QUIC-TLS integration handler (RFC 9001) More...

#include <crypto.h>

Collaboration diagram for kcenon::network::protocols::quic::quic_crypto:

Classes
struct	impl

Public Types
using	session_ticket_callback_t
	Callback type for receiving session tickets.

Public Member Functions
	quic_crypto ()
	Default constructor.

	~quic_crypto ()
	Destructor (cleans up OpenSSL resources)

	quic_crypto (const quic_crypto &)=delete

quic_crypto &	operator= (const quic_crypto &)=delete

	quic_crypto (quic_crypto &&other) noexcept

quic_crypto &	operator= (quic_crypto &&other) noexcept

auto	init_client (const std::string &server_name) -> VoidResult
	Initialize as client.

auto	init_server (const std::string &cert_file, const std::string &key_file) -> VoidResult
	Initialize as server.

auto	derive_initial_secrets (const connection_id &dest_cid) -> VoidResult
	Derive initial secrets from destination connection ID.

auto	process_crypto_data (encryption_level level, std::span< const uint8_t > data) -> Result< std::vector< uint8_t > >
	Process incoming CRYPTO frame data.

auto	start_handshake () -> Result< std::vector< uint8_t > >
	Start the handshake (generate initial CRYPTO data)

auto	is_handshake_complete () const noexcept -> bool
	Check if the handshake is complete.

auto	current_level () const noexcept -> encryption_level
	Get current encryption level.

auto	get_write_keys (encryption_level level) const -> Result< quic_keys >
	Get write keys for an encryption level.

auto	get_read_keys (encryption_level level) const -> Result< quic_keys >
	Get read keys for an encryption level.

void	set_keys (encryption_level level, const quic_keys &read_keys, const quic_keys &write_keys)
	Set keys for an encryption level (used during handshake)

auto	update_keys () -> VoidResult
	Perform a key update (1-RTT only)

auto	get_alpn () const -> std::string
	Get the negotiated ALPN protocol.

auto	set_alpn (const std::vector< std::string > &protocols) -> VoidResult
	Set ALPN protocols to offer/accept.

auto	is_server () const noexcept -> bool
	Check if this is a server instance.

auto	key_phase () const noexcept -> uint8_t
	Get current key phase (for key updates)

void	set_session_ticket_callback (session_ticket_callback_t cb)
	Set callback for receiving session tickets.

auto	set_session_ticket (std::span< const uint8_t > ticket_data) -> VoidResult
	Set a session ticket for 0-RTT resumption.

auto	enable_early_data (uint32_t max_early_data) -> VoidResult
	Enable 0-RTT early data.

auto	is_early_data_accepted () const noexcept -> bool
	Check if 0-RTT early data was accepted by the server.

auto	derive_zero_rtt_keys () -> VoidResult
	Derive 0-RTT keys from session ticket.

auto	has_zero_rtt_keys () const noexcept -> bool
	Check if 0-RTT keys are available.

Private Attributes
std::unique_ptr< impl >	impl_

Detailed Description

QUIC-TLS integration handler (RFC 9001)

Manages the TLS 1.3 handshake for QUIC, handling:

Key derivation for each encryption level
CRYPTO frame data processing
Key updates after handshake

This class wraps OpenSSL for cryptographic operations.

Definition at line 244 of file crypto.h.

Member Typedef Documentation

◆ session_ticket_callback_t

using kcenon::network::protocols::quic::quic_crypto::session_ticket_callback_t

Initial value:

 std::function<void(
        std::vector<uint8_t> ticket_data,
        uint32_t lifetime_hint,
        uint32_t ticket_age_add,
        uint32_t max_early_data)>

Callback type for receiving session tickets.

This callback is invoked when a NewSessionTicket message is received from the server after handshake completion.

Parameters

ticket_data	Raw session ticket data
lifetime_hint	Ticket lifetime in seconds
ticket_age_add	Obfuscation value for ticket age
max_early_data	Maximum early data size (0 if early data not allowed)

Definition at line 390 of file crypto.h.

Constructor & Destructor Documentation

◆ quic_crypto() [1/3]

kcenon::network::protocols::quic::quic_crypto::quic_crypto ( )

Default constructor.

Definition at line 772 of file crypto.cpp.

    : impl_(std::make_unique<impl>())
{
}

◆ ~quic_crypto()

kcenon::network::protocols::quic::quic_crypto::~quic_crypto ( )

default

Destructor (cleans up OpenSSL resources)

◆ quic_crypto() [2/3]

kcenon::network::protocols::quic::quic_crypto::quic_crypto ( const quic_crypto & )

delete

◆ quic_crypto() [3/3]

kcenon::network::protocols::quic::quic_crypto::quic_crypto ( quic_crypto && other )

defaultnoexcept

Member Function Documentation

◆ current_level()

auto kcenon::network::protocols::quic::quic_crypto::current_level ( ) const -> encryption_level

nodiscardnoexcept

Get current encryption level.

Returns: Current encryption level

Definition at line 1008 of file crypto.cpp.

{
    return impl_->current_level;
}

References kcenon::network::protocols::quic::quic_crypto::impl::current_level, and impl_.

◆ derive_initial_secrets()

auto kcenon::network::protocols::quic::quic_crypto::derive_initial_secrets ( const connection_id & dest_cid ) -> VoidResult

nodiscard

Derive initial secrets from destination connection ID.

Parameters

dest_cid Destination Connection ID

Returns: Success or error

Definition at line 883 of file crypto.cpp.

{
    auto keys_result = initial_keys::derive(dest_cid);
    if (keys_result.is_err())
    {
        return error_void(keys_result.error().code,
                         keys_result.error().message,
                         get_error_source(keys_result.error()));
    }
 
    auto& keys = keys_result.value();
 
    if (impl_->is_server)
    {
        // Server: read with client keys, write with server keys
        impl_->read_keys[encryption_level::initial] = keys.write;  // Client's write = Server's read
        impl_->write_keys[encryption_level::initial] = keys.read;  // Server's write = Client's read
    }
    else
    {
        // Client: write with client keys, read with server keys
        impl_->write_keys[encryption_level::initial] = keys.write;
        impl_->read_keys[encryption_level::initial] = keys.read;
    }
 
    return ok();
}

References kcenon::network::protocols::quic::initial_keys::derive(), kcenon::network::error_void(), kcenon::network::get_error_source(), kcenon::network::protocols::quic::initial, and kcenon::network::ok().

Here is the call graph for this function:

◆ derive_zero_rtt_keys()

auto kcenon::network::protocols::quic::quic_crypto::derive_zero_rtt_keys ( ) -> VoidResult

nodiscard

Derive 0-RTT keys from session ticket.

Returns: Success or error

Called internally when a valid session ticket is set.

Definition at line 1182 of file crypto.cpp.

{
    if (impl_->session_ticket_data.empty())
    {
        return error_void(-1, "No session ticket available", "quic::crypto");
    }
 
    // Derive 0-RTT secret from the resumption secret in the ticket
    // The early data secret is derived using HKDF-Expand-Label with
    // the label "c e traffic" and the ClientHello transcript
    //
    // For simplicity in this implementation, we derive keys using a
    // deterministic derivation from the session ticket. A full implementation
    // would properly extract the resumption master secret from TLS.
 
    // Use HKDF to derive a pseudo early secret from the ticket data
    // This is a simplified approach - full implementation needs proper TLS PSK handling
    auto early_secret_result = hkdf::extract(
        initial_salt_v1,  // Use QUIC v1 salt as base
        impl_->session_ticket_data);
 
    if (early_secret_result.is_err())
    {
        return error_void(early_secret_result.error().code,
                         "Failed to derive early secret",
                         "quic::crypto",
                         early_secret_result.error().message);
    }
 
    auto& early_secret = early_secret_result.value();
 
    // Derive client early traffic secret
    auto client_early_secret_result = hkdf::expand_label(
        early_secret,
        "c e traffic",
        {},
        secret_size);
 
    if (client_early_secret_result.is_err())
    {
        return error_void(client_early_secret_result.error().code,
                         "Failed to derive client early secret",
                         "quic::crypto",
                         client_early_secret_result.error().message);
    }
 
    // Derive 0-RTT keys from client early secret
    auto zero_rtt_keys_result = initial_keys::derive_keys(
        client_early_secret_result.value(),
        true);
 
    if (zero_rtt_keys_result.is_err())
    {
        return error_void(zero_rtt_keys_result.error().code,
                         "Failed to derive 0-RTT keys",
                         "quic::crypto",
                         zero_rtt_keys_result.error().message);
    }
 
    auto& zero_rtt_keys = zero_rtt_keys_result.value();
 
    // Copy the secret
    std::copy(client_early_secret_result.value().begin(),
              client_early_secret_result.value().end(),
              zero_rtt_keys.secret.begin());
 
    // Store the 0-RTT keys
    // For client: 0-RTT is write-only (can't receive 0-RTT data)
    // For server: 0-RTT is read-only (can receive but not send 0-RTT)
    if (impl_->is_server)
    {
        impl_->read_keys[encryption_level::zero_rtt] = zero_rtt_keys;
    }
    else
    {
        impl_->write_keys[encryption_level::zero_rtt] = zero_rtt_keys;
    }
 
    impl_->has_zero_rtt_keys = true;
 
    return ok();
}

References kcenon::network::protocols::quic::initial_keys::derive_keys(), kcenon::network::error_void(), kcenon::network::protocols::quic::hkdf::expand_label(), kcenon::network::protocols::quic::hkdf::extract(), kcenon::network::protocols::quic::initial_salt_v1, kcenon::network::ok(), kcenon::network::protocols::quic::secret_size, and kcenon::network::protocols::quic::zero_rtt.

Here is the call graph for this function:

◆ enable_early_data()

auto kcenon::network::protocols::quic::quic_crypto::enable_early_data ( uint32_t max_early_data ) -> VoidResult

nodiscard

Enable 0-RTT early data.

Parameters

max_early_data Maximum bytes of early data to send

Returns: Success or error

Must be called after set_session_ticket() and before init_client().

Definition at line 1163 of file crypto.cpp.

{
    if (impl_->session_ticket_data.empty())
    {
        return error_void(-1, "Session ticket must be set before enabling early data",
                         "quic::crypto");
    }
 
    impl_->max_early_data_size = max_early_data;
    impl_->early_data_enabled = true;
 
    return ok();
}

References kcenon::network::error_void(), and kcenon::network::ok().

Here is the call graph for this function:

◆ get_alpn()

auto kcenon::network::protocols::quic::quic_crypto::get_alpn ( ) const -> std::string

nodiscard

Get the negotiated ALPN protocol.

Returns: ALPN protocol string or empty if not negotiated

Definition at line 1097 of file crypto.cpp.

{
    return impl_->alpn;
}

References kcenon::network::protocols::quic::quic_crypto::impl::alpn, and impl_.

◆ get_read_keys()

auto kcenon::network::protocols::quic::quic_crypto::get_read_keys ( encryption_level level ) const -> Result<quic_keys>

nodiscard

Get read keys for an encryption level.

Parameters

level Desired encryption level

Returns: Keys or error if not available

Definition at line 1026 of file crypto.cpp.

{
    auto it = impl_->read_keys.find(level);
    if (it == impl_->read_keys.end())
    {
        return error<quic_keys>(
            -1, "Read keys not available for level", "quic::crypto",
            encryption_level_to_string(level));
    }
    return ok(quic_keys(it->second));
}

References kcenon::network::protocols::quic::encryption_level_to_string(), kcenon::network::protocols::quic::error, and kcenon::network::ok().

Here is the call graph for this function:

◆ get_write_keys()

auto kcenon::network::protocols::quic::quic_crypto::get_write_keys ( encryption_level level ) const -> Result<quic_keys>

nodiscard

Get write keys for an encryption level.

Parameters

level Desired encryption level

Returns: Keys or error if not available

Definition at line 1013 of file crypto.cpp.

{
    auto it = impl_->write_keys.find(level);
    if (it == impl_->write_keys.end())
    {
        return error<quic_keys>(
            -1, "Write keys not available for level", "quic::crypto",
            encryption_level_to_string(level));
    }
    return ok(quic_keys(it->second));
}

References kcenon::network::protocols::quic::encryption_level_to_string(), kcenon::network::protocols::quic::error, and kcenon::network::ok().

Referenced by kcenon::network::protocols::quic::connection::generate_probe_packets().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ has_zero_rtt_keys()

auto kcenon::network::protocols::quic::quic_crypto::has_zero_rtt_keys ( ) const -> bool

nodiscardnoexcept

Check if 0-RTT keys are available.

Returns: true if 0-RTT keys have been derived

Definition at line 1265 of file crypto.cpp.

{
    return impl_->has_zero_rtt_keys;
}

References kcenon::network::protocols::quic::quic_crypto::impl::has_zero_rtt_keys, and impl_.

◆ init_client()

auto kcenon::network::protocols::quic::quic_crypto::init_client ( const std::string & server_name ) -> VoidResult

nodiscard

Initialize as client.

Parameters

server_name Server hostname (for SNI)

Returns: Success or error

Definition at line 782 of file crypto.cpp.

{
    impl_->is_server = false;
 
    impl_->ssl_ctx = SSL_CTX_new(TLS_client_method());
    if (!impl_->ssl_ctx)
    {
        return error_void(-1, "Failed to create SSL context", "quic::crypto",
                         get_openssl_error_string());
    }
 
    // Set TLS 1.3 only
    SSL_CTX_set_min_proto_version(impl_->ssl_ctx, TLS1_3_VERSION);
    SSL_CTX_set_max_proto_version(impl_->ssl_ctx, TLS1_3_VERSION);
 
    impl_->ssl = SSL_new(impl_->ssl_ctx);
    if (!impl_->ssl)
    {
        return error_void(-1, "Failed to create SSL object", "quic::crypto",
                         get_openssl_error_string());
    }
 
    // Set SNI
    if (!server_name.empty())
    {
        SSL_set_tlsext_host_name(impl_->ssl, server_name.c_str());
    }
 
    // Create memory BIOs
    impl_->rbio = BIO_new(BIO_s_mem());
    impl_->wbio = BIO_new(BIO_s_mem());
    if (!impl_->rbio || !impl_->wbio)
    {
        return error_void(-1, "Failed to create BIO objects", "quic::crypto");
    }
 
    BIO_set_nbio(impl_->rbio, 1);
    BIO_set_nbio(impl_->wbio, 1);
 
    SSL_set_bio(impl_->ssl, impl_->rbio, impl_->wbio);
    SSL_set_connect_state(impl_->ssl);
 
    return ok();
}

References kcenon::network::error_void(), and kcenon::network::ok().

Here is the call graph for this function:

◆ init_server()

auto kcenon::network::protocols::quic::quic_crypto::init_server	(	const std::string &	cert_file,
		const std::string &	key_file ) -> VoidResult

nodiscard

Initialize as server.

Parameters

cert_file	Path to certificate file (PEM format)
key_file	Path to private key file (PEM format)

Returns: Success or error

Definition at line 827 of file crypto.cpp.

{
    impl_->is_server = true;
 
    impl_->ssl_ctx = SSL_CTX_new(TLS_server_method());
    if (!impl_->ssl_ctx)
    {
        return error_void(-1, "Failed to create SSL context", "quic::crypto",
                         get_openssl_error_string());
    }
 
    // Set TLS 1.3 only
    SSL_CTX_set_min_proto_version(impl_->ssl_ctx, TLS1_3_VERSION);
    SSL_CTX_set_max_proto_version(impl_->ssl_ctx, TLS1_3_VERSION);
 
    // Load certificate
    if (SSL_CTX_use_certificate_file(impl_->ssl_ctx, cert_file.c_str(),
                                     SSL_FILETYPE_PEM) != 1)
    {
        return error_void(-1, "Failed to load certificate", "quic::crypto",
                         get_openssl_error_string());
    }
 
    // Load private key
    if (SSL_CTX_use_PrivateKey_file(impl_->ssl_ctx, key_file.c_str(),
                                    SSL_FILETYPE_PEM) != 1)
    {
        return error_void(-1, "Failed to load private key", "quic::crypto",
                         get_openssl_error_string());
    }
 
    impl_->ssl = SSL_new(impl_->ssl_ctx);
    if (!impl_->ssl)
    {
        return error_void(-1, "Failed to create SSL object", "quic::crypto",
                         get_openssl_error_string());
    }
 
    // Create memory BIOs
    impl_->rbio = BIO_new(BIO_s_mem());
    impl_->wbio = BIO_new(BIO_s_mem());
    if (!impl_->rbio || !impl_->wbio)
    {
        return error_void(-1, "Failed to create BIO objects", "quic::crypto");
    }
 
    BIO_set_nbio(impl_->rbio, 1);
    BIO_set_nbio(impl_->wbio, 1);
 
    SSL_set_bio(impl_->ssl, impl_->rbio, impl_->wbio);
    SSL_set_accept_state(impl_->ssl);
 
    return ok();
}

References kcenon::network::error_void(), and kcenon::network::ok().

Here is the call graph for this function:

◆ is_early_data_accepted()

auto kcenon::network::protocols::quic::quic_crypto::is_early_data_accepted ( ) const -> bool

nodiscardnoexcept

Check if 0-RTT early data was accepted by the server.

Returns: true if server accepted early data, false otherwise

This value is only meaningful after handshake completion.

Definition at line 1177 of file crypto.cpp.

{
    return impl_->early_data_accepted;
}

References kcenon::network::protocols::quic::quic_crypto::impl::early_data_accepted, and impl_.

◆ is_handshake_complete()

auto kcenon::network::protocols::quic::quic_crypto::is_handshake_complete ( ) const -> bool

nodiscardnoexcept

Check if the handshake is complete.

Returns: true if handshake has finished successfully

Definition at line 1003 of file crypto.cpp.

{
    return impl_->handshake_complete;
}

References kcenon::network::protocols::quic::quic_crypto::impl::handshake_complete, and impl_.

Referenced by kcenon::network::protocols::quic::connection::update_state().

Here is the caller graph for this function:

◆ is_server()

auto kcenon::network::protocols::quic::quic_crypto::is_server ( ) const -> bool

nodiscardnoexcept

Check if this is a server instance.

Returns: true if server, false if client

Definition at line 1132 of file crypto.cpp.

{
    return impl_->is_server;
}

References impl_, and kcenon::network::protocols::quic::quic_crypto::impl::is_server.

◆ key_phase()

auto kcenon::network::protocols::quic::quic_crypto::key_phase ( ) const -> uint8_t

nodiscardnoexcept

Get current key phase (for key updates)

Returns: Current key phase (0 or 1)

Definition at line 1137 of file crypto.cpp.

{
    return impl_->key_phase;
}

References impl_, and kcenon::network::protocols::quic::quic_crypto::impl::key_phase.

◆ operator=() [1/2]

quic_crypto & kcenon::network::protocols::quic::quic_crypto::operator= ( const quic_crypto & )

delete

◆ operator=() [2/2]

quic_crypto & kcenon::network::protocols::quic::quic_crypto::operator= ( quic_crypto && other )

defaultnoexcept

◆ process_crypto_data()

auto kcenon::network::protocols::quic::quic_crypto::process_crypto_data	(	encryption_level	level,
		std::span< const uint8_t >	data ) -> Result<std::vector<uint8_t>>

nodiscard

Process incoming CRYPTO frame data.

Parameters

level	Encryption level of the data
data	CRYPTO frame payload

Returns: Outgoing CRYPTO data to send (may be empty) or error

Definition at line 912 of file crypto.cpp.

{
    (void)level; // For now, we don't differentiate by level
 
    // Write incoming data to read BIO
    int written = BIO_write(impl_->rbio, data.data(),
                            static_cast<int>(data.size()));
    if (written <= 0)
    {
        return error<std::vector<uint8_t>>(
            -1, "Failed to write to BIO", "quic::crypto");
    }
 
    // Continue handshake
    int result = SSL_do_handshake(impl_->ssl);
    if (result == 1)
    {
        impl_->handshake_complete = true;
        impl_->current_level = encryption_level::application;
    }
    else
    {
        int err = SSL_get_error(impl_->ssl, result);
        if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
        {
            return error<std::vector<uint8_t>>(
                -1, "SSL handshake failed", "quic::crypto",
                get_openssl_error_string());
        }
    }
 
    // Read any output data from write BIO
    std::vector<uint8_t> output;
    int pending = BIO_ctrl_pending(impl_->wbio);
    if (pending > 0)
    {
        output.resize(static_cast<size_t>(pending));
        int read = BIO_read(impl_->wbio, output.data(), pending);
        if (read > 0)
        {
            output.resize(static_cast<size_t>(read));
        }
        else
        {
            output.clear();
        }
    }
 
    return ok(std::move(output));
}

References kcenon::network::protocols::quic::application, kcenon::network::protocols::quic::error, and kcenon::network::ok().

Here is the call graph for this function:

◆ set_alpn()

auto kcenon::network::protocols::quic::quic_crypto::set_alpn ( const std::vector< std::string > & protocols ) -> VoidResult

nodiscard

Set ALPN protocols to offer/accept.

Parameters

protocols List of protocol names (e.g., {"h3", "hq-interop"})

Returns: Success or error

Definition at line 1102 of file crypto.cpp.

{
    if (protocols.empty())
    {
        return ok();
    }
 
    // Build ALPN wire format: length-prefixed strings
    impl_->alpn_data.clear();
    for (const auto& proto : protocols)
    {
        if (proto.size() > 255)
        {
            return error_void(-1, "ALPN protocol too long", "quic::crypto");
        }
        impl_->alpn_data.push_back(static_cast<uint8_t>(proto.size()));
        impl_->alpn_data.insert(impl_->alpn_data.end(), proto.begin(), proto.end());
    }
 
    if (SSL_CTX_set_alpn_protos(impl_->ssl_ctx, impl_->alpn_data.data(),
                                static_cast<unsigned int>(impl_->alpn_data.size())) != 0)
    {
        return error_void(-1, "Failed to set ALPN protocols", "quic::crypto",
                         get_openssl_error_string());
    }
 
    return ok();
}

References kcenon::network::error_void(), and kcenon::network::ok().

Here is the call graph for this function:

◆ set_keys()

void kcenon::network::protocols::quic::quic_crypto::set_keys	(	encryption_level	level,
		const quic_keys &	read_keys,
		const quic_keys &	write_keys )

Set keys for an encryption level (used during handshake)

Parameters

level	Encryption level
read_keys	Keys for decryption
write_keys	Keys for encryption

Definition at line 1039 of file crypto.cpp.

{
    impl_->read_keys[level] = read_keys;
    impl_->write_keys[level] = write_keys;
 
    if (level > impl_->current_level)
    {
        impl_->current_level = level;
    }
}

References kcenon::network::protocols::quic::quic_crypto::impl::current_level, impl_, kcenon::network::protocols::quic::quic_crypto::impl::read_keys, and kcenon::network::protocols::quic::quic_crypto::impl::write_keys.

◆ set_session_ticket()

auto kcenon::network::protocols::quic::quic_crypto::set_session_ticket ( std::span< const uint8_t > ticket_data ) -> VoidResult

nodiscard

Set a session ticket for 0-RTT resumption.

Parameters

ticket_data Session ticket from previous connection

Returns: Success or error

Must be called before init_client() for the ticket to be used.

Definition at line 1151 of file crypto.cpp.

{
    if (ticket_data.empty())
    {
        return error_void(-1, "Empty session ticket", "quic::crypto");
    }
 
    impl_->session_ticket_data.assign(ticket_data.begin(), ticket_data.end());
    return ok();
}

References kcenon::network::error_void(), and kcenon::network::ok().

Here is the call graph for this function:

◆ set_session_ticket_callback()

void kcenon::network::protocols::quic::quic_crypto::set_session_ticket_callback ( session_ticket_callback_t cb )

Set callback for receiving session tickets.

Parameters

cb	Callback function

The callback will be invoked on the I/O thread when a NewSessionTicket message is received from the server.

Definition at line 1146 of file crypto.cpp.

{
    impl_->session_ticket_callback = std::move(cb);
}

References impl_, and kcenon::network::protocols::quic::quic_crypto::impl::session_ticket_callback.

◆ start_handshake()

auto kcenon::network::protocols::quic::quic_crypto::start_handshake ( ) -> Result<std::vector<uint8_t>>

nodiscard

Start the handshake (generate initial CRYPTO data)

Returns: Initial CRYPTO data to send or error

Definition at line 965 of file crypto.cpp.

{
    int result = SSL_do_handshake(impl_->ssl);
    if (result == 1)
    {
        impl_->handshake_complete = true;
    }
    else
    {
        int err = SSL_get_error(impl_->ssl, result);
        if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
        {
            return error<std::vector<uint8_t>>(
                -1, "SSL handshake start failed", "quic::crypto",
                get_openssl_error_string());
        }
    }
 
    // Read output from write BIO
    std::vector<uint8_t> output;
    int pending = BIO_ctrl_pending(impl_->wbio);
    if (pending > 0)
    {
        output.resize(static_cast<size_t>(pending));
        int read = BIO_read(impl_->wbio, output.data(), pending);
        if (read > 0)
        {
            output.resize(static_cast<size_t>(read));
        }
        else
        {
            output.clear();
        }
    }
 
    return ok(std::move(output));
}

References kcenon::network::protocols::quic::error, and kcenon::network::ok().

Here is the call graph for this function:

◆ update_keys()

auto kcenon::network::protocols::quic::quic_crypto::update_keys ( ) -> VoidResult

nodiscard

Perform a key update (1-RTT only)

Returns: Success or error

Definition at line 1052 of file crypto.cpp.

{
    if (!impl_->handshake_complete)
    {
        return error_void(-1, "Handshake not complete", "quic::crypto");
    }
 
    auto it = impl_->write_keys.find(encryption_level::application);
    if (it == impl_->write_keys.end())
    {
        return error_void(-1, "Application keys not available", "quic::crypto");
    }
 
    // Derive new secrets using "quic ku" label
    auto& old_secret = it->second.secret;
    auto new_secret_result = hkdf::expand_label(old_secret, "quic ku", {},
                                                 secret_size);
    if (new_secret_result.is_err())
    {
        return error_void(new_secret_result.error().code,
                         new_secret_result.error().message,
                         get_error_source(new_secret_result.error()));
    }
 
    // Derive new keys from new secret
    auto new_keys_result = initial_keys::derive_keys(new_secret_result.value(),
                                                      true);
    if (new_keys_result.is_err())
    {
        return error_void(new_keys_result.error().code,
                         new_keys_result.error().message,
                         get_error_source(new_keys_result.error()));
    }
 
    auto& new_keys = new_keys_result.value();
    std::copy(new_secret_result.value().begin(),
              new_secret_result.value().end(),
              new_keys.secret.begin());
 
    impl_->write_keys[encryption_level::application] = new_keys;
    impl_->key_phase = 1 - impl_->key_phase;
 
    return ok();
}

References kcenon::network::protocols::quic::application, kcenon::network::protocols::quic::initial_keys::derive_keys(), kcenon::network::error_void(), kcenon::network::protocols::quic::hkdf::expand_label(), kcenon::network::get_error_source(), kcenon::network::ok(), and kcenon::network::protocols::quic::secret_size.

Here is the call graph for this function:

Member Data Documentation

◆ impl_

std::unique_ptr<impl> kcenon::network::protocols::quic::quic_crypto::impl_

private

Definition at line 448 of file crypto.h.

Referenced by current_level(), get_alpn(), has_zero_rtt_keys(), is_early_data_accepted(), is_handshake_complete(), is_server(), key_phase(), set_keys(), and set_session_ticket_callback().

The documentation for this class was generated from the following files:

src/internal/protocols/quic/crypto.h
src/protocols/quic/crypto.cpp

Classes

Public Types

Public Member Functions

Private Attributes

Detailed Description

Member Typedef Documentation

◆ session_ticket_callback_t

Constructor & Destructor Documentation

◆ quic_crypto() [1/3]

◆ ~quic_crypto()

◆ quic_crypto() [2/3]

◆ quic_crypto() [3/3]

Member Function Documentation

◆ current_level()

◆ derive_initial_secrets()

◆ derive_zero_rtt_keys()

◆ enable_early_data()

◆ get_alpn()

◆ get_read_keys()

◆ get_write_keys()

◆ has_zero_rtt_keys()

◆ init_client()

◆ init_server()

◆ is_early_data_accepted()

◆ is_handshake_complete()

◆ is_server()

◆ key_phase()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ process_crypto_data()

◆ set_alpn()

◆ set_keys()

◆ set_session_ticket()

◆ set_session_ticket_callback()

◆ start_handshake()

◆ update_keys()

Member Data Documentation

◆ impl_