Documentation
¶
Index ¶
- Variables
- func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte
- func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener)
- type ConnectionState
- type CryptoSetup
- type LongHeaderOpener
- type LongHeaderSealer
- type PreferredAddress
- type ShortHeaderOpener
- type ShortHeaderSealer
- type Token
- type TokenGenerator
- type TransportParameters
- func (p *TransportParameters) Marshal() []byte
- func (p *TransportParameters) MarshalForSessionTicket(b *bytes.Buffer)
- func (p *TransportParameters) String() string
- func (p *TransportParameters) Unmarshal(data []byte, sentBy protocol.Perspective) error
- func (p *TransportParameters) UnmarshalFromSessionTicket(data []byte) error
- func (p *TransportParameters) ValidFor0RTT(tp *TransportParameters) bool
Constants ¶
This section is empty.
Variables ¶
var ( // ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level, // but the corresponding opener has not yet been initialized // This can happen when packets arrive out of order. ErrKeysNotYetAvailable = errors.New("CryptoSetup: keys at this encryption level not yet available") // ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level, // but the corresponding keys have already been dropped. ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped") // ErrDecryptionFailed is returned when the AEAD fails to open the packet. ErrDecryptionFailed = errors.New("decryption failed") )
Functions ¶
func GetRetryIntegrityTag ¶
func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte
GetRetryIntegrityTag calculates the integrity tag on a Retry packet
func NewInitialAEAD ¶
func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener)
NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
Types ¶
type ConnectionState ¶
type ConnectionState = qtls.ConnectionState
ConnectionState contains information about the state of the connection.
type CryptoSetup ¶
type CryptoSetup interface {
RunHandshake()
io.Closer
ChangeConnectionID(protocol.ConnectionID)
GetSessionTicket() ([]byte, error)
HandleMessage([]byte, protocol.EncryptionLevel) bool
SetLargest1RTTAcked(protocol.PacketNumber)
DropHandshakeKeys()
ConnectionState() ConnectionState
GetInitialOpener() (LongHeaderOpener, error)
GetHandshakeOpener() (LongHeaderOpener, error)
Get0RTTOpener() (LongHeaderOpener, error)
Get1RTTOpener() (ShortHeaderOpener, error)
GetInitialSealer() (LongHeaderSealer, error)
GetHandshakeSealer() (LongHeaderSealer, error)
Get0RTTSealer() (LongHeaderSealer, error)
Get1RTTSealer() (ShortHeaderSealer, error)
}
CryptoSetup handles the handshake and protecting / unprotecting packets
func NewCryptoSetupClient ¶
func NewCryptoSetupClient( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, localAddr net.Addr, remoteAddr net.Addr, tp *TransportParameters, runner handshakeRunner, tlsConf *tls.Config, enable0RTT bool, rttStats *congestion.RTTStats, logger utils.Logger, ) (CryptoSetup, <-chan *TransportParameters)
NewCryptoSetupClient creates a new crypto setup for the client
func NewCryptoSetupServer ¶
func NewCryptoSetupServer( initialStream io.Writer, handshakeStream io.Writer, connID protocol.ConnectionID, localAddr net.Addr, remoteAddr net.Addr, tp *TransportParameters, runner handshakeRunner, tlsConf *tls.Config, enable0RTT bool, rttStats *congestion.RTTStats, logger utils.Logger, ) CryptoSetup
NewCryptoSetupServer creates a new crypto setup for the server
type LongHeaderOpener ¶
type LongHeaderOpener interface {
Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error)
// contains filtered or unexported methods
}
LongHeaderOpener opens a long header packet
type LongHeaderSealer ¶
type LongHeaderSealer interface {
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
Overhead() int
}
LongHeaderSealer seals a long header packet
type PreferredAddress ¶
type PreferredAddress struct {
IPv4 net.IP
IPv4Port uint16
IPv6 net.IP
IPv6Port uint16
ConnectionID protocol.ConnectionID
StatelessResetToken [16]byte
}
PreferredAddress is the value encoding in the preferred_address transport parameter
type ShortHeaderOpener ¶
type ShortHeaderOpener interface {
Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error)
// contains filtered or unexported methods
}
ShortHeaderOpener opens a short header packet
type ShortHeaderSealer ¶
type ShortHeaderSealer interface {
LongHeaderSealer
KeyPhase() protocol.KeyPhaseBit
}
ShortHeaderSealer seals a short header packet
type Token ¶
type Token struct {
IsRetryToken bool
RemoteAddr string
SentTime time.Time
// only set for retry tokens
OriginalDestConnectionID protocol.ConnectionID
}
A Token is derived from the client address and can be used to verify the ownership of this address.
type TokenGenerator ¶
type TokenGenerator struct {
// contains filtered or unexported fields
}
A TokenGenerator generates tokens
func NewTokenGenerator ¶
func NewTokenGenerator() (*TokenGenerator, error)
NewTokenGenerator initializes a new TookenGenerator
func (*TokenGenerator) DecodeToken ¶
func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)
DecodeToken decodes a token
func (*TokenGenerator) NewRetryToken ¶
func (g *TokenGenerator) NewRetryToken(raddr net.Addr, origConnID protocol.ConnectionID) ([]byte, error)
NewRetryToken generates a new token for a Retry for a given source address
type TransportParameters ¶
type TransportParameters struct {
InitialMaxStreamDataBidiLocal protocol.ByteCount
InitialMaxStreamDataBidiRemote protocol.ByteCount
InitialMaxStreamDataUni protocol.ByteCount
InitialMaxData protocol.ByteCount
MaxAckDelay time.Duration
AckDelayExponent uint8
DisableActiveMigration bool
MaxPacketSize protocol.ByteCount
MaxUniStreamNum protocol.StreamNum
MaxBidiStreamNum protocol.StreamNum
MaxIdleTimeout time.Duration
PreferredAddress *PreferredAddress
StatelessResetToken *[16]byte
OriginalConnectionID protocol.ConnectionID
ActiveConnectionIDLimit uint64
}
TransportParameters are parameters sent to the peer during the handshake
func (*TransportParameters) Marshal ¶
func (p *TransportParameters) Marshal() []byte
Marshal the transport parameters
func (*TransportParameters) MarshalForSessionTicket ¶
func (p *TransportParameters) MarshalForSessionTicket(b *bytes.Buffer)
MarshalForSessionTicket marshals the transport parameters we save in the session ticket. When sending a 0-RTT enabled TLS session tickets, we need to save the transport parameters. The client will remember the transport parameters used in the last session, and apply those to the 0-RTT data it sends. Saving the transport parameters in the ticket gives the server the option to reject 0-RTT if the transport parameters changed. Since the session ticket is encrypted, the serialization format is defined by the server. For convenience, we use the same format that we also use for sending the transport parameters.
func (*TransportParameters) String ¶
func (p *TransportParameters) String() string
String returns a string representation, intended for logging.
func (*TransportParameters) Unmarshal ¶
func (p *TransportParameters) Unmarshal(data []byte, sentBy protocol.Perspective) error
Unmarshal the transport parameters
func (*TransportParameters) UnmarshalFromSessionTicket ¶
func (p *TransportParameters) UnmarshalFromSessionTicket(data []byte) error
UnmarshalFromSessionTicket unmarshals transport parameters from a session ticket.
func (*TransportParameters) ValidFor0RTT ¶
func (p *TransportParameters) ValidFor0RTT(tp *TransportParameters) bool
ValidFor0RTT checks if the transport parameters match those saved in the session ticket.
Source Files