nginx: src/event/quic/ngx_event_quic

comparison src/event/quic/ngx_event_quic_protection.h @ 8694:cef042935003 quic

QUIC: the "quic_host_key" directive. The token generation in QUIC is reworked. Single host key is used to generate all required keys of needed sizes using HKDF. The "quic_stateless_reset_token_key" directive is removed. Instead, the "quic_host_key" directive is used, which reads key from file, or sets it to random bytes if not specified.

author	Vladimir Homutov <vl@nginx.com>
date	Mon, 08 Feb 2021 16:49:33 +0300
parents	046c951e393a
children	d4e02b3b734f

comparison

equal deleted inserted replaced

-:3956bbf91002
+:cef042935003
 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
 #include <ngx_config.h>
 #include <ngx_core.h>
+#include <ngx_event_quic_transport.h>
 #define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)
 enum ssl_encryption_level_t level);
 void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
 enum ssl_encryption_level_t level);
 void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
 ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys);
+ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label,
-ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid,
+ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len);
-ngx_str_t *key, u_char *token);
 ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);
 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_protection.h @ 8694:cef042935003 quic