package tls13

import "crypto/internal/fips140/tls13"

Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7.

Index

Functions

func ExpandLabel 

func ExpandLabel[H fips140.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte

ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.

func TestingOnlyExporterSecret 

func TestingOnlyExporterSecret(s *ExporterMasterSecret) []byte

Types

type EarlySecret 

type EarlySecret struct {
	// contains filtered or unexported fields
}

func NewEarlySecret 

func NewEarlySecret[H fips140.Hash](hash func() H, psk []byte) *EarlySecret

func (*EarlySecret) ClientEarlyTrafficSecret 

func (s *EarlySecret) ClientEarlyTrafficSecret(transcript fips140.Hash) []byte

ClientEarlyTrafficSecret derives the client_early_traffic_secret from the early secret and the transcript up to the ClientHello.

func (*EarlySecret) EarlyExporterMasterSecret 

func (s *EarlySecret) EarlyExporterMasterSecret(transcript fips140.Hash) *ExporterMasterSecret

EarlyExporterMasterSecret derives the exporter_master_secret from the early secret and the transcript up to the ClientHello.

func (*EarlySecret) HandshakeSecret 

func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret

func (*EarlySecret) ResumptionBinderKey 

func (s *EarlySecret) ResumptionBinderKey() []byte

type ExporterMasterSecret 

type ExporterMasterSecret struct {
	// contains filtered or unexported fields
}

func (*ExporterMasterSecret) Exporter 

func (s *ExporterMasterSecret) Exporter(label string, context []byte, length int) []byte

type HandshakeSecret 

type HandshakeSecret struct {
	// contains filtered or unexported fields
}

func (*HandshakeSecret) ClientHandshakeTrafficSecret 

func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript fips140.Hash) []byte

ClientHandshakeTrafficSecret derives the client_handshake_traffic_secret from the handshake secret and the transcript up to the ServerHello.

func (*HandshakeSecret) MasterSecret 

func (s *HandshakeSecret) MasterSecret() *MasterSecret

func (*HandshakeSecret) ServerHandshakeTrafficSecret 

func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript fips140.Hash) []byte

ServerHandshakeTrafficSecret derives the server_handshake_traffic_secret from the handshake secret and the transcript up to the ServerHello.

type MasterSecret 

type MasterSecret struct {
	// contains filtered or unexported fields
}

func (*MasterSecret) ClientApplicationTrafficSecret 

func (s *MasterSecret) ClientApplicationTrafficSecret(transcript fips140.Hash) []byte

ClientApplicationTrafficSecret derives the client_application_traffic_secret_0 from the master secret and the transcript up to the server Finished.

func (*MasterSecret) ExporterMasterSecret 

func (s *MasterSecret) ExporterMasterSecret(transcript fips140.Hash) *ExporterMasterSecret

ExporterMasterSecret derives the exporter_master_secret from the master secret and the transcript up to the server Finished.

func (*MasterSecret) ResumptionMasterSecret 

func (s *MasterSecret) ResumptionMasterSecret(transcript fips140.Hash) []byte

ResumptionMasterSecret derives the resumption_master_secret from the master secret and the transcript up to the client Finished.

func (*MasterSecret) ServerApplicationTrafficSecret 

func (s *MasterSecret) ServerApplicationTrafficSecret(transcript fips140.Hash) []byte

ServerApplicationTrafficSecret derives the server_application_traffic_secret_0 from the master secret and the transcript up to the server Finished.

Source Files

cast.go tls13.go

Version
v1.24.0 (latest)
Published
Feb 10, 2025
Platform
linux/amd64
Imports
7 packages
Last checked
10 minutes ago

Tools for package owners.