package handshake

Import Path
	github.com/quic-go/quic-go/internal/handshake (on go.dev)

Dependency Relation
	imports 29 packages, and imported by one package

Involved Source Files

	    aead.go
	    cipher_suite.go
	    crypto_setup.go
	    fake_conn.go
	    header_protector.go
	    hkdf.go
	    initial_aead.go
	    interface.go
	    retry.go
	    session_ticket.go
	    tls_config.go
	    token_generator.go
	    token_protector.go
	    updatable_aead.go
Package-Level Type Names (total 11)

	/* sort by: alphabet | popularity */
	 type ConnectionState (struct)

		Fields (total 16)
			ConnectionState tls.ConnectionState
			ConnectionState.CipherSuite uint16
				CipherSuite is the cipher suite negotiated for the connection (e.g.
				TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_AES_128_GCM_SHA256).

			ConnectionState.CurveID tls.CurveID
				CurveID is the key exchange mechanism used for the connection. The name
				refers to elliptic curves for legacy reasons, see [CurveID]. If a legacy
				RSA key exchange is used, this value is zero.

			ConnectionState.DidResume bool
				DidResume is true if this connection was successfully resumed from a
				previous session with a session ticket or similar mechanism.

			ConnectionState.ECHAccepted bool
				ECHAccepted indicates if Encrypted Client Hello was offered by the client
				and accepted by the server. Currently, ECH is supported only on the
				client side.

			ConnectionState.HandshakeComplete bool
				HandshakeComplete is true if the handshake has concluded.

			ConnectionState.NegotiatedProtocol string
				NegotiatedProtocol is the application protocol negotiated with ALPN.

			ConnectionState.NegotiatedProtocolIsMutual bool
				NegotiatedProtocolIsMutual used to indicate a mutual NPN negotiation.
				
				Deprecated: this value is always true.

			ConnectionState.OCSPResponse []byte
				OCSPResponse is a stapled Online Certificate Status Protocol (OCSP)
				response provided by the peer for the leaf certificate, if any.

			ConnectionState.PeerCertificates []*x509.Certificate
				PeerCertificates are the parsed certificates sent by the peer, in the
				order in which they were sent. The first element is the leaf certificate
				that the connection is verified against.
				
				On the client side, it can't be empty. On the server side, it can be
				empty if Config.ClientAuth is not RequireAnyClientCert or
				RequireAndVerifyClientCert.
				
				PeerCertificates and its contents should not be modified.

			ConnectionState.ServerName string
				ServerName is the value of the Server Name Indication extension sent by
				the client. It's available both on the server and on the client side.

			ConnectionState.SignedCertificateTimestamps [][]byte
				SignedCertificateTimestamps is a list of SCTs provided by the peer
				through the TLS handshake for the leaf certificate, if any.

			ConnectionState.TLSUnique []byte
				TLSUnique contains the "tls-unique" channel binding value (see RFC 5929,
				Section 3). This value will be nil for TLS 1.3 connections and for
				resumed connections that don't support Extended Master Secret (RFC 7627).

			ConnectionState.VerifiedChains [][]*x509.Certificate
				VerifiedChains is a list of one or more chains where the first element is
				PeerCertificates[0] and the last element is from Config.RootCAs (on the
				client side) or Config.ClientCAs (on the server side).
				
				On the client side, it's set if Config.InsecureSkipVerify is false. On
				the server side, it's set if Config.ClientAuth is VerifyClientCertIfGiven
				(and the peer provided a certificate) or RequireAndVerifyClientCert.
				
				VerifiedChains and its contents should not be modified.

			ConnectionState.Version uint16
				Version is the TLS version used by the connection (e.g. VersionTLS12).

			Used0RTT bool
		Methods (only one)
			(*ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)
				ExportKeyingMaterial returns length bytes of exported key material in a new
				slice as defined in RFC 5705. If context is nil, it is not used as part of
				the seed. If the connection was set to allow renegotiation via
				Config.Renegotiation, or if the connections supports neither TLS 1.3 nor
				Extended Master Secret, this function will return an error.
				
				Exporting key material without Extended Master Secret or TLS 1.3 was disabled
				in Go 1.22 due to security issues (see the Security Considerations sections
				of RFC 5705 and RFC 7627), but can be re-enabled with the GODEBUG setting
				tlsunsafeekm=1.

		Implements (at least one exported)
			*ConnectionState : github.com/pion/srtp/v3.KeyingMaterialExporter
		As Outputs Of (at least one exported)
			func CryptoSetup.ConnectionState() ConnectionState

	 type CryptoSetup (interface)
		CryptoSetup handles the handshake and protecting / unprotecting packets

		Methods (total 18)
			( CryptoSetup) ChangeConnectionID(protocol.ConnectionID)
			( CryptoSetup) Close() error
			( CryptoSetup) ConnectionState() ConnectionState
			( CryptoSetup) DiscardInitialKeys()
			( CryptoSetup) Get0RTTOpener() (LongHeaderOpener, error)
			( CryptoSetup) Get0RTTSealer() (LongHeaderSealer, error)
			( CryptoSetup) Get1RTTOpener() (ShortHeaderOpener, error)
			( CryptoSetup) Get1RTTSealer() (ShortHeaderSealer, error)
			( CryptoSetup) GetHandshakeOpener() (LongHeaderOpener, error)
			( CryptoSetup) GetHandshakeSealer() (LongHeaderSealer, error)
			( CryptoSetup) GetInitialOpener() (LongHeaderOpener, error)
			( CryptoSetup) GetInitialSealer() (LongHeaderSealer, error)
			( CryptoSetup) GetSessionTicket() ([]byte, error)
			( CryptoSetup) HandleMessage([]byte, protocol.EncryptionLevel) error
			( CryptoSetup) NextEvent() Event
			( CryptoSetup) SetHandshakeConfirmed()
			( CryptoSetup) SetLargest1RTTAcked(protocol.PacketNumber) error
			( CryptoSetup) StartHandshake(context.Context) error
		Implements (at least 2)
			 CryptoSetup : github.com/prometheus/common/expfmt.Closer
			 CryptoSetup : io.Closer
		As Outputs Of (at least 2)
			func NewCryptoSetupClient(connID protocol.ConnectionID, tp *wire.TransportParameters, tlsConf *tls.Config, enable0RTT bool, rttStats *utils.RTTStats, qlogger qlogwriter.Recorder, logger utils.Logger, version protocol.Version) CryptoSetup
			func NewCryptoSetupServer(connID protocol.ConnectionID, localAddr, remoteAddr net.Addr, tp *wire.TransportParameters, tlsConf *tls.Config, allow0RTT bool, rttStats *utils.RTTStats, qlogger qlogwriter.Recorder, logger utils.Logger, version protocol.Version) CryptoSetup

	 type Event (struct)
		Event is a handshake event.

		Fields (total 3)
			Data []byte
			Kind EventKind
			TransportParameters *wire.TransportParameters
		As Outputs Of (at least one exported)
			func CryptoSetup.NextEvent() Event

	 type EventKind uint8 (basic type)
		EventKind is the kind of handshake event.

		Methods (only one)
			( EventKind) String() string
		Implements (at least 2)
			 EventKind : expvar.Var
			 EventKind : fmt.Stringer
		As Types Of (total 8)
			const EventDiscard0RTTKeys
			const EventHandshakeComplete
			const EventNoEvent
			const EventReceivedReadKeys
			const EventReceivedTransportParameters
			const EventRestoredTransportParameters
			const EventWriteHandshakeData
			const EventWriteInitialData

	 type LongHeaderOpener (interface)
		LongHeaderOpener opens a long header packet

		Methods (total 3)
			( LongHeaderOpener) DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber
			( LongHeaderOpener) DecryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
			( LongHeaderOpener) Open(dst, src []byte, pn protocol.PacketNumber, associatedData []byte) ([]byte, error)
		As Outputs Of (at least 4)
			func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v protocol.Version) (LongHeaderSealer, LongHeaderOpener)
			func CryptoSetup.Get0RTTOpener() (LongHeaderOpener, error)
			func CryptoSetup.GetHandshakeOpener() (LongHeaderOpener, error)
			func CryptoSetup.GetInitialOpener() (LongHeaderOpener, error)

	 type LongHeaderSealer (interface)
		LongHeaderSealer seals a long header packet

		Methods (total 3)
			( LongHeaderSealer) EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
			( LongHeaderSealer) Overhead() int
			( LongHeaderSealer) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
		Implemented By (at least one exported)
			 ShortHeaderSealer (interface)
		As Outputs Of (at least 4)
			func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v protocol.Version) (LongHeaderSealer, LongHeaderOpener)
			func CryptoSetup.Get0RTTSealer() (LongHeaderSealer, error)
			func CryptoSetup.GetHandshakeSealer() (LongHeaderSealer, error)
			func CryptoSetup.GetInitialSealer() (LongHeaderSealer, error)

	 type ShortHeaderOpener (interface)
		ShortHeaderOpener opens a short header packet

		Methods (total 3)
			( ShortHeaderOpener) DecodePacketNumber(wirePN protocol.PacketNumber, wirePNLen protocol.PacketNumberLen) protocol.PacketNumber
			( ShortHeaderOpener) DecryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
			( ShortHeaderOpener) Open(dst, src []byte, rcvTime monotime.Time, pn protocol.PacketNumber, kp protocol.KeyPhaseBit, associatedData []byte) ([]byte, error)
		As Outputs Of (at least one exported)
			func CryptoSetup.Get1RTTOpener() (ShortHeaderOpener, error)

	 type ShortHeaderSealer (interface)
		ShortHeaderSealer seals a short header packet

		Methods (total 4)
			( ShortHeaderSealer) EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
			( ShortHeaderSealer) KeyPhase() protocol.KeyPhaseBit
			( ShortHeaderSealer) Overhead() int
			( ShortHeaderSealer) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
		Implements (at least one exported)
			 ShortHeaderSealer : LongHeaderSealer
		As Outputs Of (at least one exported)
			func CryptoSetup.Get1RTTSealer() (ShortHeaderSealer, error)

	 type Token (struct)
		A Token is derived from the client address and can be used to verify the ownership of this address.

		Fields (total 5)
			IsRetryToken bool
			OriginalDestConnectionID protocol.ConnectionID
				only set for retry tokens

			RTT time.Duration
				only set for tokens sent in NEW_TOKEN frames

			RetrySrcConnectionID protocol.ConnectionID
			SentTime time.Time
		Methods (only one)
			(*Token) ValidateRemoteAddr(addr net.Addr) bool
				ValidateRemoteAddr validates the address, but does not check expiration

		As Outputs Of (at least one exported)
			func (*TokenGenerator).DecodeToken(encrypted []byte) (*Token, error)

	 type TokenGenerator (struct)
		A TokenGenerator generates tokens

		Methods (total 3)
			(*TokenGenerator) DecodeToken(encrypted []byte) (*Token, error)
				DecodeToken decodes a token

			(*TokenGenerator) NewRetryToken(raddr net.Addr, origDestConnID protocol.ConnectionID, retrySrcConnID protocol.ConnectionID) ([]byte, error)
				NewRetryToken generates a new token for a Retry for a given source address

			(*TokenGenerator) NewToken(raddr net.Addr, rtt time.Duration) ([]byte, error)
				NewToken generates a new token to be sent in a NEW_TOKEN frame

		As Outputs Of (at least one exported)
			func NewTokenGenerator(key TokenProtectorKey) *TokenGenerator

	 type TokenProtectorKey ([...])
		TokenProtectorKey is the key used to encrypt both Retry and session resumption tokens.

		As Inputs Of (at least one exported)
			func NewTokenGenerator(key TokenProtectorKey) *TokenGenerator


Package-Level Functions (total 6)

	 func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, version protocol.Version) *[16]byte
		GetRetryIntegrityTag calculates the integrity tag on a Retry packet

	 func NewCryptoSetupClient(connID protocol.ConnectionID, tp *wire.TransportParameters, tlsConf *tls.Config, enable0RTT bool, rttStats *utils.RTTStats, qlogger qlogwriter.Recorder, logger utils.Logger, version protocol.Version) CryptoSetup
		NewCryptoSetupClient creates a new crypto setup for the client

	 func NewCryptoSetupServer(connID protocol.ConnectionID, localAddr, remoteAddr net.Addr, tp *wire.TransportParameters, tlsConf *tls.Config, allow0RTT bool, rttStats *utils.RTTStats, qlogger qlogwriter.Recorder, logger utils.Logger, version protocol.Version) CryptoSetup
		NewCryptoSetupServer creates a new crypto setup for the server

	 func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v protocol.Version) (LongHeaderSealer, LongHeaderOpener)
		NewInitialAEAD creates a new AEAD for Initial encryption / decryption.

	 func NewTokenGenerator(key TokenProtectorKey) *TokenGenerator
		NewTokenGenerator initializes a new TokenGenerator

	 func SetKeyUpdateInterval(v uint64) (reset func())
Package-Level Variables (total 5)

	  var ErrDecryptionFailed error
		ErrDecryptionFailed is returned when the AEAD fails to open the packet.

	  var ErrKeysDropped error
		ErrKeysDropped is returned when an opener or a sealer is requested for an encryption level,
		but the corresponding keys have already been dropped.

	  var ErrKeysNotYetAvailable error
		ErrKeysNotYetAvailable is returned when an opener or a sealer is requested for an encryption level,
		but the corresponding opener has not yet been initialized
		This can happen when packets arrive out of order.

	  var FirstKeyUpdateInterval uint64
		FirstKeyUpdateInterval is the maximum number of packets we send or receive before initiating the first key update.
		It's a package-level variable to allow modifying it for testing purposes.

	  var QUICVersionContextKey *quicVersionContextKey
Package-Level Constants (total 8)

	const EventDiscard0RTTKeys EventKind = 5
		EventDiscard0RTTKeys signals that the Handshake keys were discarded.

	const EventHandshakeComplete EventKind = 8
		EventHandshakeComplete signals that the TLS handshake was completed.

	const EventNoEvent EventKind = 1
		EventNoEvent signals that there are no new handshake events

	const EventReceivedReadKeys EventKind = 4
		EventReceivedReadKeys signals that new decryption keys are available.
		It doesn't say which encryption level those keys are for.

	const EventReceivedTransportParameters EventKind = 6
		EventReceivedTransportParameters contains the transport parameters sent by the peer.

	const EventRestoredTransportParameters EventKind = 7
		EventRestoredTransportParameters contains the transport parameters restored from the session ticket.
		It is only used for the client.

	const EventWriteHandshakeData EventKind = 3
		EventWriteHandshakeData contains new CRYPTO data to send at the Handshake encryption level

	const EventWriteInitialData EventKind = 2
		EventWriteInitialData contains new CRYPTO data to send at the Initial encryption level

The pages are generated with Golds v0.8.2. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.