
ngtcp2_crypto_derive_and_install_rx_key
=======================================

Synopsis
--------

*#include <ngtcp2/ngtcp2_crypto.h>*

.. function:: int ngtcp2_crypto_derive_and_install_rx_key( ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp, ngtcp2_encryption_level level, const uint8_t *secret, size_t secretlen)

    
    `ngtcp2_crypto_derive_and_install_rx_key` derives the decryption
    keying materials from *secret*, and installs them to *conn*.
    
    If *key* is not NULL, the derived packet protection key is written
    to the buffer pointed by *key*.  If *iv* is not NULL, the derived
    packet protection IV is written to the buffer pointed by *iv*.  If
    *hp* is not NULL, the derived header protection key is written to
    the buffer pointed by *hp*.
    
    *secretlen* specifies the length of *secret*.
    
    The length of packet protection key and header protection key is
    `ngtcp2_crypto_aead_keylen(ctx->aead) <ngtcp2_crypto_aead_keylen>`,
    and the length of packet protection IV is
    `ngtcp2_crypto_packet_protection_ivlen(ctx->aead)
    <ngtcp2_crypto_packet_protection_ivlen>` where ctx is obtained by
    `ngtcp2_crypto_ctx_tls` (or `ngtcp2_crypto_ctx_tls_early` if
    *level* ==
    :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`).
    
    In the first call of this function, it calls
    `ngtcp2_conn_set_crypto_ctx` (or `ngtcp2_conn_set_early_crypto_ctx`
    if *level* ==
    :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`) to
    set negotiated AEAD and message digest algorithm.  After the
    successful call of this function, application can use
    `ngtcp2_conn_get_crypto_ctx` (or `ngtcp2_conn_get_0rtt_crypto_ctx`
    if *level* ==
    :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`) to
    get :type:`ngtcp2_crypto_ctx`.
    
    If *conn* is initialized as client, and *level* is
    :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_1RTT`, this
    function retrieves a remote QUIC transport parameters extension
    from an object obtained by `ngtcp2_conn_get_tls_native_handle`, and
    sets it to *conn* by calling
    `ngtcp2_conn_decode_and_set_remote_transport_params`.
    
    This function returns 0 if it succeeds, or -1.
