secio

package
v0.4.0-dev Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2015 License: MIT Imports: 25 Imported by: 0

Documentation

Overview

package secio handles establishing secure communication between two peers.

Index

Constants

View Source
const MaxMsgSize = 8 * 1024 * 1024

Variables

View Source
var ErrClosed = errors.New("connection closed")

ErrClosed signals the closing of a connection.

View Source
var ErrEcho = errors.New("same keys and nonces. one side talking to self.")

ErrEcho is returned when we're attempting to handshake with the same keys and nonces.

View Source
var ErrMACInvalid = errors.New("MAC verification failed")

ErrMACInvalid signals that a MAC verification failed

View Source
var ErrMaxMessageSize = errors.New("attempted to read message larger than max size")
View Source
var ErrUnsupportedKeyType = errors.New("unsupported key type")

ErrUnsupportedKeyType is returned when a private key cast/type switch fails.

View Source
var HandshakeTimeout = time.Second * 30

HandshakeTimeout governs how long the handshake will be allowed to take place for. Making this number large means there could be many bogus connections waiting to timeout in flight. Typical handshakes take ~3RTTs, so it should be completed within seconds across a typical planet in the solar system.

View Source
var SupportedCiphers = "AES-256,AES-128,Blowfish"

List of supported Ciphers

View Source
var SupportedExchanges = "P-256,P-384,P-521"

List of supported ECDH curves

View Source
var SupportedHashes = "SHA256,SHA512"

List of supported Hashes

Functions

func NewETMReader

func NewETMReader(r io.Reader, s cipher.Stream, mac HMAC) msgio.ReadCloser

NewETMReader Encrypt-Then-MAC

func NewETMWriter

func NewETMWriter(w io.Writer, s cipher.Stream, mac HMAC) msgio.WriteCloser

NewETMWriter Encrypt-Then-MAC

Types

type HMAC

type HMAC struct {
	hash.Hash
	// contains filtered or unexported fields
}

type Session

type Session interface {
	// ReadWriter returns the encrypted communication channel
	ReadWriter() msgio.ReadWriteCloser

	// LocalPeer retrieves the local peer.
	LocalPeer() peer.ID

	// LocalPrivateKey retrieves the local private key
	LocalPrivateKey() ci.PrivKey

	// RemotePeer retrieves the remote peer.
	RemotePeer() peer.ID

	// RemotePublicKey retrieves the remote's public key
	// which was received during the handshake.
	RemotePublicKey() ci.PubKey

	// Close closes the secure session
	Close() error
}

type SessionGenerator

type SessionGenerator struct {
	LocalID    peer.ID
	PrivateKey ci.PrivKey
}

SessionGenerator constructs secure communication sessions for a peer.

func (*SessionGenerator) NewSession

func (sg *SessionGenerator) NewSession(ctx context.Context, insecure io.ReadWriteCloser) (Session, error)

NewSession takes an insecure io.ReadWriter, sets up a TLS-like handshake with the other side, and returns a secure session. The handshake isn't run until the connection is read or written to. See the source for the protocol details and security implementation. The provided Context is only needed for the duration of this function.

Directories

Path Synopsis
Package spipe_pb is a generated protocol buffer package.
Package spipe_pb is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL