Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8448:011668fc9efd quic
Update Initial salt and Retry secret from quic-tls-29.
See sections 5.2 and 5.8 for the current values.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 23 Jun 2020 11:57:00 +0300 |
parents | df29219988bc |
children | d2f716e668e8 |
comparison
equal
deleted
inserted
replaced
8447:97adb87f149b | 8448:011668fc9efd |
---|---|
136 ngx_uint_t i; | 136 ngx_uint_t i; |
137 const EVP_MD *digest; | 137 const EVP_MD *digest; |
138 const EVP_CIPHER *cipher; | 138 const EVP_CIPHER *cipher; |
139 | 139 |
140 static const uint8_t salt[20] = | 140 static const uint8_t salt[20] = |
141 #if (NGX_QUIC_DRAFT_VERSION >= 29) | |
142 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" | |
143 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; | |
144 #else | |
141 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" | 145 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" |
142 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; | 146 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; |
147 #endif | |
143 | 148 |
144 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ | 149 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */ |
145 | 150 |
146 cipher = EVP_aes_128_gcm(); | 151 cipher = EVP_aes_128_gcm(); |
147 digest = EVP_sha256(); | 152 digest = EVP_sha256(); |
901 ngx_quic_secret_t secret; | 906 ngx_quic_secret_t secret; |
902 ngx_quic_ciphers_t ciphers; | 907 ngx_quic_ciphers_t ciphers; |
903 | 908 |
904 /* 5.8. Retry Packet Integrity */ | 909 /* 5.8. Retry Packet Integrity */ |
905 static u_char key[16] = | 910 static u_char key[16] = |
906 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8" | 911 #if (NGX_QUIC_DRAFT_VERSION >= 29) |
907 "\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; | 912 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
913 #else | |
914 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; | |
915 #endif | |
908 static u_char nonce[12] = | 916 static u_char nonce[12] = |
909 "\x4d\x16\x11\xd0\x55\x13" | 917 #if (NGX_QUIC_DRAFT_VERSION >= 29) |
910 "\xa5\x52\xc5\x87\xd5\x75"; | 918 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
919 #else | |
920 "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75"; | |
921 #endif | |
911 static ngx_str_t in = ngx_string(""); | 922 static ngx_str_t in = ngx_string(""); |
912 | 923 |
913 ad.data = res->data; | 924 ad.data = res->data; |
914 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); | 925 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start); |
915 | 926 |