Documentation ¶
Index ¶
- Variables
- func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte
- func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener)
- type ConnectionState
- type CryptoSetup
- type LongHeaderOpener
- type LongHeaderSealer
- type PreferredAddress
- type ShortHeaderOpener
- type ShortHeaderSealer
- type Token
- type TokenGenerator
- type TransportParameters
- func (p *TransportParameters) Marshal() []byte
- func (p *TransportParameters) MarshalForSessionTicket(b *bytes.Buffer)
- func (p *TransportParameters) String() string
- func (p *TransportParameters) Unmarshal(data []byte, sentBy protocol.Perspective) error
- func (p *TransportParameters) UnmarshalFromSessionTicket(data []byte) error
- func (p *TransportParameters) ValidFor0RTT(tp *TransportParameters) bool
Constants ¶
This section is empty.
Variables ¶
var ( // ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level, // but the corresponding opener has not yet been initialized // This can happen when packets arrive out of order. ErrKeysNotYetAvailable = errors.New("CryptoSetup: keys at this encryption level not yet available") // ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level, // but the corresponding keys have already been dropped. ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped") // ErrDecryptionFailed is returned when the AEAD fails to open the packet. ErrDecryptionFailed = errors.New("decryption failed") )
Functions ¶
func GetRetryIntegrityTag ¶ added in v0.15.0
func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte
GetRetryIntegrityTag calculates the integrity tag on a Retry packet
func NewInitialAEAD ¶ added in v0.11.0
func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener)
NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
Types ¶
type ConnectionState ¶ added in v0.7.0
type ConnectionState = qtls.ConnectionState
ConnectionState contains information about the state of the connection.
type CryptoSetup ¶
type CryptoSetup interface { RunHandshake() io.Closer ChangeConnectionID(protocol.ConnectionID) GetSessionTicket() ([]byte, error) HandleMessage([]byte, protocol.EncryptionLevel) bool SetLargest1RTTAcked(protocol.PacketNumber) DropHandshakeKeys() ConnectionState() ConnectionState GetInitialOpener() (LongHeaderOpener, error) GetHandshakeOpener() (LongHeaderOpener, error) Get0RTTOpener() (LongHeaderOpener, error) Get1RTTOpener() (ShortHeaderOpener, error) GetInitialSealer() (LongHeaderSealer, error) GetHandshakeSealer() (LongHeaderSealer, error) Get0RTTSealer() (LongHeaderSealer, error) Get1RTTSealer() (ShortHeaderSealer, error) }
CryptoSetup handles the handshake and protecting / unprotecting packets
func NewCryptoSetupClient ¶
func NewCryptoSetupClient( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, localAddr net.Addr, remoteAddr net.Addr, tp *TransportParameters, runner handshakeRunner, tlsConf *tls.Config, enable0RTT bool, rttStats *congestion.RTTStats, logger utils.Logger, ) (CryptoSetup, <-chan *TransportParameters)
NewCryptoSetupClient creates a new crypto setup for the client
func NewCryptoSetupServer ¶ added in v0.11.0
func NewCryptoSetupServer( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, localAddr net.Addr, remoteAddr net.Addr, tp *TransportParameters, runner handshakeRunner, tlsConf *tls.Config, enable0RTT bool, rttStats *congestion.RTTStats, logger utils.Logger, ) CryptoSetup
NewCryptoSetupServer creates a new crypto setup for the server
type LongHeaderOpener ¶ added in v0.12.0
type LongHeaderOpener interface { Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error) // contains filtered or unexported methods }
LongHeaderOpener opens a long header packet
type LongHeaderSealer ¶ added in v0.12.0
type LongHeaderSealer interface { Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte) Overhead() int }
LongHeaderSealer seals a long header packet
type PreferredAddress ¶ added in v0.14.0
type PreferredAddress struct { IPv4 net.IP IPv4Port uint16 IPv6 net.IP IPv6Port uint16 ConnectionID protocol.ConnectionID StatelessResetToken [16]byte }
PreferredAddress is the value encoding in the preferred_address transport parameter
type ShortHeaderOpener ¶ added in v0.12.0
type ShortHeaderOpener interface { Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error) // contains filtered or unexported methods }
ShortHeaderOpener opens a short header packet
type ShortHeaderSealer ¶ added in v0.12.0
type ShortHeaderSealer interface { LongHeaderSealer KeyPhase() protocol.KeyPhaseBit }
ShortHeaderSealer seals a short header packet
type Token ¶ added in v0.12.0
type Token struct { IsRetryToken bool RemoteAddr string SentTime time.Time // only set for retry tokens OriginalDestConnectionID protocol.ConnectionID }
A Token is derived from the client address and can be used to verify the ownership of this address.
type TokenGenerator ¶ added in v0.12.0
type TokenGenerator struct {
// contains filtered or unexported fields
}
A TokenGenerator generates tokens
func NewTokenGenerator ¶ added in v0.12.0
func NewTokenGenerator() (*TokenGenerator, error)
NewTokenGenerator initializes a new TookenGenerator
func (*TokenGenerator) DecodeToken ¶ added in v0.12.0
func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)
DecodeToken decodes a token
func (*TokenGenerator) NewRetryToken ¶ added in v0.12.0
func (g *TokenGenerator) NewRetryToken(raddr net.Addr, origConnID protocol.ConnectionID) ([]byte, error)
NewRetryToken generates a new token for a Retry for a given source address
type TransportParameters ¶
type TransportParameters struct { InitialMaxStreamDataBidiLocal protocol.ByteCount InitialMaxStreamDataBidiRemote protocol.ByteCount InitialMaxStreamDataUni protocol.ByteCount InitialMaxData protocol.ByteCount MaxAckDelay time.Duration AckDelayExponent uint8 DisableActiveMigration bool MaxPacketSize protocol.ByteCount MaxUniStreamNum protocol.StreamNum MaxBidiStreamNum protocol.StreamNum MaxIdleTimeout time.Duration PreferredAddress *PreferredAddress StatelessResetToken *[16]byte OriginalConnectionID protocol.ConnectionID ActiveConnectionIDLimit uint64 }
TransportParameters are parameters sent to the peer during the handshake
func (*TransportParameters) Marshal ¶ added in v0.11.0
func (p *TransportParameters) Marshal() []byte
Marshal the transport parameters
func (*TransportParameters) MarshalForSessionTicket ¶ added in v0.15.0
func (p *TransportParameters) MarshalForSessionTicket(b *bytes.Buffer)
MarshalForSessionTicket marshals the transport parameters we save in the session ticket. When sending a 0-RTT enabled TLS session tickets, we need to save the transport parameters. The client will remember the transport parameters used in the last session, and apply those to the 0-RTT data it sends. Saving the transport parameters in the ticket gives the server the option to reject 0-RTT if the transport parameters changed. Since the session ticket is encrypted, the serialization format is defined by the server. For convenience, we use the same format that we also use for sending the transport parameters.
func (*TransportParameters) String ¶ added in v0.8.0
func (p *TransportParameters) String() string
String returns a string representation, intended for logging.
func (*TransportParameters) Unmarshal ¶ added in v0.11.0
func (p *TransportParameters) Unmarshal(data []byte, sentBy protocol.Perspective) error
Unmarshal the transport parameters
func (*TransportParameters) UnmarshalFromSessionTicket ¶ added in v0.15.0
func (p *TransportParameters) UnmarshalFromSessionTicket(data []byte) error
UnmarshalFromSessionTicket unmarshals transport parameters from a session ticket.
func (*TransportParameters) ValidFor0RTT ¶ added in v0.15.0
func (p *TransportParameters) ValidFor0RTT(tp *TransportParameters) bool
ValidFor0RTT checks if the transport parameters match those saved in the session ticket.