Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.h @ 8306:058a5af7ddfc quic
Refactored QUIC secrets storage.
The quic->keys[4] array now contains secrets related to the corresponding
encryption level. All protection-level functions get proper keys and do
not need to switch manually between levels.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 01 Apr 2020 14:25:25 +0300 |
parents | 2ac03e80d013 |
children | 29354c6fc5f2 |
comparison
equal
deleted
inserted
replaced
8305:e35f824f644d | 8306:058a5af7ddfc |
---|---|
4 */ | 4 */ |
5 | 5 |
6 | 6 |
7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ | 7 #ifndef _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ | 8 #define _NGX_EVENT_QUIC_PROTECTION_H_INCLUDED_ |
9 | |
10 | |
11 #define NGX_QUIC_ENCRYPTION_LAST ((ssl_encryption_application) + 1) | |
9 | 12 |
10 | 13 |
11 typedef struct ngx_quic_secret_s { | 14 typedef struct ngx_quic_secret_s { |
12 ngx_str_t secret; | 15 ngx_str_t secret; |
13 ngx_str_t key; | 16 ngx_str_t key; |
15 ngx_str_t hp; | 18 ngx_str_t hp; |
16 } ngx_quic_secret_t; | 19 } ngx_quic_secret_t; |
17 | 20 |
18 | 21 |
19 typedef struct { | 22 typedef struct { |
20 ngx_quic_secret_t in; | 23 ngx_quic_secret_t client; |
21 ngx_quic_secret_t ed; | 24 ngx_quic_secret_t server; |
22 ngx_quic_secret_t hs; | |
23 ngx_quic_secret_t ad; | |
24 } ngx_quic_peer_secrets_t; | |
25 | |
26 | |
27 typedef struct { | |
28 ngx_quic_peer_secrets_t client; | |
29 ngx_quic_peer_secrets_t server; | |
30 } ngx_quic_secrets_t; | 25 } ngx_quic_secrets_t; |
31 | 26 |
32 | 27 |
33 ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, | 28 ngx_int_t ngx_quic_set_initial_secret(ngx_pool_t *pool, |
34 ngx_quic_secrets_t *secrets, ngx_str_t *secret); | 29 ngx_quic_secret_t *client, ngx_quic_secret_t *server, |
30 ngx_str_t *secret); | |
35 | 31 |
36 int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, | 32 int ngx_quic_set_encryption_secret(ngx_pool_t *pool, ngx_ssl_conn_t *ssl_conn, |
37 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, | 33 enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len, |
38 ngx_quic_peer_secrets_t *qsec); | 34 ngx_quic_secret_t *peer_secret); |
39 | 35 |
40 ssize_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 36 ssize_t ngx_quic_encrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
41 ngx_str_t *res); | 37 ngx_str_t *res); |
42 | 38 |
43 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn); | 39 ngx_int_t ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn); |