Documentation ¶
Index ¶
- Variables
- func DecryptWithEd25519(tPrivKey ed25519.PrivateKey, context string, ciphertext []byte) ([]byte, error)
- func DecryptWithPrivKey(privKey crypto.PrivKey, context string, ciphertext []byte) ([]byte, error)
- func DecryptWithRSA(t *rsa.PrivateKey, context string, ciphertext []byte) ([]byte, error)
- func DeriveEd25519Key(context string, salt []byte, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)
- func DeriveKey(context string, salt []byte, privKey crypto.PrivKey, out []byte) error
- func EncryptToEd25519(tPubKey ed25519.PublicKey, context string, msgSrc []byte) ([]byte, error)
- func EncryptToPubKey(pubKey crypto.PubKey, context string, msgSrc []byte) ([]byte, error)
- func EncryptToRSA(t *rsa.PublicKey, context string, msgSrc []byte) ([]byte, error)
- func IDB58Encode(id ID) string
- func NewNetAddr(pid ID) net.Addr
- type GetPeer
- type GetPeerResolver
- type GetPeerValue
- type ID
- type NetAddr
- type Peer
- func GetPeerWithID(ctx context.Context, b bus.Bus, peerIDConstraint ID, returnIfIdle bool, ...) (Peer, directive.Instance, directive.Reference, error)
- func NewPeer(privKey crypto.PrivKey) (Peer, error)
- func NewPeerWithID(id lpeer.ID) (Peer, error)
- func NewPeerWithPubKey(pubKey crypto.PubKey) (Peer, error)
- type Signature
- func (m *Signature) CloneMessageVT() proto.Message
- func (m *Signature) CloneVT() *Signature
- func (*Signature) Descriptor() ([]byte, []int)deprecated
- func (this *Signature) EqualMessageVT(thatMsg proto.Message) bool
- func (this *Signature) EqualVT(that *Signature) bool
- func (x *Signature) GetHashType() hash.HashType
- func (x *Signature) GetPubKey() []byte
- func (x *Signature) GetSigData() []byte
- func (m *Signature) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *Signature) MarshalToVT(dAtA []byte) (int, error)
- func (m *Signature) MarshalVT() (dAtA []byte, err error)
- func (s *Signature) ParsePubKey() (crypto.PubKey, error)
- func (*Signature) ProtoMessage()
- func (x *Signature) ProtoReflect() protoreflect.Message
- func (x *Signature) Reset()
- func (m *Signature) SizeVT() (n int)
- func (x *Signature) String() string
- func (m *Signature) UnmarshalVT(dAtA []byte) error
- func (s *Signature) Validate() error
- func (s *Signature) VerifyWithPublic(pubKey crypto.PubKey, data []byte) (bool, error)
- type SignedMsg
- func (m *SignedMsg) CloneMessageVT() proto.Message
- func (m *SignedMsg) CloneVT() *SignedMsg
- func (m *SignedMsg) ComputeMessageID() string
- func (*SignedMsg) Descriptor() ([]byte, []int)deprecated
- func (this *SignedMsg) EqualMessageVT(thatMsg proto.Message) bool
- func (this *SignedMsg) EqualVT(that *SignedMsg) bool
- func (m *SignedMsg) ExtractAndVerify() (crypto.PubKey, ID, error)
- func (m *SignedMsg) ExtractPubKey() (crypto.PubKey, ID, error)
- func (x *SignedMsg) GetData() []byte
- func (x *SignedMsg) GetFromPeerId() string
- func (x *SignedMsg) GetSignature() *Signature
- func (m *SignedMsg) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *SignedMsg) MarshalToVT(dAtA []byte) (int, error)
- func (m *SignedMsg) MarshalVT() (dAtA []byte, err error)
- func (m *SignedMsg) ParseFromPeerID() (ID, error)
- func (*SignedMsg) ProtoMessage()
- func (x *SignedMsg) ProtoReflect() protoreflect.Message
- func (x *SignedMsg) Reset()
- func (m *SignedMsg) Sign(privKey crypto.PrivKey, hashType hash.HashType) error
- func (m *SignedMsg) SizeVT() (n int)
- func (x *SignedMsg) String() string
- func (m *SignedMsg) UnmarshalVT(dAtA []byte) error
- func (m *SignedMsg) Validate() error
- func (m *SignedMsg) Verify(pubKey crypto.PubKey) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEmptyPeerID is returned if the peer id cannot be empty. ErrEmptyPeerID = errors.New("peer id cannot be empty") // ErrBodyEmpty is returned if the message body was empty. ErrBodyEmpty = errors.New("message body cannot be empty") // ErrSignatureInvalid is returned for an invalid signature. ErrSignatureInvalid = errors.New("message signature invalid") // ErrShortMessage is returned if a message is too short. ErrShortMessage = errors.New("message too short") // ErrNoPrivKey is returned if the private key is not available. ErrNoPrivKey = errors.New("private key not available for peer") // ErrInvalidEd25519PubKeyForCurve25519 is returned if a public key cannot be used for curve25519. ErrInvalidEd25519PubKeyForCurve25519 = errors.New("invalid ed25519 public key for curve25519") )
var ( ErrInvalidLength = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflow = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroup = fmt.Errorf("proto: unexpected end of group") )
var File_github_com_aperturerobotics_bifrost_peer_peer_proto protoreflect.FileDescriptor
Functions ¶
func DecryptWithEd25519 ¶
func DecryptWithEd25519( tPrivKey ed25519.PrivateKey, context string, ciphertext []byte, ) ([]byte, error)
DecryptWithEd25519 decrypts with a ed25519 key using curve25519.
tPrivKey is the target (destination) private key.
derive aes256 key: blake3(context + tPubKey + ciphertext[:4]) decrypt msgPubKey with aes256 from ciphertext[4:][:32] convert the message public key to a curve25519 point convert the target private key to a curve25519 scalar derive key for chacha20poly1305 with ecdh(privKeyCurve25519, msgPubKeyCurve25519) derive nonce with blake3(context, msgPubKey)[:24] xor the nonce with blake3(context, msgPubKey)[24:] (8 bytes long)
ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))
context and destination key must be the same as when encrypting
func DecryptWithPrivKey ¶
DecryptWithPrivKey decrypts with the given private key.
Supported types: Ed25519, RSA Context must be same as when encrypting.
func DecryptWithRSA ¶
DecryptWithRSA decrypts a message with a RSA private key.
context must be the same as at encrypt time
func DeriveEd25519Key ¶
func DeriveEd25519Key(context string, salt []byte, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)
DeriveEd25519Key derives a ed25519 private key from an existing private key.
context should be globally unique, and application-specific. salt is any additional data to mix with the private key.
A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1"
the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func DeriveKey ¶
DeriveKey derives a secret using a private key.
Not all private key types are supported. Data is written to out.
context should be globally unique, and application-specific. salt is any additional data to mix with the private key.
A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1"
the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToEd25519 ¶
EncryptToEd25519 encrypts to a ed25519 key using curve25519.
t is the target ed25519 public key.
mix pub key into seed: blake3(context + msgSrc + tPubKey) generate the one-time use message priv key (ed25519) from seed convert the target public key to a curve25519 point convert the message private key to a curve25519 scalar generate the nonce with blake3(context + msgPubKeyEd25519 + msgPubKeyCurve25519)[:24] xor the nonce with blake3(msgPubKeyEd25519 + msgPubKeyCurve25519)[24:] (8 bytes long) generate msgPubKey aes256 key: blake3(context + tPubKey + msgNonce[:4]) generate key for chacha20poly1305 with ecdh(msgPrivKeyCurve25519, tPubKeyCurve25519)
ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))
context and destination public key must be the same when decrypting context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToPubKey ¶
EncryptToPubKey encrypts a message to a public key.
Supported types: Ed25519, RSA Context must be same when decrypting.
Context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" The purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToRSA ¶
EncryptToRSA encrypts a message to a RSA public key.
marshal public key to pkix derive 32byte message key with blake3(context + msgSrc + pubPkix) derive 32byte message nonce with blake3(context + msgKey + pubPkix) compress message with s2 (snappy2) encrypt message with chacha20-poly1305
ciphertext: oaep(message-key) + chacha20poly1305(s2(msgSrc))
context must be the same at decrypt time context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func NewNetAddr ¶
NewNetAddr constructs a new net.Addr from a peer ID.
Types ¶
type GetPeer ¶
type GetPeer interface { // Directive indicates GetPeer is a directive. directive.Directive // GetPeerIDConstraint returns a specific peer ID node we are looking for. // If empty, any node is matched. GetPeerIDConstraint() ID }
GetPeer is a directive to lookup a peer on a controller.
type GetPeerResolver ¶
type GetPeerResolver struct {
// contains filtered or unexported fields
}
GetPeerResolver resolves the GetPeer directive
func NewGetPeerResolver ¶
func NewGetPeerResolver( directive GetPeer, peer Peer, ) *GetPeerResolver
NewGetPeerResolver constructs a new GetPeer resolver
func (*GetPeerResolver) Resolve ¶
func (c *GetPeerResolver) Resolve(ctx context.Context, valHandler directive.ResolverHandler) error
Resolve resolves the values.
type ID ¶
ID is a peer identifier.
func IDFromBytes ¶
IDFromBytes cast a string to ID type, and validate the id to make sure it is a multihash.
func IDFromPrivateKey ¶
IDFromPrivateKey returns the Peer ID corresponding to sk
type NetAddr ¶
type NetAddr struct {
// contains filtered or unexported fields
}
NetAddr matches net.Addr with a peer ID
type Peer ¶
type Peer interface { // GetPeerID returns the peer ID. GetPeerID() ID // GetPubKey returns the public key of the peer. GetPubKey() crypto.PubKey // GetPrivKey returns the private key. // This may require an extra lookup operation. // Returns ErrNoPrivKey if the private key is unavailable. GetPrivKey(ctx context.Context) (crypto.PrivKey, error) }
Peer is the common interface for a keypair-based identity.
func GetPeerWithID ¶
func GetPeerWithID( ctx context.Context, b bus.Bus, peerIDConstraint ID, returnIfIdle bool, valDisposeCallback func(), ) (Peer, directive.Instance, directive.Reference, error)
GetPeerWithID gets a peer. If peer ID is empty, selects any peer. valDisposeCallback is called when the value is no longer valid. valDisposeCallback can be nil.
func NewPeer ¶
NewPeer builds a new Peer object with a private key. If privKey is nil, one will be generated.
func NewPeerWithID ¶ added in v0.7.3
NewPeerWithID constructs a new Peer by extracting the pubkey from the ID.
type Signature ¶
type Signature struct { // PubKey is the public key of the peer. // May be empty if the public key is to be inferred from context. PubKey []byte `protobuf:"bytes,1,opt,name=pub_key,json=pubKey,proto3" json:"pub_key,omitempty"` // HashType is the hash type used to hash the data. // The signature is then of the hash bytes (usually 32). HashType hash.HashType `protobuf:"varint,2,opt,name=hash_type,json=hashType,proto3,enum=hash.HashType" json:"hash_type,omitempty"` // SigData contains the signature data. // The format is defined by the key type. SigData []byte `protobuf:"bytes,3,opt,name=sig_data,json=sigData,proto3" json:"sig_data,omitempty"` // contains filtered or unexported fields }
Signature contains a signature by a peer.
func NewSignature ¶
func NewSignature( privKey crypto.PrivKey, hashType hash.HashType, data []byte, inclPubKey bool, ) (*Signature, error)
NewSignature constructs a signature.
func NewSignatureWithHashedData ¶ added in v0.8.7
func NewSignatureWithHashedData( privKey crypto.PrivKey, hashType hash.HashType, hashData []byte, inclPubKey bool, ) (*Signature, error)
NewSignatureWithHashedData builds a new signature with already-hashed data. Skips the hash step.
func (*Signature) CloneMessageVT ¶ added in v0.15.6
func (*Signature) Descriptor
deprecated
func (*Signature) EqualMessageVT ¶ added in v0.15.6
func (*Signature) GetHashType ¶
func (*Signature) GetSigData ¶
func (*Signature) MarshalToSizedBufferVT ¶ added in v0.2.0
func (*Signature) MarshalToVT ¶ added in v0.2.0
func (*Signature) ParsePubKey ¶
ParsePubKey parses the incldued public key. Returns nil, nil if the pub key field was not set.
func (*Signature) ProtoMessage ¶
func (*Signature) ProtoMessage()
func (*Signature) ProtoReflect ¶ added in v0.2.0
func (x *Signature) ProtoReflect() protoreflect.Message
func (*Signature) UnmarshalVT ¶ added in v0.2.0
type SignedMsg ¶
type SignedMsg struct { // FromPeerId is the peer identifier of the sender. FromPeerId string `protobuf:"bytes,1,opt,name=from_peer_id,json=fromPeerId,proto3" json:"from_peer_id,omitempty"` // Signature is the sender signature. // Should not contain PubKey, which is inferred from peer id. Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` // Data is the signed data. Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` // contains filtered or unexported fields }
SignedMsg is a message from a peer with a signature.
func NewSignedMsg ¶
func NewSignedMsg( privKey crypto.PrivKey, hashType hash.HashType, innerData []byte, ) (*SignedMsg, error)
NewSignedMsg constructs/signs/encodes a new signed message.
func UnmarshalSignedMsg ¶
UnmarshalSignedMsg parses a signed message.
func (*SignedMsg) CloneMessageVT ¶ added in v0.15.6
func (*SignedMsg) ComputeMessageID ¶
ComputeMessageID computes a message id for a signed message.
func (*SignedMsg) Descriptor
deprecated
func (*SignedMsg) EqualMessageVT ¶ added in v0.15.6
func (*SignedMsg) ExtractAndVerify ¶
ExtractAndVerify extracts public key & uses it to verify message
func (*SignedMsg) ExtractPubKey ¶
ExtractPubKey extracts the public key from the peer id.
func (*SignedMsg) GetFromPeerId ¶
func (*SignedMsg) GetSignature ¶
func (*SignedMsg) MarshalToSizedBufferVT ¶ added in v0.2.0
func (*SignedMsg) MarshalToVT ¶ added in v0.2.0
func (*SignedMsg) ParseFromPeerID ¶
ParseFromPeerID unmarshals the peer id.
func (*SignedMsg) ProtoMessage ¶
func (*SignedMsg) ProtoMessage()
func (*SignedMsg) ProtoReflect ¶ added in v0.2.0
func (x *SignedMsg) ProtoReflect() protoreflect.Message