Mercurial > hg > nginx
annotate src/event/ngx_event_quic_protection.h @ 8319:29354c6fc5f2 quic
TLS Key Update in QUIC.
Old keys retention is yet to be implemented.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 06 Apr 2020 14:54:08 +0300 |
parents | 058a5af7ddfc |
children | aba84d9ab256 |
rev | line source |
---|---|
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
11 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
12 |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
13 |
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8221
diff
changeset
|
14 typedef struct ngx_quic_secret_s { |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 ngx_str_t secret; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 ngx_str_t key; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 ngx_str_t iv; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 ngx_str_t hp; |
8224
ae35ccba7aa6
Extracted transport part of the code into separate file.
Vladimir Homutov <vl@nginx.com>
parents:
8221
diff
changeset
|
19 } ngx_quic_secret_t; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 typedef struct { |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
23 ngx_quic_secret_t client; |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
24 ngx_quic_secret_t server; |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
25 } ngx_quic_secrets_t; |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
29 ngx_quic_secret_t *client, ngx_quic_secret_t *server, |
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
30 ngx_str_t *secret); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, |
8306
058a5af7ddfc
Refactored QUIC secrets storage.
Vladimir Homutov <vl@nginx.com>
parents:
8303
diff
changeset
|
34 ngx_quic_secret_t *peer_secret); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 |
8319
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8306
diff
changeset
|
36 ngx_int_t ngx_quic_key_update(ngx_connection_t *c, |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8306
diff
changeset
|
37 ngx_quic_secrets_t *current, ngx_quic_secrets_t *next); |
29354c6fc5f2
TLS Key Update in QUIC.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8306
diff
changeset
|
38 |
8285
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
39 ssize_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
f85749b60e58
Removed memory allocations from encryption code.
Vladimir Homutov <vl@nginx.com>
parents:
8224
diff
changeset
|
40 ngx_str_t *res); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 |
8288
ebd5c71b9f02
Got rid of memory allocation in decryption.
Vladimir Homutov <vl@nginx.com>
parents:
8285
diff
changeset
|
42 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn); |
8221
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 |
69345a26ba69
Split transport and crypto parts into separate files.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 #endif /* _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ */ |