ngtcp2_crypto_derive_and_install_tx_key
Synopsis
#include <ngtcp2/ngtcp2_crypto.h>
-
int ngtcp2_crypto_derive_and_install_tx_key(ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp, ngtcp2_encryption_level level, const uint8_t *secret, size_t secretlen)
ngtcp2_crypto_derive_and_install_tx_key()derives the encryption keying materials from secret, and installs new keys to conn.If key is not NULL, the derived packet protection key is written to the buffer pointed by key. If iv is not NULL, the derived packet protection IV is written to the buffer pointed by iv. If hp is not NULL, the derived header protection key is written to the buffer pointed by hp.
secretlen specifies the length of secret.
The length of packet protection key and header protection key is
ngtcp2_crypto_aead_keylen(ctx->aead), and the length of packet protection IV isngtcp2_crypto_packet_protection_ivlen(ctx->aead)where ctx is obtained byngtcp2_crypto_ctx_tls()(orngtcp2_crypto_ctx_tls_early()if level ==ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT).In the first call of this function, it calls
ngtcp2_conn_set_crypto_ctx()(orngtcp2_conn_set_early_crypto_ctx()if level ==ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT) to set negotiated AEAD and message digest algorithm. After the successful call of this function, application can usengtcp2_conn_get_crypto_ctx()(orngtcp2_conn_get_early_crypto_ctx()if level ==ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT) to getngtcp2_crypto_ctx.If conn is initialized as server, and level is
ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_1RTT, this function retrieves a remote QUIC transport parameters extension from an object obtained byngtcp2_conn_get_tls_native_handle(), and sets it to conn by callingngtcp2_conn_decode_and_set_remote_transport_params().This function returns 0 if it succeeds, or -1.