Documentation ¶
Index ¶
- Variables
- func WriteHandshakeMessage(b *bytes.Buffer, messageTag Tag, data map[Tag][]byte)
- type ConnectionParametersManager
- func (h *ConnectionParametersManager) GetIdleConnectionStateLifetime() time.Duration
- func (h *ConnectionParametersManager) GetMaxStreamsPerConnection() uint32
- func (h *ConnectionParametersManager) GetReceiveConnectionFlowControlWindow() protocol.ByteCount
- func (h *ConnectionParametersManager) GetReceiveStreamFlowControlWindow() protocol.ByteCount
- func (h *ConnectionParametersManager) GetSHLOMap() map[Tag][]byte
- func (h *ConnectionParametersManager) GetSendConnectionFlowControlWindow() protocol.ByteCount
- func (h *ConnectionParametersManager) GetSendStreamFlowControlWindow() protocol.ByteCount
- func (h *ConnectionParametersManager) SetFromMap(params map[Tag][]byte) error
- func (h *ConnectionParametersManager) TruncateConnectionID() bool
- type CryptoSetup
- func (h *CryptoSetup) DiversificationNonce() []byte
- func (h *CryptoSetup) HandleCryptoStream() error
- func (h *CryptoSetup) LockForSealing()
- func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error)
- func (h *CryptoSetup) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte
- func (h *CryptoSetup) UnlockForSealing()
- type KeyDerivationFunction
- type KeyExchangeFunction
- type ServerConfig
- type Tag
Constants ¶
This section is empty.
Variables ¶
var ( ErrMalformedTag = qerr.Error(qerr.InvalidCryptoMessageParameter, "malformed Tag value") ErrFlowControlRenegotiationNotSupported = qerr.Error(qerr.InvalidCryptoMessageParameter, "renegotiation of flow control parameters not supported") )
ErrMalformedTag is returned when the tag value cannot be read
Functions ¶
Types ¶
type ConnectionParametersManager ¶
type ConnectionParametersManager struct {
// contains filtered or unexported fields
}
ConnectionParametersManager stores the connection parameters Warning: Writes may only be done from the crypto stream, see the comment in GetSHLOMap().
func NewConnectionParamatersManager ¶
func NewConnectionParamatersManager() *ConnectionParametersManager
NewConnectionParamatersManager creates a new connection parameters manager
func (*ConnectionParametersManager) GetIdleConnectionStateLifetime ¶
func (h *ConnectionParametersManager) GetIdleConnectionStateLifetime() time.Duration
GetIdleConnectionStateLifetime gets the idle timeout
func (*ConnectionParametersManager) GetMaxStreamsPerConnection ¶
func (h *ConnectionParametersManager) GetMaxStreamsPerConnection() uint32
GetMaxStreamsPerConnection gets the maximum number of streams per connection
func (*ConnectionParametersManager) GetReceiveConnectionFlowControlWindow ¶
func (h *ConnectionParametersManager) GetReceiveConnectionFlowControlWindow() protocol.ByteCount
GetReceiveConnectionFlowControlWindow gets the size of the stream-level flow control window for receiving data
func (*ConnectionParametersManager) GetReceiveStreamFlowControlWindow ¶
func (h *ConnectionParametersManager) GetReceiveStreamFlowControlWindow() protocol.ByteCount
GetReceiveStreamFlowControlWindow gets the size of the stream-level flow control window for receiving data
func (*ConnectionParametersManager) GetSHLOMap ¶
func (h *ConnectionParametersManager) GetSHLOMap() map[Tag][]byte
GetSHLOMap gets all values (except crypto values) needed for the SHLO
func (*ConnectionParametersManager) GetSendConnectionFlowControlWindow ¶
func (h *ConnectionParametersManager) GetSendConnectionFlowControlWindow() protocol.ByteCount
GetSendConnectionFlowControlWindow gets the size of the stream-level flow control window for sending data
func (*ConnectionParametersManager) GetSendStreamFlowControlWindow ¶
func (h *ConnectionParametersManager) GetSendStreamFlowControlWindow() protocol.ByteCount
GetSendStreamFlowControlWindow gets the size of the stream-level flow control window for sending data
func (*ConnectionParametersManager) SetFromMap ¶
func (h *ConnectionParametersManager) SetFromMap(params map[Tag][]byte) error
SetFromMap reads all params
func (*ConnectionParametersManager) TruncateConnectionID ¶
func (h *ConnectionParametersManager) TruncateConnectionID() bool
TruncateConnectionID determines if the client requests truncated ConnectionIDs
type CryptoSetup ¶
type CryptoSetup struct {
// contains filtered or unexported fields
}
The CryptoSetup handles all things crypto for the Session
func NewCryptoSetup ¶
func NewCryptoSetup( connID protocol.ConnectionID, ip net.IP, version protocol.VersionNumber, scfg *ServerConfig, cryptoStream utils.Stream, connectionParametersManager *ConnectionParametersManager, aeadChanged chan struct{}, ) (*CryptoSetup, error)
NewCryptoSetup creates a new CryptoSetup instance
func (*CryptoSetup) DiversificationNonce ¶
func (h *CryptoSetup) DiversificationNonce() []byte
DiversificationNonce returns a diversification nonce if required in the next packet to be Seal'ed. See LockForSealing()!
func (*CryptoSetup) HandleCryptoStream ¶
func (h *CryptoSetup) HandleCryptoStream() error
HandleCryptoStream reads and writes messages on the crypto stream
func (*CryptoSetup) LockForSealing ¶
func (h *CryptoSetup) LockForSealing()
LockForSealing should be called before Seal(). It is needed so that diversification nonces can be obtained before packets are sealed, and the AEADs are not changed in the meantime.
func (*CryptoSetup) Open ¶
func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error)
Open a message
func (*CryptoSetup) Seal ¶
func (h *CryptoSetup) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte
Seal a message, call LockForSealing() before!
func (*CryptoSetup) UnlockForSealing ¶
func (h *CryptoSetup) UnlockForSealing()
UnlockForSealing should be called after Seal() is complete, see LockForSealing().
type KeyDerivationFunction ¶
type KeyDerivationFunction func(version protocol.VersionNumber, forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (crypto.AEAD, error)
KeyDerivationFunction is used for key derivation
type KeyExchangeFunction ¶
type KeyExchangeFunction func() (crypto.KeyExchange, error)
KeyExchangeFunction is used to make a new KEX
type ServerConfig ¶
type ServerConfig struct { ID []byte // contains filtered or unexported fields }
ServerConfig is a server config
func NewServerConfig ¶
func NewServerConfig(kex crypto.KeyExchange, signer crypto.Signer) (*ServerConfig, error)
NewServerConfig creates a new server config
func (*ServerConfig) Get ¶
func (s *ServerConfig) Get() []byte
Get the server config binary representation
func (*ServerConfig) GetCertsCompressed ¶
func (s *ServerConfig) GetCertsCompressed(sni string, commonSetHashes, compressedHashes []byte) ([]byte, error)
GetCertsCompressed returns the certificate data
type Tag ¶
type Tag uint32
A Tag in the QUIC crypto
const ( // TagCHLO is a client hello TagCHLO Tag = 'C' + 'H'<<8 + 'L'<<16 + 'O'<<24 // TagREJ is a server hello rejection TagREJ Tag = 'R' + 'E'<<8 + 'J'<<16 // TagSCFG is a server config TagSCFG Tag = 'S' + 'C'<<8 + 'F'<<16 + 'G'<<24 // TagPAD is padding TagPAD Tag = 'P' + 'A'<<8 + 'D'<<16 // TagSNI is the server name indication TagSNI Tag = 'S' + 'N'<<8 + 'I'<<16 // TagVER is the QUIC version TagVER Tag = 'V' + 'E'<<8 + 'R'<<16 // TagCCS are the hashes of the common certificate sets TagCCS Tag = 'C' + 'C'<<8 + 'S'<<16 // TagCCRT are the hashes of the cached certificates TagCCRT Tag = 'C' + 'C'<<8 + 'R'<<16 + 'T'<<24 // TagMSPC is max streams per connection TagMSPC Tag = 'M' + 'S'<<8 + 'P'<<16 + 'C'<<24 // TagUAID is the user agent ID TagUAID Tag = 'U' + 'A'<<8 + 'I'<<16 + 'D'<<24 // TagTCID is truncation of the connection ID TagTCID Tag = 'T' + 'C'<<8 + 'I'<<16 + 'D'<<24 // TagPDMD is the proof demand TagPDMD Tag = 'P' + 'D'<<8 + 'M'<<16 + 'D'<<24 // TagSRBF is the socket receive buffer TagSRBF Tag = 'S' + 'R'<<8 + 'B'<<16 + 'F'<<24 // TagICSL is the idle connection state lifetime TagICSL Tag = 'I' + 'C'<<8 + 'S'<<16 + 'L'<<24 // TagNONP is the client proof nonce TagNONP Tag = 'N' + 'O'<<8 + 'N'<<16 + 'P'<<24 // TagSCLS is the silently close timeout TagSCLS Tag = 'S' + 'C'<<8 + 'L'<<16 + 'S'<<24 // TagCSCT is the signed cert timestamp (RFC6962) of leaf cert TagCSCT Tag = 'C' + 'S'<<8 + 'C'<<16 + 'T'<<24 // TagCOPT are the connection options TagCOPT Tag = 'C' + 'O'<<8 + 'P'<<16 + 'T'<<24 // TagCFCW is the initial session/connection flow control receive window TagCFCW Tag = 'C' + 'F'<<8 + 'C'<<16 + 'W'<<24 // TagSFCW is the initial stream flow control receive window. TagSFCW Tag = 'S' + 'F'<<8 + 'C'<<16 + 'W'<<24 // TagSTK is the source-address token TagSTK Tag = 'S' + 'T'<<8 + 'K'<<16 // TagSNO is the server nonce TagSNO Tag = 'S' + 'N'<<8 + 'O'<<16 // TagPROF is the server proof TagPROF Tag = 'P' + 'R'<<8 + 'O'<<16 + 'F'<<24 // TagNONC is the client nonce TagNONC Tag = 'N' + 'O'<<8 + 'N'<<16 + 'C'<<24 // TagSCID is the server config ID TagSCID Tag = 'S' + 'C'<<8 + 'I'<<16 + 'D'<<24 // TagKEXS is the list of key exchange algos TagKEXS Tag = 'K' + 'E'<<8 + 'X'<<16 + 'S'<<24 // TagAEAD is the list of AEAD algos TagAEAD Tag = 'A' + 'E'<<8 + 'A'<<16 + 'D'<<24 // TagPUBS is the public value for the KEX TagPUBS Tag = 'P' + 'U'<<8 + 'B'<<16 + 'S'<<24 // TagOBIT is the client orbit TagOBIT Tag = 'O' + 'B'<<8 + 'I'<<16 + 'T'<<24 // TagEXPY is the server config expiry TagEXPY Tag = 'E' + 'X'<<8 + 'P'<<16 + 'Y'<<24 // TagCERT is the CERT data TagCERT Tag = 0xff545243 // TagSHLO is the server hello TagSHLO Tag = 'S' + 'H'<<8 + 'L'<<16 + 'O'<<24 // TagPRST is the public reset tag TagPRST Tag = 'P' + 'R'<<8 + 'S'<<16 + 'T'<<24 // TagRSEQ is the public reset rejected packet number TagRSEQ Tag = 'R' + 'S'<<8 + 'E'<<16 + 'Q'<<24 // TagRNON is the public reset nonce TagRNON Tag = 'R' + 'N'<<8 + 'O'<<16 + 'N'<<24 )
func ParseHandshakeMessage ¶
ParseHandshakeMessage reads a crypto message