Mercurial > hg > nginx-quic

comparison src/event/quic/ngx_event_quic.h @ 8287:cef042935003 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: the "quic_host_key" directive. The token generation in QUIC is reworked. Single host key is used to generate all required keys of needed sizes using HKDF. The "quic_stateless_reset_token_key" directive is removed. Instead, the "quic_host_key" directive is used, which reads key from file, or sets it to random bytes if not specified.
author Vladimir Homutov <vl@nginx.com>
date Mon, 08 Feb 2021 16:49:33 +0300
parents dffb66fb783b
children d710c457171c
comparison
equal deleted inserted replaced
8286:3956bbf91002 8287:cef042935003
25 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT 1252 25 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT 1252
26 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT6 1232 26 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT6 1232
27 27
28 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 28 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3
29 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 29 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25
30 #define NGX_QUIC_DEFAULT_SRT_KEY_LEN 32 30 #define NGX_QUIC_DEFAULT_HOST_KEY_LEN 32
31 #define NGX_QUIC_SR_KEY_LEN 32
32 #define NGX_QUIC_AV_KEY_LEN 32
31 33
32 #define NGX_QUIC_RETRY_LIFETIME 3 /* seconds */ 34 #define NGX_QUIC_RETRY_TOKEN_LIFETIME 3 /* seconds */
33 #define NGX_QUIC_NEW_TOKEN_LIFETIME 600 /* seconds */ 35 #define NGX_QUIC_NEW_TOKEN_LIFETIME 600 /* seconds */
34 #define NGX_QUIC_RETRY_BUFFER_SIZE 256 36 #define NGX_QUIC_RETRY_BUFFER_SIZE 256
35 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(64) */ 37 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(64) */
36 #define NGX_QUIC_MAX_TOKEN_SIZE 64 38 #define NGX_QUIC_MAX_TOKEN_SIZE 64
37 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ 39 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */
94 typedef struct { 96 typedef struct {
95 ngx_ssl_t *ssl; 97 ngx_ssl_t *ssl;
96 ngx_quic_tp_t tp; 98 ngx_quic_tp_t tp;
97 ngx_flag_t retry; 99 ngx_flag_t retry;
98 ngx_flag_t require_alpn; 100 ngx_flag_t require_alpn;
99 u_char token_key[32]; /* AES 256 */ 101 ngx_str_t host_key;
100 ngx_str_t sr_token_key; /* stateless reset token key */ 102 u_char av_token_key[NGX_QUIC_AV_KEY_LEN];
103 u_char sr_token_key[NGX_QUIC_SR_KEY_LEN];
101 } ngx_quic_conf_t; 104 } ngx_quic_conf_t;
102 105
103 106
104 typedef struct { 107 typedef struct {
105 uint64_t sent; 108 uint64_t sent;