diff --git a/include/haproxy/quic_conn-t.h b/include/haproxy/quic_conn-t.h index 44ae6a489..3ea42ea43 100644 --- a/include/haproxy/quic_conn-t.h +++ b/include/haproxy/quic_conn-t.h @@ -47,7 +47,7 @@ typedef unsigned long long ull; #define QUIC_PROTOCOL_VERSION_DRAFT_29 0xff00001d /* draft-29 */ #define QUIC_PROTOCOL_VERSION_1 0x00000001 /* V1 */ -#define QUIC_PROTOCOL_VERSION_2_DRAFT 0x709a50c4 /* V2 draft */ +#define QUIC_PROTOCOL_VERSION_2 0x6b3343cf /* V2 */ #define QUIC_INITIAL_IPV4_MTU 1252 /* (bytes) */ #define QUIC_INITIAL_IPV6_MTU 1232 diff --git a/include/haproxy/quic_conn.h b/include/haproxy/quic_conn.h index cd036d599..a9edd97d2 100644 --- a/include/haproxy/quic_conn.h +++ b/include/haproxy/quic_conn.h @@ -55,7 +55,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf); /* Return the long packet type matching with version and */ static inline int quic_pkt_type(int type, uint32_t version) { - if (version != QUIC_PROTOCOL_VERSION_2_DRAFT) + if (version != QUIC_PROTOCOL_VERSION_2) return type; switch (type) { diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h index 3c0448fe9..875a2634a 100644 --- a/include/haproxy/quic_tls-t.h +++ b/include/haproxy/quic_tls-t.h @@ -70,10 +70,10 @@ extern struct pool_head *pool_head_quic_tls_key; "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e" #define QUIC_TLS_RETRY_NONCE_V1 \ "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb" -#define QUIC_TLS_RETRY_KEY_V2_DRAFT \ - "\xba\x85\x8d\xc7\xb4\x3d\xe5\xdb\xf8\x76\x17\xff\x4a\xb2\x53\xdb" -#define QUIC_TLS_RETRY_NONCE_V2_DRAFT \ - "\x14\x1b\x99\xc2\x39\xb0\x3e\x78\x5d\x6a\x2e\x9f" +#define QUIC_TLS_RETRY_KEY_V2 \ + "\x8f\xb4\xb0\x1b\x56\xac\x48\xe2\x60\xfb\xcb\xce\xad\x7c\xcc\x92" +#define QUIC_TLS_RETRY_NONCE_V2 \ + "\xd8\x69\x69\xbc\x2d\x7c\x6d\x99\x90\xef\xb0\x4a" /* QUIC handshake states for both clients and servers. */ enum quic_handshake_state { @@ -114,7 +114,7 @@ enum quic_tls_pktns { extern unsigned char initial_salt[20]; extern const unsigned char initial_salt_draft_29[20]; extern const unsigned char initial_salt_v1[20]; -extern const unsigned char initial_salt_v2_draft[20]; +extern const unsigned char initial_salt_v2[20]; /* Key phase used for Key Update */ struct quic_tls_kp { diff --git a/src/quic_conn.c b/src/quic_conn.c index 018ccfd21..d4a9c18f5 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -93,9 +93,9 @@ const struct quic_version quic_versions[] = { .retry_tag_nonce = (const unsigned char *)QUIC_TLS_RETRY_NONCE_V1, }, { - .num = QUIC_PROTOCOL_VERSION_2_DRAFT, - .initial_salt = initial_salt_v2_draft, - .initial_salt_len = sizeof initial_salt_v2_draft, + .num = QUIC_PROTOCOL_VERSION_2, + .initial_salt = initial_salt_v2, + .initial_salt_len = sizeof initial_salt_v2, .key_label = (const unsigned char *)QUIC_HKDF_KEY_LABEL_V2, .key_label_len = sizeof(QUIC_HKDF_KEY_LABEL_V2) - 1, .iv_label = (const unsigned char *)QUIC_HKDF_IV_LABEL_V2, @@ -104,8 +104,8 @@ const struct quic_version quic_versions[] = { .hp_label_len = sizeof(QUIC_HKDF_HP_LABEL_V2) - 1, .ku_label = (const unsigned char *)QUIC_HKDF_KU_LABEL_V2, .ku_label_len = sizeof(QUIC_HKDF_KU_LABEL_V2) - 1, - .retry_tag_key = (const unsigned char *)QUIC_TLS_RETRY_KEY_V2_DRAFT, - .retry_tag_nonce = (const unsigned char *)QUIC_TLS_RETRY_NONCE_V2_DRAFT, + .retry_tag_key = (const unsigned char *)QUIC_TLS_RETRY_KEY_V2, + .retry_tag_nonce = (const unsigned char *)QUIC_TLS_RETRY_NONCE_V2, }, }; @@ -5341,7 +5341,7 @@ static inline int qc_parse_hd_form(struct quic_rx_packet *pkt, goto out; } - if (*version != QUIC_PROTOCOL_VERSION_2_DRAFT) { + if (*version != QUIC_PROTOCOL_VERSION_2) { pkt->type = type; } else { diff --git a/src/quic_tls.c b/src/quic_tls.c index 7d2d2c1a4..199e55c31 100644 --- a/src/quic_tls.c +++ b/src/quic_tls.c @@ -31,10 +31,10 @@ const unsigned char initial_salt_v1[20] = { 0xcc, 0xbb, 0x7f, 0x0a }; -const unsigned char initial_salt_v2_draft[20] = { - 0xa7, 0x07, 0xc2, 0x03, 0xa5, 0x9b, 0x47, 0x18, - 0x4a, 0x1d, 0x62, 0xca, 0x57, 0x04, 0x06, 0xea, - 0x7a, 0xe3, 0xe5, 0xd3 +const unsigned char initial_salt_v2[20] = { + 0x0d, 0xed, 0xe3, 0xde, 0xf7, 0x00, 0xa6, 0xdb, + 0x81, 0x93, 0x81, 0xbe, 0x6e, 0x26, 0x9d, 0xcb, + 0xf9, 0xbd, 0x2e, 0xd9 }; /* Dump the RX/TX secrets of QUIC TLS secrets. */