package tls13

import "crypto/internal/fips140/tls13"

Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7.

Index

Functions

func ExpandLabel

func ExpandLabel[H hash.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte

ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.

func TestingOnlyExporterSecret

func TestingOnlyExporterSecret(s *ExporterMasterSecret) []byte

Types

type EarlySecret

type EarlySecret struct {
	// contains filtered or unexported fields
}

func NewEarlySecret

func NewEarlySecret[H hash.Hash](h func() H, psk []byte) *EarlySecret

func (*EarlySecret) ClientEarlyTrafficSecret

func (s *EarlySecret) ClientEarlyTrafficSecret(transcript hash.Hash) []byte

ClientEarlyTrafficSecret derives the client_early_traffic_secret from the early secret and the transcript up to the ClientHello.

func (*EarlySecret) EarlyExporterMasterSecret

func (s *EarlySecret) EarlyExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret

EarlyExporterMasterSecret derives the exporter_master_secret from the early secret and the transcript up to the ClientHello.

func (*EarlySecret) HandshakeSecret

func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret

func (*EarlySecret) ResumptionBinderKey

func (s *EarlySecret) ResumptionBinderKey() []byte

type ExporterMasterSecret

type ExporterMasterSecret struct {
	// contains filtered or unexported fields
}

func (*ExporterMasterSecret) Exporter

func (s *ExporterMasterSecret) Exporter(label string, context []byte, length int) []byte

type HandshakeSecret

type HandshakeSecret struct {
	// contains filtered or unexported fields
}

func (*HandshakeSecret) ClientHandshakeTrafficSecret

func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript hash.Hash) []byte

ClientHandshakeTrafficSecret derives the client_handshake_traffic_secret from the handshake secret and the transcript up to the ServerHello.

func (*HandshakeSecret) MasterSecret

func (s *HandshakeSecret) MasterSecret() *MasterSecret

func (*HandshakeSecret) ServerHandshakeTrafficSecret

func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript hash.Hash) []byte

ServerHandshakeTrafficSecret derives the server_handshake_traffic_secret from the handshake secret and the transcript up to the ServerHello.

type MasterSecret

type MasterSecret struct {
	// contains filtered or unexported fields
}

func (*MasterSecret) ClientApplicationTrafficSecret

func (s *MasterSecret) ClientApplicationTrafficSecret(transcript hash.Hash) []byte

ClientApplicationTrafficSecret derives the client_application_traffic_secret_0 from the master secret and the transcript up to the server Finished.

func (*MasterSecret) ExporterMasterSecret

func (s *MasterSecret) ExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret

ExporterMasterSecret derives the exporter_master_secret from the master secret and the transcript up to the server Finished.

func (*MasterSecret) ResumptionMasterSecret

func (s *MasterSecret) ResumptionMasterSecret(transcript hash.Hash) []byte

ResumptionMasterSecret derives the resumption_master_secret from the master secret and the transcript up to the client Finished.

func (*MasterSecret) ServerApplicationTrafficSecret

func (s *MasterSecret) ServerApplicationTrafficSecret(transcript hash.Hash) []byte

ServerApplicationTrafficSecret derives the server_application_traffic_secret_0 from the master secret and the transcript up to the server Finished.