,15 +801,15 @@ ngx_quic_create_packet(ngx_quic_header_t
> ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
> ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
>
> - if (ngx_quic_tls_seal(ciphers.c, secret, &out,
> - nonce, &pkt->payload, &ad, pkt->log)
> + if (ngx_quic_crypto_seal(ciphers.c, secret, &out,
> + nonce, &pkt->payload, &ad, pkt->log)
> != NGX_OK)
> {
> return NGX_ERROR;
> }
>
> sample = &out.data[4 - pkt->num_len];
> - if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
> + if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample)
> != NGX_OK)
> {
> return NGX_ERROR;
> @@ -862,7 +862,8 @@ ngx_quic_create_retry_packet(ngx_quic_he
> ngx_memcpy(secret.key.data, key, sizeof(key));
> secret.iv.len = NGX_QUIC_IV_LEN;
>
> - if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log)
> + if (ngx_quic_crypto_seal(ciphers.c, &secret, &itag, nonce, &in, &ad,
> + pkt->log)
> != NGX_OK)
> {
> return NGX_ERROR;
> @@ -1032,7 +1033,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
>
> /* header protection */
>
> - if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
> + if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample)
> != NGX_OK)
> {
> return NGX_DECLINED;
> @@ -1087,8 +1088,8 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
> pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
> pkt->payload.data = pkt->plaintext + ad.len;
>
> - rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
> - nonce, &in, &ad, pkt->log);
> + rc = ngx_quic_crypto_open(ciphers.c, secret, &pkt->payload,
> + nonce, &in, &ad, pkt->log);
> if (rc != NGX_OK) {
> return NGX_DECLINED;
> }
> diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h
> --- a/src/event/quic/ngx_event_quic_protection.h
> +++ b/src/event/quic/ngx_event_quic_protection.h
> @@ -105,7 +105,7 @@ ngx_int_t ngx_quic_decrypt(ngx_quic_head
> void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
> ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
> enum ssl_encryption_level_t level);
> -ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
> +ngx_int_t ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher,
> ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
> ngx_str_t *ad, ngx_log_t *log);
> ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest,
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel

Looks ok
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 0 of 8] [quic] reusing crypto contexts, and more

Sergey Kandaurov 482 September 07, 2023 11:18AM

[PATCH 1 of 8] QUIC: split keys availability checks to read and write sides

Sergey Kandaurov 86 September 07, 2023 11:18AM

Re: [PATCH 1 of 8] QUIC: split keys availability checks to read and write sides

Roman Arutyunyan 85 September 21, 2023 09:30AM

[PATCH 2 of 8] QUIC: added check to prevent packet output with discarded keys

Sergey Kandaurov 82 September 07, 2023 11:18AM

Re: [PATCH 2 of 8] QUIC: added check to prevent packet output with discarded keys

Roman Arutyunyan 89 September 18, 2023 03:10AM

Re: [PATCH 2 of 8] QUIC: added check to prevent packet output with discarded keys

Sergey Kandaurov 99 October 13, 2023 11:10AM

[PATCH 3 of 8] QUIC: prevented output of ACK frame when discarding handshake keys

Sergey Kandaurov 79 September 07, 2023 11:18AM

[PATCH 4 of 8] QUIC: renamed protection functions

Sergey Kandaurov 79 September 07, 2023 11:18AM

Re: [PATCH 4 of 8] QUIC: renamed protection functions

Roman Arutyunyan 87 September 21, 2023 09:32AM

[PATCH 5 of 8] QUIC: reusing crypto contexts for packet protection

Sergey Kandaurov 85 September 07, 2023 11:18AM

Re: [PATCH 5 of 8] QUIC: reusing crypto contexts for packet protection

Roman Arutyunyan 98 September 19, 2023 09:54AM

Re: [PATCH 5 of 8] QUIC: reusing crypto contexts for packet protection

Sergey Kandaurov 80 October 13, 2023 11:14AM

Re: [PATCH 5 of 8] QUIC: reusing crypto contexts for packet protection

Sergey Kandaurov 78 October 17, 2023 06:40AM

Re: [PATCH 5 of 8] QUIC: reusing crypto contexts for packet protection

Sergey Kandaurov 97 October 23, 2023 06:38PM

[PATCH 6 of 8] QUIC: reusing crypto contexts for header protection

Sergey Kandaurov 81 September 07, 2023 11:18AM

Re: [PATCH 6 of 8] QUIC: reusing crypto contexts for header protection

Roman Arutyunyan 78 September 20, 2023 08:14AM

Re: [PATCH 6 of 8] QUIC: reusing crypto contexts for header protection

Sergey Kandaurov 75 October 13, 2023 11:14AM

[PATCH 7 of 8] QUIC: cleaned up now unused ngx_quic_ciphers() calls

Sergey Kandaurov 86 September 07, 2023 11:18AM

Re: [PATCH 7 of 8] QUIC: cleaned up now unused ngx_quic_ciphers() calls

Roman Arutyunyan 95 September 20, 2023 08:28AM

Re: [PATCH 7 of 8] QUIC: cleaned up now unused ngx_quic_ciphers() calls

Sergey Kandaurov 86 October 13, 2023 11:16AM

[PATCH 8 of 8] QUIC: explicitly zero out unused keying material

Sergey Kandaurov 79 September 07, 2023 11:18AM

Re: [PATCH 8 of 8] QUIC: explicitly zero out unused keying material

Roman Arutyunyan 82 September 21, 2023 09:30AM

Re: [PATCH 8 of 8] QUIC: explicitly zero out unused keying material

Sergey Kandaurov 73 October 13, 2023 11:16AM

[PATCH 00 of 11] [quic] reusing crypto contexts, and more #2

Sergey Kandaurov 78 October 18, 2023 11:28AM

[PATCH 01 of 11] QUIC: split keys availability checks to read and write sides

Sergey Kandaurov 76 October 18, 2023 11:28AM

[PATCH 02 of 11] QUIC: added safety belt to prevent using discarded keys

Sergey Kandaurov 76 October 18, 2023 11:28AM

[PATCH 03 of 11] QUIC: prevented generating ACK frames with discarded keys

Sergey Kandaurov 78 October 18, 2023 11:28AM

[PATCH 04 of 11] QUIC: renamed protection functions

Sergey Kandaurov 73 October 18, 2023 11:28AM

[PATCH 05 of 11] QUIC: reusing crypto contexts for packet protection

Sergey Kandaurov 75 October 18, 2023 11:28AM

[PATCH 06 of 11] QUIC: common code for crypto open and seal operations

Sergey Kandaurov 76 October 18, 2023 11:28AM

[PATCH 07 of 11] QUIC: reusing crypto contexts for header protection

Sergey Kandaurov 74 October 18, 2023 11:30AM

[PATCH 08 of 11] QUIC: cleaned up now unused ngx_quic_ciphers() calls

Sergey Kandaurov 73 October 18, 2023 11:30AM

[PATCH 09 of 11] QUIC: simplified ngx_quic_ciphers() API

Sergey Kandaurov 71 October 18, 2023 11:30AM

[PATCH 10 of 11] QUIC: removed key field from ngx_quic_secret_t

Sergey Kandaurov 75 October 18, 2023 11:30AM

[PATCH 11 of 11] QUIC: explicitly zero out unused keying material

Sergey Kandaurov 73 October 18, 2023 11:38AM

Re: [PATCH 00 of 11] [quic] reusing crypto contexts, and more #2

Roman Arutyunyan 81 October 20, 2023 03:28AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 323
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready