DecryptTicket decrypts a ticket encrypted by [Config.EncryptTicket]. It can be used as a [Config.UnwrapSession] implementation. If the ticket can't be decrypted or parsed, DecryptTicket returns (nil, nil).
(identity []byte, cs ConnectionState)
| 355 | // |
| 356 | // If the ticket can't be decrypted or parsed, DecryptTicket returns (nil, nil). |
| 357 | func (c *Config) DecryptTicket(identity []byte, cs ConnectionState) (*SessionState, error) { |
| 358 | ticketKeys := c.ticketKeys(nil) |
| 359 | stateBytes := c.decryptTicket(identity, ticketKeys) |
| 360 | if stateBytes == nil { |
| 361 | return nil, nil |
| 362 | } |
| 363 | s, err := ParseSessionState(stateBytes) |
| 364 | if err != nil { |
| 365 | return nil, nil // drop unparsable tickets on the floor |
| 366 | } |
| 367 | return s, nil |
| 368 | } |
| 369 | |
| 370 | func (c *Config) decryptTicket(encrypted []byte, ticketKeys []ticketKey) []byte { |
| 371 | if len(encrypted) < aes.BlockSize+sha256.Size { |
nothing calls this directly
no test coverage detected