Documentation
¶
Overview ¶
Package extension implements the extension values in the ClientHello/ServerHello
Package extension implements the extension values in the ClientHello/ServerHello
Index ¶
- Variables
- func ALPNProtocolSelection(supportedProtocols, peerSupportedProtocols []string) (string, error)
- func Marshal(e []Extension) ([]byte, error)
- type ALPN
- type ConnectionID
- type CookieExt
- type Extension
- type KeyShare
- type KeyShareEntry
- type PreSharedKey
- type PskBinderEntry
- type PskIdentity
- type PskKeyExchangeMode
- type PskKeyExchangeModes
- type RenegotiationInfo
- type SRTPProtectionProfile
- type ServerName
- type SignatureAlgorithmsCert
- type SupportedEllipticCurves
- type SupportedPointFormats
- type SupportedSignatureAlgorithms
- type SupportedVersions
- type TypeValue
- type UseExtendedMasterSecret
- type UseSRTP
Constants ¶
This section is empty.
Variables ¶
var ( // ErrALPNInvalidFormat is raised when the ALPN format is invalid. ErrALPNInvalidFormat = &protocol.FatalError{ Err: errors.New("invalid alpn format"), } )
Functions ¶
func ALPNProtocolSelection ¶
ALPNProtocolSelection negotiates a shared protocol according to #3.2 of rfc7301.
Types ¶
type ALPN ¶
type ALPN struct {
ProtocolNameList []string
}
ALPN is a TLS extension for application-layer protocol negotiation within the TLS handshake.
type ConnectionID ¶
type ConnectionID struct {
// A zero-length connection ID indicates for a client or server that
// negotiated connection IDs from the peer will be sent but there is no need
// to respond with one
CID []byte // variable length
}
ConnectionID is a DTLS extension that provides an alternative to IP address and port for session association.
https://tools.ietf.org/html/rfc9146
func (*ConnectionID) Marshal ¶
func (c *ConnectionID) Marshal() ([]byte, error)
Marshal encodes the extension.
func (ConnectionID) TypeValue ¶
func (c ConnectionID) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*ConnectionID) Unmarshal ¶
func (c *ConnectionID) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type CookieExt ¶ added in v3.1.0
type CookieExt struct {
Cookie []byte
}
CookieExt implements the cookie extension in DTLS 1.3. See RFC 8446 section 4.2.2. Cookie.
type Extension ¶
type Extension interface {
Marshal() ([]byte, error)
Unmarshal(data []byte) error
TypeValue() TypeValue
}
Extension represents a single TLS extension.
type KeyShare ¶ added in v3.0.10
type KeyShare struct {
}
KeyShare represents the "key_share" extension. Only one of the fields can be used at a time. See RFC 8446 section 4.2.8.
type KeyShareEntry ¶ added in v3.0.10
type KeyShareEntry struct {
}
type PreSharedKey ¶ added in v3.1.0
type PreSharedKey struct {
Identities []PskIdentity
Binders []PskBinderEntry
SelectedIdentity uint16
}
PreSharedKey represents the "pre_shared_key" extension for DTLS 1.3. This extension is used in both ClientHello and ServerHello messages, but only the relevant fields should be populated for each context. See RFC 8446 section 4.2.11.
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.11
func (*PreSharedKey) Marshal ¶ added in v3.1.0
func (p *PreSharedKey) Marshal() ([]byte, error)
Marshal encodes the extension.
func (PreSharedKey) TypeValue ¶ added in v3.1.0
func (p PreSharedKey) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*PreSharedKey) Unmarshal ¶ added in v3.1.0
func (p *PreSharedKey) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type PskBinderEntry ¶ added in v3.1.0
type PskBinderEntry []byte
PskBinderEntry represents the binder related to a PSK identity in the "pre_shared_key" extension for DTLS 1.3.
type PskIdentity ¶ added in v3.1.0
PskIdentity represents the PSK identitiy in the "pre_shared_key" extension for DTLS 1.3.
type PskKeyExchangeMode ¶ added in v3.1.0
type PskKeyExchangeMode uint8
const ( PskKe PskKeyExchangeMode = 0 PskDheKe PskKeyExchangeMode = 1 )
TypeValue constants.
type PskKeyExchangeModes ¶ added in v3.1.0
type PskKeyExchangeModes struct {
KeModes []PskKeyExchangeMode
}
PskKeyExchangeModes implements the PskKeyExchangeModes extension in DTLS 1.3. See RFC 8446 section 4.2.9. Pre-Shared Key Exchange Modes.
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.9
func (*PskKeyExchangeModes) Marshal ¶ added in v3.1.0
func (p *PskKeyExchangeModes) Marshal() ([]byte, error)
Marshal encodes the extension.
func (PskKeyExchangeModes) TypeValue ¶ added in v3.1.0
func (p PskKeyExchangeModes) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*PskKeyExchangeModes) Unmarshal ¶ added in v3.1.0
func (p *PskKeyExchangeModes) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type RenegotiationInfo ¶
type RenegotiationInfo struct {
RenegotiatedConnection uint8
}
RenegotiationInfo allows a Client/Server to communicate their renegotation support
https://tools.ietf.org/html/rfc5746
func (*RenegotiationInfo) Marshal ¶
func (r *RenegotiationInfo) Marshal() ([]byte, error)
Marshal encodes the extension.
func (RenegotiationInfo) TypeValue ¶
func (r RenegotiationInfo) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*RenegotiationInfo) Unmarshal ¶
func (r *RenegotiationInfo) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type SRTPProtectionProfile ¶
type SRTPProtectionProfile uint16
SRTPProtectionProfile defines the parameters and options that are in effect for the SRTP processing https://tools.ietf.org/html/rfc5764#section-4.1.2
const ( SRTP_AES128_CM_HMAC_SHA1_80 SRTPProtectionProfile = 0x0001 // nolint SRTP_AES128_CM_HMAC_SHA1_32 SRTPProtectionProfile = 0x0002 // nolint SRTP_AES256_CM_SHA1_80 SRTPProtectionProfile = 0x0003 // nolint SRTP_AES256_CM_SHA1_32 SRTPProtectionProfile = 0x0004 // nolint SRTP_NULL_HMAC_SHA1_80 SRTPProtectionProfile = 0x0005 // nolint SRTP_NULL_HMAC_SHA1_32 SRTPProtectionProfile = 0x0006 // nolint SRTP_AEAD_AES_128_GCM SRTPProtectionProfile = 0x0007 // nolint SRTP_AEAD_AES_256_GCM SRTPProtectionProfile = 0x0008 // nolint )
type ServerName ¶
type ServerName struct {
ServerName string
}
ServerName allows the client to inform the server the specific name it wishes to contact. Useful if multiple DNS names resolve to one IP
https://tools.ietf.org/html/rfc6066#section-3
func (*ServerName) Marshal ¶
func (s *ServerName) Marshal() ([]byte, error)
Marshal encodes the extension.
func (ServerName) TypeValue ¶
func (s ServerName) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*ServerName) Unmarshal ¶
func (s *ServerName) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type SignatureAlgorithmsCert ¶ added in v3.1.0
type SignatureAlgorithmsCert struct {
SignatureHashAlgorithms []signaturehash.Algorithm
}
SignatureAlgorithmsCert allows a Client/Server to indicate which signature algorithms may be used in digital signatures for X.509 certificates. This is separate from signature_algorithms which applies to handshake signatures.
RFC 8446 Section 4.2.3: "TLS 1.2 implementations SHOULD also process this extension. If present, the signature_algorithms_cert extension SHALL be treated as being equivalent to signature_algorithms for the purposes of certificate chain validation."
https://tools.ietf.org/html/rfc8446#section-4.2.3
func (*SignatureAlgorithmsCert) Marshal ¶ added in v3.1.0
func (s *SignatureAlgorithmsCert) Marshal() ([]byte, error)
Marshal encodes the extension. This supports hybrid encoding: TLS 1.3 PSS schemes are encoded as full uint16, while TLS 1.2 schemes use hash (high byte) + signature (low byte) encoding.
func (SignatureAlgorithmsCert) TypeValue ¶ added in v3.1.0
func (s SignatureAlgorithmsCert) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*SignatureAlgorithmsCert) Unmarshal ¶ added in v3.1.0
func (s *SignatureAlgorithmsCert) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data. This supports hybrid encoding: detects TLS 1.3 PSS schemes and handles them as full uint16, while TLS 1.2 schemes use byte-split encoding.
type SupportedEllipticCurves ¶
SupportedEllipticCurves allows a Client/Server to communicate what curves they both support
https://tools.ietf.org/html/rfc8422#section-5.1.1
In DTLS 1.3, this extension in renamed to "supported_groups". https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.7
func (*SupportedEllipticCurves) Marshal ¶
func (s *SupportedEllipticCurves) Marshal() ([]byte, error)
Marshal encodes the extension.
func (SupportedEllipticCurves) TypeValue ¶
func (s SupportedEllipticCurves) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*SupportedEllipticCurves) Unmarshal ¶
func (s *SupportedEllipticCurves) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type SupportedPointFormats ¶
type SupportedPointFormats struct {
PointFormats []elliptic.CurvePointFormat
}
SupportedPointFormats allows a Client/Server to negotiate the EllipticCurvePointFormats
https://tools.ietf.org/html/rfc4492#section-5.1.2
func (*SupportedPointFormats) Marshal ¶
func (s *SupportedPointFormats) Marshal() ([]byte, error)
Marshal encodes the extension.
func (SupportedPointFormats) TypeValue ¶
func (s SupportedPointFormats) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*SupportedPointFormats) Unmarshal ¶
func (s *SupportedPointFormats) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type SupportedSignatureAlgorithms ¶
type SupportedSignatureAlgorithms struct {
SignatureHashAlgorithms []signaturehash.Algorithm
}
SupportedSignatureAlgorithms allows a Client/Server to negotiate what SignatureHash Algorithms they both support
https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
func (*SupportedSignatureAlgorithms) Marshal ¶
func (s *SupportedSignatureAlgorithms) Marshal() ([]byte, error)
Marshal encodes the extension. This supports hybrid encoding: TLS 1.3 PSS schemes are encoded as full uint16, while TLS 1.2 schemes use hash (high byte) + signature (low byte) encoding.
func (SupportedSignatureAlgorithms) TypeValue ¶
func (s SupportedSignatureAlgorithms) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*SupportedSignatureAlgorithms) Unmarshal ¶
func (s *SupportedSignatureAlgorithms) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data. This supports hybrid encoding: detects TLS 1.3 PSS schemes and handles them as full uint16, while TLS 1.2 schemes use byte-split encoding.
type SupportedVersions ¶ added in v3.0.8
type SupportedVersions struct {
// ClientHello's preference-ordered list.
Versions []protocol.Version
}
SupportedVersions is a TLS extension used by the client to indicate which versions of TLS it supports and by the server to indicate which version it is using.
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.1
func (*SupportedVersions) Marshal ¶ added in v3.0.8
func (s *SupportedVersions) Marshal() ([]byte, error)
Marshal encodes the extension without carrying negotiation state.
func (SupportedVersions) TypeValue ¶ added in v3.0.8
func (s SupportedVersions) TypeValue() TypeValue
func (*SupportedVersions) Unmarshal ¶ added in v3.0.8
func (s *SupportedVersions) Unmarshal(data []byte) error
Unmarshal parses either the ClientHello list or the ServerHello/HelloRetryRequest single value. Any version not recognized is discarded.
type TypeValue ¶
type TypeValue uint16
TypeValue is the 2 byte value for a TLS Extension as registered in the IANA
https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
const ( ServerNameTypeValue TypeValue = 0 // In DTLS 1.3, this extension in renamed to "supported_groups". SupportedEllipticCurvesTypeValue TypeValue = 10 SupportedPointFormatsTypeValue TypeValue = 11 SupportedSignatureAlgorithmsTypeValue TypeValue = 13 UseSRTPTypeValue TypeValue = 14 ALPNTypeValue TypeValue = 16 UseExtendedMasterSecretTypeValue TypeValue = 23 SupportedVersionsTypeValue TypeValue = 43 CookieTypeValue TypeValue = 44 PskKeyExchangeModesTypeValue TypeValue = 45 SignatureAlgorithmsCertTypeValue TypeValue = 50 ConnectionIDTypeValue TypeValue = 54 RenegotiationInfoTypeValue TypeValue = 65281 )
TypeValue constants.
type UseExtendedMasterSecret ¶
type UseExtendedMasterSecret struct {
Supported bool
}
UseExtendedMasterSecret defines a TLS extension that contextually binds the master secret to a log of the full handshake that computes it, thus preventing MITM attacks.
func (*UseExtendedMasterSecret) Marshal ¶
func (u *UseExtendedMasterSecret) Marshal() ([]byte, error)
Marshal encodes the extension.
func (UseExtendedMasterSecret) TypeValue ¶
func (u UseExtendedMasterSecret) TypeValue() TypeValue
TypeValue returns the extension TypeValue.
func (*UseExtendedMasterSecret) Unmarshal ¶
func (u *UseExtendedMasterSecret) Unmarshal(data []byte) error
Unmarshal populates the extension from encoded data.
type UseSRTP ¶
type UseSRTP struct {
ProtectionProfiles []SRTPProtectionProfile
MasterKeyIdentifier []byte
}
UseSRTP allows a Client/Server to negotiate what SRTPProtectionProfiles they both support
Source Files
¶
- alpn.go
- connection_id.go
- cookie.go
- errors.go
- extension.go
- generic_signature_hash_extension.go
- key_share.go
- pre_shared_key.go
- psk_key_exchange_modes.go
- renegotiation_info.go
- server_name.go
- signature_algorithms_cert.go
- srtp_protection_profile.go
- supported_elliptic_curves.go
- supported_point_formats.go
- supported_signature_algorithms.go
- supported_versions.go
- use_master_secret.go
- use_srtp.go