iroh_quinn_proto::crypto

Trait Session

Source
pub trait Session:
    Send
    + Sync
    + 'static {
    // Required methods
    fn initial_keys(&self, dst_cid: &ConnectionId, side: Side) -> Keys;
    fn handshake_data(&self) -> Option<Box<dyn Any>>;
    fn peer_identity(&self) -> Option<Box<dyn Any>>;
    fn early_crypto(&self) -> Option<(Box<dyn HeaderKey>, Box<dyn PacketKey>)>;
    fn early_data_accepted(&self) -> Option<bool>;
    fn is_handshaking(&self) -> bool;
    fn read_handshake(&mut self, buf: &[u8]) -> Result<bool, TransportError>;
    fn transport_parameters(
        &self,
    ) -> Result<Option<TransportParameters>, TransportError>;
    fn write_handshake(&mut self, buf: &mut Vec<u8>) -> Option<Keys>;
    fn next_1rtt_keys(&mut self) -> Option<KeyPair<Box<dyn PacketKey>>>;
    fn is_valid_retry(
        &self,
        orig_dst_cid: &ConnectionId,
        header: &[u8],
        payload: &[u8],
    ) -> bool;
    fn export_keying_material(
        &self,
        output: &mut [u8],
        label: &[u8],
        context: &[u8],
    ) -> Result<(), ExportKeyingMaterialError>;
}
Expand description

A cryptographic session (commonly TLS)

Required Methods§

Source

fn initial_keys(&self, dst_cid: &ConnectionId, side: Side) -> Keys

Create the initial set of keys given the client’s initial destination ConnectionId

Source

fn handshake_data(&self) -> Option<Box<dyn Any>>

Get data negotiated during the handshake, if available

Returns None until the connection emits HandshakeDataReady.

Source

fn peer_identity(&self) -> Option<Box<dyn Any>>

Get the peer’s identity, if available

Source

fn early_crypto(&self) -> Option<(Box<dyn HeaderKey>, Box<dyn PacketKey>)>

Get the 0-RTT keys if available (clients only)

On the client side, this method can be used to see if 0-RTT key material is available to start sending data before the protocol handshake has completed.

Returns None if the key material is not available. This might happen if you have not connected to this server before.

Source

fn early_data_accepted(&self) -> Option<bool>

If the 0-RTT-encrypted data has been accepted by the peer

Source

fn is_handshaking(&self) -> bool

Returns true until the connection is fully established.

Source

fn read_handshake(&mut self, buf: &[u8]) -> Result<bool, TransportError>

Read bytes of handshake data

This should be called with the contents of CRYPTO frames. If it returns Ok, the caller should call write_handshake() to check if the crypto protocol has anything to send to the peer. This method will only return true the first time that handshake data is available. Future calls will always return false.

On success, returns true iff self.handshake_data() has been populated.

Source

fn transport_parameters( &self, ) -> Result<Option<TransportParameters>, TransportError>

The peer’s QUIC transport parameters

These are only available after the first flight from the peer has been received.

Source

fn write_handshake(&mut self, buf: &mut Vec<u8>) -> Option<Keys>

Writes handshake bytes into the given buffer and optionally returns the negotiated keys

When the handshake proceeds to the next phase, this method will return a new set of keys to encrypt data with.

Source

fn next_1rtt_keys(&mut self) -> Option<KeyPair<Box<dyn PacketKey>>>

Compute keys for the next key update

Source

fn is_valid_retry( &self, orig_dst_cid: &ConnectionId, header: &[u8], payload: &[u8], ) -> bool

Verify the integrity of a retry packet

Source

fn export_keying_material( &self, output: &mut [u8], label: &[u8], context: &[u8], ) -> Result<(), ExportKeyingMaterialError>

Fill output with output.len() bytes of keying material derived from the Session’s secrets, using label and context for domain separation.

This function will fail, returning ExportKeyingMaterialError, if the requested output length is too large.

Implementors§