Welcome! Log In Create A New Profile

Advanced

[nginx] QUIC: renamed protection functions.

Sergey Kandaurov
October 20, 2023 10:44AM
details: https://hg.nginx.org/nginx/rev/f98636db77ef
branches:
changeset: 9171:f98636db77ef
user: Sergey Kandaurov <pluknet@nginx.com>
date: Fri Oct 20 18:05:07 2023 +0400
description:
QUIC: renamed protection functions.

Now these functions have names ngx_quic_crypto_XXX():

- ngx_quic_tls_open() -> ngx_quic_crypto_open()
- ngx_quic_tls_seal() -> ngx_quic_crypto_seal()
- ngx_quic_tls_hp() -> ngx_quic_crypto_hp()

diffstat:

src/event/quic/ngx_event_quic_openssl_compat.c | 4 ++--
src/event/quic/ngx_event_quic_protection.c | 25 +++++++++++++------------
src/event/quic/ngx_event_quic_protection.h | 2 +-
3 files changed, 16 insertions(+), 15 deletions(-)

diffs (118 lines):

diff -r c80d111340dc -r f98636db77ef src/event/quic/ngx_event_quic_openssl_compat.c
--- a/src/event/quic/ngx_event_quic_openssl_compat.c Fri Oct 20 18:05:07 2023 +0400
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c Fri Oct 20 18:05:07 2023 +0400
@@ -578,8 +578,8 @@ ngx_quic_compat_create_record(ngx_quic_c
ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number);

- if (ngx_quic_tls_seal(ciphers.c, secret, &out,
- nonce, &rec->payload, &ad, rec->log)
+ if (ngx_quic_crypto_seal(ciphers.c, secret, &out,
+ nonce, &rec->payload, &ad, rec->log)
!= NGX_OK)
{
return NGX_ERROR;
diff -r c80d111340dc -r f98636db77ef src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c Fri Oct 20 18:05:07 2023 +0400
+++ b/src/event/quic/ngx_event_quic_protection.c Fri Oct 20 18:05:07 2023 +0400
@@ -26,10 +26,10 @@ static ngx_int_t ngx_hkdf_extract(u_char
static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask,
uint64_t *largest_pn);

-static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher,
+static ngx_int_t ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher,
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
ngx_str_t *ad, ngx_log_t *log);
-static ngx_int_t ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
+static ngx_int_t ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
ngx_quic_secret_t *s, u_char *out, u_char *in);

static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
@@ -344,7 +344,7 @@ failed:


static ngx_int_t
-ngx_quic_tls_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
+ngx_quic_crypto_open(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{

@@ -449,7 +449,7 @@ ngx_quic_tls_open(const ngx_quic_cipher_


ngx_int_t
-ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
+ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s,
ngx_str_t *out, u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log)
{

@@ -565,7 +565,7 @@ ngx_quic_tls_seal(const ngx_quic_cipher_


static ngx_int_t
-ngx_quic_tls_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
+ngx_quic_crypto_hp(ngx_log_t *log, const EVP_CIPHER *cipher,
ngx_quic_secret_t *s, u_char *out, u_char *in)
{
int outlen;
@@ -801,15 +801,15 @@ ngx_quic_create_packet(ngx_quic_header_t
ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);

- if (ngx_quic_tls_seal(ciphers.c, secret, &out,
- nonce, &pkt->payload, &ad, pkt->log)
+ if (ngx_quic_crypto_seal(ciphers.c, secret, &out,
+ nonce, &pkt->payload, &ad, pkt->log)
!= NGX_OK)
{
return NGX_ERROR;
}

sample = &out.data[4 - pkt->num_len];
- if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
+ if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample)
!= NGX_OK)
{
return NGX_ERROR;
@@ -862,7 +862,8 @@ ngx_quic_create_retry_packet(ngx_quic_he
ngx_memcpy(secret.key.data, key, sizeof(key));
secret.iv.len = NGX_QUIC_IV_LEN;

- if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log)
+ if (ngx_quic_crypto_seal(ciphers.c, &secret, &itag, nonce, &in, &ad,
+ pkt->log)
!= NGX_OK)
{
return NGX_ERROR;
@@ -1032,7 +1033,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,

/* header protection */

- if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
+ if (ngx_quic_crypto_hp(pkt->log, ciphers.hp, secret, mask, sample)
!= NGX_OK)
{
return NGX_DECLINED;
@@ -1087,8 +1088,8 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
pkt->payload.len = in.len - NGX_QUIC_TAG_LEN;
pkt->payload.data = pkt->plaintext + ad.len;

- rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
- nonce, &in, &ad, pkt->log);
+ rc = ngx_quic_crypto_open(ciphers.c, secret, &pkt->payload,
+ nonce, &in, &ad, pkt->log);
if (rc != NGX_OK) {
return NGX_DECLINED;
}
diff -r c80d111340dc -r f98636db77ef src/event/quic/ngx_event_quic_protection.h
--- a/src/event/quic/ngx_event_quic_protection.h Fri Oct 20 18:05:07 2023 +0400
+++ b/src/event/quic/ngx_event_quic_protection.h Fri Oct 20 18:05:07 2023 +0400
@@ -105,7 +105,7 @@ ngx_int_t ngx_quic_decrypt(ngx_quic_head
void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
ngx_int_t ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
enum ssl_encryption_level_t level);
-ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
+ngx_int_t ngx_quic_crypto_seal(const ngx_quic_cipher_t *cipher,
ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, ngx_str_t *in,
ngx_str_t *ad, ngx_log_t *log);
ngx_int_t ngx_quic_hkdf_expand(ngx_quic_hkdf_t *hkdf, const EVP_MD *digest,
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] QUIC: renamed protection functions.

Sergey Kandaurov 247 October 20, 2023 10:44AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 105
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready