ngtcp2_crypto_update_key
Synopsis
#include <ngtcp2/ngtcp2_crypto.h>
-
int ngtcp2_crypto_update_key(ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret, ngtcp2_crypto_aead_ctx *rx_aead_ctx, uint8_t *rx_key, uint8_t *rx_iv, ngtcp2_crypto_aead_ctx *tx_aead_ctx, uint8_t *tx_key, uint8_t *tx_iv, const uint8_t *current_rx_secret, const uint8_t *current_tx_secret, size_t secretlen)
ngtcp2_crypto_update_key()
updates traffic keying materials.The new decryption traffic secret is written to the buffer pointed by rx_secret. The length of secret is secretlen bytes, and rx_secret must point to the buffer which has enough capacity.
The new encryption traffic secret is written to the buffer pointed by tx_secret. The length of secret is secretlen bytes, and tx_secret must point to the buffer which has enough capacity.
The derived decryption packet protection key is written to the buffer pointed by rx_key. The derived decryption packet protection IV is written to the buffer pointed by rx_iv. rx_aead_ctx is initialized with the derived key and IV.
The derived encryption packet protection key is written to the buffer pointed by tx_key. The derived encryption packet protection IV is written to the buffer pointed by tx_iv. tx_aead_ctx is initialized with the derived key and IV.
current_rx_secret and current_tx_secret are the current decryption and encryption traffic secrets respectively. They share the same length with rx_secret and tx_secret.
The length of packet protection key and header protection key is
ngtcp2_crypto_aead_keylen(ctx->aead)
, and the length of packet protection IV isngtcp2_crypto_packet_protection_ivlen(ctx->aead)
where ctx is obtained byngtcp2_crypto_ctx_tls()
.This function returns 0 if it succeeds, or -1.