]> git.kaiwu.me - nginx.git/commitdiff
QUIC: draft-33 salt and retry keys.
authorSergey Kandaurov <pluknet@nginx.com>
Mon, 11 Jan 2021 12:25:48 +0000 (15:25 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Mon, 11 Jan 2021 12:25:48 +0000 (15:25 +0300)
Notably, the version negotiation table is updated to reject draft-33/QUICv1
(which requires a new TLS codepoint) unless explicitly asked to built with.

src/event/quic/ngx_event_quic_protection.c
src/event/quic/ngx_event_quic_transport.c

index 401b71121982add82c2eb3d69ea1dd02fc95af70..253f4348210fcf7a65633ce8c64a5edee82c7680 100644 (file)
@@ -152,7 +152,10 @@ ngx_quic_keys_set_initial_secret(ngx_pool_t *pool, ngx_quic_keys_t *keys,
     ngx_quic_secret_t  *client, *server;
 
     static const uint8_t salt[20] =
-#if (NGX_QUIC_DRAFT_VERSION >= 29)
+#if (NGX_QUIC_DRAFT_VERSION >= 33)
+        "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
+        "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a";
+#elif (NGX_QUIC_DRAFT_VERSION >= 29)
         "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97"
         "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99";
 #else
@@ -889,13 +892,17 @@ ngx_quic_create_retry_packet(ngx_quic_header_t *pkt, ngx_str_t *res)
 
     /* 5.8.  Retry Packet Integrity */
     static u_char     key[16] =
-#if (NGX_QUIC_DRAFT_VERSION >= 29)
+#if (NGX_QUIC_DRAFT_VERSION >= 33)
+        "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e";
+#elif (NGX_QUIC_DRAFT_VERSION >= 29)
         "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1";
 #else
         "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30";
 #endif
     static u_char     nonce[12] =
-#if (NGX_QUIC_DRAFT_VERSION >= 29)
+#if (NGX_QUIC_DRAFT_VERSION >= 33)
+        "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb";
+#elif (NGX_QUIC_DRAFT_VERSION >= 29)
         "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c";
 #else
         "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75";
index b2ae196208c4b2c086b513053ee5cace47a9fa9f..2ecfac5a446e7b91e67a0de2641fd91309d2d1ef 100644 (file)
@@ -123,14 +123,15 @@ static ngx_int_t ngx_quic_parse_transport_param(u_char *p, u_char *end,
 
 
 uint32_t  ngx_quic_versions[] = {
-#if (NGX_QUIC_DRAFT_VERSION >= 29)
-    /* pretend we support all versions in range draft-29..v1 */
+#if (NGX_QUIC_DRAFT_VERSION >= 33)
+    /* QUICv1 */
+    0x00000001,
+    NGX_QUIC_VERSION(33),
+#elif (NGX_QUIC_DRAFT_VERSION >= 29)
     NGX_QUIC_VERSION(29),
     NGX_QUIC_VERSION(30),
     NGX_QUIC_VERSION(31),
     NGX_QUIC_VERSION(32),
-    /* QUICv1 */
-    0x00000001
 #else
     NGX_QUIC_VERSION(NGX_QUIC_DRAFT_VERSION)
 #endif