Skip to main content

ClientHello

phantom_protocol::transport::handshake

Struct ClientHello 

Source 
pub struct ClientHello {
    pub client_key_package: HybridKeyPackage,
    pub client_verify_key: HybridVerifyingKey,
    pub nonce: [u8; 32],
    pub version: u8,
    pub cookie: Option<[u8; 32]>,
    pub pow_solution: Option<PoWSolution>,
    pub resume_session_id: Option<[u8; 32]>,
    pub resumption_binder: Option<[u8; 32]>,
    pub protocol_variant: Vec<u8>,
    pub early_data: Option<Vec<u8>>,
}
Expand description

Client hello message (initiates handshake).

Carries the client’s hybrid key material, the pinned PROTOCOL_VERSION (transcript-bound), the DoS-gate fields (cookie / PoW), an optional resumption id, the build-side PROTOCOL_VARIANT tag, and an optional AEAD-sealed 0-RTT early_data blob.

Fields§

§client_key_package: HybridKeyPackage

hybrid public key for key exchange

§client_verify_key: HybridVerifyingKey

hybrid verifying key for signatures

§nonce: [u8; 32]

Random nonce (32 bytes) for replay protection

§version: u8

Protocol version. Pinned to PROTOCOL_VERSION and bound into the signed handshake transcript; the server rejects any other value with HandshakeError::UnsupportedVersion.

§cookie: Option<[u8; 32]>

Stateless generic cookie to prove IP ownership

§pow_solution: Option<PoWSolution>

Proof-of-Work solution (if required by server)

§resume_session_id: Option<[u8; 32]>

Optional session ID for 0-RTT resumption

§resumption_binder: Option<[u8; 32]>

Resumption proof-of-possession binder (HS-03). Present iff resume_session_id is — a keyed PRF over resumption_secret || resume_session_id || nonce (see derive_resumption_binder). The server verifies it (constant-time) against the cached ticket’s secret before consuming the one-shot ticket, so a passive observer that copied the cleartext resume_session_id cannot burn a victim’s ticket. Bound into the transcript (the whole ClientHello is signed), so it is also tamper-evident. Placed after resume_session_id and before protocol_variant — borsh field order is wire-load-bearing.

§protocol_variant: Vec<u8>

Cleartext copy of PROTOCOL_VARIANT. Lets the server reject a mismatched-mode client up front (before signature verification); the same value is bound into the handshake transcript so an attacker rewriting this field on the wire is still caught by the signature check.

§early_data: Option<Vec<u8>>

Optional AEAD-sealed 0-RTT early-data — AES-256-GCM under a key both peers derive from the prior session’s resumption_secret via derive_early_data_keying. None means no 0-RTT data on this connect. The whole ClientHello (this field included) is covered by the transcript signature, so a tampered or stripped blob breaks the server’s signature check (Invariant 7).

Trait Implementations§

Source§

impl BorshDeserialize for ClientHello

Source§

fn deserialize_reader<__R: Read>(reader: &mut __R) -> Result<Self, Error>

Source§

fn deserialize(buf: &mut &[u8]) -> Result<Self, Error>

Deserializes this instance from a given slice of bytes. Updates the buffer to point at the remaining bytes.
Source§

fn try_from_slice(v: &[u8]) -> Result<Self, Error>

Deserialize this instance from a slice of bytes.
Source§

fn try_from_reader<R>(reader: &mut R) -> Result<Self, Error>
where R: Read,

Source§

impl BorshSerialize for ClientHello

Source§

fn serialize<__W: Write>(&self, writer: &mut __W) -> Result<(), Error>

Source§

impl Clone for ClientHello

Source§

fn clone(&self) -> ClientHello

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ClientHello

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> CompatExt for T

Source§

fn compat(self) -> Compat<T>
where T: Sized,

Applies the Compat adapter by value. Read more
Source§

fn compat_ref(&self) -> Compat<&T>

Applies the Compat adapter by shared reference. Read more
Source§

fn compat_mut(&mut self) -> Compat<&mut T>

Applies the Compat adapter by mutable reference. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, UT> HandleAlloc<UT> for T
where T: Send + Sync,

Source§

fn new_handle(value: Arc<T>) -> Handle

Create a new handle for an Arc value Read more
Source§

unsafe fn clone_handle(handle: Handle) -> Handle

Clone a handle Read more
Source§

unsafe fn consume_handle(handle: Handle) -> Arc<T>

Consume a handle, getting back the initial Arc<> Read more
Source§

unsafe fn get_arc(handle: Handle) -> Arc<Self>

Get a clone of the Arc<> using a “borrowed” handle. Read more
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more