Documentation
¶
Index ¶
- Constants
- func Marshal(p Payload) (data []byte)
- func NewSecrets(curve ecdh.Curve) (auth, salt []byte, key *ecdh.PrivateKey)
- type Aes128gcmScheme
- func (s Aes128gcmScheme) DeriveCEKAndNonce(hash func() hash.Hash, ikm, salt []byte, uaKey, asKey *ecdh.PublicKey) (cek, nonce []byte, err error)
- func (s Aes128gcmScheme) DeriveIKM(hash func() hash.Hash, authSecret, ecdhSecret []byte, ...) ([]byte, error)
- func (s Aes128gcmScheme) Pad(plaintext []byte) []byte
- func (s Aes128gcmScheme) Unpad(data []byte) ([]byte, error)
- type AesgcmScheme
- func (s AesgcmScheme) DeriveCEKAndNonce(hash func() hash.Hash, ikm, salt []byte, uaKey, asKey *ecdh.PublicKey) (cek, nonce []byte, err error)
- func (s AesgcmScheme) DeriveIKM(hash func() hash.Hash, authSecret, ecdhSecret []byte, ...) ([]byte, error)
- func (s AesgcmScheme) Pad(plaintext []byte) []byte
- func (s AesgcmScheme) Unpad(data []byte) ([]byte, error)
- type CryptoParams
- type Encoding
- type EncodingScheme
- type EncryptResult
- type Payload
- type RFC8291
- func (c *RFC8291) Decrypt(data []byte, encoding Encoding, encryptionHeader string, ...) ([]byte, error)
- func (c *RFC8291) DecryptAes128gcm(ciphertext []byte, salt []byte, authSecret []byte, ...) ([]byte, error)
- func (c *RFC8291) DecryptAesgcm(ciphertext []byte, salt []byte, authSecret []byte, ...) ([]byte, error)
- func (c *RFC8291) EncryptAes128gcm(plaintext []byte, salt []byte, authSecret []byte, ...) ([]byte, error)
- func (c *RFC8291) EncryptAesgcm(plaintext []byte, salt []byte, authSecret []byte, ...) (*EncryptResult, error)
Constants ¶
const ( AUTH_SECRET_LEN = 16 SALT_LEN = 16 AES_GCM_OVERHEAD = 16 HKDF_IKM_LEN = 32 HKDF_CEK_LEN = 16 HKDF_NONCE_LEN = 12 )
Variables ¶
This section is empty.
Functions ¶
func NewSecrets ¶
func NewSecrets(curve ecdh.Curve) (auth, salt []byte, key *ecdh.PrivateKey)
NewSecrets generates new random auth secret, salt, and ECDH private key.
Types ¶
type Aes128gcmScheme ¶
type Aes128gcmScheme struct{}
Aes128gcmScheme implements EncodingScheme for the aes128gcm encoding.
func (Aes128gcmScheme) DeriveCEKAndNonce ¶
func (Aes128gcmScheme) Pad ¶
func (s Aes128gcmScheme) Pad(plaintext []byte) []byte
type AesgcmScheme ¶
type AesgcmScheme struct{}
AesgcmScheme implements EncodingScheme for the aesgcm encoding.
func (AesgcmScheme) DeriveCEKAndNonce ¶
func (AesgcmScheme) Pad ¶
func (s AesgcmScheme) Pad(plaintext []byte) []byte
type CryptoParams ¶
CryptoParams holds the extracted cryptographic parameters for decryption.
func ParseAesgcmHeaders ¶
func ParseAesgcmHeaders(encryptionHeader, cryptoKeyHeader string, curve ecdh.Curve) (*CryptoParams, error)
ParseAesgcmHeaders extracts salt and sender public key from aesgcm HTTP headers. encryptionHeader: e.g., "salt=FiyMDLvlVl678odI9AWL3A" cryptoKeyHeader: e.g., "dh=BMLYo...;p256ecdsa=BF5o..."
type Encoding ¶
type Encoding string
Encoding represents the Content-Encoding type for WebPush messages.
type EncodingScheme ¶
type EncodingScheme interface {
DeriveIKM(hash func() hash.Hash, authSecret, ecdhSecret []byte, uaKey, asKey *ecdh.PublicKey) ([]byte, error)
DeriveCEKAndNonce(hash func() hash.Hash, ikm, salt []byte, uaKey, asKey *ecdh.PublicKey) (cek, nonce []byte, err error)
Pad(plaintext []byte) []byte
Unpad(data []byte) ([]byte, error)
}
EncodingScheme defines the encoding-specific operations for WebPush encryption.
func Scheme ¶
func Scheme(encoding Encoding) (EncodingScheme, error)
Scheme returns the EncodingScheme implementation for the given encoding type.
type EncryptResult ¶
type EncryptResult struct {
Ciphertext []byte // The encrypted data (for request body)
Salt []byte // For Encryption header: salt=<base64url>
SenderPublicKey []byte // For Crypto-Key header: dh=<base64url>
}
EncryptResult holds the result of aesgcm encryption. Unlike aes128gcm which embeds crypto params in the payload, aesgcm requires these to be sent as HTTP headers.
type RFC8291 ¶
type RFC8291 struct {
// contains filtered or unexported fields
}
RFC8291 implements WebPush message encryption and decryption.
func NewRFC8291 ¶
NewRFC8291 creates a new RFC8291 instance. Default hash is SHA256.
func (*RFC8291) Decrypt ¶
func (c *RFC8291) Decrypt( data []byte, encoding Encoding, encryptionHeader string, cryptoKeyHeader string, authSecret []byte, receiverPrivateKey *ecdh.PrivateKey, ) ([]byte, error)
Decrypt decrypts a push notification, automatically selecting the correct encoding scheme based on the encoding parameter.
For aes128gcm: crypto params are extracted from the data payload. For aesgcm: crypto params are extracted from the HTTP headers.
func (*RFC8291) DecryptAes128gcm ¶
func (c *RFC8291) DecryptAes128gcm( ciphertext []byte, salt []byte, authSecret []byte, receiverPrivateKey *ecdh.PrivateKey, senderPublicKey *ecdh.PublicKey, ) ([]byte, error)
DecryptAes128gcm decrypts a message encrypted with the aes128gcm encoding scheme.
func (*RFC8291) DecryptAesgcm ¶
func (c *RFC8291) DecryptAesgcm( ciphertext []byte, salt []byte, authSecret []byte, receiverPrivateKey *ecdh.PrivateKey, senderPublicKey *ecdh.PublicKey, ) ([]byte, error)
DecryptAesgcm decrypts a message encrypted with the aesgcm encoding scheme.
func (*RFC8291) EncryptAes128gcm ¶
func (c *RFC8291) EncryptAes128gcm( plaintext []byte, salt []byte, authSecret []byte, receiverPublicKey *ecdh.PublicKey, senderPrivateKey *ecdh.PrivateKey, ) ([]byte, error)
EncryptAes128gcm encrypts a message using the aes128gcm encoding scheme. Returns the complete payload with embedded crypto parameters.
func (*RFC8291) EncryptAesgcm ¶
func (c *RFC8291) EncryptAesgcm( plaintext []byte, salt []byte, authSecret []byte, receiverPublicKey *ecdh.PublicKey, senderPrivateKey *ecdh.PrivateKey, ) (*EncryptResult, error)
EncryptAesgcm encrypts a message using the aesgcm encoding scheme. Returns the ciphertext and crypto parameters needed for HTTP headers.
Source Files