quic_address_token (quic v1.3.1)
View SourceSummary
Functions
Decode a token envelope. Returns the kind, bound address, timestamp, and (for retries) the original DCID. Signature is NOT verified here; callers pass the result through validate/3.
Encode a NEW_TOKEN for a client address.
Encode a retry token binding a client address, timestamp, and the original DCID from the Initial that triggered the retry.
Validate a decoded token. Requires signature to match, the timestamp to be within max_age_ms of now, and — for the retry kind — the ODCID to match ExpectedODCID. Address is checked by the listener against the current source (not verified here).
Types
-type addr() :: {inet:ip_address(), inet:port_number()}.
-type kind() :: retry | new_token.
Functions
-spec decode(binary(), binary()) -> {ok, #{kind := kind(), addr := addr(), ts := non_neg_integer(), odcid := binary() | undefined}} | {error, term()}.
Decode a token envelope. Returns the kind, bound address, timestamp, and (for retries) the original DCID. Signature is NOT verified here; callers pass the result through validate/3.
-spec encode_new_token(binary(), addr(), non_neg_integer()) -> binary().
Encode a NEW_TOKEN for a client address.
-spec encode_retry(binary(), addr(), binary(), non_neg_integer()) -> binary().
Encode a retry token binding a client address, timestamp, and the original DCID from the Initial that triggered the retry.
-spec validate(map(), binary(), #{max_age_ms => non_neg_integer()}) -> ok | {error, term()}.
Validate a decoded token. Requires signature to match, the timestamp to be within max_age_ms of now, and — for the retry kind — the ODCID to match ExpectedODCID. Address is checked by the listener against the current source (not verified here).