peer

package
v0.39.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2024 License: Apache-2.0 Imports: 32 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrEmptyPeerID is returned if the peer id cannot be empty.
	ErrEmptyPeerID = errors.New("peer id cannot be empty")
	// ErrEmptyBody is returned if the message body was empty.
	ErrEmptyBody = errors.New("message body cannot be empty")
	// ErrSignatureInvalid is returned for an invalid signature.
	ErrSignatureInvalid = errors.New("message signature invalid")
	// ErrShortMessage is returned if a message is too short.
	ErrShortMessage = errors.New("message too short")
	// ErrNoPrivKey is returned if the private key is not available.
	ErrNoPrivKey = errors.New("private key not available for peer")
	// ErrInvalidEd25519PubKeyForCurve25519 is returned if a public key cannot be used for curve25519.
	ErrInvalidEd25519PubKeyForCurve25519 = errors.New("invalid ed25519 public key for curve25519")
)

Functions

func DecryptWithEd25519

func DecryptWithEd25519(
	tPrivKey ed25519.PrivateKey,
	context string,
	ciphertext []byte,
) ([]byte, error)

DecryptWithEd25519 decrypts with a ed25519 key using curve25519.

tPrivKey is the target (destination) private key.

derive aes256 key: blake3(context + tPubKey + ciphertext[:4]) decrypt msgPubKey with aes256 from ciphertext[4:][:32] convert the message public key to a curve25519 point convert the target private key to a curve25519 scalar derive key for chacha20poly1305 with ecdh(privKeyCurve25519, msgPubKeyCurve25519) derive nonce with blake3(context, msgPubKey)[:24] xor the nonce with blake3(context, msgPubKey)[24:] (8 bytes long)

ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))

context and destination key must be the same as when encrypting

func DecryptWithPrivKey

func DecryptWithPrivKey(privKey crypto.PrivKey, context string, ciphertext []byte) ([]byte, error)

DecryptWithPrivKey decrypts with the given private key.

Supported types: Ed25519, RSA Context must be same as when encrypting.

func DecryptWithRSA

func DecryptWithRSA(
	t *rsa.PrivateKey,
	context string,
	ciphertext []byte,
) ([]byte, error)

DecryptWithRSA decrypts a message with a RSA private key.

context must be the same as at encrypt time

func DeriveEd25519Key

func DeriveEd25519Key(context string, salt []byte, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)

DeriveEd25519Key derives a ed25519 private key from an existing private key.

context should be globally unique, and application-specific. salt is any additional data to mix with the private key.

A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1"

the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.

func DeriveKey

func DeriveKey(context string, salt []byte, privKey crypto.PrivKey, out []byte) error

DeriveKey derives a secret using a private key.

Not all private key types are supported. Data is written to out.

context should be globally unique, and application-specific. salt is any additional data to mix with the private key.

A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1"

the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.

func EncryptToEd25519

func EncryptToEd25519(
	tPubKey ed25519.PublicKey,
	context string,
	msgSrc []byte,
) ([]byte, error)

EncryptToEd25519 encrypts to a ed25519 key using curve25519.

t is the target ed25519 public key.

mix pub key into seed: blake3(context + msgSrc + tPubKey) generate the one-time use message priv key (ed25519) from seed convert the target public key to a curve25519 point convert the message private key to a curve25519 scalar generate the nonce with blake3(context + msgPubKeyEd25519 + msgPubKeyCurve25519)[:24] xor the nonce with blake3(msgPubKeyEd25519 + msgPubKeyCurve25519)[24:] (8 bytes long) generate msgPubKey aes256 key: blake3(context + tPubKey + msgNonce[:4]) generate key for chacha20poly1305 with ecdh(msgPrivKeyCurve25519, tPubKeyCurve25519)

ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))

context and destination public key must be the same when decrypting context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.

func EncryptToPubKey

func EncryptToPubKey(pubKey crypto.PubKey, context string, msgSrc []byte) ([]byte, error)

EncryptToPubKey encrypts a message to a public key.

Supported types: Ed25519, RSA Context must be same when decrypting.

Context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" The purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.

func EncryptToRSA

func EncryptToRSA(
	t *rsa.PublicKey,
	context string,
	msgSrc []byte,
) ([]byte, error)

EncryptToRSA encrypts a message to a RSA public key.

marshal public key to pkix derive 32byte message key with blake3(context + msgSrc + pubPkix) derive 32byte message nonce with blake3(context + msgKey + pubPkix) compress message with s2 (snappy2) encrypt message with chacha20-poly1305

ciphertext: oaep(message-key) + chacha20poly1305(s2(msgSrc))

context must be the same at decrypt time context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.

func IDB58Encode

func IDB58Encode(id ID) string

IDB58Encode returns b58-encoded string

func IDsToString added in v0.22.2

func IDsToString(ids []ID) []string

IDsToString converts a slice of IDs to strings.

func NewNetAddr

func NewNetAddr(pid ID) net.Addr

NewNetAddr constructs a new net.Addr from a peer ID.

Types

type GetPeer

type GetPeer interface {
	// Directive indicates GetPeer is a directive.
	directive.Directive

	// GetPeerIDConstraint returns a specific peer ID node we are looking for.
	// If empty, any node is matched.
	GetPeerIDConstraint() ID
}

GetPeer is a directive to lookup a peer on a controller.

func NewGetPeer

func NewGetPeer(peerID ID) GetPeer

NewGetPeer constructs a new getPeer directive.

type GetPeerResolver

type GetPeerResolver struct {
	// contains filtered or unexported fields
}

GetPeerResolver resolves the GetPeer directive

func NewGetPeerResolver

func NewGetPeerResolver(
	directive GetPeer,
	peer Peer,
) *GetPeerResolver

NewGetPeerResolver constructs a new GetPeer resolver

func (*GetPeerResolver) Resolve

func (c *GetPeerResolver) Resolve(ctx context.Context, valHandler directive.ResolverHandler) error

Resolve resolves the values.

type GetPeerValue

type GetPeerValue = Peer

GetPeerValue is the result of the GetPeer directive.

type ID

type ID = ip.ID

ID is a peer identifier.

func IDB58Decode

func IDB58Decode(s string) (ID, error)

IDB58Decode returns a b58-decoded Peer ID.

func IDFromBytes

func IDFromBytes(b []byte) (ID, error)

IDFromBytes cast a string to ID type, and validate the id to make sure it is a multihash.

func IDFromPrivateKey

func IDFromPrivateKey(sk ic.PrivKey) (ID, error)

IDFromPrivateKey returns the Peer ID corresponding to sk

func IDFromPublicKey

func IDFromPublicKey(pk ic.PubKey) (ID, error)

IDFromPublicKey returns the Peer ID corresponding to pk

func ParsePeerIDWithPubKey added in v0.22.0

func ParsePeerIDWithPubKey(peerIDStr string) (ID, crypto.PubKey, error)

ParsePeerIDWithPubKey parses the peer id and extracts the public key.

type NetAddr

type NetAddr struct {
	// contains filtered or unexported fields
}

NetAddr matches net.Addr with a peer ID

func (*NetAddr) Network

func (a *NetAddr) Network() string

Network is the name of the network (for example, "tcp", "udp")

func (*NetAddr) String

func (a *NetAddr) String() string

String form of address (for example, "192.0.2.1:25", "[2001:db8::1]:80")

type Peer

type Peer interface {
	// GetPeerID returns the peer ID.
	GetPeerID() ID

	// GetPubKey returns the public key of the peer.
	GetPubKey() crypto.PubKey

	// GetPrivKey returns the private key.
	// This may require an extra lookup operation.
	// Returns ErrNoPrivKey if the private key is unavailable.
	GetPrivKey(ctx context.Context) (crypto.PrivKey, error)
}

Peer is the common interface for a keypair-based identity.

func GetPeerWithID

func GetPeerWithID(
	ctx context.Context,
	b bus.Bus,
	peerIDConstraint ID,
	returnIfIdle bool,
	valDisposeCallback func(),
) (Peer, directive.Instance, directive.Reference, error)

GetPeerWithID gets a peer. If peer ID is empty, selects any peer. valDisposeCallback is called when the value is no longer valid. valDisposeCallback can be nil.

func NewPeer

func NewPeer(privKey crypto.PrivKey) (Peer, error)

NewPeer builds a new Peer object with a private key. If privKey is nil, one will be generated.

func NewPeerWithGenerateED25519 added in v0.24.3

func NewPeerWithGenerateED25519() (Peer, crypto.PrivKey, crypto.PubKey, error)

NewPeerWithGenerateED25519 generates an ED25519 key and returns it + the peer.

func NewPeerWithID added in v0.7.3

func NewPeerWithID(id lpeer.ID) (Peer, error)

NewPeerWithID constructs a new Peer by extracting the pubkey from the ID.

func NewPeerWithPubKey added in v0.7.3

func NewPeerWithPubKey(pubKey crypto.PubKey) (Peer, error)

NewPeerWithPubKey builds a Peer with a public key.

type Signature

type Signature struct {

	// PubKey is the public key of the peer.
	// May be empty if the public key is to be inferred from context.
	PubKey []byte `protobuf:"bytes,1,opt,name=pub_key,json=pubKey,proto3" json:"pubKey,omitempty"`
	// HashType is the hash type used to hash the data.
	// The signature is then of the hash bytes (usually 32).
	HashType hash.HashType `protobuf:"varint,2,opt,name=hash_type,json=hashType,proto3" json:"hashType,omitempty"`
	// SigData contains the signature data.
	// The format is defined by the key type.
	SigData []byte `protobuf:"bytes,3,opt,name=sig_data,json=sigData,proto3" json:"sigData,omitempty"`
	// contains filtered or unexported fields
}

Signature contains a signature by a peer.

func NewSignature

func NewSignature(
	encContext string,
	privKey crypto.PrivKey,
	hashType hash.HashType,
	data []byte,
	inclPubKey bool,
) (*Signature, error)

NewSignature constructs a signature.

encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".

func NewSignatureWithHashedData added in v0.8.7

func NewSignatureWithHashedData(
	encContext string,
	privKey crypto.PrivKey,
	hashType hash.HashType,
	hashData []byte,
	inclPubKey bool,
) (*Signature, error)

NewSignatureWithHashedData builds a new signature with already-hashed data. Skips the hash step.

encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".

func (*Signature) CloneMessageVT added in v0.15.6

func (m *Signature) CloneMessageVT() protobuf_go_lite.CloneMessage

func (*Signature) CloneVT added in v0.8.3

func (m *Signature) CloneVT() *Signature

func (*Signature) EqualMessageVT added in v0.15.6

func (this *Signature) EqualMessageVT(thatMsg any) bool

func (*Signature) EqualVT added in v0.3.0

func (this *Signature) EqualVT(that *Signature) bool

func (*Signature) GetHashType

func (x *Signature) GetHashType() hash.HashType

func (*Signature) GetPubKey

func (x *Signature) GetPubKey() []byte

func (*Signature) GetSigData

func (x *Signature) GetSigData() []byte

func (*Signature) MarshalJSON added in v0.29.0

func (x *Signature) MarshalJSON() ([]byte, error)

MarshalJSON marshals the Signature to JSON.

func (*Signature) MarshalProtoJSON added in v0.29.0

func (x *Signature) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the Signature message to JSON.

func (*Signature) MarshalProtoText added in v0.29.2

func (x *Signature) MarshalProtoText() string

func (*Signature) MarshalToSizedBufferVT added in v0.2.0

func (m *Signature) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*Signature) MarshalToVT added in v0.2.0

func (m *Signature) MarshalToVT(dAtA []byte) (int, error)

func (*Signature) MarshalVT added in v0.2.0

func (m *Signature) MarshalVT() (dAtA []byte, err error)

func (*Signature) ParsePubKey

func (s *Signature) ParsePubKey() (crypto.PubKey, error)

ParsePubKey parses the incldued public key. Returns nil, nil if the pub key field was not set.

func (*Signature) ProtoMessage

func (*Signature) ProtoMessage()

func (*Signature) Reset

func (x *Signature) Reset()

func (*Signature) SizeVT added in v0.2.0

func (m *Signature) SizeVT() (n int)

func (*Signature) String

func (x *Signature) String() string

func (*Signature) UnmarshalJSON added in v0.29.0

func (x *Signature) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the Signature from JSON.

func (*Signature) UnmarshalProtoJSON added in v0.29.0

func (x *Signature) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the Signature message from JSON.

func (*Signature) UnmarshalVT added in v0.2.0

func (m *Signature) UnmarshalVT(dAtA []byte) error

func (*Signature) Validate

func (s *Signature) Validate() error

Validate checks the signature object (but not the signature itself).

func (*Signature) VerifyWithPublic

func (s *Signature) VerifyWithPublic(encContext string, pubKey crypto.PubKey, data []byte) (bool, error)

VerifyWithPublic checks a signature with a public key, hashing the data. Returns ok and any error interpeting the signature.

encContext must match the context used when creating the signature.

type SignedMsg

type SignedMsg struct {

	// FromPeerId is the peer identifier of the sender.
	FromPeerId string `protobuf:"bytes,1,opt,name=from_peer_id,json=fromPeerId,proto3" json:"fromPeerId,omitempty"`
	// Signature is the sender signature.
	// Should not contain PubKey, which is inferred from peer id.
	Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// Data is the signed data.
	Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
	// contains filtered or unexported fields
}

SignedMsg is a message from a peer with a signature.

func NewSignedMsg

func NewSignedMsg(
	encContext string,
	privKey crypto.PrivKey,
	hashType hash.HashType,
	innerData []byte,
) (*SignedMsg, error)

NewSignedMsg constructs/signs/encodes a new signed message.

encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".

func UnmarshalSignedMsg

func UnmarshalSignedMsg(data []byte) (*SignedMsg, error)

UnmarshalSignedMsg parses a signed message.

func (*SignedMsg) CloneMessageVT added in v0.15.6

func (m *SignedMsg) CloneMessageVT() protobuf_go_lite.CloneMessage

func (*SignedMsg) CloneVT added in v0.8.3

func (m *SignedMsg) CloneVT() *SignedMsg

func (*SignedMsg) ComputeMessageID

func (m *SignedMsg) ComputeMessageID() string

ComputeMessageID computes a message id for a signed message.

func (*SignedMsg) EqualMessageVT added in v0.15.6

func (this *SignedMsg) EqualMessageVT(thatMsg any) bool

func (*SignedMsg) EqualVT added in v0.3.0

func (this *SignedMsg) EqualVT(that *SignedMsg) bool

func (*SignedMsg) ExtractAndVerify

func (m *SignedMsg) ExtractAndVerify(encContext string) (crypto.PubKey, ID, error)

ExtractAndVerify extracts public key & uses it to verify message

encContext must match the context used when creating the signature.

func (*SignedMsg) ExtractPubKey

func (m *SignedMsg) ExtractPubKey() (crypto.PubKey, ID, error)

ExtractPubKey extracts the public key from the peer id.

func (*SignedMsg) GetData

func (x *SignedMsg) GetData() []byte

func (*SignedMsg) GetFromPeerId

func (x *SignedMsg) GetFromPeerId() string

func (*SignedMsg) GetSignature

func (x *SignedMsg) GetSignature() *Signature

func (*SignedMsg) MarshalJSON added in v0.29.0

func (x *SignedMsg) MarshalJSON() ([]byte, error)

MarshalJSON marshals the SignedMsg to JSON.

func (*SignedMsg) MarshalProtoJSON added in v0.29.0

func (x *SignedMsg) MarshalProtoJSON(s *json.MarshalState)

MarshalProtoJSON marshals the SignedMsg message to JSON.

func (*SignedMsg) MarshalProtoText added in v0.29.2

func (x *SignedMsg) MarshalProtoText() string

func (*SignedMsg) MarshalToSizedBufferVT added in v0.2.0

func (m *SignedMsg) MarshalToSizedBufferVT(dAtA []byte) (int, error)

func (*SignedMsg) MarshalToVT added in v0.2.0

func (m *SignedMsg) MarshalToVT(dAtA []byte) (int, error)

func (*SignedMsg) MarshalVT added in v0.2.0

func (m *SignedMsg) MarshalVT() (dAtA []byte, err error)

func (*SignedMsg) ParseFromPeerID

func (m *SignedMsg) ParseFromPeerID() (ID, error)

ParseFromPeerID unmarshals the peer id.

func (*SignedMsg) ProtoMessage

func (*SignedMsg) ProtoMessage()

func (*SignedMsg) Reset

func (x *SignedMsg) Reset()

func (*SignedMsg) Sign

func (m *SignedMsg) Sign(encContext string, privKey crypto.PrivKey, hashType hash.HashType) error

Sign signs the inner body with the private key. Disallows empty message.

encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".

func (*SignedMsg) SizeVT added in v0.2.0

func (m *SignedMsg) SizeVT() (n int)

func (*SignedMsg) String

func (x *SignedMsg) String() string

func (*SignedMsg) UnmarshalJSON added in v0.29.0

func (x *SignedMsg) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals the SignedMsg from JSON.

func (*SignedMsg) UnmarshalProtoJSON added in v0.29.0

func (x *SignedMsg) UnmarshalProtoJSON(s *json.UnmarshalState)

UnmarshalProtoJSON unmarshals the SignedMsg message from JSON.

func (*SignedMsg) UnmarshalVT added in v0.2.0

func (m *SignedMsg) UnmarshalVT(dAtA []byte) error

func (*SignedMsg) Verify

func (m *SignedMsg) Verify(encContext string, pubKey crypto.PubKey) error

Verify verifies the signature against a public key.

encContext must match the context used when creating the signature.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL