Documentation ¶
Index ¶
- Variables
- func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, ...) *[16]byte
- func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, ...) (LongHeaderSealer, LongHeaderOpener)
- type ConnectionState
- type CryptoSetup
- type LongHeaderOpener
- type LongHeaderSealer
- type ShortHeaderOpener
- type ShortHeaderSealer
- type Token
- type TokenGenerator
Constants ¶
This section is empty.
Variables ¶
var ( // ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level, // but the corresponding opener has not yet been initialized // This can happen when packets arrive out of order. ErrKeysNotYetAvailable = errors.New("CryptoSetup: keys at this encryption level not yet available") // ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level, // but the corresponding keys have already been dropped. ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped") // ErrDecryptionFailed is returned when the AEAD fails to open the packet. ErrDecryptionFailed = errors.New("decryption failed") )
var FirstKeyUpdateInterval uint64 = 100
FirstKeyUpdateInterval is the maximum number of packets we send or receive before initiating the first key update. It's a package-level variable to allow modifying it for testing purposes.
var KeyUpdateInterval uint64 = protocol.KeyUpdateInterval
KeyUpdateInterval is the maximum number of packets we send or receive before initiating a key update. It's a package-level variable to allow modifying it for testing purposes.
var QUICVersionContextKey = &quicVersionContextKey{}
Functions ¶
func GetRetryIntegrityTag ¶ added in v0.32.0
func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, version protocol.VersionNumber) *[16]byte
GetRetryIntegrityTag calculates the integrity tag on a Retry packet
func NewInitialAEAD ¶ added in v0.32.0
func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v protocol.VersionNumber) (LongHeaderSealer, LongHeaderOpener)
NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
Types ¶
type ConnectionState ¶ added in v0.7.0
type ConnectionState = qtls.ConnectionState
ConnectionState contains information about the state of the connection.
type CryptoSetup ¶
type CryptoSetup interface { RunHandshake() io.Closer ChangeConnectionID(protocol.ConnectionID) GetSessionTicket() ([]byte, error) HandleMessage([]byte, protocol.EncryptionLevel) bool SetLargest1RTTAcked(protocol.PacketNumber) error SetHandshakeConfirmed() ConnectionState() ConnectionState GetInitialOpener() (LongHeaderOpener, error) GetHandshakeOpener() (LongHeaderOpener, error) Get0RTTOpener() (LongHeaderOpener, error) Get1RTTOpener() (ShortHeaderOpener, error) GetInitialSealer() (LongHeaderSealer, error) GetHandshakeSealer() (LongHeaderSealer, error) Get0RTTSealer() (LongHeaderSealer, error) Get1RTTSealer() (ShortHeaderSealer, error) }
CryptoSetup handles the handshake and protecting / unprotecting packets
func NewCryptoSetupClient ¶
func NewCryptoSetupClient( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, localAddr net.Addr, remoteAddr net.Addr, tp *wire.TransportParameters, runner handshakeRunner, tlsConf *tls.Config, enable0RTT bool, rttStats *utils.RTTStats, tracer logging.ConnectionTracer, logger utils.Logger, version protocol.VersionNumber, ) (CryptoSetup, <-chan *wire.TransportParameters)
NewCryptoSetupClient creates a new crypto setup for the client
func NewCryptoSetupServer ¶ added in v0.32.0
func NewCryptoSetupServer( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, localAddr net.Addr, remoteAddr net.Addr, tp *wire.TransportParameters, runner handshakeRunner, tlsConf *tls.Config, allow0RTT func() bool, rttStats *utils.RTTStats, tracer logging.ConnectionTracer, logger utils.Logger, version protocol.VersionNumber, ) CryptoSetup
NewCryptoSetupServer creates a new crypto setup for the server
type LongHeaderOpener ¶ added in v0.32.0
type LongHeaderOpener interface { DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error) // contains filtered or unexported methods }
LongHeaderOpener opens a long header packet
type LongHeaderSealer ¶ added in v0.32.0
type LongHeaderSealer interface { Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte) Overhead() int }
LongHeaderSealer seals a long header packet
type ShortHeaderOpener ¶ added in v0.32.0
type ShortHeaderOpener interface { DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error) // contains filtered or unexported methods }
ShortHeaderOpener opens a short header packet
type ShortHeaderSealer ¶ added in v0.32.0
type ShortHeaderSealer interface { LongHeaderSealer KeyPhase() protocol.KeyPhaseBit }
ShortHeaderSealer seals a short header packet
type Token ¶ added in v0.32.0
type Token struct { IsRetryToken bool SentTime time.Time // only set for retry tokens OriginalDestConnectionID protocol.ConnectionID RetrySrcConnectionID protocol.ConnectionID // contains filtered or unexported fields }
A Token is derived from the client address and can be used to verify the ownership of this address.
type TokenGenerator ¶ added in v0.32.0
type TokenGenerator struct {
// contains filtered or unexported fields
}
A TokenGenerator generates tokens
func NewTokenGenerator ¶ added in v0.32.0
func NewTokenGenerator(rand io.Reader) (*TokenGenerator, error)
NewTokenGenerator initializes a new TookenGenerator
func (*TokenGenerator) DecodeToken ¶ added in v0.32.0
func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)
DecodeToken decodes a token
func (*TokenGenerator) NewRetryToken ¶ added in v0.32.0
func (g *TokenGenerator) NewRetryToken( raddr net.Addr, origDestConnID protocol.ConnectionID, retrySrcConnID protocol.ConnectionID, ) ([]byte, error)
NewRetryToken generates a new token for a Retry for a given source address