• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_QUIC_CORE_CRYPTO_CRYPTO_PROTOCOL_H_
6 #define QUICHE_QUIC_CORE_CRYPTO_CRYPTO_PROTOCOL_H_
7 
8 #include <cstddef>
9 #include <string>
10 
11 #include "quiche/quic/core/quic_tag.h"
12 
13 // Version and Crypto tags are written to the wire with a big-endian
14 // representation of the name of the tag.  For example
15 // the client hello tag (CHLO) will be written as the
16 // following 4 bytes: 'C' 'H' 'L' 'O'.  Since it is
17 // stored in memory as a little endian uint32_t, we need
18 // to reverse the order of the bytes.
19 //
20 // We use a macro to ensure that no static initialisers are created. Use the
21 // MakeQuicTag function in normal code.
22 #define TAG(a, b, c, d) \
23   static_cast<QuicTag>((d << 24) + (c << 16) + (b << 8) + a)
24 
25 namespace quic {
26 
27 using ServerConfigID = std::string;
28 
29 // The following tags have been deprecated and should not be reused:
30 // "1CON", "BBQ4", "NCON", "RCID", "SREJ", "TBKP", "TB10", "SCLS", "SMHL",
31 // "QNZR", "B2HI", "H2PR", "FIFO", "LIFO", "RRWS", "QNSP", "B2CL", "CHSP",
32 // "BPTE", "ACKD", "AKD2", "AKD4", "MAD1", "MAD4", "MAD5", "ACD0", "ACKQ",
33 // "TLPR", "CCS\0", "PDP4", "NCHP", "NBPE", "2RTO", "3RTO", "4RTO", "6RTO",
34 // "PDP1", "PDP2", "PDP3", "PDP5" "QLVE"
35 
36 // clang-format off
37 const QuicTag kCHLO = TAG('C', 'H', 'L', 'O');   // Client hello
38 const QuicTag kSHLO = TAG('S', 'H', 'L', 'O');   // Server hello
39 const QuicTag kSCFG = TAG('S', 'C', 'F', 'G');   // Server config
40 const QuicTag kREJ  = TAG('R', 'E', 'J', '\0');  // Reject
41 const QuicTag kCETV = TAG('C', 'E', 'T', 'V');   // Client encrypted tag-value
42                                                  // pairs
43 const QuicTag kPRST = TAG('P', 'R', 'S', 'T');   // Public reset
44 const QuicTag kSCUP = TAG('S', 'C', 'U', 'P');   // Server config update
45 const QuicTag kALPN = TAG('A', 'L', 'P', 'N');   // Application-layer protocol
46 
47 // Key exchange methods
48 const QuicTag kP256 = TAG('P', '2', '5', '6');   // ECDH, Curve P-256
49 const QuicTag kC255 = TAG('C', '2', '5', '5');   // ECDH, Curve25519
50 
51 // AEAD algorithms
52 const QuicTag kAESG = TAG('A', 'E', 'S', 'G');   // AES128 + GCM-12
53 const QuicTag kCC20 = TAG('C', 'C', '2', '0');   // ChaCha20 + Poly1305 RFC7539
54 
55 // Congestion control feedback types
56 const QuicTag kQBIC = TAG('Q', 'B', 'I', 'C');   // TCP cubic
57 
58 // Connection options (COPT) values
59 const QuicTag kAFCW = TAG('A', 'F', 'C', 'W');   // Auto-tune flow control
60                                                  // receive windows.
61 const QuicTag kIFW5 = TAG('I', 'F', 'W', '5');   // Set initial size
62                                                  // of stream flow control
63                                                  // receive window to
64                                                  // 32KB. (2^5 KB).
65 const QuicTag kIFW6 = TAG('I', 'F', 'W', '6');   // Set initial size
66                                                  // of stream flow control
67                                                  // receive window to
68                                                  // 64KB. (2^6 KB).
69 const QuicTag kIFW7 = TAG('I', 'F', 'W', '7');   // Set initial size
70                                                  // of stream flow control
71                                                  // receive window to
72                                                  // 128KB. (2^7 KB).
73 const QuicTag kIFW8 = TAG('I', 'F', 'W', '8');   // Set initial size
74                                                  // of stream flow control
75                                                  // receive window to
76                                                  // 256KB. (2^8 KB).
77 const QuicTag kIFW9 = TAG('I', 'F', 'W', '9');   // Set initial size
78                                                  // of stream flow control
79                                                  // receive window to
80                                                  // 512KB. (2^9 KB).
81 const QuicTag kIFWA = TAG('I', 'F', 'W', 'a');   // Set initial size
82                                                  // of stream flow control
83                                                  // receive window to
84                                                  // 1MB. (2^0xa KB).
85 const QuicTag kTBBR = TAG('T', 'B', 'B', 'R');   // Reduced Buffer Bloat TCP
86 const QuicTag k1RTT = TAG('1', 'R', 'T', 'T');   // STARTUP in BBR for 1 RTT
87 const QuicTag k2RTT = TAG('2', 'R', 'T', 'T');   // STARTUP in BBR for 2 RTTs
88 const QuicTag kLRTT = TAG('L', 'R', 'T', 'T');   // Exit STARTUP in BBR on loss
89 const QuicTag kBBS1 = TAG('B', 'B', 'S', '1');   // DEPRECATED
90 const QuicTag kBBS2 = TAG('B', 'B', 'S', '2');   // More aggressive packet
91                                                  // conservation in BBR STARTUP
92 const QuicTag kBBS3 = TAG('B', 'B', 'S', '3');   // Slowstart packet
93                                                  // conservation in BBR STARTUP
94 const QuicTag kBBS4 = TAG('B', 'B', 'S', '4');   // DEPRECATED
95 const QuicTag kBBS5 = TAG('B', 'B', 'S', '5');   // DEPRECATED
96 const QuicTag kBBRR = TAG('B', 'B', 'R', 'R');   // Rate-based recovery in BBR
97 const QuicTag kBBR1 = TAG('B', 'B', 'R', '1');   // DEPRECATED
98 const QuicTag kBBR2 = TAG('B', 'B', 'R', '2');   // DEPRECATED
99 const QuicTag kBBR3 = TAG('B', 'B', 'R', '3');   // Fully drain the queue once
100                                                  // per cycle
101 const QuicTag kBBR4 = TAG('B', 'B', 'R', '4');   // 20 RTT ack aggregation
102 const QuicTag kBBR5 = TAG('B', 'B', 'R', '5');   // 40 RTT ack aggregation
103 const QuicTag kBBR9 = TAG('B', 'B', 'R', '9');   // DEPRECATED
104 const QuicTag kBBRA = TAG('B', 'B', 'R', 'A');   // Starts a new ack aggregation
105                                                  // epoch if a full round has
106                                                  // passed
107 const QuicTag kBBRB = TAG('B', 'B', 'R', 'B');   // Use send rate in BBR's
108                                                  // MaxAckHeightTracker
109 const QuicTag kBBRS = TAG('B', 'B', 'R', 'S');   // DEPRECATED
110 const QuicTag kBBQ1 = TAG('B', 'B', 'Q', '1');   // DEPRECATED
111 const QuicTag kBBQ2 = TAG('B', 'B', 'Q', '2');   // BBRv2 with 2.885 STARTUP and
112                                                  // DRAIN CWND gain.
113 const QuicTag kBBQ3 = TAG('B', 'B', 'Q', '3');   // BBR with ack aggregation
114                                                  // compensation in STARTUP.
115 const QuicTag kBBQ5 = TAG('B', 'B', 'Q', '5');   // Expire ack aggregation upon
116                                                  // bandwidth increase in
117                                                  // STARTUP.
118 const QuicTag kBBQ6 = TAG('B', 'B', 'Q', '6');   // Reduce STARTUP gain to 25%
119                                                  // more than BW increase.
120 const QuicTag kBBQ7 = TAG('B', 'B', 'Q', '7');   // Reduce bw_lo by
121                                                  // bytes_lost/min_rtt.
122 const QuicTag kBBQ8 = TAG('B', 'B', 'Q', '8');   // Reduce bw_lo by
123                                                  // bw_lo * bytes_lost/inflight
124 const QuicTag kBBQ9 = TAG('B', 'B', 'Q', '9');   // Reduce bw_lo by
125                                                  // bw_lo * bytes_lost/cwnd
126 const QuicTag kBBQ0 = TAG('B', 'B', 'Q', '0');   // Increase bytes_acked in
127                                                  // PROBE_UP when app limited.
128 const QuicTag kBBPD = TAG('B', 'B', 'P', 'D');   // Use 0.91 PROBE_DOWN gain.
129 const QuicTag kBBHI = TAG('B', 'B', 'H', 'I');   // Increase inflight_hi in
130                                                  // PROBE_UP if ever inflight_hi
131                                                  // limited in round
132 const QuicTag kRENO = TAG('R', 'E', 'N', 'O');   // Reno Congestion Control
133 const QuicTag kTPCC = TAG('P', 'C', 'C', '\0');  // Performance-Oriented
134                                                  // Congestion Control
135 const QuicTag kBYTE = TAG('B', 'Y', 'T', 'E');   // TCP cubic or reno in bytes
136 const QuicTag kIW03 = TAG('I', 'W', '0', '3');   // Force ICWND to 3
137 const QuicTag kIW10 = TAG('I', 'W', '1', '0');   // Force ICWND to 10
138 const QuicTag kIW20 = TAG('I', 'W', '2', '0');   // Force ICWND to 20
139 const QuicTag kIW50 = TAG('I', 'W', '5', '0');   // Force ICWND to 50
140 const QuicTag kB2ON = TAG('B', '2', 'O', 'N');   // Enable BBRv2
141 const QuicTag kB2NA = TAG('B', '2', 'N', 'A');   // For BBRv2, do not add ack
142                                                  // height to queueing threshold
143 const QuicTag kB2NE = TAG('B', '2', 'N', 'E');   // For BBRv2, always exit
144                                                  // STARTUP on loss, even if
145                                                  // bandwidth growth exceeds
146                                                  // threshold.
147 const QuicTag kB2RP = TAG('B', '2', 'R', 'P');   // For BBRv2, run PROBE_RTT on
148                                                  // the regular schedule
149 const QuicTag kB2LO = TAG('B', '2', 'L', 'O');   // Ignore inflight_lo in BBR2
150 const QuicTag kB2HR = TAG('B', '2', 'H', 'R');   // 15% inflight_hi headroom.
151 const QuicTag kB2SL = TAG('B', '2', 'S', 'L');   // When exiting STARTUP due to
152                                                  // loss, set inflight_hi to the
153                                                  // max of bdp and max bytes
154                                                  // delivered in round.
155 const QuicTag kB2H2 = TAG('B', '2', 'H', '2');   // When exiting PROBE_UP due to
156                                                  // loss, set inflight_hi to the
157                                                  // max of inflight@send and max
158                                                  // bytes delivered in round.
159 const QuicTag kB2RC = TAG('B', '2', 'R', 'C');   // Disable Reno-coexistence for
160                                                  // BBR2.
161 const QuicTag kBSAO = TAG('B', 'S', 'A', 'O');   // Avoid Overestimation in
162                                                  // Bandwidth Sampler with ack
163                                                  // aggregation
164 const QuicTag kB2DL = TAG('B', '2', 'D', 'L');   // Increase inflight_hi based
165                                                  // on delievered, not inflight.
166 const QuicTag kB201 = TAG('B', '2', '0', '1');   // DEPRECATED
167 const QuicTag kB202 = TAG('B', '2', '0', '2');   // Do not exit PROBE_UP if
168                                                  // inflight dips below 1.25*BW.
169 const QuicTag kB203 = TAG('B', '2', '0', '3');   // Ignore inflight_hi until
170                                                  // PROBE_UP is exited.
171 const QuicTag kB204 = TAG('B', '2', '0', '4');   // Reduce extra acked when
172                                                  // MaxBW incrases.
173 const QuicTag kB205 = TAG('B', '2', '0', '5');   // Add extra acked to CWND in
174                                                  // STARTUP.
175 const QuicTag kB206 = TAG('B', '2', '0', '6');   // Exit STARTUP after 2 losses.
176 const QuicTag kB207 = TAG('B', '2', '0', '7');   // Exit STARTUP on persistent
177                                                  // queue
178 const QuicTag kBB2U = TAG('B', 'B', '2', 'U');   // Exit PROBE_UP on
179                                                  // min_bytes_in_flight for two
180                                                  // rounds in a row.
181 const QuicTag kBB2S = TAG('B', 'B', '2', 'S');   // Exit STARTUP on
182                                                  // min_bytes_in_flight for two
183                                                  // rounds in a row.
184 const QuicTag kNTLP = TAG('N', 'T', 'L', 'P');   // No tail loss probe
185 const QuicTag k1TLP = TAG('1', 'T', 'L', 'P');   // 1 tail loss probe
186 const QuicTag k1RTO = TAG('1', 'R', 'T', 'O');   // Send 1 packet upon RTO
187 const QuicTag kNRTO = TAG('N', 'R', 'T', 'O');   // CWND reduction on loss
188 const QuicTag kTIME = TAG('T', 'I', 'M', 'E');   // Time based loss detection
189 const QuicTag kATIM = TAG('A', 'T', 'I', 'M');   // Adaptive time loss detection
190 const QuicTag kMIN1 = TAG('M', 'I', 'N', '1');   // Min CWND of 1 packet
191 const QuicTag kMIN4 = TAG('M', 'I', 'N', '4');   // Min CWND of 4 packets,
192                                                  // with a min rate of 1 BDP.
193 const QuicTag kMAD0 = TAG('M', 'A', 'D', '0');   // Ignore ack delay
194 const QuicTag kMAD2 = TAG('M', 'A', 'D', '2');   // No min TLP
195 const QuicTag kMAD3 = TAG('M', 'A', 'D', '3');   // No min RTO
196 const QuicTag k1ACK = TAG('1', 'A', 'C', 'K');   // 1 fast ack for reordering
197 const QuicTag kAKD3 = TAG('A', 'K', 'D', '3');   // Ack decimation style acking
198                                                  // with 1/8 RTT acks.
199 const QuicTag kAKDU = TAG('A', 'K', 'D', 'U');   // Unlimited number of packets
200                                                  // received before acking
201 const QuicTag kAFFE = TAG('A', 'F', 'F', 'E');   // Enable client receiving
202                                                  // AckFrequencyFrame.
203 const QuicTag kAFF1 = TAG('A', 'F', 'F', '1');   // Use SRTT in building
204                                                  // AckFrequencyFrame.
205 const QuicTag kAFF2 = TAG('A', 'F', 'F', '2');   // Send AckFrequencyFrame upon
206                                                  // handshake completion.
207 const QuicTag kSSLR = TAG('S', 'S', 'L', 'R');   // Slow Start Large Reduction.
208 const QuicTag kNPRR = TAG('N', 'P', 'R', 'R');   // Pace at unity instead of PRR
209 const QuicTag k5RTO = TAG('5', 'R', 'T', 'O');   // Close connection on 5 RTOs
210 const QuicTag kCBHD = TAG('C', 'B', 'H', 'D');   // Client only blackhole
211                                                  // detection.
212 const QuicTag kNBHD = TAG('N', 'B', 'H', 'D');   // No blackhole detection.
213 const QuicTag kCONH = TAG('C', 'O', 'N', 'H');   // Conservative Handshake
214                                                  // Retransmissions.
215 const QuicTag kLFAK = TAG('L', 'F', 'A', 'K');   // Don't invoke FACK on the
216                                                  // first ack.
217 const QuicTag kSTMP = TAG('S', 'T', 'M', 'P');   // DEPRECATED
218 const QuicTag kEACK = TAG('E', 'A', 'C', 'K');   // Bundle ack-eliciting frame
219                                                  // with an ACK after PTO/RTO
220 
221 const QuicTag kILD0 = TAG('I', 'L', 'D', '0');   // IETF style loss detection
222                                                  // (default with 1/8 RTT time
223                                                  // threshold)
224 const QuicTag kILD1 = TAG('I', 'L', 'D', '1');   // IETF style loss detection
225                                                  // with 1/4 RTT time threshold
226 const QuicTag kILD2 = TAG('I', 'L', 'D', '2');   // IETF style loss detection
227                                                  // with adaptive packet
228                                                  // threshold
229 const QuicTag kILD3 = TAG('I', 'L', 'D', '3');   // IETF style loss detection
230                                                  // with 1/4 RTT time threshold
231                                                  // and adaptive packet
232                                                  // threshold
233 const QuicTag kILD4 = TAG('I', 'L', 'D', '4');   // IETF style loss detection
234                                                  // with both adaptive time
235                                                  // threshold (default 1/4 RTT)
236                                                  // and adaptive packet
237                                                  // threshold
238 const QuicTag kRUNT = TAG('R', 'U', 'N', 'T');   // No packet threshold loss
239                                                  // detection for "runt" packet.
240 const QuicTag kNSTP = TAG('N', 'S', 'T', 'P');   // No stop waiting frames.
241 const QuicTag kNRTT = TAG('N', 'R', 'T', 'T');   // Ignore initial RTT
242 
243 const QuicTag k1PTO = TAG('1', 'P', 'T', 'O');   // Send 1 packet upon PTO.
244 const QuicTag k2PTO = TAG('2', 'P', 'T', 'O');   // Send 2 packets upon PTO.
245 
246 const QuicTag k6PTO = TAG('6', 'P', 'T', 'O');   // Closes connection on 6
247                                                  // consecutive PTOs.
248 const QuicTag k7PTO = TAG('7', 'P', 'T', 'O');   // Closes connection on 7
249                                                  // consecutive PTOs.
250 const QuicTag k8PTO = TAG('8', 'P', 'T', 'O');   // Closes connection on 8
251                                                  // consecutive PTOs.
252 const QuicTag kPTOS = TAG('P', 'T', 'O', 'S');   // Skip packet number before
253                                                  // sending the last PTO.
254 const QuicTag kPTOA = TAG('P', 'T', 'O', 'A');   // Do not add max ack delay
255                                                  // when computing PTO timeout
256                                                  // if an immediate ACK is
257                                                  // expected.
258 const QuicTag kPEB1 = TAG('P', 'E', 'B', '1');   // Start exponential backoff
259                                                  // since 1st PTO.
260 const QuicTag kPEB2 = TAG('P', 'E', 'B', '2');   // Start exponential backoff
261                                                  // since 2nd PTO.
262 const QuicTag kPVS1 = TAG('P', 'V', 'S', '1');   // Use 2 * rttvar when
263                                                  // calculating PTO timeout.
264 const QuicTag kPAG1 = TAG('P', 'A', 'G', '1');   // Make 1st PTO more aggressive
265 const QuicTag kPAG2 = TAG('P', 'A', 'G', '2');   // Make first 2 PTOs more
266                                                  // aggressive
267 const QuicTag kPSDA = TAG('P', 'S', 'D', 'A');   // Use standard deviation when
268                                                  // calculating PTO timeout.
269 const QuicTag kPLE1 = TAG('P', 'L', 'E', '1');   // Arm the 1st PTO with
270                                                  // earliest in flight sent time
271                                                  // and at least 0.5*srtt from
272                                                  // last sent packet.
273 const QuicTag kPLE2 = TAG('P', 'L', 'E', '2');   // Arm the 1st PTO with
274                                                  // earliest in flight sent time
275                                                  // and at least 1.5*srtt from
276                                                  // last sent packet.
277 const QuicTag kAPTO = TAG('A', 'P', 'T', 'O');   // Use 1.5 * initial RTT before
278                                                  // any RTT sample is available.
279 
280 const QuicTag kELDT = TAG('E', 'L', 'D', 'T');   // Enable Loss Detection Tuning
281 
282 // TODO(haoyuewang) Remove RVCM option once
283 // --quic_remove_connection_migration_connection_option_v2 is deprecated.
284 const QuicTag kRVCM = TAG('R', 'V', 'C', 'M');   // Validate the new address
285                                                  // upon client address change.
286 
287 const QuicTag kSPAD = TAG('S', 'P', 'A', 'D');   // Use server preferred address
288 const QuicTag kSPA2 = TAG('S', 'P', 'A', '2');   // Start validating server
289                                                  // preferred address once it is
290                                                  // received. Send all coalesced
291                                                  // packets to both addresses.
292 
293 // Optional support of truncated Connection IDs.  If sent by a peer, the value
294 // is the minimum number of bytes allowed for the connection ID sent to the
295 // peer.
296 const QuicTag kTCID = TAG('T', 'C', 'I', 'D');   // Connection ID truncation.
297 
298 // Multipath option.
299 const QuicTag kMPTH = TAG('M', 'P', 'T', 'H');   // Enable multipath.
300 
301 const QuicTag kNCMR = TAG('N', 'C', 'M', 'R');   // Do not attempt connection
302                                                  // migration.
303 
304 // Allows disabling defer_send_in_response_to_packets in QuicConnection.
305 const QuicTag kDFER = TAG('D', 'F', 'E', 'R');   // Do not defer sending.
306 
307 // Disable Pacing offload option.
308 const QuicTag kNPCO = TAG('N', 'P', 'C', 'O');    // No pacing offload.
309 
310 // Enable bandwidth resumption experiment.
311 const QuicTag kBWRE = TAG('B', 'W', 'R', 'E');  // Bandwidth resumption.
312 const QuicTag kBWMX = TAG('B', 'W', 'M', 'X');  // Max bandwidth resumption.
313 const QuicTag kBWID = TAG('B', 'W', 'I', 'D');  // Send bandwidth when idle.
314 const QuicTag kBWI1 = TAG('B', 'W', 'I', '1');  // Resume bandwidth experiment 1
315 const QuicTag kBWRS = TAG('B', 'W', 'R', 'S');  // Server bandwidth resumption.
316 const QuicTag kBWS2 = TAG('B', 'W', 'S', '2');  // Server bw resumption v2.
317 const QuicTag kBWS3 = TAG('B', 'W', 'S', '3');  // QUIC Initial CWND - Control.
318 const QuicTag kBWS4 = TAG('B', 'W', 'S', '4');  // QUIC Initial CWND - Enabled.
319 const QuicTag kBWS5 = TAG('B', 'W', 'S', '5');  // QUIC Initial CWND up and down
320 const QuicTag kBWS6 = TAG('B', 'W', 'S', '6');  // QUIC Initial CWND - Enabled
321                                                 // with 0.5 * default
322                                                 // multiplier.
323 const QuicTag kBWP0 = TAG('B', 'W', 'P', '0');  // QUIC Initial CWND - SPDY
324                                                 // priority 0.
325 const QuicTag kBWP1 = TAG('B', 'W', 'P', '1');  // QUIC Initial CWND - SPDY
326                                                 // priorities 0 and 1.
327 const QuicTag kBWP2 = TAG('B', 'W', 'P', '2');  // QUIC Initial CWND - SPDY
328                                                 // priorities 0, 1 and 2.
329 const QuicTag kBWP3 = TAG('B', 'W', 'P', '3');  // QUIC Initial CWND - SPDY
330                                                 // priorities 0, 1, 2 and 3.
331 const QuicTag kBWP4 = TAG('B', 'W', 'P', '4');  // QUIC Initial CWND - SPDY
332                                                 // priorities >= 0, 1, 2, 3 and
333                                                 // 4.
334 const QuicTag kBWG4 = TAG('B', 'W', 'G', '4');  // QUIC Initial CWND -
335                                                 // Bandwidth model 1.
336 const QuicTag kBWG7 = TAG('B', 'W', 'G', '7');  // QUIC Initial CWND -
337                                                 // Bandwidth model 2.
338 const QuicTag kBWG8 = TAG('B', 'W', 'G', '8');  // QUIC Initial CWND -
339                                                 // Bandwidth model 3.
340 const QuicTag kBWS7 = TAG('B', 'W', 'S', '7');  // QUIC Initial CWND - Enabled
341                                                 // with 0.75 * default
342                                                 // multiplier.
343 const QuicTag kBWM3 = TAG('B', 'W', 'M', '3');  // Consider overshooting if
344                                                 // bytes lost after bandwidth
345                                                 // resumption * 3 > IW.
346 const QuicTag kBWM4 = TAG('B', 'W', 'M', '4');  // Consider overshooting if
347                                                 // bytes lost after bandwidth
348                                                 // resumption * 4 > IW.
349 const QuicTag kICW1 = TAG('I', 'C', 'W', '1');  // Max initial congestion window
350                                                 // 100.
351 const QuicTag kDTOS = TAG('D', 'T', 'O', 'S');  // Enable overshooting
352                                                 // detection.
353 
354 const QuicTag kFIDT = TAG('F', 'I', 'D', 'T');  // Extend idle timer by PTO
355                                                 // instead of the whole idle
356                                                 // timeout.
357 
358 const QuicTag k3AFF = TAG('3', 'A', 'F', 'F');  // 3 anti amplification factor.
359 const QuicTag k10AF = TAG('1', '0', 'A', 'F');  // 10 anti amplification factor.
360 
361 // Enable path MTU discovery experiment.
362 const QuicTag kMTUH = TAG('M', 'T', 'U', 'H');  // High-target MTU discovery.
363 const QuicTag kMTUL = TAG('M', 'T', 'U', 'L');  // Low-target MTU discovery.
364 
365 const QuicTag kNSLC = TAG('N', 'S', 'L', 'C');  // Always send connection close
366                                                 // for idle timeout.
367 
368 // Proof types (i.e. certificate types)
369 // NOTE: although it would be silly to do so, specifying both kX509 and kX59R
370 // is allowed and is equivalent to specifying only kX509.
371 const QuicTag kX509 = TAG('X', '5', '0', '9');   // X.509 certificate, all key
372                                                  // types
373 const QuicTag kX59R = TAG('X', '5', '9', 'R');   // X.509 certificate, RSA keys
374                                                  // only
375 const QuicTag kCHID = TAG('C', 'H', 'I', 'D');   // Channel ID.
376 
377 // Client hello tags
378 const QuicTag kVER  = TAG('V', 'E', 'R', '\0');  // Version
379 const QuicTag kNONC = TAG('N', 'O', 'N', 'C');   // The client's nonce
380 const QuicTag kNONP = TAG('N', 'O', 'N', 'P');   // The client's proof nonce
381 const QuicTag kKEXS = TAG('K', 'E', 'X', 'S');   // Key exchange methods
382 const QuicTag kAEAD = TAG('A', 'E', 'A', 'D');   // Authenticated
383                                                  // encryption algorithms
384 const QuicTag kCOPT = TAG('C', 'O', 'P', 'T');   // Connection options
385 const QuicTag kCLOP = TAG('C', 'L', 'O', 'P');   // Client connection options
386 const QuicTag kICSL = TAG('I', 'C', 'S', 'L');   // Idle network timeout
387 const QuicTag kMIBS = TAG('M', 'I', 'D', 'S');   // Max incoming bidi streams
388 const QuicTag kMIUS = TAG('M', 'I', 'U', 'S');   // Max incoming unidi streams
389 const QuicTag kADE  = TAG('A', 'D', 'E', 0);     // Ack Delay Exponent (IETF
390                                                  // QUIC ACK Frame Only).
391 const QuicTag kIRTT = TAG('I', 'R', 'T', 'T');   // Estimated initial RTT in us.
392 const QuicTag kTRTT = TAG('T', 'R', 'T', 'T');   // If server receives an rtt
393                                                  // from an address token, set
394                                                  // it as the initial rtt.
395 const QuicTag kSNI  = TAG('S', 'N', 'I', '\0');  // Server name
396                                                  // indication
397 const QuicTag kPUBS = TAG('P', 'U', 'B', 'S');   // Public key values
398 const QuicTag kSCID = TAG('S', 'C', 'I', 'D');   // Server config id
399 const QuicTag kORBT = TAG('O', 'B', 'I', 'T');   // Server orbit.
400 const QuicTag kPDMD = TAG('P', 'D', 'M', 'D');   // Proof demand.
401 const QuicTag kPROF = TAG('P', 'R', 'O', 'F');   // Proof (signature).
402 const QuicTag kCCRT = TAG('C', 'C', 'R', 'T');   // Cached certificate
403 const QuicTag kEXPY = TAG('E', 'X', 'P', 'Y');   // Expiry
404 const QuicTag kSTTL = TAG('S', 'T', 'T', 'L');   // Server Config TTL
405 const QuicTag kSFCW = TAG('S', 'F', 'C', 'W');   // Initial stream flow control
406                                                  // receive window.
407 const QuicTag kCFCW = TAG('C', 'F', 'C', 'W');   // Initial session/connection
408                                                  // flow control receive window.
409 const QuicTag kUAID = TAG('U', 'A', 'I', 'D');   // Client's User Agent ID.
410 const QuicTag kXLCT = TAG('X', 'L', 'C', 'T');   // Expected leaf certificate.
411 
412 const QuicTag kQNZ2 = TAG('Q', 'N', 'Z', '2');   // Turn off QUIC crypto 0-RTT.
413 
414 const QuicTag kMAD  = TAG('M', 'A', 'D', 0);     // Max Ack Delay (IETF QUIC)
415 
416 const QuicTag kIGNP = TAG('I', 'G', 'N', 'P');   // Do not use PING only packet
417                                                  // for RTT measure or
418                                                  // congestion control.
419 
420 const QuicTag kSRWP = TAG('S', 'R', 'W', 'P');   // Enable retransmittable on
421                                                  // wire PING (ROWP) on the
422                                                  // server side.
423 const QuicTag kROWF = TAG('R', 'O', 'W', 'F');   // Send first 1-RTT packet on
424                                                  // ROWP timeout.
425 const QuicTag kROWR = TAG('R', 'O', 'W', 'R');   // Send random bytes on ROWP
426                                                  // timeout.
427 // Selective Resumption variants.
428 const QuicTag kGSR0 = TAG('G', 'S', 'R', '0');
429 const QuicTag kGSR1 = TAG('G', 'S', 'R', '1');
430 const QuicTag kGSR2 = TAG('G', 'S', 'R', '2');
431 const QuicTag kGSR3 = TAG('G', 'S', 'R', '3');
432 
433 const QuicTag kNRES = TAG('N', 'R', 'E', 'S');   // No resumption
434 
435 const QuicTag kINVC = TAG('I', 'N', 'V', 'C');   // Send connection close for
436                                                  // INVALID_VERSION
437 
438 const QuicTag kMPQC = TAG('M', 'P', 'Q', 'C');   // Multi-port QUIC connection
439 
440 // Client Hints triggers.
441 const QuicTag kGWCH = TAG('G', 'W', 'C', 'H');
442 const QuicTag kYTCH = TAG('Y', 'T', 'C', 'H');
443 const QuicTag kACH0 = TAG('A', 'C', 'H', '0');
444 
445 // Rejection tags
446 const QuicTag kRREJ = TAG('R', 'R', 'E', 'J');   // Reasons for server sending
447 
448 // Server hello tags
449 const QuicTag kCADR = TAG('C', 'A', 'D', 'R');   // Client IP address and port
450 const QuicTag kASAD = TAG('A', 'S', 'A', 'D');   // Alternate Server IP address
451                                                  // and port.
452 const QuicTag kSRST = TAG('S', 'R', 'S', 'T');   // Stateless reset token used
453                                                  // in IETF public reset packet
454 
455 // CETV tags
456 const QuicTag kCIDK = TAG('C', 'I', 'D', 'K');   // ChannelID key
457 const QuicTag kCIDS = TAG('C', 'I', 'D', 'S');   // ChannelID signature
458 
459 // Public reset tags
460 const QuicTag kRNON = TAG('R', 'N', 'O', 'N');   // Public reset nonce proof
461 const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q');   // Rejected packet number
462 
463 // Universal tags
464 const QuicTag kPAD  = TAG('P', 'A', 'D', '\0');  // Padding
465 
466 // Stats collection tags
467 const QuicTag kEPID = TAG('E', 'P', 'I', 'D');  // Endpoint identifier.
468 
469 // clang-format on
470 
471 // These tags have a special form so that they appear either at the beginning
472 // or the end of a handshake message. Since handshake messages are sorted by
473 // tag value, the tags with 0 at the end will sort first and those with 255 at
474 // the end will sort last.
475 //
476 // The certificate chain should have a tag that will cause it to be sorted at
477 // the end of any handshake messages because it's likely to be large and the
478 // client might be able to get everything that it needs from the small values at
479 // the beginning.
480 //
481 // Likewise tags with random values should be towards the beginning of the
482 // message because the server mightn't hold state for a rejected client hello
483 // and therefore the client may have issues reassembling the rejection message
484 // in the event that it sent two client hellos.
485 const QuicTag kServerNonceTag = TAG('S', 'N', 'O', 0);  // The server's nonce
486 const QuicTag kSourceAddressTokenTag =
487     TAG('S', 'T', 'K', 0);  // Source-address token
488 const QuicTag kCertificateTag = TAG('C', 'R', 'T', 255);  // Certificate chain
489 const QuicTag kCertificateSCTTag =
490     TAG('C', 'S', 'C', 'T');  // Signed cert timestamp (RFC6962) of leaf cert.
491 
492 #undef TAG
493 
494 const size_t kMaxEntries = 128;  // Max number of entries in a message.
495 
496 const size_t kNonceSize = 32;  // Size in bytes of the connection nonce.
497 
498 const size_t kOrbitSize = 8;  // Number of bytes in an orbit value.
499 
500 // kProofSignatureLabel is prepended to the CHLO hash and server configs before
501 // signing to avoid any cross-protocol attacks on the signature.
502 const char kProofSignatureLabel[] = "QUIC CHLO and server config signature";
503 
504 // kClientHelloMinimumSize is the minimum size of a client hello. Client hellos
505 // will have PAD tags added in order to ensure this minimum is met and client
506 // hellos smaller than this will be an error. This minimum size reduces the
507 // amplification factor of any mirror DoS attack.
508 //
509 // A client may pad an inchoate client hello to a size larger than
510 // kClientHelloMinimumSize to make it more likely to receive a complete
511 // rejection message.
512 const size_t kClientHelloMinimumSize = 1024;
513 
514 }  // namespace quic
515 
516 #endif  // QUICHE_QUIC_CORE_CRYPTO_CRYPTO_PROTOCOL_H_
517