nquic_handshake (nquic v1.0.0)

View Source

QUIC handshake management.

This module handles TLS 1.3 handshake integration, key derivation, and handshake packet construction for QUIC connections.

Summary

Functions

build_handshake_frames(CryptoData)

Build frames for a Handshake packet with CRYPTO data.

build_initial_frames(CryptoData)

Build frames for an Initial packet with CRYPTO data.

derive_initial_keys(DCID)

Derive initial encryption keys from DCID per RFC 9001.

derive_initial_keys(DCID, Version)

Derive initial encryption keys from DCID for a specific QUIC version.

format_keys(Keys)

Convert TLS key material to packet protection format.

format_keys(Keys, Cipher)

Convert TLS key material to packet protection format with cached HP context.

install_app_keys(Keys, ExistingKeys)

Format and install application keys from TLS-derived secrets.

install_handshake_keys(Keys, ExistingKeys)

Format and install handshake keys from TLS-derived secrets.

Functions

build_handshake_frames(CryptoData)

-spec build_handshake_frames(binary()) -> [nquic_frame:t()].

Build frames for a Handshake packet with CRYPTO data.

build_initial_frames(CryptoData)

-spec build_initial_frames(binary()) -> [nquic_frame:t()].

Build frames for an Initial packet with CRYPTO data.

derive_initial_keys(DCID)

-spec derive_initial_keys(nquic:connection_id()) ->
                             #{client := #{key := binary(), iv := binary(), hp := binary()},
                               server := #{key := binary(), iv := binary(), hp := binary()}}.

Derive initial encryption keys from DCID per RFC 9001.

derive_initial_keys(DCID, Version)

-spec derive_initial_keys(nquic:connection_id(), non_neg_integer()) ->
                             #{client := #{key := binary(), iv := binary(), hp := binary()},
                               server := #{key := binary(), iv := binary(), hp := binary()}}.

Derive initial encryption keys from DCID for a specific QUIC version.

format_keys(Keys)

-spec format_keys(map()) ->
                     #{client := #{key := binary(), iv := binary(), hp := binary()},
                       server := #{key := binary(), iv := binary(), hp := binary()}}.

Convert TLS key material to packet protection format.

format_keys(Keys, Cipher)

-spec format_keys(map(), aes_128_gcm | aes_256_gcm | chacha20_poly1305) ->
                     #{client := #{key := binary(), iv := binary(), hp := binary()},
                       server := #{key := binary(), iv := binary(), hp := binary()}}.

Convert TLS key material to packet protection format with cached HP context.

install_app_keys(Keys, ExistingKeys)

-spec install_app_keys(map(), map()) ->
                          #{application :=
                                #{client := #{key := binary(), iv := binary(), hp := binary()},
                                  server := #{key := binary(), iv := binary(), hp := binary()}}}.

Format and install application keys from TLS-derived secrets.

install_handshake_keys(Keys, ExistingKeys)

-spec install_handshake_keys(map(), map()) ->
                                #{handshake :=
                                      #{client := #{key := binary(), iv := binary(), hp := binary()},
                                        server := #{key := binary(), iv := binary(), hp := binary()}}}.

Format and install handshake keys from TLS-derived secrets.