Documentation ¶
Index ¶
- type AeadID
- type ClientContext
- func (context *ClientContext) DecryptFromServer(ciphertext []byte, ad []byte) ([]byte, error)
- func (context *ClientContext) EncryptToServer(message []byte, ad []byte) ([]byte, error)
- func (context *ClientContext) Export(exporterContext []byte, length uint16) ([]byte, error)
- func (context *ClientContext) ExporterSecret() []byte
- type KdfID
- type KemID
- type KeyPair
- type Mode
- type Psk
- type ServerContext
- func (context *ServerContext) DecryptFromClient(ciphertext []byte, ad []byte) ([]byte, error)
- func (context *ServerContext) EncryptToClient(message []byte, ad []byte) ([]byte, error)
- func (context *ServerContext) Export(exporterContext []byte, length uint16) ([]byte, error)
- func (context *ServerContext) ExporterSecret() []byte
- type Suite
- func (suite *Suite) DeterministicKeyPair(seed []byte) (KeyPair, error)
- func (suite *Suite) Expand(prk []byte, info []byte, length uint16) ([]byte, error)
- func (suite *Suite) Extract(secret []byte, salt []byte) []byte
- func (suite *Suite) GenerateKeyPair() (KeyPair, error)
- func (suite *Suite) NewAuthenticatedClientContext(clientKp KeyPair, serverPk []byte, info []byte, psk *Psk) (ClientContext, []byte, error)
- func (suite *Suite) NewAuthenticatedClientDeterministicContext(clientKp KeyPair, serverPk []byte, info []byte, psk *Psk, seed []byte) (ClientContext, []byte, error)
- func (suite *Suite) NewAuthenticatedServerContext(clientPk []byte, enc []byte, serverKp KeyPair, info []byte, psk *Psk) (ServerContext, error)
- func (suite *Suite) NewClientContext(serverPk []byte, info []byte, psk *Psk) (ClientContext, []byte, error)
- func (suite *Suite) NewClientDeterministicContext(serverPk []byte, info []byte, psk *Psk, seed []byte) (ClientContext, []byte, error)
- func (suite *Suite) NewRawCipher(key []byte) (cipher.AEAD, error)
- func (suite *Suite) NewServerContext(enc []byte, serverKp KeyPair, info []byte, psk *Psk) (ServerContext, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientContext ¶
type ClientContext struct {
// contains filtered or unexported fields
}
ClientContext - A client encryption context
func (*ClientContext) DecryptFromServer ¶
func (context *ClientContext) DecryptFromServer(ciphertext []byte, ad []byte) ([]byte, error)
DecryptFromServer - Verify and decrypt a ciphertext received from the server, with optional associated data
func (*ClientContext) EncryptToServer ¶
func (context *ClientContext) EncryptToServer(message []byte, ad []byte) ([]byte, error)
EncryptToServer - Encrypt and authenticate a message for the server, with optional associated data
func (*ClientContext) Export ¶
func (context *ClientContext) Export(exporterContext []byte, length uint16) ([]byte, error)
Export - Derive an arbitrary-long secret
func (*ClientContext) ExporterSecret ¶
func (context *ClientContext) ExporterSecret() []byte
ExporterSecret - Return the exporter secret
type KdfID ¶
type KdfID uint16
KdfID - KDF ID
const ( // KdfHkdfSha256 - HKDF-SHA256 KdfHkdfSha256 KdfID = 0x0001 )
type KemID ¶
type KemID uint16
KemID - KEM ID
const ( // KemX25519HkdfSha256 - X25519 with HKDF-SHA256 KemX25519HkdfSha256 KemID = 0x0020 )
type KeyPair ¶
type KeyPair struct { // PublicKey - Public key PublicKey []byte // SecretKey - Secret key SecretKey []byte }
KeyPair - A key pair (packed as a byte string)
type ServerContext ¶
type ServerContext struct {
// contains filtered or unexported fields
}
ServerContext - A server encryption context
func (*ServerContext) DecryptFromClient ¶
func (context *ServerContext) DecryptFromClient(ciphertext []byte, ad []byte) ([]byte, error)
DecryptFromClient - Verify and decrypt a ciphertext received from the client, with optional associated data
func (*ServerContext) EncryptToClient ¶
func (context *ServerContext) EncryptToClient(message []byte, ad []byte) ([]byte, error)
EncryptToClient - Encrypt and authenticate a message for the client, with optional associated data
func (*ServerContext) Export ¶
func (context *ServerContext) Export(exporterContext []byte, length uint16) ([]byte, error)
Export - Derive an arbitrary-long secret
func (*ServerContext) ExporterSecret ¶
func (context *ServerContext) ExporterSecret() []byte
ExporterSecret - Return the exporter secret
type Suite ¶
type Suite struct { SuiteIDContext [10]byte SuiteIDKEM [5]byte Hash func() hash.Hash PrkBytes uint16 KeyBytes uint16 NonceBytes uint16 KemHashBytes uint16 AeadID AeadID }
Suite - HPKE suite
func (*Suite) DeterministicKeyPair ¶
DeterministicKeyPair - Derive a deterministic key pair from a seed
func (*Suite) GenerateKeyPair ¶
GenerateKeyPair - Generate a random key pair
func (*Suite) NewAuthenticatedClientContext ¶
func (suite *Suite) NewAuthenticatedClientContext(clientKp KeyPair, serverPk []byte, info []byte, psk *Psk) (ClientContext, []byte, error)
NewAuthenticatedClientContext - Create a new context for a client (aka "sender"), with authentication
func (*Suite) NewAuthenticatedClientDeterministicContext ¶
func (suite *Suite) NewAuthenticatedClientDeterministicContext(clientKp KeyPair, serverPk []byte, info []byte, psk *Psk, seed []byte) (ClientContext, []byte, error)
NewAuthenticatedClientDeterministicContext - Create a new deterministic context for a client, with authentication - Should only be used for testing purposes
func (*Suite) NewAuthenticatedServerContext ¶
func (suite *Suite) NewAuthenticatedServerContext(clientPk []byte, enc []byte, serverKp KeyPair, info []byte, psk *Psk) (ServerContext, error)
NewAuthenticatedServerContext - Create a new context for a server (aka "recipient"), with authentication
func (*Suite) NewClientContext ¶
func (suite *Suite) NewClientContext(serverPk []byte, info []byte, psk *Psk) (ClientContext, []byte, error)
NewClientContext - Create a new context for a client (aka "sender")
func (*Suite) NewClientDeterministicContext ¶
func (suite *Suite) NewClientDeterministicContext(serverPk []byte, info []byte, psk *Psk, seed []byte) (ClientContext, []byte, error)
NewClientDeterministicContext - Create a new deterministic context for a client - Should only be used for testing purposes
func (*Suite) NewRawCipher ¶
NewRawCipher - Access the raw cipher interface
func (*Suite) NewServerContext ¶
func (suite *Suite) NewServerContext(enc []byte, serverKp KeyPair, info []byte, psk *Psk) (ServerContext, error)
NewServerContext - Create a new context for a server (aka "recipient")