Documentation ¶
Overview ¶
Package halfconn manages the inbound or outbound traffic of a TLS 1.3 connection.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type S2AHalfConnection ¶
type S2AHalfConnection struct {
// contains filtered or unexported fields
}
S2AHalfConnection stores the state of the TLS 1.3 connection in the inbound or outbound direction.
func New ¶
func New(ciphersuite s2apb.Ciphersuite, trafficSecret []byte, sequence uint64) (*S2AHalfConnection, error)
New creates a new instance of S2AHalfConnection given a ciphersuite and a traffic secret.
func (*S2AHalfConnection) Decrypt ¶
func (hc *S2AHalfConnection) Decrypt(dst, ciphertext, aad []byte) ([]byte, error)
Decrypt decrypts ciphertext and verifies the tag. dst and ciphertext may fully overlap or not at all. Note that the sequence number will still be incremented on failure, unless the sequence has overflowed.
func (*S2AHalfConnection) Encrypt ¶
func (hc *S2AHalfConnection) Encrypt(dst, plaintext, aad []byte) ([]byte, error)
Encrypt encrypts the plaintext and computes the tag of dst and plaintext. dst and plaintext may fully overlap or not at all. Note that the sequence number will still be incremented on failure, unless the sequence has overflowed.
func (*S2AHalfConnection) TagSize ¶
func (hc *S2AHalfConnection) TagSize() int
TagSize returns the tag size in bytes of the underlying AEAD crypter.
func (*S2AHalfConnection) UpdateKey ¶
func (hc *S2AHalfConnection) UpdateKey() error
UpdateKey advances the traffic secret key, as specified in https://tools.ietf.org/html/rfc8446#section-7.2. In addition, it derives a new key and nonce, and resets the sequence number.