crypto

package
v0.0.0-...-bb5f99c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 20, 2024 License: MIT Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HashCert

func HashCert(cert []byte) uint64

HashCert calculates the FNV1a hash of a certificate

Types

type AEAD

type AEAD interface {
	Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error)
	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
	Overhead() int
}

An AEAD implements QUIC's authenticated encryption and associated data

func DeriveAESKeys

func DeriveAESKeys(mc MintController, pers protocol.Perspective) (AEAD, error)

DeriveAESKeys derives the AES keys and creates a matching AES-GCM AEAD instance

func DeriveQuicCryptoAESKeys

func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error)

DeriveQuicCryptoAESKeys derives the client and server keys and creates a matching AES-GCM AEAD instance

func NewAEADAESGCM

func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)

NewAEADAESGCM creates a AEAD using AES-GCM

func NewAEADAESGCM12

func NewAEADAESGCM12(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error)

NewAEADAESGCM12 creates a AEAD using AES-GCM with 12 bytes tag size

AES-GCM support is a bit hacky, since the go stdlib does not support 12 byte tag size, and couples the cipher and aes packages closely. See https://github.com/lucas-clemente/aes12.

func NewNullAEAD

NewNullAEAD creates a NullAEAD

type CertChain

type CertChain interface {
	SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
	GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error)
	GetLeafCert(sni string) ([]byte, error)
}

A CertChain holds a certificate and a private key

func NewCertChain

func NewCertChain(tlsConfig *tls.Config) CertChain

NewCertChain loads the key and cert from files

type CertManager

type CertManager interface {
	SetData([]byte) error
	GetCommonCertificateHashes() []byte
	GetLeafCert() []byte
	GetLeafCertHash() (uint64, error)
	VerifyServerProof(proof, chlo, serverConfigData []byte) bool
	Verify(hostname string) error
}

CertManager manages the certificates sent by the server

func NewCertManager

func NewCertManager(tlsConfig *tls.Config) CertManager

NewCertManager creates a new CertManager

type KeyExchange

type KeyExchange interface {
	PublicKey() []byte
	CalculateSharedKey(otherPublic []byte) ([]byte, error)
}

KeyExchange manages the exchange of keys

func NewCurve25519KEX

func NewCurve25519KEX() (KeyExchange, error)

NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html

type MintController

type MintController interface {
	Handshake() mint.Alert
	GetCipherSuite() mint.CipherSuiteParams
	ComputeExporter(label string, context []byte, keyLength int) ([]byte, error)
}

MintController is an interface that bundles all methods needed to interact with mint

type StkSource

type StkSource interface {
	// NewToken creates a new token
	NewToken([]byte) ([]byte, error)
	// DecodeToken decodes a token
	DecodeToken([]byte) ([]byte, error)
}

StkSource is used to create and verify source address tokens

func NewStkSource

func NewStkSource() (StkSource, error)

NewStkSource creates a source for source address tokens

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL