Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_protection.h @ 7772:058a5af7ddfc quic
Refactored QUIC secrets storage.
The quic->keys[4] array now contains secrets related to the corresponding
encryption level. All protection-level functions get proper keys and do
not need to switch manually between levels.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Wed, 01 Apr 2020 14:25:25 +0300 |
| parents | 2ac03e80d013 |
| children | 29354c6fc5f2 |
comparison
equal
deleted
inserted
replaced
| 7771:e35f824f644d | 7772:058a5af7ddfc |
|---|---|
| 4 */ | 4 */ |
| 5 | 5 |
| 6 | 6 |
| 7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ | 7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
| 8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ | 8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
| 9 | |
| 10 | |
| 11 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) | |
| 9 | 12 |
| 10 | 13 |
| 11 typedef struct ngx_quic_secret_s { | 14 typedef struct ngx_quic_secret_s { |
| 12 ngx_str_t secret; | 15 ngx_str_t secret; |
| 13 ngx_str_t key; | 16 ngx_str_t key; |
| 15 ngx_str_t hp; | 18 ngx_str_t hp; |
| 16 } ngx_quic_secret_t; | 19 } ngx_quic_secret_t; |
| 17 | 20 |
| 18 | 21 |
| 19 typedef struct { | 22 typedef struct { |
| 20 ngx_quic_secret_t in; | 23 ngx_quic_secret_t client; |
| 21 ngx_quic_secret_t ed; | 24 ngx_quic_secret_t server; |
| 22 ngx_quic_secret_t hs; | |
| 23 ngx_quic_secret_t ad; | |
| 24 } ngx_quic_peer_secrets_t; | |
| 25 | |
| 26 | |
| 27 typedef struct { | |
| 28 ngx_quic_peer_secrets_t client; | |
| 29 ngx_quic_peer_secrets_t server; | |
| 30 } ngx_quic_secrets_t; | 25 } ngx_quic_secrets_t; |
| 31 | 26 |
| 32 | 27 |
| 33 ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, | 28 ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, |
| 34 ngx_quic_secrets_t *secrets, ngx_str_t *secret); | 29 ngx_quic_secret_t *client, ngx_quic_secret_t *server, |
| 30 ngx_str_t *secret); | |
| 35 | 31 |
| 36 int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, | 32 int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, |
| 37 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, | 33 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, |
| 38 ngx_quic_peer_secrets_t *qsec); | 34 ngx_quic_secret_t *peer_secret); |
| 39 | 35 |
| 40 ssize_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 36 ssize_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
| 41 ngx_str_t *res); | 37 ngx_str_t *res); |
| 42 | 38 |
| 43 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn); | 39 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn); |