handshake

package
v0.31.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 8, 2022 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level,
	// but the corresponding opener has not yet been initialized
	// This can happen when packets arrive out of order.
	ErrKeysNotYetAvailable = errors.New("CryptoSetup: keys at this encryption level not yet available")
	// ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level,
	// but the corresponding keys have already been dropped.
	ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped")
	// ErrDecryptionFailed is returned when the AEAD fails to open the packet.
	ErrDecryptionFailed = errors.New("decryption failed")
)
View Source
var KeyUpdateInterval uint64 = protocol.KeyUpdateInterval

KeyUpdateInterval is the maximum number of packets we send or receive before initiating a key update. It's a package-level variable to allow modifying it for testing purposes.

Functions

func GetRetryIntegrityTag added in v0.15.0

func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, version protocol.VersionNumber) *[16]byte

GetRetryIntegrityTag calculates the integrity tag on a Retry packet

func NewInitialAEAD added in v0.11.0

NewInitialAEAD creates a new AEAD for Initial encryption / decryption.

Types

type ConnWithVersion added in v0.19.0

type ConnWithVersion interface {
	net.Conn
	GetQUICVersion() protocol.VersionNumber
}

ConnWithVersion is the connection used in the ClientHelloInfo. It can be used to determine the QUIC version in use.

type ConnectionState added in v0.7.0

type ConnectionState = qtls.ConnectionState

ConnectionState contains information about the state of the connection.

type CryptoSetup

type CryptoSetup interface {
	RunHandshake()
	io.Closer
	ChangeConnectionID(protocol.ConnectionID)
	GetSessionTicket() ([]byte, error)

	HandleMessage([]byte, protocol.EncryptionLevel) bool
	SetLargest1RTTAcked(protocol.PacketNumber) error
	SetHandshakeConfirmed()
	ConnectionState() ConnectionState

	GetInitialOpener() (LongHeaderOpener, error)
	GetHandshakeOpener() (LongHeaderOpener, error)
	Get0RTTOpener() (LongHeaderOpener, error)
	Get1RTTOpener() (ShortHeaderOpener, error)

	GetInitialSealer() (LongHeaderSealer, error)
	GetHandshakeSealer() (LongHeaderSealer, error)
	Get0RTTSealer() (LongHeaderSealer, error)
	Get1RTTSealer() (ShortHeaderSealer, error)
}

CryptoSetup handles the handshake and protecting / unprotecting packets

func NewCryptoSetupClient

func NewCryptoSetupClient(
	initialStream io.Writer,
	handshakeStream io.Writer,
	connID protocol.ConnectionID,
	localAddr net.Addr,
	remoteAddr net.Addr,
	tp *wire.TransportParameters,
	runner handshakeRunner,
	tlsConf *tls.Config,
	enable0RTT bool,
	rttStats *utils.RTTStats,
	tracer logging.ConnectionTracer,
	logger utils.Logger,
	version protocol.VersionNumber,
) (CryptoSetup, <-chan *wire.TransportParameters)

NewCryptoSetupClient creates a new crypto setup for the client

func NewCryptoSetupServer added in v0.11.0

func NewCryptoSetupServer(
	initialStream io.Writer,
	handshakeStream io.Writer,
	connID protocol.ConnectionID,
	localAddr net.Addr,
	remoteAddr net.Addr,
	tp *wire.TransportParameters,
	runner handshakeRunner,
	tlsConf *tls.Config,
	enable0RTT bool,
	rttStats *utils.RTTStats,
	tracer logging.ConnectionTracer,
	logger utils.Logger,
	version protocol.VersionNumber,
) CryptoSetup

NewCryptoSetupServer creates a new crypto setup for the server

type LongHeaderOpener added in v0.12.0

type LongHeaderOpener interface {
	DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber
	Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error)
	// contains filtered or unexported methods
}

LongHeaderOpener opens a long header packet

type LongHeaderSealer added in v0.12.0

type LongHeaderSealer interface {
	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
	EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
	Overhead() int
}

LongHeaderSealer seals a long header packet

type ShortHeaderOpener added in v0.12.0

type ShortHeaderOpener interface {
	DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber
	Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error)
	// contains filtered or unexported methods
}

ShortHeaderOpener opens a short header packet

type ShortHeaderSealer added in v0.12.0

type ShortHeaderSealer interface {
	LongHeaderSealer
	KeyPhase() protocol.KeyPhaseBit
}

ShortHeaderSealer seals a short header packet

type Token added in v0.12.0

type Token struct {
	IsRetryToken bool
	SentTime     time.Time

	// only set for retry tokens
	OriginalDestConnectionID protocol.ConnectionID
	RetrySrcConnectionID     protocol.ConnectionID
	// contains filtered or unexported fields
}

A Token is derived from the client address and can be used to verify the ownership of this address.

func (*Token) ValidateRemoteAddr added in v0.29.0

func (t *Token) ValidateRemoteAddr(addr net.Addr) bool

ValidateRemoteAddr validates the address, but does not check expiration

type TokenGenerator added in v0.12.0

type TokenGenerator struct {
	// contains filtered or unexported fields
}

A TokenGenerator generates tokens

func NewTokenGenerator added in v0.12.0

func NewTokenGenerator(rand io.Reader) (*TokenGenerator, error)

NewTokenGenerator initializes a new TookenGenerator

func (*TokenGenerator) DecodeToken added in v0.12.0

func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)

DecodeToken decodes a token

func (*TokenGenerator) NewRetryToken added in v0.12.0

func (g *TokenGenerator) NewRetryToken(
	raddr net.Addr,
	origDestConnID protocol.ConnectionID,
	retrySrcConnID protocol.ConnectionID,
) ([]byte, error)

NewRetryToken generates a new token for a Retry for a given source address

func (*TokenGenerator) NewToken added in v0.12.0

func (g *TokenGenerator) NewToken(raddr net.Addr) ([]byte, error)

NewToken generates a new token to be sent in a NEW_TOKEN frame

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL