handshake

package
v0.0.0-...-1e9be1c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2016 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrMalformedTag                         = qerr.Error(qerr.InvalidCryptoMessageParameter, "malformed Tag value")
	ErrFlowControlRenegotiationNotSupported = qerr.Error(qerr.InvalidCryptoMessageParameter, "renegotiation of flow control parameters not supported")
)

ErrMalformedTag is returned when the tag value cannot be read

Functions

func WriteHandshakeMessage

func WriteHandshakeMessage(b *bytes.Buffer, messageTag Tag, data map[Tag][]byte)

WriteHandshakeMessage writes a crypto message

Types

type ConnectionParametersManager

type ConnectionParametersManager struct {
	// contains filtered or unexported fields
}

ConnectionParametersManager stores the connection parameters Warning: Writes may only be done from the crypto stream, see the comment in GetSHLOMap().

func NewConnectionParamatersManager

func NewConnectionParamatersManager() *ConnectionParametersManager

NewConnectionParamatersManager creates a new connection parameters manager

func (*ConnectionParametersManager) GetIdleConnectionStateLifetime

func (h *ConnectionParametersManager) GetIdleConnectionStateLifetime() time.Duration

GetIdleConnectionStateLifetime gets the idle timeout

func (*ConnectionParametersManager) GetMaxStreamsPerConnection

func (h *ConnectionParametersManager) GetMaxStreamsPerConnection() uint32

GetMaxStreamsPerConnection gets the maximum number of streams per connection

func (*ConnectionParametersManager) GetReceiveConnectionFlowControlWindow

func (h *ConnectionParametersManager) GetReceiveConnectionFlowControlWindow() protocol.ByteCount

GetReceiveConnectionFlowControlWindow gets the size of the stream-level flow control window for receiving data

func (*ConnectionParametersManager) GetReceiveStreamFlowControlWindow

func (h *ConnectionParametersManager) GetReceiveStreamFlowControlWindow() protocol.ByteCount

GetReceiveStreamFlowControlWindow gets the size of the stream-level flow control window for receiving data

func (*ConnectionParametersManager) GetSHLOMap

func (h *ConnectionParametersManager) GetSHLOMap() map[Tag][]byte

GetSHLOMap gets all values (except crypto values) needed for the SHLO

func (*ConnectionParametersManager) GetSendConnectionFlowControlWindow

func (h *ConnectionParametersManager) GetSendConnectionFlowControlWindow() protocol.ByteCount

GetSendConnectionFlowControlWindow gets the size of the stream-level flow control window for sending data

func (*ConnectionParametersManager) GetSendStreamFlowControlWindow

func (h *ConnectionParametersManager) GetSendStreamFlowControlWindow() protocol.ByteCount

GetSendStreamFlowControlWindow gets the size of the stream-level flow control window for sending data

func (*ConnectionParametersManager) SetFromMap

func (h *ConnectionParametersManager) SetFromMap(params map[Tag][]byte) error

SetFromMap reads all params

func (*ConnectionParametersManager) TruncateConnectionID

func (h *ConnectionParametersManager) TruncateConnectionID() bool

TruncateConnectionID determines if the client requests truncated ConnectionIDs

type CryptoSetup

type CryptoSetup struct {
	// contains filtered or unexported fields
}

The CryptoSetup handles all things crypto for the Session

func NewCryptoSetup

func NewCryptoSetup(
	connID protocol.ConnectionID,
	ip net.IP,
	version protocol.VersionNumber,
	scfg *ServerConfig,
	cryptoStream utils.Stream,
	connectionParametersManager *ConnectionParametersManager,
	aeadChanged chan struct{},
) (*CryptoSetup, error)

NewCryptoSetup creates a new CryptoSetup instance

func (*CryptoSetup) DiversificationNonce

func (h *CryptoSetup) DiversificationNonce() []byte

DiversificationNonce returns a diversification nonce if required in the next packet to be Seal'ed. See LockForSealing()!

func (*CryptoSetup) HandleCryptoStream

func (h *CryptoSetup) HandleCryptoStream() error

HandleCryptoStream reads and writes messages on the crypto stream

func (*CryptoSetup) LockForSealing

func (h *CryptoSetup) LockForSealing()

LockForSealing should be called before Seal(). It is needed so that diversification nonces can be obtained before packets are sealed, and the AEADs are not changed in the meantime.

func (*CryptoSetup) Open

func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error)

Open a message

func (*CryptoSetup) Seal

func (h *CryptoSetup) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte

Seal a message, call LockForSealing() before!

func (*CryptoSetup) UnlockForSealing

func (h *CryptoSetup) UnlockForSealing()

UnlockForSealing should be called after Seal() is complete, see LockForSealing().

type KeyDerivationFunction

type KeyDerivationFunction func(version protocol.VersionNumber, forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (crypto.AEAD, error)

KeyDerivationFunction is used for key derivation

type KeyExchangeFunction

type KeyExchangeFunction func() (crypto.KeyExchange, error)

KeyExchangeFunction is used to make a new KEX

type ServerConfig

type ServerConfig struct {
	ID []byte
	// contains filtered or unexported fields
}

ServerConfig is a server config

func NewServerConfig

func NewServerConfig(kex crypto.KeyExchange, signer crypto.Signer) (*ServerConfig, error)

NewServerConfig creates a new server config

func (*ServerConfig) Get

func (s *ServerConfig) Get() []byte

Get the server config binary representation

func (*ServerConfig) GetCertsCompressed

func (s *ServerConfig) GetCertsCompressed(sni string, commonSetHashes, compressedHashes []byte) ([]byte, error)

GetCertsCompressed returns the certificate data

func (*ServerConfig) Sign

func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error)

Sign the server config and CHLO with the server's keyData

type Tag

type Tag uint32

A Tag in the QUIC crypto

const (
	// TagCHLO is a client hello
	TagCHLO Tag = 'C' + 'H'<<8 + 'L'<<16 + 'O'<<24
	// TagREJ is a server hello rejection
	TagREJ Tag = 'R' + 'E'<<8 + 'J'<<16
	// TagSCFG is a server config
	TagSCFG Tag = 'S' + 'C'<<8 + 'F'<<16 + 'G'<<24

	// TagPAD is padding
	TagPAD Tag = 'P' + 'A'<<8 + 'D'<<16
	// TagSNI is the server name indication
	TagSNI Tag = 'S' + 'N'<<8 + 'I'<<16
	// TagVER is the QUIC version
	TagVER Tag = 'V' + 'E'<<8 + 'R'<<16
	// TagCCS are the hashes of the common certificate sets
	TagCCS Tag = 'C' + 'C'<<8 + 'S'<<16
	// TagCCRT are the hashes of the cached certificates
	TagCCRT Tag = 'C' + 'C'<<8 + 'R'<<16 + 'T'<<24
	// TagMSPC is max streams per connection
	TagMSPC Tag = 'M' + 'S'<<8 + 'P'<<16 + 'C'<<24
	// TagUAID is the user agent ID
	TagUAID Tag = 'U' + 'A'<<8 + 'I'<<16 + 'D'<<24
	// TagTCID is truncation of the connection ID
	TagTCID Tag = 'T' + 'C'<<8 + 'I'<<16 + 'D'<<24
	// TagPDMD is the proof demand
	TagPDMD Tag = 'P' + 'D'<<8 + 'M'<<16 + 'D'<<24
	// TagSRBF is the socket receive buffer
	TagSRBF Tag = 'S' + 'R'<<8 + 'B'<<16 + 'F'<<24
	// TagICSL is the idle connection state lifetime
	TagICSL Tag = 'I' + 'C'<<8 + 'S'<<16 + 'L'<<24
	// TagNONP is the client proof nonce
	TagNONP Tag = 'N' + 'O'<<8 + 'N'<<16 + 'P'<<24
	// TagSCLS is the silently close timeout
	TagSCLS Tag = 'S' + 'C'<<8 + 'L'<<16 + 'S'<<24
	// TagCSCT is the signed cert timestamp (RFC6962) of leaf cert
	TagCSCT Tag = 'C' + 'S'<<8 + 'C'<<16 + 'T'<<24
	// TagCOPT are the connection options
	TagCOPT Tag = 'C' + 'O'<<8 + 'P'<<16 + 'T'<<24
	// TagCFCW is the initial session/connection flow control receive window
	TagCFCW Tag = 'C' + 'F'<<8 + 'C'<<16 + 'W'<<24
	// TagSFCW is the initial stream flow control receive window.
	TagSFCW Tag = 'S' + 'F'<<8 + 'C'<<16 + 'W'<<24

	// TagSTK is the source-address token
	TagSTK Tag = 'S' + 'T'<<8 + 'K'<<16
	// TagSNO is the server nonce
	TagSNO Tag = 'S' + 'N'<<8 + 'O'<<16
	// TagPROF is the server proof
	TagPROF Tag = 'P' + 'R'<<8 + 'O'<<16 + 'F'<<24

	// TagNONC is the client nonce
	TagNONC Tag = 'N' + 'O'<<8 + 'N'<<16 + 'C'<<24

	// TagSCID is the server config ID
	TagSCID Tag = 'S' + 'C'<<8 + 'I'<<16 + 'D'<<24
	// TagKEXS is the list of key exchange algos
	TagKEXS Tag = 'K' + 'E'<<8 + 'X'<<16 + 'S'<<24
	// TagAEAD is the list of AEAD algos
	TagAEAD Tag = 'A' + 'E'<<8 + 'A'<<16 + 'D'<<24
	// TagPUBS is the public value for the KEX
	TagPUBS Tag = 'P' + 'U'<<8 + 'B'<<16 + 'S'<<24
	// TagOBIT is the client orbit
	TagOBIT Tag = 'O' + 'B'<<8 + 'I'<<16 + 'T'<<24
	// TagEXPY is the server config expiry
	TagEXPY Tag = 'E' + 'X'<<8 + 'P'<<16 + 'Y'<<24
	// TagCERT is the CERT data
	TagCERT Tag = 0xff545243

	// TagSHLO is the server hello
	TagSHLO Tag = 'S' + 'H'<<8 + 'L'<<16 + 'O'<<24

	// TagPRST is the public reset tag
	TagPRST Tag = 'P' + 'R'<<8 + 'S'<<16 + 'T'<<24
	// TagRSEQ is the public reset rejected packet number
	TagRSEQ Tag = 'R' + 'S'<<8 + 'E'<<16 + 'Q'<<24
	// TagRNON is the public reset nonce
	TagRNON Tag = 'R' + 'N'<<8 + 'O'<<16 + 'N'<<24
)

func ParseHandshakeMessage

func ParseHandshakeMessage(r utils.ReadStream) (Tag, map[Tag][]byte, error)

ParseHandshakeMessage reads a crypto message

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL