Documentation ¶
Index ¶
- Variables
- type ConnectionState
- type Cookie
- type CookieGenerator
- type CryptoSetup
- type CryptoSetupTLS
- type HandshakeMessage
- type KeyDerivationFunction
- type KeyExchangeFunction
- type QuicCryptoKeyDerivationFunction
- type Sealer
- type ServerConfig
- type TLSExtensionHandler
- type Tag
- type TransportParameters
Constants ¶
This section is empty.
Variables ¶
var ErrNSTPExperiment = qerr.Error(qerr.InvalidCryptoMessageParameter, "NSTP experiment. Unsupported")
ErrNSTPExperiment is returned when the client sends the NSTP tag in the CHLO. This is an experiment implemented by Chrome in QUIC 38, which we don't support at this point.
Functions ¶
This section is empty.
Types ¶
type ConnectionState ¶
type ConnectionState struct { HandshakeComplete bool // handshake is complete ServerName string // server name requested by client, if any (server side only) PeerCertificates []*x509.Certificate // certificate chain presented by remote peer }
ConnectionState records basic details about the QUIC connection. Warning: This API should not be considered stable and might change soon.
type Cookie ¶
type Cookie struct { RemoteAddr string // The time that the STK was issued (resolution 1 second) SentTime time.Time }
A Cookie is derived from the client address and can be used to verify the ownership of this address.
type CookieGenerator ¶
type CookieGenerator struct {
// contains filtered or unexported fields
}
A CookieGenerator generates Cookies
func NewCookieGenerator ¶
func NewCookieGenerator() (*CookieGenerator, error)
NewCookieGenerator initializes a new CookieGenerator
func (*CookieGenerator) DecodeToken ¶
func (g *CookieGenerator) DecodeToken(encrypted []byte) (*Cookie, error)
DecodeToken decodes a Cookie
type CryptoSetup ¶
type CryptoSetup interface { Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) // contains filtered or unexported methods }
CryptoSetup is the crypto setup used by gQUIC
func NewCryptoSetup ¶
func NewCryptoSetup( cryptoStream io.ReadWriter, connID protocol.ConnectionID, remoteAddr net.Addr, version protocol.VersionNumber, divNonce []byte, scfg *ServerConfig, params *TransportParameters, supportedVersions []protocol.VersionNumber, acceptSTK func(net.Addr, *Cookie) bool, paramsChan chan<- TransportParameters, handshakeEvent chan<- struct{}, logger utils.Logger, ) (CryptoSetup, error)
NewCryptoSetup creates a new CryptoSetup instance for a server
func NewCryptoSetupClient ¶
func NewCryptoSetupClient( cryptoStream io.ReadWriter, connID protocol.ConnectionID, version protocol.VersionNumber, tlsConf *tls.Config, params *TransportParameters, paramsChan chan<- TransportParameters, handshakeEvent chan<- struct{}, initialVersion protocol.VersionNumber, negotiatedVersions []protocol.VersionNumber, logger utils.Logger, ) (CryptoSetup, error)
NewCryptoSetupClient creates a new CryptoSetup instance for a client
type CryptoSetupTLS ¶
type CryptoSetupTLS interface { OpenHandshake(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) Open1RTT(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) // contains filtered or unexported methods }
CryptoSetupTLS is the crypto setup used by IETF QUIC
func NewCryptoSetupTLSClient ¶
func NewCryptoSetupTLSClient( cryptoStream io.ReadWriter, connID protocol.ConnectionID, config *mint.Config, handshakeEvent chan<- struct{}, version protocol.VersionNumber, ) (CryptoSetupTLS, error)
NewCryptoSetupTLSClient creates a new TLS CryptoSetup instance for a client
func NewCryptoSetupTLSServer ¶
func NewCryptoSetupTLSServer( cryptoStream io.ReadWriter, connID protocol.ConnectionID, config *mint.Config, handshakeEvent chan<- struct{}, version protocol.VersionNumber, ) (CryptoSetupTLS, error)
NewCryptoSetupTLSServer creates a new TLS CryptoSetup instance for a server
type HandshakeMessage ¶
A HandshakeMessage is a handshake message
func ParseHandshakeMessage ¶
func ParseHandshakeMessage(r io.Reader) (HandshakeMessage, error)
ParseHandshakeMessage reads a crypto message
func (HandshakeMessage) String ¶
func (h HandshakeMessage) String() string
func (HandshakeMessage) Write ¶
func (h HandshakeMessage) Write(b *bytes.Buffer)
Write writes a crypto message
type KeyDerivationFunction ¶
type KeyDerivationFunction func(crypto.TLSExporter, protocol.Perspective) (crypto.AEAD, error)
KeyDerivationFunction is used for key derivation
type KeyExchangeFunction ¶
type KeyExchangeFunction func() (crypto.KeyExchange, error)
KeyExchangeFunction is used to make a new KEX
type QuicCryptoKeyDerivationFunction ¶
type QuicCryptoKeyDerivationFunction func(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error)
QuicCryptoKeyDerivationFunction is used for key derivation
type Sealer ¶
type Sealer interface { Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte Overhead() int }
Sealer seals a packet
type ServerConfig ¶
type ServerConfig struct { ID []byte // contains filtered or unexported fields }
ServerConfig is a server config
func NewServerConfig ¶
func NewServerConfig(kex crypto.KeyExchange, certChain crypto.CertChain) (*ServerConfig, error)
NewServerConfig creates a new server config
func (*ServerConfig) Get ¶
func (s *ServerConfig) Get() []byte
Get the server config binary representation
func (*ServerConfig) GetCertsCompressed ¶
func (s *ServerConfig) GetCertsCompressed(sni string, commonSetHashes, compressedHashes []byte) ([]byte, error)
GetCertsCompressed returns the certificate data
type TLSExtensionHandler ¶
type TLSExtensionHandler interface { Send(mint.HandshakeType, *mint.ExtensionList) error Receive(mint.HandshakeType, *mint.ExtensionList) error GetPeerParams() <-chan TransportParameters }
A TLSExtensionHandler sends and received the QUIC TLS extension. It provides the parameters sent by the peer on a channel.
func NewExtensionHandlerClient ¶
func NewExtensionHandlerClient( params *TransportParameters, initialVersion protocol.VersionNumber, supportedVersions []protocol.VersionNumber, version protocol.VersionNumber, logger utils.Logger, ) TLSExtensionHandler
NewExtensionHandlerClient creates a new extension handler for the client.
func NewExtensionHandlerServer ¶
func NewExtensionHandlerServer( params *TransportParameters, supportedVersions []protocol.VersionNumber, version protocol.VersionNumber, logger utils.Logger, ) TLSExtensionHandler
NewExtensionHandlerServer creates a new extension handler for the server
type Tag ¶
type Tag uint32
A Tag in the QUIC crypto
const ( // TagCHLO is a client hello TagCHLO Tag = 'C' + 'H'<<8 + 'L'<<16 + 'O'<<24 // TagREJ is a server hello rejection TagREJ Tag = 'R' + 'E'<<8 + 'J'<<16 // TagSCFG is a server config TagSCFG Tag = 'S' + 'C'<<8 + 'F'<<16 + 'G'<<24 // TagPAD is padding TagPAD Tag = 'P' + 'A'<<8 + 'D'<<16 // TagSNI is the server name indication TagSNI Tag = 'S' + 'N'<<8 + 'I'<<16 // TagVER is the QUIC version TagVER Tag = 'V' + 'E'<<8 + 'R'<<16 // TagCCS are the hashes of the common certificate sets TagCCS Tag = 'C' + 'C'<<8 + 'S'<<16 // TagCCRT are the hashes of the cached certificates TagCCRT Tag = 'C' + 'C'<<8 + 'R'<<16 + 'T'<<24 // TagMSPC is max streams per connection TagMSPC Tag = 'M' + 'S'<<8 + 'P'<<16 + 'C'<<24 // TagMIDS is max incoming dyanamic streams TagMIDS Tag = 'M' + 'I'<<8 + 'D'<<16 + 'S'<<24 // TagUAID is the user agent ID TagUAID Tag = 'U' + 'A'<<8 + 'I'<<16 + 'D'<<24 // TagSVID is the server ID (unofficial tag by us :) TagSVID Tag = 'S' + 'V'<<8 + 'I'<<16 + 'D'<<24 // TagTCID is truncation of the connection ID TagTCID Tag = 'T' + 'C'<<8 + 'I'<<16 + 'D'<<24 // TagPDMD is the proof demand TagPDMD Tag = 'P' + 'D'<<8 + 'M'<<16 + 'D'<<24 // TagSRBF is the socket receive buffer TagSRBF Tag = 'S' + 'R'<<8 + 'B'<<16 + 'F'<<24 // TagICSL is the idle connection state lifetime TagICSL Tag = 'I' + 'C'<<8 + 'S'<<16 + 'L'<<24 // TagNONP is the client proof nonce TagNONP Tag = 'N' + 'O'<<8 + 'N'<<16 + 'P'<<24 // TagSCLS is the silently close timeout TagSCLS Tag = 'S' + 'C'<<8 + 'L'<<16 + 'S'<<24 // TagCSCT is the signed cert timestamp (RFC6962) of leaf cert TagCSCT Tag = 'C' + 'S'<<8 + 'C'<<16 + 'T'<<24 // TagCOPT are the connection options TagCOPT Tag = 'C' + 'O'<<8 + 'P'<<16 + 'T'<<24 // TagCFCW is the initial session/connection flow control receive window TagCFCW Tag = 'C' + 'F'<<8 + 'C'<<16 + 'W'<<24 // TagSFCW is the initial stream flow control receive window. TagSFCW Tag = 'S' + 'F'<<8 + 'C'<<16 + 'W'<<24 // TagNSTP is the no STOP_WAITING experiment // currently unsupported by quic-go TagNSTP Tag = 'N' + 'S'<<8 + 'T'<<16 + 'P'<<24 // TagSTK is the source-address token TagSTK Tag = 'S' + 'T'<<8 + 'K'<<16 // TagSNO is the server nonce TagSNO Tag = 'S' + 'N'<<8 + 'O'<<16 // TagPROF is the server proof TagPROF Tag = 'P' + 'R'<<8 + 'O'<<16 + 'F'<<24 // TagNONC is the client nonce TagNONC Tag = 'N' + 'O'<<8 + 'N'<<16 + 'C'<<24 // TagXLCT is the expected leaf certificate TagXLCT Tag = 'X' + 'L'<<8 + 'C'<<16 + 'T'<<24 // TagSCID is the server config ID TagSCID Tag = 'S' + 'C'<<8 + 'I'<<16 + 'D'<<24 // TagKEXS is the list of key exchange algos TagKEXS Tag = 'K' + 'E'<<8 + 'X'<<16 + 'S'<<24 // TagAEAD is the list of AEAD algos TagAEAD Tag = 'A' + 'E'<<8 + 'A'<<16 + 'D'<<24 // TagPUBS is the public value for the KEX TagPUBS Tag = 'P' + 'U'<<8 + 'B'<<16 + 'S'<<24 // TagOBIT is the client orbit TagOBIT Tag = 'O' + 'B'<<8 + 'I'<<16 + 'T'<<24 // TagEXPY is the server config expiry TagEXPY Tag = 'E' + 'X'<<8 + 'P'<<16 + 'Y'<<24 // TagCERT is the CERT data TagCERT Tag = 0xff545243 // TagSHLO is the server hello TagSHLO Tag = 'S' + 'H'<<8 + 'L'<<16 + 'O'<<24 // TagPRST is the public reset tag TagPRST Tag = 'P' + 'R'<<8 + 'S'<<16 + 'T'<<24 // TagRSEQ is the public reset rejected packet number TagRSEQ Tag = 'R' + 'S'<<8 + 'E'<<16 + 'Q'<<24 // TagRNON is the public reset nonce TagRNON Tag = 'R' + 'N'<<8 + 'O'<<16 + 'N'<<24 )
type TransportParameters ¶
type TransportParameters struct { StreamFlowControlWindow protocol.ByteCount ConnectionFlowControlWindow protocol.ByteCount MaxPacketSize protocol.ByteCount MaxUniStreams uint16 // only used for IETF QUIC MaxBidiStreams uint16 // only used for IETF QUIC MaxStreams uint32 // only used for gQUIC OmitConnectionID bool // only used for gQUIC IdleTimeout time.Duration DisableMigration bool // only used for IETF QUIC StatelessResetToken []byte // only used for IETF QUIC }
TransportParameters are parameters sent to the peer during the handshake
func (*TransportParameters) String ¶
func (p *TransportParameters) String() string
String returns a string representation, intended for logging. It should only used for IETF QUIC.
Source Files ¶
- cookie_generator.go
- cookie_protector.go
- crypto_setup_client.go
- crypto_setup_server.go
- crypto_setup_tls.go
- crypto_stream_conn.go
- ephermal_cache.go
- handshake_message.go
- interface.go
- mockgen.go
- server_config.go
- server_config_client.go
- tags.go
- tls_extension.go
- tls_extension_handler_client.go
- tls_extension_handler_server.go
- transport_parameters.go