MCPcopy
hub / github.com/XTLS/REALITY / ticketKeys

Method ticketKeys

common.go:1066–1120  ·  view source on GitHub ↗

ticketKeys returns the ticketKeys for this connection. If configForClient has explicitly set keys, those will be returned. Otherwise, the keys on c will be used and may be rotated if auto-managed. During rotation, any expired session ticket keys are deleted from c.sessionTicketKeys. If the session t

(configForClient *Config)

Source from the content-addressed store, hash-verified

1064// is not fresh, then a new session ticket key will be
1065// created and prepended to c.sessionTicketKeys.
1066func (c *Config) ticketKeys(configForClient *Config) []ticketKey {
1067 // If the ConfigForClient callback returned a Config with explicitly set
1068 // keys, use those, otherwise just use the original Config.
1069 if configForClient != nil {
1070 configForClient.mutex.RLock()
1071 if configForClient.SessionTicketsDisabled {
1072 configForClient.mutex.RUnlock()
1073 return nil
1074 }
1075 configForClient.initLegacySessionTicketKeyRLocked()
1076 if len(configForClient.sessionTicketKeys) != 0 {
1077 ret := configForClient.sessionTicketKeys
1078 configForClient.mutex.RUnlock()
1079 return ret
1080 }
1081 configForClient.mutex.RUnlock()
1082 }
1083
1084 c.mutex.RLock()
1085 defer c.mutex.RUnlock()
1086 if c.SessionTicketsDisabled {
1087 return nil
1088 }
1089 c.initLegacySessionTicketKeyRLocked()
1090 if len(c.sessionTicketKeys) != 0 {
1091 return c.sessionTicketKeys
1092 }
1093 // Fast path for the common case where the key is fresh enough.
1094 if len(c.autoSessionTicketKeys) > 0 && c.time().Sub(c.autoSessionTicketKeys[0].created) < ticketKeyRotation {
1095 return c.autoSessionTicketKeys
1096 }
1097
1098 // autoSessionTicketKeys are managed by auto-rotation.
1099 c.mutex.RUnlock()
1100 defer c.mutex.RLock()
1101 c.mutex.Lock()
1102 defer c.mutex.Unlock()
1103 // Re-check the condition in case it changed since obtaining the new lock.
1104 if len(c.autoSessionTicketKeys) == 0 || c.time().Sub(c.autoSessionTicketKeys[0].created) >= ticketKeyRotation {
1105 var newKey [32]byte
1106 if _, err := io.ReadFull(c.rand(), newKey[:]); err != nil {
1107 panic(fmt.Sprintf("unable to generate random session ticket key: %v", err))
1108 }
1109 valid := make([]ticketKey, 0, len(c.autoSessionTicketKeys)+1)
1110 valid = append(valid, c.ticketKeyFromBytes(newKey))
1111 for _, k := range c.autoSessionTicketKeys {
1112 // While rotating the current key, also remove any expired ones.
1113 if c.time().Sub(k.created) < ticketKeyLifetime {
1114 valid = append(valid, k)
1115 }
1116 }
1117 c.autoSessionTicketKeys = valid
1118 }
1119 return c.autoSessionTicketKeys
1120}
1121
1122// SetSessionTicketKeys updates the session ticket keys for a server.
1123//

Callers 3

EncryptTicketMethod · 0.95
DecryptTicketMethod · 0.95
readClientHelloMethod · 0.80

Calls 4

timeMethod · 0.95
randMethod · 0.95
ticketKeyFromBytesMethod · 0.95

Tested by

no test coverage detected