crypto

package

v2.0.13+incompatible Latest Latest Go to latest Published: Nov 4, 2020 License: GPL-3.0, MIT Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adam-p/psiphon-tunnel-core

Links

Open Source Insights

Documentation ¶

Index ¶

func HashCert(cert []byte) uint64
type AEAD
type CertChain
- func NewCertChain(tlsConfig *tls.Config) CertChain
type CertManager
- func NewCertManager(tlsConfig *tls.Config) CertManager
type KeyExchange
- func NewCurve25519KEX() (KeyExchange, error)
type TLSExporter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HashCert ¶

func HashCert(cert []byte) uint64

HashCert calculates the FNV1a hash of a certificate

Types ¶

type AEAD ¶

type AEAD interface {
	Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error)
	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
	Overhead() int
}

An AEAD implements QUIC's authenticated encryption and associated data

func DeriveAESKeys ¶

func DeriveAESKeys(tls TLSExporter, pers protocol.Perspective) (AEAD, error)

DeriveAESKeys derives the AES keys and creates a matching AES-GCM AEAD instance

func DeriveQuicCryptoAESKeys ¶

func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error)

DeriveQuicCryptoAESKeys derives the client and server keys and creates a matching AES-GCM AEAD instance

func NewAEADAESGCM ¶

func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)

NewAEADAESGCM creates a AEAD using AES-GCM

func NewAEADAESGCM12 ¶

func NewAEADAESGCM12(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)

NewAEADAESGCM12 creates a AEAD using AES-GCM with 12 bytes tag size

func NewNullAEAD ¶

func NewNullAEAD(p protocol.Perspective, connID protocol.ConnectionID, v protocol.VersionNumber) (AEAD, error)

NewNullAEAD creates a NullAEAD

type CertChain ¶

type CertChain interface {
	SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
	GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error)
	GetLeafCert(sni string) ([]byte, error)
}

A CertChain holds a certificate and a private key

func NewCertChain ¶

func NewCertChain(tlsConfig *tls.Config) CertChain

NewCertChain loads the key and cert from files

type CertManager ¶

type CertManager interface {
	SetData([]byte) error
	GetCommonCertificateHashes() []byte
	GetLeafCert() []byte
	GetLeafCertHash() (uint64, error)
	VerifyServerProof(proof, chlo, serverConfigData []byte) bool
	Verify(hostname string) error
	GetChain() []*x509.Certificate
}

CertManager manages the certificates sent by the server

func NewCertManager ¶

func NewCertManager(tlsConfig *tls.Config) CertManager

NewCertManager creates a new CertManager

type KeyExchange ¶

type KeyExchange interface {
	PublicKey() []byte
	CalculateSharedKey(otherPublic []byte) ([]byte, error)
}

KeyExchange manages the exchange of keys

func NewCurve25519KEX ¶

func NewCurve25519KEX() (KeyExchange, error)

NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html

type TLSExporter ¶

type TLSExporter interface {
	ConnectionState() mint.ConnectionState
	ComputeExporter(label string, context []byte, keyLength int) ([]byte, error)
}

A TLSExporter gets the negotiated ciphersuite and computes exporter

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL