crypto

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2017 License: MIT Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HashCert 

func HashCert(cert []byte) uint64

HashCert calculates the FNV1a hash of a certificate

Types

type AEAD 

type AEAD interface {
	Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error)
	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
}

An AEAD implements QUIC's authenticated encryption and associated data

func DeriveKeysAESGCM 

func DeriveKeysAESGCM(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error)

DeriveKeysAESGCM derives the client and server keys and creates a matching AES-GCM AEAD instance

func NewAEADAESGCM 

func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)

NewAEADAESGCM creates a AEAD using AES-GCM with 12 bytes tag size

AES-GCM support is a bit hacky, since the go stdlib does not support 12 byte tag size, and couples the cipher and aes packages closely. See https://github.com/lucas-clemente/aes12.

type CertChain 

type CertChain interface {
	SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
	GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error)
	GetLeafCert(sni string) ([]byte, error)
}

A CertChain holds a certificate and a private key

func NewCertChain 

func NewCertChain(tlsConfig *tls.Config) CertChain

NewCertChain loads the key and cert from files

type CertManager 

type CertManager interface {
	SetData([]byte) error
	GetCommonCertificateHashes() []byte
	GetLeafCert() []byte
	GetLeafCertHash() (uint64, error)
	VerifyServerProof(proof, chlo, serverConfigData []byte) bool
	Verify(hostname string) error
}

CertManager manages the certificates sent by the server

func NewCertManager 

func NewCertManager(tlsConfig *tls.Config) CertManager

NewCertManager creates a new CertManager

type KeyExchange 

type KeyExchange interface {
	PublicKey() []byte
	CalculateSharedKey(otherPublic []byte) ([]byte, error)
}

KeyExchange manages the exchange of keys

func NewCurve25519KEX 

func NewCurve25519KEX() (KeyExchange, error)

NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html

type NullAEAD 

type NullAEAD struct{}

NullAEAD handles not-yet encrypted packets

func (NullAEAD) Open 

func (NullAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error)

Open and verify the ciphertext

func (NullAEAD) Seal 

func (NullAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte

Seal writes hash and ciphertext to the buffer

type StkSource 

type StkSource interface {
	// NewToken creates a new token for a given IP address
	NewToken(sourceAddress []byte) ([]byte, error)
	// VerifyToken verifies if a token matches a given IP address and is not outdated
	VerifyToken(sourceAddress []byte, data []byte) error
}

StkSource is used to create and verify source address tokens

func NewStkSource 

func NewStkSource(secret []byte) (StkSource, error)

NewStkSource creates a source for source address tokens

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.