Mercurial > hg > nginx

view src/event/ngx_event_quic_protection.h @ 8641:fe53def49945 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: refactored long header parsing. The largely duplicate type-specific functions ngx_quic_parse_initial_header(), ngx_quic_parse_handshake_header(), and a missing one for 0-RTT, were merged. The new order of functions listed in ngx_event_quic_transport.c reflects this. |_ ngx_quic_parse_long_header - version-invariant long header fields \_ ngx_quic_supported_version - a helper to decide we can go further \_ ngx_quic_parse_long_header_v1 - QUICv1-specific long header fields 0-RTT packets previously appeared as Handshake are now logged as appropriate: *1 quic packet rx long flags:db version:ff00001d *1 quic packet rx early len:870 Logging SCID/DCID is no longer duplicated as were seen with Initial packets.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 17 Nov 2020 21:32:04 +0000
parents 9c3be23ddbe7
children
line wrap: on
line source


/*
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_
#define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>


#define NGX_QUIC_ENCRYPTION_LAST  ((ssl_encryption_application) + 1)


ngx_quic_keys_t *ngx_quic_keys_new(ngx_pool_t *pool);
ngx_int_t ngx_quic_keys_set_initial_secret(ngx_pool_t *pool,
    ngx_quic_keys_t *keys, ngx_str_t *secret);
int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
    ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
    const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
     enum ssl_encryption_level_t level);
void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
     enum ssl_encryption_level_t level);
void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
ngx_int_t ngx_quic_keys_update(ngx_connection_t *c, ngx_quic_keys_t *keys);

ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid,
    ngx_str_t *key, u_char *token);

ngx_int_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_str_t *res);
ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn);


#endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */