QUIC: macros for manipulating header protection and reserved bits.

This gets rid of magic numbers from quic protection and allows to push down header construction specifics further to quic transport.
2025-02-25 18:55:26 -06:00 · 2020-11-17 21:32:22 +00:00 · 2020-11-17 21:32:22 +00:00 · cb158c264d
commit cb158c264d
parent 97dcde9799
2 changed files with 10 additions and 15 deletions
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@ -870,7 +870,7 @@ ngx_quic_create_long_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
    }

    /* quic-tls: 5.4.1.  Header Protection Application */
-    ad.data[0] ^= mask[0] & 0x0f;
+    ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);

    for (i = 0; i < pkt->num_len; i++) {
        pnp[i] ^= mask[i + 1];
@ -928,7 +928,7 @@ ngx_quic_create_short_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
    }

    /* quic-tls: 5.4.1.  Header Protection Application */
-    ad.data[0] ^= mask[0] & 0x1f;
+    ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);

    for (i = 0; i < pkt->num_len; i++) {
        pnp[i] ^= mask[i + 1];
@ -1161,11 +1161,9 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
        return NGX_DECLINED;
    }

-    if (ngx_quic_long_pkt(pkt->flags)) {
-        clearflags = pkt->flags ^ (mask[0] & 0x0f);
+    clearflags = pkt->flags ^ (mask[0] & ngx_quic_pkt_hp_mask(pkt->flags));

-    } else {
-        clearflags = pkt->flags ^ (mask[0] & 0x1f);
+    if (ngx_quic_short_pkt(pkt->flags)) {
        key_phase = (clearflags & NGX_QUIC_PKT_KPHASE) != 0;

        if (key_phase != pkt->key_phase) {
@ -1192,12 +1190,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
    in.data = p;
    in.len = len - pnl;

-    if (ngx_quic_long_pkt(pkt->flags)) {
-        badflags = clearflags & NGX_QUIC_PKT_LONG_RESERVED_BIT;
-
-    } else {
-        badflags = clearflags & NGX_QUIC_PKT_SHORT_RESERVED_BIT;
-    }
+    badflags = clearflags & ngx_quic_pkt_rb_mask(pkt->flags);

    ad.len = p - pkt->data;
    ad.data = pkt->plaintext;
--- a/src/event/ngx_event_quic_transport.h
+++ b/src/event/ngx_event_quic_transport.h
@ -19,9 +19,6 @@
 #define NGX_QUIC_PKT_TYPE       0x30  /* in long packet */
 #define NGX_QUIC_PKT_KPHASE     0x04  /* in short packet */

-#define NGX_QUIC_PKT_LONG_RESERVED_BIT   0x0C
-#define NGX_QUIC_PKT_SHORT_RESERVED_BIT  0x18
-
 #define ngx_quic_long_pkt(flags)  ((flags) & NGX_QUIC_PKT_LONG)
 #define ngx_quic_short_pkt(flags)  (((flags) & NGX_QUIC_PKT_LONG) == 0)

@ -40,6 +37,11 @@
 #define ngx_quic_pkt_retry(flags)                                             \
    (((flags) & NGX_QUIC_PKT_TYPE) == NGX_QUIC_PKT_RETRY)

+#define ngx_quic_pkt_rb_mask(flags)                                           \
+    (ngx_quic_long_pkt(flags) ? 0x0C : 0x18)
+#define ngx_quic_pkt_hp_mask(flags)                                           \
+    (ngx_quic_long_pkt(flags) ? 0x0F : 0x1F)
+
 #define ngx_quic_level_name(lvl)                                              \
    (lvl == ssl_encryption_application) ? "app"                               \
        : (lvl == ssl_encryption_initial) ? "init"                            \