quic-go: github.com/lucas-clemente/quic-go/internal/handshake Index | Files

package handshake

import "github.com/lucas-clemente/quic-go/internal/handshake"


Package Files

aead.go client_session_cache.go client_session_state.go crypto_setup.go header_protector.go initial_aead.go interface.go mockgen.go qtls.go retry.go session_ticket.go tls_extension_handler.go token_generator.go token_protector.go transport_parameters.go unsafe.go updatable_aead.go


var (
    // ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level,
    // but the corresponding opener has not yet been initialized
    // This can happen when packets arrive out of order.
    ErrKeysNotYetAvailable = errors.New("CryptoSetup: keys at this encryption level not yet available")
    // ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level,
    // but the corresponding keys have already been dropped.
    ErrKeysDropped = errors.New("CryptoSetup: keys were already dropped")
    // ErrDecryptionFailed is returned when the AEAD fails to open the packet.
    ErrDecryptionFailed = errors.New("decryption failed")

func GetRetryIntegrityTag Uses

func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte

GetRetryIntegrityTag calculates the integrity tag on a Retry packet

func NewInitialAEAD Uses

func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener)

NewInitialAEAD creates a new AEAD for Initial encryption / decryption.

type ConnectionState Uses

type ConnectionState = qtls.ConnectionState

ConnectionState contains information about the state of the connection.

type CryptoSetup Uses

type CryptoSetup interface {
    GetSessionTicket() ([]byte, error)

    HandleMessage([]byte, protocol.EncryptionLevel) bool
    ConnectionState() ConnectionState

    GetInitialOpener() (LongHeaderOpener, error)
    GetHandshakeOpener() (LongHeaderOpener, error)
    Get0RTTOpener() (LongHeaderOpener, error)
    Get1RTTOpener() (ShortHeaderOpener, error)

    GetInitialSealer() (LongHeaderSealer, error)
    GetHandshakeSealer() (LongHeaderSealer, error)
    Get0RTTSealer() (LongHeaderSealer, error)
    Get1RTTSealer() (ShortHeaderSealer, error)

CryptoSetup handles the handshake and protecting / unprotecting packets

func NewCryptoSetupClient Uses

func NewCryptoSetupClient(
    initialStream io.Writer,
    handshakeStream io.Writer,
    connID protocol.ConnectionID,
    localAddr net.Addr,
    remoteAddr net.Addr,
    tp *TransportParameters,
    runner handshakeRunner,
    tlsConf *tls.Config,
    enable0RTT bool,
    rttStats *congestion.RTTStats,
    logger utils.Logger,
) (CryptoSetup, <-chan *TransportParameters)

NewCryptoSetupClient creates a new crypto setup for the client

func NewCryptoSetupServer Uses

func NewCryptoSetupServer(
    initialStream io.Writer,
    handshakeStream io.Writer,
    connID protocol.ConnectionID,
    localAddr net.Addr,
    remoteAddr net.Addr,
    tp *TransportParameters,
    runner handshakeRunner,
    tlsConf *tls.Config,
    enable0RTT bool,
    rttStats *congestion.RTTStats,
    logger utils.Logger,
) CryptoSetup

NewCryptoSetupServer creates a new crypto setup for the server

type LongHeaderOpener Uses

type LongHeaderOpener interface {
    Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error)
    // contains filtered or unexported methods

LongHeaderOpener opens a long header packet

type LongHeaderSealer Uses

type LongHeaderSealer interface {
    Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
    EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
    Overhead() int

LongHeaderSealer seals a long header packet

type PreferredAddress Uses

type PreferredAddress struct {
    IPv4                net.IP
    IPv4Port            uint16
    IPv6                net.IP
    IPv6Port            uint16
    ConnectionID        protocol.ConnectionID
    StatelessResetToken [16]byte

PreferredAddress is the value encoding in the preferred_address transport parameter

type ShortHeaderOpener Uses

type ShortHeaderOpener interface {
    Open(dst, src []byte, rcvTime time.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error)
    // contains filtered or unexported methods

ShortHeaderOpener opens a short header packet

type ShortHeaderSealer Uses

type ShortHeaderSealer interface {
    KeyPhase() protocol.KeyPhaseBit

ShortHeaderSealer seals a short header packet

type Token Uses

type Token struct {
    IsRetryToken bool
    RemoteAddr   string
    SentTime     time.Time
    // only set for retry tokens
    OriginalDestConnectionID protocol.ConnectionID

A Token is derived from the client address and can be used to verify the ownership of this address.

type TokenGenerator Uses

type TokenGenerator struct {
    // contains filtered or unexported fields

A TokenGenerator generates tokens

func NewTokenGenerator Uses

func NewTokenGenerator() (*TokenGenerator, error)

NewTokenGenerator initializes a new TookenGenerator

func (*TokenGenerator) DecodeToken Uses

func (g *TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)

DecodeToken decodes a token

func (*TokenGenerator) NewRetryToken Uses

func (g *TokenGenerator) NewRetryToken(raddr net.Addr, origConnID protocol.ConnectionID) ([]byte, error)

NewRetryToken generates a new token for a Retry for a given source address

func (*TokenGenerator) NewToken Uses

func (g *TokenGenerator) NewToken(raddr net.Addr) ([]byte, error)

NewToken generates a new token to be sent in a NEW_TOKEN frame

type TransportParameters Uses

type TransportParameters struct {
    InitialMaxStreamDataBidiLocal  protocol.ByteCount
    InitialMaxStreamDataBidiRemote protocol.ByteCount
    InitialMaxStreamDataUni        protocol.ByteCount
    InitialMaxData                 protocol.ByteCount

    MaxAckDelay      time.Duration
    AckDelayExponent uint8

    DisableActiveMigration bool

    MaxPacketSize protocol.ByteCount

    MaxUniStreamNum  protocol.StreamNum
    MaxBidiStreamNum protocol.StreamNum

    MaxIdleTimeout time.Duration

    PreferredAddress *PreferredAddress

    StatelessResetToken     *[16]byte
    OriginalConnectionID    protocol.ConnectionID
    ActiveConnectionIDLimit uint64

TransportParameters are parameters sent to the peer during the handshake

func (*TransportParameters) Marshal Uses

func (p *TransportParameters) Marshal() []byte

Marshal the transport parameters

func (*TransportParameters) MarshalForSessionTicket Uses

func (p *TransportParameters) MarshalForSessionTicket(b *bytes.Buffer)

MarshalForSessionTicket marshals the transport parameters we save in the session ticket. When sending a 0-RTT enabled TLS session tickets, we need to save the transport parameters. The client will remember the transport parameters used in the last session, and apply those to the 0-RTT data it sends. Saving the transport parameters in the ticket gives the server the option to reject 0-RTT if the transport parameters changed. Since the session ticket is encrypted, the serialization format is defined by the server. For convenience, we use the same format that we also use for sending the transport parameters.

func (*TransportParameters) String Uses

func (p *TransportParameters) String() string

String returns a string representation, intended for logging.

func (*TransportParameters) Unmarshal Uses

func (p *TransportParameters) Unmarshal(data []byte, sentBy protocol.Perspective) error

Unmarshal the transport parameters

func (*TransportParameters) UnmarshalFromSessionTicket Uses

func (p *TransportParameters) UnmarshalFromSessionTicket(data []byte) error

UnmarshalFromSessionTicket unmarshals transport parameters from a session ticket.

func (*TransportParameters) ValidFor0RTT Uses

func (p *TransportParameters) ValidFor0RTT(tp *TransportParameters) bool

ValidFor0RTT checks if the transport parameters match those saved in the session ticket.

Package handshake imports 29 packages (graph) and is imported by 12 packages. Updated 2020-02-28. Refresh now. Tools for package owners.