Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 8678:3443ee341cc1 quic
QUIC: draft-33 salt and retry keys.
Notably, the version negotiation table is updated to reject draft-33/QUICv1
(which requires a new TLS codepoint) unless explicitly asked to built with.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 11 Jan 2021 15:25:48 +0300 |
parents | 046c951e393a |
children | cef042935003 |
comparison
equal
deleted
inserted
replaced
8677:c57b6fc90f90 | 8678:3443ee341cc1 |
---|---|
150 const EVP_MD *digest; | 150 const EVP_MD *digest; |
151 const EVP_CIPHER *cipher; | 151 const EVP_CIPHER *cipher; |
152 ngx_quic_secret_t *client, *server; | 152 ngx_quic_secret_t *client, *server; |
153 | 153 |
154 static const uint8_t salt[20] = | 154 static const uint8_t salt[20] = |
155 #if (NGX_QUIC_DRAFT_VERSION >= 29) | 155 #if (NGX_QUIC_DRAFT_VERSION >= 33) |
156 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" | |
157 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; | |
158 #elif (NGX_QUIC_DRAFT_VERSION >= 29) | |
156 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" | 159 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" |
157 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; | 160 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; |
158 #else | 161 #else |
159 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" | 162 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" |
160 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; | 163 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; |
887 ngx_quic_secret_t secret; | 890 ngx_quic_secret_t secret; |
888 ngx_quic_ciphers_t ciphers; | 891 ngx_quic_ciphers_t ciphers; |
889 | 892 |
890 /* 5.8. Retry Packet Integrity */ | 893 /* 5.8. Retry Packet Integrity */ |
891 static u_char key[16] = | 894 static u_char key[16] = |
892 #if (NGX_QUIC_DRAFT_VERSION >= 29) | 895 #if (NGX_QUIC_DRAFT_VERSION >= 33) |
896 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; | |
897 #elif (NGX_QUIC_DRAFT_VERSION >= 29) | |
893 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; | 898 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
894 #else | 899 #else |
895 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; | 900 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; |
896 #endif | 901 #endif |
897 static u_char nonce[12] = | 902 static u_char nonce[12] = |
898 #if (NGX_QUIC_DRAFT_VERSION >= 29) | 903 #if (NGX_QUIC_DRAFT_VERSION >= 33) |
904 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; | |
905 #elif (NGX_QUIC_DRAFT_VERSION >= 29) | |
899 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; | 906 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
900 #else | 907 #else |
901 "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75"; | 908 "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75"; |
902 #endif | 909 #endif |
903 static ngx_str_t in = ngx_string(""); | 910 static ngx_str_t in = ngx_string(""); |