Mercurial > hg > nginx

diff src/event/quic/ngx_event_quic.h @ 8694:cef042935003 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: the "quic_host_key" directive. The token generation in QUIC is reworked. Single host key is used to generate all required keys of needed sizes using HKDF. The "quic_stateless_reset_token_key" directive is removed. Instead, the "quic_host_key" directive is used, which reads key from file, or sets it to random bytes if not specified.
author Vladimir Homutov <vl@nginx.com>
date Mon, 08 Feb 2021 16:49:33 +0300
parents dffb66fb783b
children d710c457171c
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic.h
+++ b/src/event/quic/ngx_event_quic.h
@@ -27,9 +27,11 @@
 
 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT  3
 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY       25
-#define NGX_QUIC_DEFAULT_SRT_KEY_LEN         32
+#define NGX_QUIC_DEFAULT_HOST_KEY_LEN        32
+#define NGX_QUIC_SR_KEY_LEN                  32
+#define NGX_QUIC_AV_KEY_LEN                  32
 
-#define NGX_QUIC_RETRY_LIFETIME              3   /* seconds */
+#define NGX_QUIC_RETRY_TOKEN_LIFETIME          3 /* seconds */
 #define NGX_QUIC_NEW_TOKEN_LIFETIME          600 /* seconds */
 #define NGX_QUIC_RETRY_BUFFER_SIZE           256
     /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(64) */
@@ -96,8 +98,9 @@ typedef struct {
     ngx_quic_tp_t              tp;
     ngx_flag_t                 retry;
     ngx_flag_t                 require_alpn;
-    u_char                     token_key[32]; /* AES 256 */
-    ngx_str_t                  sr_token_key; /* stateless reset token key */
+    ngx_str_t                  host_key;
+    u_char                     av_token_key[NGX_QUIC_AV_KEY_LEN];
+    u_char                     sr_token_key[NGX_QUIC_SR_KEY_LEN];
 } ngx_quic_conf_t;