README
¶
Documentation
¶
Overview ¶
Package mls implements the Messaging Layer Security protocol.
MLS is specified in RFC 9420.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CipherSuite ¶
type CipherSuite uint16
A CipherSuite defines the cryptographic primitives to be used in group key computations: HPKE parameters (KEM, KDF and AEAD), hash, MAC and signature.
MLS cipher suites are listed at: https://www.iana.org/assignments/mls/mls.xhtml#mls-ciphersuites
const ( CipherSuiteMLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 CipherSuite = 0x0001 CipherSuiteMLS_128_DHKEMP256_AES128GCM_SHA256_P256 CipherSuite = 0x0002 CipherSuiteMLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 CipherSuite = 0x0003 CipherSuiteMLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 CipherSuite = 0x0004 CipherSuiteMLS_256_DHKEMP521_AES256GCM_SHA512_P521 CipherSuite = 0x0005 CipherSuiteMLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 CipherSuite = 0x0006 CipherSuiteMLS_256_DHKEMP384_AES256GCM_SHA384_P384 CipherSuite = 0x0007 )
func (CipherSuite) String ¶
func (cs CipherSuite) String() string
String returns the name of the cipher suite.
func (CipherSuite) Supported ¶
func (cs CipherSuite) Supported() bool
Supported checks whether a cipher suite is supported by the library.
type Credential ¶
type Credential struct {
// contains filtered or unexported fields
}
A Credential holds information about a group member's identity.
func NewBasicCredential ¶
func NewBasicCredential(identity []byte) *Credential
NewBasicCredential creates a new basic credential. identity uses an application-specific format.
type Group ¶
type Group struct {
// contains filtered or unexported fields
}
A Group is a high-level API for an MLS group.
Example ¶
cs := CipherSuiteMLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519
aliceCredential := NewBasicCredential([]byte("앨리스"))
aliceKeyPairPkg, err := GenerateKeyPairPackage(cs, aliceCredential)
if err != nil {
log.Fatalf("GenerateKeyPairPackage() = %v", err)
}
bobCredential := NewBasicCredential([]byte("밥"))
bobKeyPairPkg, err := GenerateKeyPairPackage(cs, bobCredential)
if err != nil {
log.Fatalf("GenerateKeyPairPackage() = %v", err)
}
groupID := GroupID("비밀")
aliceGroup, err := CreateGroup(groupID, aliceKeyPairPkg)
if err != nil {
log.Fatalf("CreateGroup() = %v", err)
}
bobWelcome, addMemberMsg, err := aliceGroup.CreateWelcome([]KeyPackage{bobKeyPairPkg.Public})
if err != nil {
log.Fatalf("CreateWelcome() = %v", err)
}
if _, err := aliceGroup.UnmarshalAndProcessMessage(addMemberMsg); err != nil {
log.Fatalf("UnmarshalAndProcessMessage() = %v", err)
}
bobGroup, err := GroupFromWelcome(bobWelcome, bobKeyPairPkg)
if err != nil {
log.Fatalf("GroupFromWelcome() = %v", err)
}
data := []byte("안녕하세요")
appMsg, err := aliceGroup.CreateApplicationMessage(data)
if err != nil {
log.Fatalf("CreateApplicationMessage() = %v", err)
}
plaintext, err := bobGroup.UnmarshalAndProcessMessage(appMsg)
if err != nil {
log.Fatalf("UnmarshalAndProcessMessage() = %v", err)
}
fmt.Println(string(plaintext))
Output: 안녕하세요
func CreateGroup ¶
func CreateGroup(groupID GroupID, keyPairPkg *KeyPairPackage) (*Group, error)
CreateGroup creates a new group with a single member.
func GroupFromWelcome ¶
func GroupFromWelcome(welcome *Welcome, keyPairPkg *KeyPairPackage) (*Group, error)
GroupFromWelcome creates a new group from a welcome message.
func (*Group) CreateApplicationMessage ¶
CreateApplicationMessage creates a new encrypted application message for the group. The message contains an arbitrary application-specific payload.
func (*Group) CreateWelcome ¶
func (group *Group) CreateWelcome(keyPkgs []KeyPackage) (*Welcome, []byte, error)
CreateWelcome creates a new welcome message, inviting new members to the group.
The welcome message should be sent to the new members. Alongside the welcome message, a raw MLS message is returned and must be consumed by all existing members of the group to add the new members.
type KeyPackage ¶
type KeyPackage struct {
// contains filtered or unexported fields
}
A KeyPackage provides some public information about a user, such as a supported protocol version and cipher suite, public keys, and credentials.
Key packages should not be used more than once.
func UnmarshalKeyPackage ¶
func UnmarshalKeyPackage(raw []byte) (*KeyPackage, error)
UnmarshalKeyPackage reads a key package encoded as an MLS message.
func (*KeyPackage) GenerateRef ¶
func (pkg *KeyPackage) GenerateRef() (KeyPackageRef, error)
GenerateRef generates this key package's reference.
type KeyPackageRef ¶
type KeyPackageRef []byte
KeyPackageRef is a hash uniquely identifying a key package.
func (KeyPackageRef) Equal ¶
func (ref KeyPackageRef) Equal(other KeyPackageRef) bool
Equal checks whether two key package references are equal.
type KeyPairPackage ¶
type KeyPairPackage struct {
Public KeyPackage
Private PrivateKeyPackage
}
KeyPairPackage holds both public and private information about a user.
func GenerateKeyPairPackage ¶
func GenerateKeyPairPackage(cs CipherSuite, credential *Credential) (*KeyPairPackage, error)
GenerateKeyPairPackage generates a new key pair package.
type PrivateKeyPackage ¶
PrivateKeyPackage holds private information about a user.
type Welcome ¶
type Welcome struct {
// contains filtered or unexported fields
}
A Welcome message includes secret keying information necessary to join a group.
func UnmarshalWelcome ¶
UnmarshalWelcome reads a welcome message.
func (*Welcome) NewMembers ¶
func (w *Welcome) NewMembers() []KeyPackageRef
NewMembers returns the list of key package references this welcome message contains secret keying information for.
Source Files