Documentation ¶
Index ¶
- func HashCert(cert []byte) uint64
- type AEAD
- func DeriveAESKeys(tls TLSExporter, pers protocol.Perspective) (AEAD, error)
- func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, ...) (AEAD, error)
- func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)
- func NewAEADAESGCM12(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)
- func NewNullAEAD(p protocol.Perspective, connID protocol.ConnectionID, v protocol.VersionNumber) (AEAD, error)
- type CertChain
- type CertManager
- type KeyExchange
- type TLSExporter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AEAD ¶
type AEAD interface { Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte Overhead() int }
An AEAD implements QUIC's authenticated encryption and associated data
func DeriveAESKeys ¶
func DeriveAESKeys(tls TLSExporter, pers protocol.Perspective) (AEAD, error)
DeriveAESKeys derives the AES keys and creates a matching AES-GCM AEAD instance
func DeriveQuicCryptoAESKeys ¶
func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error)
DeriveQuicCryptoAESKeys derives the client and server keys and creates a matching AES-GCM AEAD instance
func NewAEADAESGCM ¶
NewAEADAESGCM creates a AEAD using AES-GCM
func NewAEADAESGCM12 ¶
NewAEADAESGCM12 creates a AEAD using AES-GCM with 12 bytes tag size
func NewNullAEAD ¶
func NewNullAEAD(p protocol.Perspective, connID protocol.ConnectionID, v protocol.VersionNumber) (AEAD, error)
NewNullAEAD creates a NullAEAD
type CertChain ¶
type CertChain interface { SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error) GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error) GetLeafCert(sni string) ([]byte, error) }
A CertChain holds a certificate and a private key
func NewCertChain ¶
NewCertChain loads the key and cert from files
type CertManager ¶
type CertManager interface { SetData([]byte) error GetCommonCertificateHashes() []byte GetLeafCert() []byte GetLeafCertHash() (uint64, error) VerifyServerProof(proof, chlo, serverConfigData []byte) bool Verify(hostname string) error GetChain() []*x509.Certificate }
CertManager manages the certificates sent by the server
func NewCertManager ¶
func NewCertManager(tlsConfig *tls.Config) CertManager
NewCertManager creates a new CertManager
type KeyExchange ¶
type KeyExchange interface { PublicKey() []byte }
KeyExchange manages the exchange of keys
func NewCurve25519KEX ¶
func NewCurve25519KEX() (KeyExchange, error)
NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html
type TLSExporter ¶
type TLSExporter interface { ConnectionState() mint.ConnectionState ComputeExporter(label string, context []byte, keyLength int) ([]byte, error) }
A TLSExporter gets the negotiated ciphersuite and computes exporter