pub trait Session:
Send
+ Sync
+ 'static {
// Required methods
fn initial_keys(&self, dst_cid: &ConnectionId, side: Side) -> Keys;
fn handshake_data(&self) -> Option<Box<dyn Any>>;
fn peer_identity(&self) -> Option<Box<dyn Any>>;
fn early_crypto(&self) -> Option<(Box<dyn HeaderKey>, Box<dyn PacketKey>)>;
fn early_data_accepted(&self) -> Option<bool>;
fn is_handshaking(&self) -> bool;
fn read_handshake(&mut self, buf: &[u8]) -> Result<bool, Error>;
fn transport_parameters(&self) -> Result<Option<TransportParameters>, Error>;
fn write_handshake(&mut self, buf: &mut Vec<u8>) -> Option<Keys>;
fn next_1rtt_keys(&mut self) -> Option<KeyPair<Box<dyn PacketKey>>>;
fn is_valid_retry(
&self,
orig_dst_cid: &ConnectionId,
header: &[u8],
payload: &[u8],
) -> bool;
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: &[u8],
) -> Result<(), ExportKeyingMaterialError>;
}
Expand description
A cryptographic session (commonly TLS)
Required Methods§
Sourcefn initial_keys(&self, dst_cid: &ConnectionId, side: Side) -> Keys
fn initial_keys(&self, dst_cid: &ConnectionId, side: Side) -> Keys
Create the initial set of keys given the client’s initial destination ConnectionId
Sourcefn handshake_data(&self) -> Option<Box<dyn Any>>
fn handshake_data(&self) -> Option<Box<dyn Any>>
Get data negotiated during the handshake, if available
Returns None
until the connection emits HandshakeDataReady
.
Sourcefn peer_identity(&self) -> Option<Box<dyn Any>>
fn peer_identity(&self) -> Option<Box<dyn Any>>
Get the peer’s identity, if available
Sourcefn early_crypto(&self) -> Option<(Box<dyn HeaderKey>, Box<dyn PacketKey>)>
fn early_crypto(&self) -> Option<(Box<dyn HeaderKey>, Box<dyn PacketKey>)>
Get the 0-RTT keys if available (clients only)
On the client side, this method can be used to see if 0-RTT key material is available to start sending data before the protocol handshake has completed.
Returns None
if the key material is not available. This might happen if you have
not connected to this server before.
Sourcefn early_data_accepted(&self) -> Option<bool>
fn early_data_accepted(&self) -> Option<bool>
If the 0-RTT-encrypted data has been accepted by the peer
Sourcefn is_handshaking(&self) -> bool
fn is_handshaking(&self) -> bool
Returns true
until the connection is fully established.
Sourcefn read_handshake(&mut self, buf: &[u8]) -> Result<bool, Error>
fn read_handshake(&mut self, buf: &[u8]) -> Result<bool, Error>
Read bytes of handshake data
This should be called with the contents of CRYPTO
frames. If it returns Ok
, the
caller should call write_handshake()
to check if the crypto protocol has anything
to send to the peer. This method will only return true
the first time that
handshake data is available. Future calls will always return false.
On success, returns true
iff self.handshake_data()
has been populated.
Sourcefn transport_parameters(&self) -> Result<Option<TransportParameters>, Error>
fn transport_parameters(&self) -> Result<Option<TransportParameters>, Error>
The peer’s QUIC transport parameters
These are only available after the first flight from the peer has been received.
Sourcefn write_handshake(&mut self, buf: &mut Vec<u8>) -> Option<Keys>
fn write_handshake(&mut self, buf: &mut Vec<u8>) -> Option<Keys>
Writes handshake bytes into the given buffer and optionally returns the negotiated keys
When the handshake proceeds to the next phase, this method will return a new set of keys to encrypt data with.
Sourcefn next_1rtt_keys(&mut self) -> Option<KeyPair<Box<dyn PacketKey>>>
fn next_1rtt_keys(&mut self) -> Option<KeyPair<Box<dyn PacketKey>>>
Compute keys for the next key update
Sourcefn is_valid_retry(
&self,
orig_dst_cid: &ConnectionId,
header: &[u8],
payload: &[u8],
) -> bool
fn is_valid_retry( &self, orig_dst_cid: &ConnectionId, header: &[u8], payload: &[u8], ) -> bool
Verify the integrity of a retry packet
Sourcefn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: &[u8],
) -> Result<(), ExportKeyingMaterialError>
fn export_keying_material( &self, output: &mut [u8], label: &[u8], context: &[u8], ) -> Result<(), ExportKeyingMaterialError>
Fill output
with output.len()
bytes of keying material derived
from the Session’s secrets, using label
and context
for domain
separation.
This function will fail, returning ExportKeyingMaterialError, if the requested output length is too large.