knockingtls

package

v0.1.0 Latest Latest Go to latest Published: Jun 22, 2023 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/GoPlugin/libocr

Links

Open Source Insights

Documentation ¶

Overview ¶

Package knockingTLS is a wrapper around the TLS transport to provide server identity privacy from unauthorized clients.

In TLS, the server reveals its identity (public key) to connecting clients before authenticate the client, which could cause privacy issues. This package mandates the client to authenticate to the server first, by sending a small "knock" as the first message from the client before a handshake takes place.

In the current implementation, a knock is simply a 64 byte Ed25519 signature, which adds minimal overhead. This wrapper works with all version of TLS.

Index ¶

Constants
type KnockingTLSTransport
- func NewKnockingTLS(logger commontypes.Logger, myPrivKey p2pcrypto.PrivKey, ...) (*KnockingTLSTransport, error)
type Limiters
- func NewLimiters(logger commontypes.Logger) *Limiters
type RateLimitedConn
- func NewRateLimitedConn(conn net.Conn, bandwidthLimiter *rate.Limiter, logger commontypes.Logger) *RateLimitedConn
- func (r *RateLimitedConn) EnableRateLimiting()
- func (r *RateLimitedConn) Read(b []byte) (n int, err error)

Constants ¶

View Source

const ID = "cl_knockingtls/1.0.0"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KnockingTLSTransport ¶

type KnockingTLSTransport struct {
	// contains filtered or unexported fields
}

func NewKnockingTLS ¶

func NewKnockingTLS(logger commontypes.Logger, myPrivKey p2pcrypto.PrivKey, bandwidthLimiters *Limiters, allowlist ...peer.ID) (*KnockingTLSTransport, error)

NewKnockingTLS creates a TLS transport. Allowlist is a list of peer IDs that this transport should accept handshake from.

func (*KnockingTLSTransport) SecureInbound ¶

func (c *KnockingTLSTransport) SecureInbound(ctx context.Context, insecure net.Conn) (sec.SecureConn, error)

func (*KnockingTLSTransport) SecureOutbound ¶

func (c *KnockingTLSTransport) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (sec.SecureConn, error)

func (*KnockingTLSTransport) UpdateAllowlist ¶

func (c *KnockingTLSTransport) UpdateAllowlist(allowlist []peer.ID)

type Limiters ¶

type Limiters struct {
	// contains filtered or unexported fields
}

Limiters is an indexed collection such that each peer connection has a bandwidth rate limiter.

func NewLimiters ¶

func NewLimiters(logger commontypes.Logger) *Limiters

func (*Limiters) Find ¶

func (ls *Limiters) Find(peerID p2ppeer.ID) (*rate.Limiter, bool)

Find returns the limiter corresponding to the given peerID.

func (*Limiters) Get ¶

func (ls *Limiters) Get() map[p2ppeer.ID]refCountLimiterArgs

func (*Limiters) IncreaseLimits ¶

func (ls *Limiters) IncreaseLimits(peerIDs []p2ppeer.ID, deltaTokenBucketRefillRate int64, deltaTokenBucketSize int)

IncreaseLimits bumps the refill rate and bucket size for the specified peer ids. deltaTokenBucketRefillRate and deltaTokenBucketSize need to be either both positive or both negative. Otherwise they will be ignored.

func (*Limiters) String ¶

func (ls *Limiters) String() string

type RateLimitedConn ¶

type RateLimitedConn struct {
	net.Conn
	// contains filtered or unexported fields
}

func NewRateLimitedConn ¶

func NewRateLimitedConn(conn net.Conn, bandwidthLimiter *rate.Limiter, logger commontypes.Logger) *RateLimitedConn

func (*RateLimitedConn) EnableRateLimiting ¶

func (r *RateLimitedConn) EnableRateLimiting()

EnableRateLimiting is not thread-safe!

func (*RateLimitedConn) Read ¶

func (r *RateLimitedConn) Read(b []byte) (n int, err error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL