Documentation
¶
Overview ¶
Package odoh implements Oblivious DNS over HTTPS (ODoH) as specified in RFC 9230. ODoH provides encrypted DNS queries through an oblivious proxy, preventing the resolver from learning the client's identity.
Index ¶
Constants ¶
const ( HPKEAEADAES256GCM = 1 HPKEAEADChaCha20Poly1305 = 2 )
HPKE AEAD algorithms supported by ODoH.
const ( HPKEDHP256 = 1 // ECDH P-256 HPKEDHP384 = 2 // ECDH P-384 HPKEDHP521 = 3 // ECDH P-521 HPKEDHX25519 = 4 // X25519 )
HPKE DH key agreement algorithms.
Variables ¶
var ( ErrInvalidKey = errors.New("invalid HPKE key") ErrDecryptionFailed = errors.New("decryption failed") ErrInvalidNonce = errors.New("invalid nonce") ErrTooManyDHPairs = errors.New("too many DH pairs for this context") )
Errors for ODoH operations.
Functions ¶
This section is empty.
Types ¶
type ODoHConfig ¶
type ODoHConfig struct {
TargetName string // DNS name of the target resolver (e.g., "dns.example.com")
ProxyName string // DNS name of the proxy (e.g., "proxy.example.com")
TargetURL string // HTTPS URL of the target
ProxyURL string // HTTPS URL of the proxy
HPKEKEM int // Key Encapsulation Mechanism (KEM) algorithm
HPKEKDF int // Key Derivation Function (KDF) algorithm
HPKEAEAD int // Authenticated Encryption with Associated Data (AEAD) algorithm
}
ODoHConfig contains configuration for ODoH operations.
func NewODoHConfig ¶
func NewODoHConfig(targetName, proxyName string) *ODoHConfig
NewODoHConfig creates a default ODoH configuration.
type ObliviousClient ¶
type ObliviousClient struct {
// contains filtered or unexported fields
}
ObliviousClient implements the client side of ODoH.
func NewObliviousClient ¶
func NewObliviousClient(config *ODoHConfig) (*ObliviousClient, error)
NewObliviousClient creates a new ODoH client.
type ObliviousDNSMessage ¶
type ObliviousDNSMessage struct {
// Public key used for encapsulation
PublicKey []byte
// Encrypted DNS query/response
Ciphertext []byte
// Nonce used for encryption
Nonce []byte
// Additional authenticated data (AAD)
AAD []byte
}
ObliviousDNSMessage represents an ODoH message.
type ObliviousProxy ¶
type ObliviousProxy struct {
// contains filtered or unexported fields
}
ObliviousProxy implements the proxy side of ODoH.
func NewObliviousProxy ¶
func NewObliviousProxy(config *ODoHConfig) (*ObliviousProxy, error)
NewObliviousProxy creates a new ODoH proxy server.
func (*ObliviousProxy) ServeHTTP ¶
func (p *ObliviousProxy) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements the HTTP handler for the proxy.
type ObliviousTarget ¶
type ObliviousTarget struct {
// contains filtered or unexported fields
}
ObliviousTarget implements the target resolver side of ODoH.
func NewObliviousTarget ¶
func NewObliviousTarget(config *ODoHConfig) (*ObliviousTarget, error)
NewObliviousTarget creates a new ODoH target resolver.
func (*ObliviousTarget) ServeHTTP ¶
func (t *ObliviousTarget) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements the HTTP handler for the target.
Source Files