MINOR: quic: Replace v2 draft definitions by those of the final 2 version

This should finalize the support for the QUIC version 2.

Must be backported to 2.7.

diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h
index 44ae6a489437099653df762cc3878fb2ad302905..3ea42ea4347bbcc7add5b8396e5e89f0e03fa3a9 100644 (file)
--- a/include/haproxy/quic_conn-t.h
+++ b/include/haproxy/quic_conn-t.h
@@ -47,7 +47,7 @@ typedef unsigned long long ull;
 
 #define QUIC_PROTOCOL_VERSION_DRAFT_29   0xff00001d /* draft-29 */
 #define QUIC_PROTOCOL_VERSION_1          0x00000001 /* V1 */
-#define QUIC_PROTOCOL_VERSION_2_DRAFT    0x709a50c4 /* V2 draft */
+#define QUIC_PROTOCOL_VERSION_2          0x6b3343cf /* V2 */
 
 #define QUIC_INITIAL_IPV4_MTU      1252 /* (bytes) */
 #define QUIC_INITIAL_IPV6_MTU      1232

diff --git a/include/haproxy/quic_conn.h b/include/haproxy/quic_conn.h
index cd036d5997ddc7a8f6584690ee9f2e3d85271a61..a9edd97d2284edda99969cc774605a8315543383 100644 (file)
--- a/include/haproxy/quic_conn.h
+++ b/include/haproxy/quic_conn.h
@@ -55,7 +55,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf);
 /* Return the long packet type matching with <qv> version and <type> */
 static inline int quic_pkt_type(int type, uint32_t version)
 {
-       if (version != QUIC_PROTOCOL_VERSION_2_DRAFT)
+       if (version != QUIC_PROTOCOL_VERSION_2)
                return type;
 
        switch (type) {

diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h
index 3c0448fe964d1c9ae1389ec35baf9ba908b90561..875a2634a579bb47aaf6fb1af974bff5f6459d9e 100644 (file)
--- a/include/haproxy/quic_tls-t.h
+++ b/include/haproxy/quic_tls-t.h
@@ -70,10 +70,10 @@ extern struct pool_head *pool_head_quic_tls_key;
        "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e"
 #define QUIC_TLS_RETRY_NONCE_V1 \
        "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb"
-#define QUIC_TLS_RETRY_KEY_V2_DRAFT \
-       "\xba\x85\x8d\xc7\xb4\x3d\xe5\xdb\xf8\x76\x17\xff\x4a\xb2\x53\xdb"
-#define QUIC_TLS_RETRY_NONCE_V2_DRAFT \
-       "\x14\x1b\x99\xc2\x39\xb0\x3e\x78\x5d\x6a\x2e\x9f"
+#define QUIC_TLS_RETRY_KEY_V2 \
+       "\x8f\xb4\xb0\x1b\x56\xac\x48\xe2\x60\xfb\xcb\xce\xad\x7c\xcc\x92"
+#define QUIC_TLS_RETRY_NONCE_V2 \
+       "\xd8\x69\x69\xbc\x2d\x7c\x6d\x99\x90\xef\xb0\x4a"
 
 /* QUIC handshake states for both clients and servers. */
 enum quic_handshake_state {
@@ -114,7 +114,7 @@ enum quic_tls_pktns {
 extern unsigned char initial_salt[20];
 extern const unsigned char initial_salt_draft_29[20];
 extern const unsigned char initial_salt_v1[20];
-extern const unsigned char initial_salt_v2_draft[20];
+extern const unsigned char initial_salt_v2[20];
 
 /* Key phase used for Key Update */
 struct quic_tls_kp {

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 018ccfd2165f11b14bc0a112e1ff2261dd7b6fbe..d4a9c18f5d25bd24b6c2833063929d07f61a074c 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -93,9 +93,9 @@ const struct quic_version quic_versions[] = {
                .retry_tag_nonce  = (const unsigned char *)QUIC_TLS_RETRY_NONCE_V1,
        },
        {
-               .num              = QUIC_PROTOCOL_VERSION_2_DRAFT,
-               .initial_salt     = initial_salt_v2_draft,
-               .initial_salt_len = sizeof initial_salt_v2_draft,
+               .num              = QUIC_PROTOCOL_VERSION_2,
+               .initial_salt     = initial_salt_v2,
+               .initial_salt_len = sizeof initial_salt_v2,
                .key_label        = (const unsigned char *)QUIC_HKDF_KEY_LABEL_V2,
                .key_label_len    = sizeof(QUIC_HKDF_KEY_LABEL_V2) - 1,
                .iv_label         = (const unsigned char *)QUIC_HKDF_IV_LABEL_V2,
@@ -104,8 +104,8 @@ const struct quic_version quic_versions[] = {
                .hp_label_len     = sizeof(QUIC_HKDF_HP_LABEL_V2) - 1,
                .ku_label         = (const unsigned char *)QUIC_HKDF_KU_LABEL_V2,
                .ku_label_len     = sizeof(QUIC_HKDF_KU_LABEL_V2) - 1,
-               .retry_tag_key    = (const unsigned char *)QUIC_TLS_RETRY_KEY_V2_DRAFT,
-               .retry_tag_nonce  = (const unsigned char *)QUIC_TLS_RETRY_NONCE_V2_DRAFT,
+               .retry_tag_key    = (const unsigned char *)QUIC_TLS_RETRY_KEY_V2,
+               .retry_tag_nonce  = (const unsigned char *)QUIC_TLS_RETRY_NONCE_V2,
        },
 };
 
@@ -5341,7 +5341,7 @@ static inline int qc_parse_hd_form(struct quic_rx_packet *pkt,
                        goto out;
                }
 
-               if (*version != QUIC_PROTOCOL_VERSION_2_DRAFT) {
+               if (*version != QUIC_PROTOCOL_VERSION_2) {
                        pkt->type = type;
                }
                else {

diff --git a/src/quic_tls.c b/src/quic_tls.c
index 7d2d2c1a47ef0bb60a13c35a1fdd6bed9a584623..199e55c31dbcb6642cc76932d2bb990e29cf16ed 100644 (file)
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -31,10 +31,10 @@ const unsigned char initial_salt_v1[20] = {
        0xcc, 0xbb, 0x7f, 0x0a
 };
 
-const unsigned char initial_salt_v2_draft[20] = {
-       0xa7, 0x07, 0xc2, 0x03, 0xa5, 0x9b, 0x47, 0x18,
-       0x4a, 0x1d, 0x62, 0xca, 0x57, 0x04, 0x06, 0xea,
-       0x7a, 0xe3, 0xe5, 0xd3
+const unsigned char initial_salt_v2[20] = {
+       0x0d, 0xed, 0xe3, 0xde, 0xf7, 0x00, 0xa6, 0xdb,
+       0x81, 0x93, 0x81, 0xbe, 0x6e, 0x26, 0x9d, 0xcb,
+       0xf9, 0xbd, 0x2e, 0xd9
 };
 
 /* Dump the RX/TX secrets of <secs> QUIC TLS secrets. */