handshake

package

v0.20.1 Latest Latest Go to latest Published: Apr 3, 2021 License: MIT Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lucas-clemente/quic-go

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, ...) *[16]byte
func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, ...) (LongHeaderSealer, LongHeaderOpener)
type ConnWithVersion
type ConnectionState
type CryptoSetup
- func NewCryptoSetupClient(initialStream io.Writer, handshakeStream io.Writer, ...) (CryptoSetup, <-chan *wire.TransportParameters)
- func NewCryptoSetupServer(initialStream io.Writer, handshakeStream io.Writer, ...) CryptoSetup
type LongHeaderOpener
type LongHeaderSealer
type ShortHeaderOpener
type ShortHeaderSealer
type Token
type TokenGenerator
- func NewTokenGenerator(rand io.Reader) (*TokenGenerator, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level,
	// but the corresponding opener has not yet been initialized
	// This can happen when packets arrive out of order.
	ErrKeysNotYetAvailable = errors.New("CryptoSetup: keys at this encryption level not yet available")
	// ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level,
	// but the corresponding keys have already been dropped.
	ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped")
	// ErrDecryptionFailed is returned when the AEAD fails to open the packet.
	ErrDecryptionFailed = errors.New("decryption failed")
)

View Source

var KeyUpdateInterval uint64 = protocol.KeyUpdateInterval

KeyUpdateInterval is the maximum number of packets we send or receive before initiating a key update. It's a package-level variable to allow modifying it for testing purposes.

Functions ¶

func GetRetryIntegrityTag ¶ added in v0.15.0

func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, version protocol.VersionNumber) *[16]byte

GetRetryIntegrityTag calculates the integrity tag on a Retry packet

func NewInitialAEAD ¶ added in v0.11.0

func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v protocol.VersionNumber) (LongHeaderSealer, LongHeaderOpener)

NewInitialAEAD creates a new AEAD for Initial encryption / decryption.

Types ¶

type ConnWithVersion ¶ added in v0.19.0

type ConnWithVersion interface {
	net.Conn
	GetQUICVersion() protocol.VersionNumber
}

ConnWithVersion is the connection used in the ClientHelloInfo. It can be used to determine the QUIC version in use.

type ConnectionState ¶ added in v0.7.0

type ConnectionState = qtls.ConnectionState

ConnectionState contains information about the state of the connection.

type CryptoSetup ¶

type CryptoSetup interface {
	RunHandshake()
	io.Closer
	ChangeConnectionID(protocol.ConnectionID)
	GetSessionTicket() ([]byte, error)

	HandleMessage([]byte, protocol.EncryptionLevel) bool
	SetLargest1RTTAcked(protocol.PacketNumber) error
	SetHandshakeConfirmed()
	ConnectionState() ConnectionState

	GetInitialOpener() (LongHeaderOpener, error)
	GetHandshakeOpener() (LongHeaderOpener, error)
	Get0RTTOpener() (LongHeaderOpener, error)
	Get1RTTOpener() (ShortHeaderOpener, error)

	GetInitialSealer() (LongHeaderSealer, error)
	GetHandshakeSealer() (LongHeaderSealer, error)
	Get0RTTSealer() (LongHeaderSealer, error)
	Get1RTTSealer() (ShortHeaderSealer, error)
}

CryptoSetup handles the handshake and protecting / unprotecting packets

func NewCryptoSetupClient ¶

func NewCryptoSetupClient(
	initialStream io.Writer,
	handshakeStream io.Writer,
	connID protocol.ConnectionID,
	localAddr net.Addr,
	remoteAddr net.Addr,
	tp *wire.TransportParameters,
	runner handshakeRunner,
	tlsConf *tls.Config,
	enable0RTT bool,
	rttStats *utils.RTTStats,
	tracer logging.ConnectionTracer,
	logger utils.Logger,
	version protocol.VersionNumber,
) (CryptoSetup, <-chan *wire.TransportParameters)

NewCryptoSetupClient creates a new crypto setup for the client

func NewCryptoSetupServer ¶ added in v0.11.0

func NewCryptoSetupServer(
	initialStream io.Writer,
	handshakeStream io.Writer,
	connID protocol.ConnectionID,
	localAddr net.Addr,
	remoteAddr net.Addr,
	tp *wire.TransportParameters,
	runner handshakeRunner,
	tlsConf *tls.Config,
	enable0RTT bool,
	rttStats *utils.RTTStats,
	tracer logging.ConnectionTracer,
	logger utils.Logger,
	version protocol.VersionNumber,
) CryptoSetup

NewCryptoSetupServer creates a new crypto setup for the server

type LongHeaderOpener ¶ added in v0.12.0

type LongHeaderOpener interface {
	DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber
	Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error)
	// contains filtered or unexported methods
}

LongHeaderOpener opens a long header packet

type LongHeaderSealer ¶ added in v0.12.0

type LongHeaderSealer interface {
	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
	EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
	Overhead() int
}

LongHeaderSealer seals a long header packet

type ShortHeaderOpener ¶ added in v0.12.0

type ShortHeaderOpener interface {
	DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber
	Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error)
	// contains filtered or unexported methods
}

ShortHeaderOpener opens a short header packet

type ShortHeaderSealer ¶ added in v0.12.0

type ShortHeaderSealer interface {
	LongHeaderSealer
	KeyPhase() protocol.KeyPhaseBit
}

ShortHeaderSealer seals a short header packet

type Token ¶ added in v0.12.0

type Token struct {
	IsRetryToken bool
	RemoteAddr   string
	SentTime     time.Time
	// only set for retry tokens
	OriginalDestConnectionID protocol.ConnectionID
	RetrySrcConnectionID     protocol.ConnectionID
}

A Token is derived from the client address and can be used to verify the ownership of this address.

type TokenGenerator ¶ added in v0.12.0

type TokenGenerator struct {
	// contains filtered or unexported fields
}

A TokenGenerator generates tokens

func NewTokenGenerator ¶ added in v0.12.0

func NewTokenGenerator(rand io.Reader) (*TokenGenerator, error)

NewTokenGenerator initializes a new TookenGenerator

func (*TokenGenerator) DecodeToken ¶ added in v0.12.0

func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)

DecodeToken decodes a token

func (*TokenGenerator) NewRetryToken ¶ added in v0.12.0

func (g *TokenGenerator) NewRetryToken(
	raddr net.Addr,
	origDestConnID protocol.ConnectionID,
	retrySrcConnID protocol.ConnectionID,
) ([]byte, error)

NewRetryToken generates a new token for a Retry for a given source address

func (*TokenGenerator) NewToken ¶ added in v0.12.0

func (g *TokenGenerator) NewToken(raddr net.Addr) ([]byte, error)

NewToken generates a new token to be sent in a NEW_TOKEN frame

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL