Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AEAD ¶
type AEAD interface {
Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error)
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
}
An AEAD implements QUIC's authenticated encryption and associated data
func DeriveKeysAESGCM ¶
func DeriveKeysAESGCM(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (AEAD, error)
DeriveKeysAESGCM derives the client and server keys and creates a matching AES-GCM AEAD instance
func NewAEADAESGCM ¶
NewAEADAESGCM creates a AEAD using AES-GCM with 12 bytes tag size
AES-GCM support is a bit hacky, since the go stdlib does not support 12 byte tag size, and couples the cipher and aes packages closely. See https://github.com/lucas-clemente/aes12.
type KeyExchange ¶
type KeyExchange interface {
PublicKey() []byte
}
KeyExchange manages the exchange of keys
func NewCurve25519KEX ¶
func NewCurve25519KEX() (KeyExchange, error)
NewCurve25519KEX creates a new KeyExchange using Curve25519, see https://cr.yp.to/ecdh.html
type NullAEAD ¶
type NullAEAD struct{}
NullAEAD handles not-yet encrypted packets
type Signer ¶
type Signer interface {
SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
GetCertsCompressed(sni string, commonSetHashes, cachedHashes []byte) ([]byte, error)
GetLeafCert(sni string) ([]byte, error)
}
A Signer holds a certificate and a private key
type StkSource ¶
type StkSource interface {
// NewToken creates a new token for a given IP address
NewToken(ip net.IP) ([]byte, error)
// VerifyToken verifies if a token matches a given IP address and is not outdated
VerifyToken(ip net.IP, data []byte) error
}
StkSource is used to create and verify source address tokens
func NewStkSource ¶
NewStkSource creates a source for source address tokens
Source Files