Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_protection.c @ 8678:3443ee341cc1 quic
QUIC: draft-33 salt and retry keys.
Notably, the version negotiation table is updated to reject draft-33/QUICv1
(which requires a new TLS codepoint) unless explicitly asked to built with.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 11 Jan 2021 15:25:48 +0300 |
| parents | 046c951e393a |
| children | cef042935003 |
comparison
equal
deleted
inserted
replaced
| 8677:c57b6fc90f90 | 8678:3443ee341cc1 |
|---|---|
| 150 const EVP_MD *digest; | 150 const EVP_MD *digest; |
| 151 const EVP_CIPHER *cipher; | 151 const EVP_CIPHER *cipher; |
| 152 ngx_quic_secret_t *client, *server; | 152 ngx_quic_secret_t *client, *server; |
| 153 | 153 |
| 154 static const uint8_t salt[20] = | 154 static const uint8_t salt[20] = |
| 155 #if (NGX_QUIC_DRAFT_VERSION >= 29) | 155 #if (NGX_QUIC_DRAFT_VERSION >= 33) |
| 156 "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" | |
| 157 "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; | |
| 158 #elif (NGX_QUIC_DRAFT_VERSION >= 29) | |
| 156 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" | 159 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" |
| 157 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; | 160 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; |
| 158 #else | 161 #else |
| 159 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" | 162 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7" |
| 160 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; | 163 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02"; |
| 887 ngx_quic_secret_t secret; | 890 ngx_quic_secret_t secret; |
| 888 ngx_quic_ciphers_t ciphers; | 891 ngx_quic_ciphers_t ciphers; |
| 889 | 892 |
| 890 /* 5.8. Retry Packet Integrity */ | 893 /* 5.8. Retry Packet Integrity */ |
| 891 static u_char key[16] = | 894 static u_char key[16] = |
| 892 #if (NGX_QUIC_DRAFT_VERSION >= 29) | 895 #if (NGX_QUIC_DRAFT_VERSION >= 33) |
| 896 "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; | |
| 897 #elif (NGX_QUIC_DRAFT_VERSION >= 29) | |
| 893 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; | 898 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; |
| 894 #else | 899 #else |
| 895 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; | 900 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; |
| 896 #endif | 901 #endif |
| 897 static u_char nonce[12] = | 902 static u_char nonce[12] = |
| 898 #if (NGX_QUIC_DRAFT_VERSION >= 29) | 903 #if (NGX_QUIC_DRAFT_VERSION >= 33) |
| 904 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; | |
| 905 #elif (NGX_QUIC_DRAFT_VERSION >= 29) | |
| 899 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; | 906 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; |
| 900 #else | 907 #else |
| 901 "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75"; | 908 "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75"; |
| 902 #endif | 909 #endif |
| 903 static ngx_str_t in = ngx_string(""); | 910 static ngx_str_t in = ngx_string(""); |