nquic_tls (nquic v1.0.0)
View SourceShared TLS 1.3 codec for QUIC per RFC 9001.
Holds the wire-format parse/encode helpers used by both
nquic_tls_client and nquic_tls_server, plus the PSK and
NewSessionTicket helpers that straddle the two roles. Role-specific
flows (ClientHello / ServerHello construction, handshake-flight
generation, Finished verification, certificate-chain validation) live
in the role modules.
Summary
Functions
Decode a NewSessionTicket TLS message.
Decrypt a ticket value using the server's static key. Returns {ok, PSK, Cipher} on success, {error, Reason} on failure.
Derive the resumption_master_secret after client Finished is verified.
Encode a NewSessionTicket message (RFC 8446 S4.6.1). Ticket map keys: lifetime, age_add, nonce, ticket, max_early_data (optional).
Extract the partial ClientHello for binder verification. The partial CH is the full ClientHello minus the binders list at the end. BindersLen is the length of the binders field (including the 2-byte length prefix).
Check if the psk_key_exchange_modes extension includes psk_dhe_ke (mode 1). Returns true if present, false otherwise.
Parse a pre_shared_key extension from a ClientHello extension map. Returns {ok, Identities, Binders} or undefined if not present. Identities: [{Identity, ObfuscatedAge}], Binders: [binary()].
Verify a PSK binder against the partial ClientHello transcript. The partial CH is everything in the ClientHello up to (but not including) the binders list in the pre_shared_key extension.
Functions
-spec compute_psk_binder(binary(), binary(), sha256 | sha384, pos_integer()) -> binary().
Decode a NewSessionTicket TLS message.
Decrypt a ticket value using the server's static key. Returns {ok, PSK, Cipher} on success, {error, Reason} on failure.
-spec derive_resumption_secret(binary(), crypto:hash_state(), binary(), aes_128_gcm | aes_256_gcm | chacha20_poly1305) -> binary().
Derive the resumption_master_secret after client Finished is verified.
-spec encode_cipher_suite(aes_128_gcm | aes_256_gcm | chacha20_poly1305) -> binary().
Encode a NewSessionTicket message (RFC 8446 S4.6.1). Ticket map keys: lifetime, age_add, nonce, ticket, max_early_data (optional).
-spec extract_partial_client_hello(binary(), non_neg_integer()) -> binary().
Extract the partial ClientHello for binder verification. The partial CH is the full ClientHello minus the binders list at the end. BindersLen is the length of the binders field (including the 2-byte length prefix).
-spec find_quic_params(#{non_neg_integer() => binary()}, client | server) -> {ok, nquic_transport:params()} | {error, term()}.
Check if the psk_key_exchange_modes extension includes psk_dhe_ke (mode 1). Returns true if present, false otherwise.
-spec hash_length(sha256 | sha384) -> pos_integer().
-spec parse_extensions_recursive(binary()) -> #{non_neg_integer() => binary()}.
-spec parse_psk_extension(map()) -> {ok, [{binary(), non_neg_integer()}], [binary()]} | undefined.
Parse a pre_shared_key extension from a ClientHello extension map. Returns {ok, Identities, Binders} or undefined if not present. Identities: [{Identity, ObfuscatedAge}], Binders: [binary()].
-spec verify_psk_binder(binary(), binary(), binary(), sha256 | sha384, pos_integer()) -> ok | {error, term()}.
Verify a PSK binder against the partial ClientHello transcript. The partial CH is everything in the ClientHello up to (but not including) the binders list in the pre_shared_key extension.