s2n_quic_core/crypto/
retry.rs

1// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4use crate::crypto::packet_protection;
5use hex_literal::hex;
6
7pub const INTEGRITY_TAG_LEN: usize = 16;
8pub type IntegrityTag = [u8; INTEGRITY_TAG_LEN];
9
10pub trait RetryKey {
11    fn generate_tag(payload: &[u8]) -> IntegrityTag;
12    fn validate(payload: &[u8], tag: IntegrityTag) -> Result<(), packet_protection::Error>;
13}
14
15//= https://www.rfc-editor.org/rfc/rfc9001#section-5.8
16//# The Retry Integrity Tag is a 128-bit field that is computed as the
17//# output of AEAD_AES_128_GCM [AEAD] used with the following inputs:
18//#
19//# *  The secret key, K, is 128 bits equal to
20//#    0xbe0c690b9f66575a1d766b54e368c84e.
21//#
22pub const SECRET_KEY_BYTES: [u8; 16] = hex!("be0c690b9f66575a1d766b54e368c84e");
23
24//= https://www.rfc-editor.org/rfc/rfc9001#section-5.8
25//#   *  The nonce, N, is 96 bits equal to 0x461599d35d632bf2239825bb.
26
27pub const NONCE_BYTES: [u8; 12] = hex!("461599d35d632bf2239825bb");
28
29pub mod example {
30    use super::*;
31
32    pub const INVALID_PACKET_NO_TOKEN_LEN: usize = 31;
33    pub const INVALID_PACKET_NO_TOKEN: [u8; INVALID_PACKET_NO_TOKEN_LEN] = hex!(
34        "
35        ff 00000001 00 08 f067a5502a4262b5 59756519dd6cc85bd90e33a9
36        34d2ff85
37        "
38    );
39    pub const PACKET_LEN: usize = 36;
40
41    //= https://www.rfc-editor.org/rfc/rfc9001#appendix-A.4
42    //# This shows a Retry packet that might be sent in response to the
43    //# Initial packet in Appendix A.2.  The integrity check includes the
44    //# client-chosen connection ID value of 0x8394c8f03e515708, but that
45    //# value is not included in the final Retry packet:
46    //#
47    //# ff000000010008f067a5502a4262b574 6f6b656e04a265ba2eff4d829058fb3f
48    //# 0f2496ba
49    pub const PACKET: [u8; PACKET_LEN] = hex!(
50        "
51        ff000000010008f067a5502a4262b574 6f6b656e04a265ba2eff4d829058fb3f
52        0f2496ba
53        "
54    );
55
56    pub const PSEUDO_PACKET: [u8; 29] =
57        hex!("088394c8f03e515708 ff00000001 00 08f067a5502a4262b5 746f6b656e");
58
59    pub const EXPECTED_TAG: [u8; 16] = hex!("04a265ba2eff4d829058fb3f0f2496ba");
60
61    // The server sends an empty destination connection ID back to the client
62    pub const DCID: [u8; 0] = hex!("");
63
64    // This is the destination connection generated locally in the server
65    // The Retry Packet should have this as the source connection ID
66    pub const SCID: [u8; 8] = hex!("f067a5502a4262b5");
67
68    //= https://www.rfc-editor.org/rfc/rfc9001#appendix-A
69    //# These packets use an 8-byte client-chosen Destination Connection ID
70    //# of 0x8394c8f03e515708.
71
72    pub const ODCID: [u8; 8] = hex!("8394c8f03e515708");
73
74    pub const VERSION: u32 = 0x1;
75
76    pub const TOKEN: [u8; 5] = hex!("746f6b656e");
77
78    pub const TOKEN_LEN: usize = 5;
79}