Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.h @ 8694:cef042935003 quic
QUIC: the "quic_host_key" directive.
The token generation in QUIC is reworked. Single host key is used to generate
all required keys of needed sizes using HKDF.
The "quic_stateless_reset_token_key" directive is removed. Instead, the
"quic_host_key" directive is used, which reads key from file, or sets it
to random bytes if not specified.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 08 Feb 2021 16:49:33 +0300 |
parents | 046c951e393a |
children | d4e02b3b734f |
comparison
equal
deleted
inserted
replaced
8693:3956bbf91002 | 8694:cef042935003 |
---|---|
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ | 8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
9 | 9 |
10 | 10 |
11 #include <ngx_config.h> | 11 #include <ngx_config.h> |
12 #include <ngx_core.h> | 12 #include <ngx_core.h> |
13 | |
14 #include <ngx_event_quic_transport.h> | |
13 | 15 |
14 | 16 |
15 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) | 17 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) |
16 | 18 |
17 | 19 |
25 enum ssl_encryption_level_t level); | 27 enum ssl_encryption_level_t level); |
26 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, | 28 void ngx_quic_keys_discard(ngx_quic_keys_t *keys, |
27 enum ssl_encryption_level_t level); | 29 enum ssl_encryption_level_t level); |
28 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); | 30 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys); |
29 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); | 31 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys); |
30 | 32 ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label, |
31 ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, | 33 ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len); |
32 ngx_str_t *key, u_char *token); | |
33 | |
34 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); | 34 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res); |
35 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); | 35 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn); |
36 | 36 |
37 | 37 |
38 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ | 38 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |