1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef QUICHE_QUIC_CORE_CRYPTO_CRYPTO_PROTOCOL_H_ 6 #define QUICHE_QUIC_CORE_CRYPTO_CRYPTO_PROTOCOL_H_ 7 8 #include <cstddef> 9 #include <string> 10 11 #include "net/third_party/quiche/src/quic/core/quic_tag.h" 12 13 // Version and Crypto tags are written to the wire with a big-endian 14 // representation of the name of the tag. For example 15 // the client hello tag (CHLO) will be written as the 16 // following 4 bytes: 'C' 'H' 'L' 'O'. Since it is 17 // stored in memory as a little endian uint32_t, we need 18 // to reverse the order of the bytes. 19 // 20 // We use a macro to ensure that no static initialisers are created. Use the 21 // MakeQuicTag function in normal code. 22 #define TAG(a, b, c, d) \ 23 static_cast<QuicTag>((d << 24) + (c << 16) + (b << 8) + a) 24 25 namespace quic { 26 27 using ServerConfigID = std::string; 28 29 // The following tags have been deprecated and should not be reused: 30 // "1CON", "BBQ4", "NCON", "RCID", "SREJ", "TBKP", "TB10", "SCLS", "SMHL", 31 // "QNZR", "B2HI" 32 33 // clang-format off 34 const QuicTag kCHLO = TAG('C', 'H', 'L', 'O'); // Client hello 35 const QuicTag kSHLO = TAG('S', 'H', 'L', 'O'); // Server hello 36 const QuicTag kSCFG = TAG('S', 'C', 'F', 'G'); // Server config 37 const QuicTag kREJ = TAG('R', 'E', 'J', '\0'); // Reject 38 const QuicTag kCETV = TAG('C', 'E', 'T', 'V'); // Client encrypted tag-value 39 // pairs 40 const QuicTag kPRST = TAG('P', 'R', 'S', 'T'); // Public reset 41 const QuicTag kSCUP = TAG('S', 'C', 'U', 'P'); // Server config update 42 const QuicTag kALPN = TAG('A', 'L', 'P', 'N'); // Application-layer protocol 43 44 // Key exchange methods 45 const QuicTag kP256 = TAG('P', '2', '5', '6'); // ECDH, Curve P-256 46 const QuicTag kC255 = TAG('C', '2', '5', '5'); // ECDH, Curve25519 47 48 // AEAD algorithms 49 const QuicTag kAESG = TAG('A', 'E', 'S', 'G'); // AES128 + GCM-12 50 const QuicTag kCC20 = TAG('C', 'C', '2', '0'); // ChaCha20 + Poly1305 RFC7539 51 52 // Congestion control feedback types 53 const QuicTag kQBIC = TAG('Q', 'B', 'I', 'C'); // TCP cubic 54 55 // Connection options (COPT) values 56 const QuicTag kAFCW = TAG('A', 'F', 'C', 'W'); // Auto-tune flow control 57 // receive windows. 58 const QuicTag kIFW5 = TAG('I', 'F', 'W', '5'); // Set initial size 59 // of stream flow control 60 // receive window to 61 // 32KB. (2^5 KB). 62 const QuicTag kIFW6 = TAG('I', 'F', 'W', '6'); // Set initial size 63 // of stream flow control 64 // receive window to 65 // 64KB. (2^6 KB). 66 const QuicTag kIFW7 = TAG('I', 'F', 'W', '7'); // Set initial size 67 // of stream flow control 68 // receive window to 69 // 128KB. (2^7 KB). 70 const QuicTag kIFW8 = TAG('I', 'F', 'W', '8'); // Set initial size 71 // of stream flow control 72 // receive window to 73 // 256KB. (2^8 KB). 74 const QuicTag kIFW9 = TAG('I', 'F', 'W', '9'); // Set initial size 75 // of stream flow control 76 // receive window to 77 // 512KB. (2^9 KB). 78 const QuicTag kIFWA = TAG('I', 'F', 'W', 'a'); // Set initial size 79 // of stream flow control 80 // receive window to 81 // 1MB. (2^0xa KB). 82 const QuicTag kTBBR = TAG('T', 'B', 'B', 'R'); // Reduced Buffer Bloat TCP 83 const QuicTag k1RTT = TAG('1', 'R', 'T', 'T'); // STARTUP in BBR for 1 RTT 84 const QuicTag k2RTT = TAG('2', 'R', 'T', 'T'); // STARTUP in BBR for 2 RTTs 85 const QuicTag kLRTT = TAG('L', 'R', 'T', 'T'); // Exit STARTUP in BBR on loss 86 const QuicTag kBBS1 = TAG('B', 'B', 'S', '1'); // DEPRECATED 87 const QuicTag kBBS2 = TAG('B', 'B', 'S', '2'); // More aggressive packet 88 // conservation in BBR STARTUP 89 const QuicTag kBBS3 = TAG('B', 'B', 'S', '3'); // Slowstart packet 90 // conservation in BBR STARTUP 91 const QuicTag kBBS4 = TAG('B', 'B', 'S', '4'); // DEPRECATED 92 const QuicTag kBBS5 = TAG('B', 'B', 'S', '5'); // DEPRECATED 93 const QuicTag kBBRR = TAG('B', 'B', 'R', 'R'); // Rate-based recovery in BBR 94 const QuicTag kBBR1 = TAG('B', 'B', 'R', '1'); // DEPRECATED 95 const QuicTag kBBR2 = TAG('B', 'B', 'R', '2'); // DEPRECATED 96 const QuicTag kBBR3 = TAG('B', 'B', 'R', '3'); // Fully drain the queue once 97 // per cycle 98 const QuicTag kBBR4 = TAG('B', 'B', 'R', '4'); // 20 RTT ack aggregation 99 const QuicTag kBBR5 = TAG('B', 'B', 'R', '5'); // 40 RTT ack aggregation 100 const QuicTag kBBR9 = TAG('B', 'B', 'R', '9'); // DEPRECATED 101 const QuicTag kBBRS = TAG('B', 'B', 'R', 'S'); // DEPRECATED 102 const QuicTag kBBQ1 = TAG('B', 'B', 'Q', '1'); // BBR with lower 2.77 STARTUP 103 // pacing and CWND gain. 104 const QuicTag kBBQ2 = TAG('B', 'B', 'Q', '2'); // BBRv2 with 2.885 STARTUP and 105 // DRAIN CWND gain. 106 const QuicTag kBBQ3 = TAG('B', 'B', 'Q', '3'); // BBR with ack aggregation 107 // compensation in STARTUP. 108 const QuicTag kBBQ5 = TAG('B', 'B', 'Q', '5'); // Expire ack aggregation upon 109 // bandwidth increase in 110 // STARTUP. 111 const QuicTag kRENO = TAG('R', 'E', 'N', 'O'); // Reno Congestion Control 112 const QuicTag kTPCC = TAG('P', 'C', 'C', '\0'); // Performance-Oriented 113 // Congestion Control 114 const QuicTag kBYTE = TAG('B', 'Y', 'T', 'E'); // TCP cubic or reno in bytes 115 const QuicTag kIW03 = TAG('I', 'W', '0', '3'); // Force ICWND to 3 116 const QuicTag kIW10 = TAG('I', 'W', '1', '0'); // Force ICWND to 10 117 const QuicTag kIW20 = TAG('I', 'W', '2', '0'); // Force ICWND to 20 118 const QuicTag kIW50 = TAG('I', 'W', '5', '0'); // Force ICWND to 50 119 const QuicTag kB2ON = TAG('B', '2', 'O', 'N'); // Enable BBRv2 120 const QuicTag kB2NA = TAG('B', '2', 'N', 'A'); // For BBRv2, do not add ack 121 // height to queueing threshold 122 const QuicTag kB2NE = TAG('B', '2', 'N', 'E'); // For BBRv2, do not exit 123 // STARTUP if there's enough 124 // bandwidth growth 125 const QuicTag kB2RP = TAG('B', '2', 'R', 'P'); // For BBRv2, run PROBE_RTT on 126 // the regular schedule 127 const QuicTag kB2CL = TAG('B', '2', 'C', 'L'); // For BBRv2, allow PROBE_BW 128 // cwnd to be below BDP + ack 129 // height. 130 const QuicTag kB2LO = TAG('B', '2', 'L', 'O'); // Ignore inflight_lo in BBR2 131 const QuicTag kB2HR = TAG('B', '2', 'H', 'R'); // 15% inflight_hi headroom. 132 const QuicTag kB2SL = TAG('B', '2', 'S', 'L'); // When exiting STARTUP due to 133 // loss, set inflight_hi to the 134 // max of bdp and max bytes 135 // delivered in round. 136 const QuicTag kB2H2 = TAG('B', '2', 'H', '2'); // When exiting PROBE_UP due to 137 // loss, set inflight_hi to the 138 // max of inflight@send and max 139 // bytes delivered in round. 140 const QuicTag kBSAO = TAG('B', 'S', 'A', 'O'); // Avoid Overestimation in 141 // Bandwidth Sampler with ack 142 // aggregation 143 const QuicTag kNTLP = TAG('N', 'T', 'L', 'P'); // No tail loss probe 144 const QuicTag k1TLP = TAG('1', 'T', 'L', 'P'); // 1 tail loss probe 145 const QuicTag k1RTO = TAG('1', 'R', 'T', 'O'); // Send 1 packet upon RTO 146 const QuicTag kNRTO = TAG('N', 'R', 'T', 'O'); // CWND reduction on loss 147 const QuicTag kTIME = TAG('T', 'I', 'M', 'E'); // Time based loss detection 148 const QuicTag kATIM = TAG('A', 'T', 'I', 'M'); // Adaptive time loss detection 149 const QuicTag kMIN1 = TAG('M', 'I', 'N', '1'); // Min CWND of 1 packet 150 const QuicTag kMIN4 = TAG('M', 'I', 'N', '4'); // Min CWND of 4 packets, 151 // with a min rate of 1 BDP. 152 const QuicTag kTLPR = TAG('T', 'L', 'P', 'R'); // Tail loss probe delay of 153 // 0.5RTT. 154 const QuicTag kMAD0 = TAG('M', 'A', 'D', '0'); // Ignore ack delay 155 const QuicTag kMAD1 = TAG('M', 'A', 'D', '1'); // 25ms initial max ack delay 156 const QuicTag kMAD2 = TAG('M', 'A', 'D', '2'); // No min TLP 157 const QuicTag kMAD3 = TAG('M', 'A', 'D', '3'); // No min RTO 158 const QuicTag kMAD4 = TAG('M', 'A', 'D', '4'); // IETF style TLP 159 const QuicTag kMAD5 = TAG('M', 'A', 'D', '5'); // IETF style TLP with 2x mult 160 const QuicTag k1ACK = TAG('1', 'A', 'C', 'K'); // 1 fast ack for reordering 161 const QuicTag kACD0 = TAG('A', 'D', 'D', '0'); // Disable ack decimation 162 const QuicTag kACKD = TAG('A', 'C', 'K', 'D'); // Ack decimation style acking. 163 const QuicTag kAKD2 = TAG('A', 'K', 'D', '2'); // Ack decimation tolerating 164 // out of order packets. 165 const QuicTag kAKD3 = TAG('A', 'K', 'D', '3'); // Ack decimation style acking 166 // with 1/8 RTT acks. 167 const QuicTag kAKD4 = TAG('A', 'K', 'D', '4'); // Ack decimation with 1/8 RTT 168 // tolerating out of order. 169 const QuicTag kAKDU = TAG('A', 'K', 'D', 'U'); // Unlimited number of packets 170 // received before acking 171 const QuicTag kACKQ = TAG('A', 'C', 'K', 'Q'); // Send an immediate ack after 172 // 1 RTT of not receiving. 173 const QuicTag kAFFE = TAG('A', 'F', 'F', 'E'); // Enable client receiving 174 // AckFrequencyFrame. 175 const QuicTag kAFF1 = TAG('A', 'F', 'F', '1'); // Use SRTT in building 176 // AckFrequencyFrame. 177 const QuicTag kAFF2 = TAG('A', 'F', 'F', '2'); // Send AckFrequencyFrame upon 178 // handshake completion. 179 const QuicTag kSSLR = TAG('S', 'S', 'L', 'R'); // Slow Start Large Reduction. 180 const QuicTag kNPRR = TAG('N', 'P', 'R', 'R'); // Pace at unity instead of PRR 181 const QuicTag k2RTO = TAG('2', 'R', 'T', 'O'); // Close connection on 2 RTOs 182 const QuicTag k3RTO = TAG('3', 'R', 'T', 'O'); // Close connection on 3 RTOs 183 const QuicTag k4RTO = TAG('4', 'R', 'T', 'O'); // Close connection on 4 RTOs 184 const QuicTag k5RTO = TAG('5', 'R', 'T', 'O'); // Close connection on 5 RTOs 185 const QuicTag k6RTO = TAG('6', 'R', 'T', 'O'); // Close connection on 6 RTOs 186 const QuicTag kCBHD = TAG('C', 'B', 'H', 'D'); // Client only blackhole 187 // detection. 188 const QuicTag kNBHD = TAG('N', 'B', 'H', 'D'); // No blackhole detection. 189 const QuicTag kCONH = TAG('C', 'O', 'N', 'H'); // Conservative Handshake 190 // Retransmissions. 191 const QuicTag kLFAK = TAG('L', 'F', 'A', 'K'); // Don't invoke FACK on the 192 // first ack. 193 const QuicTag kSTMP = TAG('S', 'T', 'M', 'P'); // Send and process timestamps 194 const QuicTag kEACK = TAG('E', 'A', 'C', 'K'); // Bundle ack-eliciting frame 195 // with an ACK after PTO/RTO 196 197 const QuicTag kILD0 = TAG('I', 'L', 'D', '0'); // IETF style loss detection 198 // (default with 1/8 RTT time 199 // threshold) 200 const QuicTag kILD1 = TAG('I', 'L', 'D', '1'); // IETF style loss detection 201 // with 1/4 RTT time threshold 202 const QuicTag kILD2 = TAG('I', 'L', 'D', '2'); // IETF style loss detection 203 // with adaptive packet 204 // threshold 205 const QuicTag kILD3 = TAG('I', 'L', 'D', '3'); // IETF style loss detection 206 // with 1/4 RTT time threshold 207 // and adaptive packet 208 // threshold 209 const QuicTag kILD4 = TAG('I', 'L', 'D', '4'); // IETF style loss detection 210 // with both adaptive time 211 // threshold (default 1/4 RTT) 212 // and adaptive packet 213 // threshold 214 const QuicTag kRUNT = TAG('R', 'U', 'N', 'T'); // No packet threshold loss 215 // detection for "runt" packet. 216 const QuicTag kNSTP = TAG('N', 'S', 'T', 'P'); // No stop waiting frames. 217 const QuicTag kNRTT = TAG('N', 'R', 'T', 'T'); // Ignore initial RTT 218 219 const QuicTag k1PTO = TAG('1', 'P', 'T', 'O'); // Send 1 packet upon PTO. 220 const QuicTag k2PTO = TAG('2', 'P', 'T', 'O'); // Send 2 packets upon PTO. 221 222 const QuicTag k6PTO = TAG('6', 'P', 'T', 'O'); // Closes connection on 6 223 // consecutive PTOs. 224 const QuicTag k7PTO = TAG('7', 'P', 'T', 'O'); // Closes connection on 7 225 // consecutive PTOs. 226 const QuicTag k8PTO = TAG('8', 'P', 'T', 'O'); // Closes connection on 8 227 // consecutive PTOs. 228 const QuicTag kPTOS = TAG('P', 'T', 'O', 'S'); // Skip packet number before 229 // sending the last PTO. 230 const QuicTag kPTOA = TAG('P', 'T', 'O', 'A'); // Do not add max ack delay 231 // when computing PTO timeout 232 // if an immediate ACK is 233 // expected. 234 const QuicTag kPEB1 = TAG('P', 'E', 'B', '1'); // Start exponential backoff 235 // since 1st PTO. 236 const QuicTag kPEB2 = TAG('P', 'E', 'B', '2'); // Start exponential backoff 237 // since 2nd PTO. 238 const QuicTag kPVS1 = TAG('P', 'V', 'S', '1'); // Use 2 * rttvar when 239 // calculating PTO timeout. 240 const QuicTag kPAG1 = TAG('P', 'A', 'G', '1'); // Make 1st PTO more aggressive 241 const QuicTag kPAG2 = TAG('P', 'A', 'G', '2'); // Make first 2 PTOs more 242 // aggressive 243 const QuicTag kPSDA = TAG('P', 'S', 'D', 'A'); // Use standard deviation when 244 // calculating PTO timeout. 245 const QuicTag kPLE1 = TAG('P', 'L', 'E', '1'); // Arm the 1st PTO with 246 // earliest in flight sent time 247 // and at least 0.5*srtt from 248 // last sent packet. 249 const QuicTag kPLE2 = TAG('P', 'L', 'E', '2'); // Arm the 1st PTO with 250 // earliest in flight sent time 251 // and at least 1.5*srtt from 252 // last sent packet. 253 const QuicTag kAPTO = TAG('A', 'P', 'T', 'O'); // Use 1.5 * initial RTT before 254 // any RTT sample is available. 255 256 const QuicTag kELDT = TAG('E', 'L', 'D', 'T'); // Enable Loss Detection Tuning 257 258 // Optional support of truncated Connection IDs. If sent by a peer, the value 259 // is the minimum number of bytes allowed for the connection ID sent to the 260 // peer. 261 const QuicTag kTCID = TAG('T', 'C', 'I', 'D'); // Connection ID truncation. 262 263 // Multipath option. 264 const QuicTag kMPTH = TAG('M', 'P', 'T', 'H'); // Enable multipath. 265 266 const QuicTag kNCMR = TAG('N', 'C', 'M', 'R'); // Do not attempt connection 267 // migration. 268 269 // Disable Pacing offload option. 270 const QuicTag kNPCO = TAG('N', 'P', 'C', 'O'); // No pacing offload. 271 272 // Enable bandwidth resumption experiment. 273 const QuicTag kBWRE = TAG('B', 'W', 'R', 'E'); // Bandwidth resumption. 274 const QuicTag kBWMX = TAG('B', 'W', 'M', 'X'); // Max bandwidth resumption. 275 const QuicTag kBWRS = TAG('B', 'W', 'R', 'S'); // Server bandwidth resumption. 276 const QuicTag kBWS2 = TAG('B', 'W', 'S', '2'); // Server bw resumption v2. 277 const QuicTag kBWS3 = TAG('B', 'W', 'S', '3'); // QUIC Initial CWND - Control. 278 const QuicTag kBWS4 = TAG('B', 'W', 'S', '4'); // QUIC Initial CWND - Enabled. 279 const QuicTag kBWS5 = TAG('B', 'W', 'S', '5'); // QUIC Initial CWND up and down 280 const QuicTag kBWS6 = TAG('B', 'W', 'S', '6'); // QUIC Initial CWND - Enabled 281 // with 0.5 * default 282 // multiplier. 283 const QuicTag kBWP0 = TAG('B', 'W', 'P', '0'); // QUIC Initial CWND - SPDY 284 // priority 0. 285 const QuicTag kBWP1 = TAG('B', 'W', 'P', '1'); // QUIC Initial CWND - SPDY 286 // priorities 0 and 1. 287 const QuicTag kBWP2 = TAG('B', 'W', 'P', '2'); // QUIC Initial CWND - SPDY 288 // priorities 0, 1 and 2. 289 const QuicTag kBWP3 = TAG('B', 'W', 'P', '3'); // QUIC Initial CWND - SPDY 290 // priorities 0, 1, 2 and 3. 291 const QuicTag kBWP4 = TAG('B', 'W', 'P', '4'); // QUIC Initial CWND - SPDY 292 // priorities >= 0, 1, 2, 3 and 293 // 4. 294 const QuicTag kBWG4 = TAG('B', 'W', 'G', '4'); // QUIC Initial CWND - 295 // Bandwidth model 1. 296 const QuicTag kBWG7 = TAG('B', 'W', 'G', '7'); // QUIC Initial CWND - 297 // Bandwidth model 2. 298 const QuicTag kBWG8 = TAG('B', 'W', 'G', '8'); // QUIC Initial CWND - 299 // Bandwidth model 3. 300 const QuicTag kBWS7 = TAG('B', 'W', 'S', '7'); // QUIC Initial CWND - Enabled 301 // with 0.75 * default 302 // multiplier. 303 const QuicTag kBWM3 = TAG('B', 'W', 'M', '3'); // Consider overshooting if 304 // bytes lost after bandwidth 305 // resumption * 3 > IW. 306 const QuicTag kBWM4 = TAG('B', 'W', 'M', '4'); // Consider overshooting if 307 // bytes lost after bandwidth 308 // resumption * 4 > IW. 309 const QuicTag kICW1 = TAG('I', 'C', 'W', '1'); // Max initial congestion window 310 // 100. 311 const QuicTag kDTOS = TAG('D', 'T', 'O', 'S'); // Enable overshooting 312 // detection. 313 314 const QuicTag kFIDT = TAG('F', 'I', 'D', 'T'); // Extend idle timer by PTO 315 // instead of the whole idle 316 // timeout. 317 318 const QuicTag k3AFF = TAG('3', 'A', 'F', 'F'); // 3 anti amplification factor. 319 const QuicTag k10AF = TAG('1', '0', 'A', 'F'); // 10 anti amplification factor. 320 321 // Enable path MTU discovery experiment. 322 const QuicTag kMTUH = TAG('M', 'T', 'U', 'H'); // High-target MTU discovery. 323 const QuicTag kMTUL = TAG('M', 'T', 'U', 'L'); // Low-target MTU discovery. 324 325 // Enable Priority scheme experiment. 326 const QuicTag kH2PR = TAG('H', '2', 'P', 'R'); // HTTP2 priorities. 327 const QuicTag kFIFO = TAG('F', 'I', 'F', 'O'); // Stream with the smallest ID 328 // has the highest priority. 329 const QuicTag kLIFO = TAG('L', 'I', 'F', 'O'); // Stream with the largest ID 330 // has the highest priority. 331 const QuicTag kRRWS = TAG('R', 'R', 'W', 'S'); // Round robin write scheduling. 332 333 const QuicTag kNSLC = TAG('N', 'S', 'L', 'C'); // Always send connection close 334 // for idle timeout. 335 336 // Proof types (i.e. certificate types) 337 // NOTE: although it would be silly to do so, specifying both kX509 and kX59R 338 // is allowed and is equivalent to specifying only kX509. 339 const QuicTag kX509 = TAG('X', '5', '0', '9'); // X.509 certificate, all key 340 // types 341 const QuicTag kX59R = TAG('X', '5', '9', 'R'); // X.509 certificate, RSA keys 342 // only 343 const QuicTag kCHID = TAG('C', 'H', 'I', 'D'); // Channel ID. 344 345 // Client hello tags 346 const QuicTag kVER = TAG('V', 'E', 'R', '\0'); // Version 347 const QuicTag kNONC = TAG('N', 'O', 'N', 'C'); // The client's nonce 348 const QuicTag kNONP = TAG('N', 'O', 'N', 'P'); // The client's proof nonce 349 const QuicTag kKEXS = TAG('K', 'E', 'X', 'S'); // Key exchange methods 350 const QuicTag kAEAD = TAG('A', 'E', 'A', 'D'); // Authenticated 351 // encryption algorithms 352 const QuicTag kCOPT = TAG('C', 'O', 'P', 'T'); // Connection options 353 const QuicTag kCLOP = TAG('C', 'L', 'O', 'P'); // Client connection options 354 const QuicTag kICSL = TAG('I', 'C', 'S', 'L'); // Idle network timeout 355 const QuicTag kMIBS = TAG('M', 'I', 'D', 'S'); // Max incoming bidi streams 356 const QuicTag kMIUS = TAG('M', 'I', 'U', 'S'); // Max incoming unidi streams 357 const QuicTag kADE = TAG('A', 'D', 'E', 0); // Ack Delay Exponent (IETF 358 // QUIC ACK Frame Only). 359 const QuicTag kIRTT = TAG('I', 'R', 'T', 'T'); // Estimated initial RTT in us. 360 const QuicTag kSNI = TAG('S', 'N', 'I', '\0'); // Server name 361 // indication 362 const QuicTag kPUBS = TAG('P', 'U', 'B', 'S'); // Public key values 363 const QuicTag kSCID = TAG('S', 'C', 'I', 'D'); // Server config id 364 const QuicTag kORBT = TAG('O', 'B', 'I', 'T'); // Server orbit. 365 const QuicTag kPDMD = TAG('P', 'D', 'M', 'D'); // Proof demand. 366 const QuicTag kPROF = TAG('P', 'R', 'O', 'F'); // Proof (signature). 367 const QuicTag kCCS = TAG('C', 'C', 'S', 0); // Common certificate set 368 const QuicTag kCCRT = TAG('C', 'C', 'R', 'T'); // Cached certificate 369 const QuicTag kEXPY = TAG('E', 'X', 'P', 'Y'); // Expiry 370 const QuicTag kSTTL = TAG('S', 'T', 'T', 'L'); // Server Config TTL 371 const QuicTag kSFCW = TAG('S', 'F', 'C', 'W'); // Initial stream flow control 372 // receive window. 373 const QuicTag kCFCW = TAG('C', 'F', 'C', 'W'); // Initial session/connection 374 // flow control receive window. 375 const QuicTag kUAID = TAG('U', 'A', 'I', 'D'); // Client's User Agent ID. 376 const QuicTag kXLCT = TAG('X', 'L', 'C', 'T'); // Expected leaf certificate. 377 const QuicTag kQLVE = TAG('Q', 'L', 'V', 'E'); // Legacy Version 378 // Encapsulation. 379 380 const QuicTag kQNZ2 = TAG('Q', 'N', 'Z', '2'); // Turn off QUIC crypto 0-RTT. 381 382 const QuicTag kQNSP = TAG('Q', 'N', 'S', 'P'); // Turn off server push in 383 // gQUIC. 384 385 const QuicTag kMAD = TAG('M', 'A', 'D', 0); // Max Ack Delay (IETF QUIC) 386 387 // Rejection tags 388 const QuicTag kRREJ = TAG('R', 'R', 'E', 'J'); // Reasons for server sending 389 390 // Server hello tags 391 const QuicTag kCADR = TAG('C', 'A', 'D', 'R'); // Client IP address and port 392 const QuicTag kASAD = TAG('A', 'S', 'A', 'D'); // Alternate Server IP address 393 // and port. 394 const QuicTag kSRST = TAG('S', 'R', 'S', 'T'); // Stateless reset token used 395 // in IETF public reset packet 396 397 // CETV tags 398 const QuicTag kCIDK = TAG('C', 'I', 'D', 'K'); // ChannelID key 399 const QuicTag kCIDS = TAG('C', 'I', 'D', 'S'); // ChannelID signature 400 401 // Public reset tags 402 const QuicTag kRNON = TAG('R', 'N', 'O', 'N'); // Public reset nonce proof 403 const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q'); // Rejected packet number 404 405 // Universal tags 406 const QuicTag kPAD = TAG('P', 'A', 'D', '\0'); // Padding 407 408 // Stats collection tags 409 const QuicTag kEPID = TAG('E', 'P', 'I', 'D'); // Endpoint identifier. 410 411 // clang-format on 412 413 // These tags have a special form so that they appear either at the beginning 414 // or the end of a handshake message. Since handshake messages are sorted by 415 // tag value, the tags with 0 at the end will sort first and those with 255 at 416 // the end will sort last. 417 // 418 // The certificate chain should have a tag that will cause it to be sorted at 419 // the end of any handshake messages because it's likely to be large and the 420 // client might be able to get everything that it needs from the small values at 421 // the beginning. 422 // 423 // Likewise tags with random values should be towards the beginning of the 424 // message because the server mightn't hold state for a rejected client hello 425 // and therefore the client may have issues reassembling the rejection message 426 // in the event that it sent two client hellos. 427 const QuicTag kServerNonceTag = TAG('S', 'N', 'O', 0); // The server's nonce 428 const QuicTag kSourceAddressTokenTag = 429 TAG('S', 'T', 'K', 0); // Source-address token 430 const QuicTag kCertificateTag = TAG('C', 'R', 'T', 255); // Certificate chain 431 const QuicTag kCertificateSCTTag = 432 TAG('C', 'S', 'C', 'T'); // Signed cert timestamp (RFC6962) of leaf cert. 433 434 #undef TAG 435 436 const size_t kMaxEntries = 128; // Max number of entries in a message. 437 438 const size_t kNonceSize = 32; // Size in bytes of the connection nonce. 439 440 const size_t kOrbitSize = 8; // Number of bytes in an orbit value. 441 442 // kProofSignatureLabel is prepended to the CHLO hash and server configs before 443 // signing to avoid any cross-protocol attacks on the signature. 444 const char kProofSignatureLabel[] = "QUIC CHLO and server config signature"; 445 446 // kClientHelloMinimumSize is the minimum size of a client hello. Client hellos 447 // will have PAD tags added in order to ensure this minimum is met and client 448 // hellos smaller than this will be an error. This minimum size reduces the 449 // amplification factor of any mirror DoS attack. 450 // 451 // A client may pad an inchoate client hello to a size larger than 452 // kClientHelloMinimumSize to make it more likely to receive a complete 453 // rejection message. 454 const size_t kClientHelloMinimumSize = 1024; 455 456 } // namespace quic 457 458 #endif // QUICHE_QUIC_CORE_CRYPTO_CRYPTO_PROTOCOL_H_ 459