DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
quic_crypto.h File Reference

QUIC packet protection: Initial secrets, AEAD payload protection, header protection, and the Retry integrity tag (RFC 9001). More...

#include "ServerConfig.h"

Go to the source code of this file.

Detailed Description

QUIC packet protection: Initial secrets, AEAD payload protection, header protection, and the Retry integrity tag (RFC 9001).

This ties the HKDF key schedule (quic_hkdf) and AEAD_AES_128_GCM (quic_aead) into the two QUIC packet-protection operations of RFC 9001 sec 5:

  • quic_derive_initial_secrets() runs the sec 5.2 Initial key derivation: a fixed salt and the client's Destination Connection ID produce the client and server {key, iv, hp} triples that protect Initial packets (the only keys available before the TLS handshake yields more).
  • quic_packet_protect() / quic_packet_unprotect() perform sec 5.3 AEAD payload protection and sec 5.4 header protection together, on a whole packet in a buffer. They take a {key, iv, hp} triple and a header form, so the same code protects Initial, Handshake, and 1-RTT packets - only the secrets differ. AES-128-GCM header protection samples a 16-byte AES-ECB block.
  • quic_retry_integrity_tag() computes the sec 5.8 Retry Integrity Tag (a fixed-key AEAD over the Retry Pseudo-Packet).

Pure, zero heap, host-tested against RFC 9001 Appendix A (client Initial A.2, server Initial A.3, Retry A.4).

Author
Douglas Quigg (dstroy0)
Date
2026

Definition in file quic_crypto.h.