Documentation
¶
Index ¶
- func HashCert(cert []byte) uint64
- type AEAD
- func DeriveAESKeys(mc MintController, pers protocol.Perspective) (AEAD, error)
- func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, ...) (AEAD, error)
- func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)
- func NewAEADAESGCM12(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)
- func NewNullAEAD(p protocol.Perspective, v protocol.VersionNumber) AEAD
- type CertChain
- type CertManager
- type KeyExchange
- type MintController
- type StkSource
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AEAD ¶
type AEAD interface {
Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error)
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
Overhead() int
}
An AEAD implements QUIC's authenticated encryption and associated data
func DeriveAESKeys ¶
func DeriveAESKeys(mc MintController, pers protocol.Perspective) (AEAD, error)
DeriveAESKeys derives the AES keys and creates a matching AES-GCM AEAD instance
func DeriveQuicCryptoAESKeys ¶
func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error)
DeriveQuicCryptoAESKeys derives the client and server keys and creates a matching AES-GCM AEAD instance
func NewAEADAESGCM ¶
NewAEADAESGCM creates a AEAD using AES-GCM
func NewAEADAESGCM12 ¶
NewAEADAESGCM12 creates a AEAD using AES-GCM with 12 bytes tag size
AES-GCM support is a bit hacky, since the go stdlib does not support 12 byte tag size, and couples the cipher and aes packages closely. See https://github.com/lucas-clemente/aes12.
func NewNullAEAD ¶
func NewNullAEAD(p protocol.Perspective, v protocol.VersionNumber) AEAD
NewNullAEAD creates a NullAEAD
type CertChain ¶
type CertChain interface {
SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error)
GetLeafCert(sni string) ([]byte, error)
}
A CertChain holds a certificate and a private key
func NewCertChain ¶
NewCertChain loads the key and cert from files
type CertManager ¶
type CertManager interface {
SetData([]byte) error
GetCommonCertificateHashes() []byte
GetLeafCert() []byte
GetLeafCertHash() (uint64, error)
VerifyServerProof(proof, chlo, serverConfigData []byte) bool
Verify(hostname string) error
}
CertManager manages the certificates sent by the server
func NewCertManager ¶
func NewCertManager(tlsConfig *tls.Config) CertManager
NewCertManager creates a new CertManager
type KeyExchange ¶
type KeyExchange interface {
PublicKey() []byte
}
KeyExchange manages the exchange of keys
func NewCurve25519KEX ¶
func NewCurve25519KEX() (KeyExchange, error)
NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html
type MintController ¶
type MintController interface {
Handshake() mint.Alert
GetCipherSuite() mint.CipherSuiteParams
ComputeExporter(label string, context []byte, keyLength int) ([]byte, error)
}
MintController is an interface that bundles all methods needed to interact with mint
type StkSource ¶
type StkSource interface {
// NewToken creates a new token
NewToken([]byte) ([]byte, error)
// DecodeToken decodes a token
DecodeToken([]byte) ([]byte, error)
}
StkSource is used to create and verify source address tokens
func NewStkSource ¶
NewStkSource creates a source for source address tokens
Source Files
¶
- AEAD.go
- aesgcm12_aead.go
- aesgcm_aead.go
- cert_cache.go
- cert_chain.go
- cert_compression.go
- cert_dict.go
- cert_manager.go
- cert_sets.go
- curve_25519.go
- key_derivation.go
- key_derivation_quic_crypto.go
- key_exchange.go
- null_aead.go
- null_aead_fnv128a.go
- null_aead_fnv64a.go
- server_proof.go
- source_address_token.go