handshake

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 1, 2019 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrOpenerNotYetAvailable is returned when an opener is requested for an encryption level,
	// but the corresponding opener has not yet been initialized
	// This can happen when packets arrive out of order.
	ErrOpenerNotYetAvailable = errors.New("CryptoSetup: opener at this encryption level not yet available")
	// ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level,
	// but the corresponding keys have already been dropped.
	ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped")
	// ErrDecryptionFailed is returned when the AEAD fails to open the packet.
	ErrDecryptionFailed = errors.New("decryption failed")
)

Functions

func NewInitialAEAD 

func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener)

NewInitialAEAD creates a new AEAD for Initial encryption / decryption.

Types

type CryptoSetup 

type CryptoSetup interface {
	RunHandshake()
	io.Closer
	ChangeConnectionID(protocol.ConnectionID)

	HandleMessage([]byte, protocol.EncryptionLevel) bool
	SetLargest1RTTAcked(protocol.PacketNumber)
	ConnectionState() tls.ConnectionState

	GetInitialOpener() (LongHeaderOpener, error)
	GetHandshakeOpener() (LongHeaderOpener, error)
	Get1RTTOpener() (ShortHeaderOpener, error)

	GetInitialSealer() (LongHeaderSealer, error)
	GetHandshakeSealer() (LongHeaderSealer, error)
	Get1RTTSealer() (ShortHeaderSealer, error)
}

CryptoSetup handles the handshake and protecting / unprotecting packets

func NewCryptoSetupClient 

func NewCryptoSetupClient(
	initialStream io.Writer,
	handshakeStream io.Writer,
	oneRTTStream io.Writer,
	connID protocol.ConnectionID,
	remoteAddr net.Addr,
	tp *TransportParameters,
	runner handshakeRunner,
	tlsConf *tls.Config,
	rttStats *congestion.RTTStats,
	logger utils.Logger,
) (CryptoSetup, <-chan struct{})

NewCryptoSetupClient creates a new crypto setup for the client

func NewCryptoSetupServer 

func NewCryptoSetupServer(
	initialStream io.Writer,
	handshakeStream io.Writer,
	oneRTTStream io.Writer,
	connID protocol.ConnectionID,
	remoteAddr net.Addr,
	tp *TransportParameters,
	runner handshakeRunner,
	tlsConf *tls.Config,
	rttStats *congestion.RTTStats,
	logger utils.Logger,
) CryptoSetup

NewCryptoSetupServer creates a new crypto setup for the server

type LongHeaderOpener 

type LongHeaderOpener interface {
	Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error)
	// contains filtered or unexported methods
}

LongHeaderOpener opens a long header packet

type LongHeaderSealer 

type LongHeaderSealer interface {
	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
	EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
	Overhead() int
}

LongHeaderSealer seals a long header packet

type ShortHeaderOpener 

type ShortHeaderOpener interface {
	Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error)
	// contains filtered or unexported methods
}

ShortHeaderOpener opens a short header packet

type ShortHeaderSealer 

type ShortHeaderSealer interface {
	LongHeaderSealer
	KeyPhase() protocol.KeyPhaseBit
}

ShortHeaderSealer seals a short header packet

type Token 

type Token struct {
	IsRetryToken bool
	RemoteAddr   string
	SentTime     time.Time
	// only set for retry tokens
	OriginalDestConnectionID protocol.ConnectionID
}

A Token is derived from the client address and can be used to verify the ownership of this address.

type TokenGenerator 

type TokenGenerator struct {
	// contains filtered or unexported fields
}

A TokenGenerator generates tokens

func NewTokenGenerator 

func NewTokenGenerator() (*TokenGenerator, error)

NewTokenGenerator initializes a new TookenGenerator

func (*TokenGenerator) DecodeToken 

func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)

DecodeToken decodes a token

func (*TokenGenerator) NewRetryToken 

func (g *TokenGenerator) NewRetryToken(raddr net.Addr, origConnID protocol.ConnectionID) ([]byte, error)

NewRetryToken generates a new token for a Retry for a given source address

func (*TokenGenerator) NewToken 

func (g *TokenGenerator) NewToken(raddr net.Addr) ([]byte, error)

NewToken generates a new token to be sent in a NEW_TOKEN frame

type TransportParameters 

type TransportParameters struct {
	InitialMaxStreamDataBidiLocal  protocol.ByteCount
	InitialMaxStreamDataBidiRemote protocol.ByteCount
	InitialMaxStreamDataUni        protocol.ByteCount
	InitialMaxData                 protocol.ByteCount

	MaxAckDelay      time.Duration
	AckDelayExponent uint8

	DisableMigration bool

	MaxPacketSize protocol.ByteCount

	MaxUniStreamNum  protocol.StreamNum
	MaxBidiStreamNum protocol.StreamNum

	IdleTimeout time.Duration

	StatelessResetToken  *[16]byte
	OriginalConnectionID protocol.ConnectionID
}

TransportParameters are parameters sent to the peer during the handshake

func (*TransportParameters) Marshal 

func (p *TransportParameters) Marshal() []byte

Marshal the transport parameters

func (*TransportParameters) String 

func (p *TransportParameters) String() string

String returns a string representation, intended for logging.

func (*TransportParameters) Unmarshal 

func (p *TransportParameters) Unmarshal(data []byte, sentBy protocol.Perspective) error

Unmarshal the transport parameters

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.