# HG changeset patch # User Sergey Kandaurov # Date 1610367948 -10800 # Node ID 3443ee341cc176a86d898798ed30aa85f0aeb711 # Parent c57b6fc90f90d2be43e0f7367694ae6a2be30613 QUIC: draft-33 salt and retry keys. Notably, the version negotiation table is updated to reject draft-33/QUICv1 (which requires a new TLS codepoint) unless explicitly asked to built with. diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -152,7 +152,10 @@ ngx_quic_keys_set_initial_secret(ngx_poo ngx_quic_secret_t *client, *server; static const uint8_t salt[20] = -#if (NGX_QUIC_DRAFT_VERSION >= 29) +#if (NGX_QUIC_DRAFT_VERSION >= 33) + "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17" + "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a"; +#elif (NGX_QUIC_DRAFT_VERSION >= 29) "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97" "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99"; #else @@ -889,13 +892,17 @@ ngx_quic_create_retry_packet(ngx_quic_he /* 5.8. Retry Packet Integrity */ static u_char key[16] = -#if (NGX_QUIC_DRAFT_VERSION >= 29) +#if (NGX_QUIC_DRAFT_VERSION >= 33) + "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"; +#elif (NGX_QUIC_DRAFT_VERSION >= 29) "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1"; #else "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30"; #endif static u_char nonce[12] = -#if (NGX_QUIC_DRAFT_VERSION >= 29) +#if (NGX_QUIC_DRAFT_VERSION >= 33) + "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"; +#elif (NGX_QUIC_DRAFT_VERSION >= 29) "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c"; #else "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75"; diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c --- a/src/event/quic/ngx_event_quic_transport.c +++ b/src/event/quic/ngx_event_quic_transport.c @@ -123,14 +123,15 @@ static ngx_int_t ngx_quic_parse_transpor uint32_t ngx_quic_versions[] = { -#if (NGX_QUIC_DRAFT_VERSION >= 29) - /* pretend we support all versions in range draft-29..v1 */ +#if (NGX_QUIC_DRAFT_VERSION >= 33) + /* QUICv1 */ + 0x00000001, + NGX_QUIC_VERSION(33), +#elif (NGX_QUIC_DRAFT_VERSION >= 29) NGX_QUIC_VERSION(29), NGX_QUIC_VERSION(30), NGX_QUIC_VERSION(31), NGX_QUIC_VERSION(32), - /* QUICv1 */ - 0x00000001 #else NGX_QUIC_VERSION(NGX_QUIC_DRAFT_VERSION) #endif