- client.go - ECH test client (uses a fixed ECHConfigsList).
- server.go - ECH test server (uses a fixed set of ECH keys).
- backend.crt, baackend.key - Test certificate and key for "example.com" (the backend server).
- client_facing.crt, backend.key - Test certificate and key for "cloudflare-esni.com" (the client-facing server).
- root.crt - Root certificate for backend.crt and client_facing.crt.
- get_configs.py - Script for fetching the real ECHConfigsList for "crypto.cloudflare.com".
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // chris@cloudtron:~/go/src/fun$ go test -bench . | |
| // goos: linux | |
| // goarch: amd64 | |
| // pkg: fun | |
| // BenchmarkSignP256-4 50000 32375 ns/op | |
| // BenchmarkVerifyP256-4 20000 90285 ns/op | |
| // BenchmarkSignEd25519-4 20000 62050 ns/op | |
| // BenchmarkVerifyEd25519-4 10000 167410 ns/op | |
| package main |
cjpatton
/ dc_server.go
Last active
June 18, 2018 22:13
Test server for tls-tris with delegated credentials.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is a simple HTTPS server for testing the delegated_credential extension | |
| // for TLS. It loads a self-signed the certificate (`cert.pem` in the working | |
| // directory) with the delegationUsage extension and the corresponding secret | |
| // key (`key.pem`). (Currently the X509 extension has no OID assogined to it; | |
| // the tls-tris implementation uses "2 5 29 99" for the time being.) If the | |
| // client doesn't indicate it is willing to negotiate the deleaged_credential | |
| // extension (see the Internet draft: | |
| // https://tools.ietf.org/html/draft-ietf-tls-subcerts-00), then this | |
| // certificate will be offered by the server. If the client does indicate | |
| // willingness, then the server will offer a credential delegated by the |
cjpatton
/ corecrypt.go
Last active
January 30, 2018 21:37
Corecrypt, a tool for secure read-only storage of large files. It is designed for flexibility and speed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // corecrypt | |
| // | |
| // A command line tool for secure read-only storage of large files. It supports | |
| // the following operations (specified by -mode): | |
| // | |
| // encrypt: encrypts the plaintext on STDIN and writes the ciphertext to STDOUT. | |
| // The algorithm is AES128 in Galois counter mode, which takes a 16-byte key, a | |
| // nonce, associated data, and a plaintext, and outputs the ciphertext. The key | |
| // and associated data are specified by the command line options -key (required) | |
| // and -adata (optional) respectively; the 16-byte nonce is generated randomly. |