Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic.h @ 8694:cef042935003 quic
QUIC: the "quic_host_key" directive.
The token generation in QUIC is reworked. Single host key is used to generate
all required keys of needed sizes using HKDF.
The "quic_stateless_reset_token_key" directive is removed. Instead, the
"quic_host_key" directive is used, which reads key from file, or sets it
to random bytes if not specified.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 08 Feb 2021 16:49:33 +0300 |
parents | dffb66fb783b |
children | d710c457171c |
comparison
equal
deleted
inserted
replaced
8693:3956bbf91002 | 8694:cef042935003 |
---|---|
25 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT 1252 | 25 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT 1252 |
26 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT6 1232 | 26 #define NGX_QUIC_MAX_UDP_PAYLOAD_OUT6 1232 |
27 | 27 |
28 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 | 28 #define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3 |
29 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 | 29 #define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25 |
30 #define NGX_QUIC_DEFAULT_SRT_KEY_LEN 32 | 30 #define NGX_QUIC_DEFAULT_HOST_KEY_LEN 32 |
31 #define NGX_QUIC_SR_KEY_LEN 32 | |
32 #define NGX_QUIC_AV_KEY_LEN 32 | |
31 | 33 |
32 #define NGX_QUIC_RETRY_LIFETIME 3 /* seconds */ | 34 #define NGX_QUIC_RETRY_TOKEN_LIFETIME 3 /* seconds */ |
33 #define NGX_QUIC_NEW_TOKEN_LIFETIME 600 /* seconds */ | 35 #define NGX_QUIC_NEW_TOKEN_LIFETIME 600 /* seconds */ |
34 #define NGX_QUIC_RETRY_BUFFER_SIZE 256 | 36 #define NGX_QUIC_RETRY_BUFFER_SIZE 256 |
35 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(64) */ | 37 /* 1 flags + 4 version + 3 x (1 + 20) s/o/dcid + itag + token(64) */ |
36 #define NGX_QUIC_MAX_TOKEN_SIZE 64 | 38 #define NGX_QUIC_MAX_TOKEN_SIZE 64 |
37 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ | 39 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ |
94 typedef struct { | 96 typedef struct { |
95 ngx_ssl_t *ssl; | 97 ngx_ssl_t *ssl; |
96 ngx_quic_tp_t tp; | 98 ngx_quic_tp_t tp; |
97 ngx_flag_t retry; | 99 ngx_flag_t retry; |
98 ngx_flag_t require_alpn; | 100 ngx_flag_t require_alpn; |
99 u_char token_key[32]; /* AES 256 */ | 101 ngx_str_t host_key; |
100 ngx_str_t sr_token_key; /* stateless reset token key */ | 102 u_char av_token_key[NGX_QUIC_AV_KEY_LEN]; |
103 u_char sr_token_key[NGX_QUIC_SR_KEY_LEN]; | |
101 } ngx_quic_conf_t; | 104 } ngx_quic_conf_t; |
102 | 105 |
103 | 106 |
104 typedef struct { | 107 typedef struct { |
105 uint64_t sent; | 108 uint64_t sent; |