Documentation
¶
Overview ¶
Package conn contains an implementation of a secure channel created by gRPC handshakers.
Index ¶
- Constants
- Variables
- func CounterSide(c []byte) int
- func NewAES128GCM(side int, key []byte) (internal.ALTSRecordCrypto, error)
- func NewAES128GCMRekey(side int, key []byte) (internal.ALTSRecordCrypto, error)
- func NewConn(c net.Conn, side int, recordProtocol string, key []byte, protected []byte) (net.Conn, error)
- func ParseFramedMsg(b []byte, maxLen uint32) ([]byte, []byte, error)
- func RegisterProtocol(protocol string, f internal.ALTSRecordFunc) error
- func SliceForAppend(in []byte, n int) (head, tail []byte)
- type Counter
- type KeySizeError
Constants ¶
const ( // GcmTagSize is the GCM tag size is the difference in length between // plaintext and ciphertext. From crypto/cipher/gcm.go in Go crypto // library. GcmTagSize = 16 )
const ( // MsgLenFieldSize is the byte size of the frame length field of a // framed message. MsgLenFieldSize = 4 )
Variables ¶
var ErrAuth = errors.New("message authentication failed")
ErrAuth occurs on authentication failure.
Functions ¶
func CounterSide ¶
CounterSide returns the connection side (client/server) a sequence counter is associated with.
func NewAES128GCM ¶
func NewAES128GCM(side int, key []byte) (internal.ALTSRecordCrypto, error)
NewAES128GCM creates an instance that uses aes128gcm for ALTS record.
func NewAES128GCMRekey ¶
func NewAES128GCMRekey(side int, key []byte) (internal.ALTSRecordCrypto, error)
NewAES128GCMRekey creates an instance that uses aes128gcm with rekeying for ALTS record. The key argument should be 44 bytes, the first 32 bytes are used as a key for HKDF-expand and the remainining 12 bytes are used as a random mask for the counter.
func NewConn ¶
func NewConn(c net.Conn, side int, recordProtocol string, key []byte, protected []byte) (net.Conn, error)
NewConn creates a new secure channel instance given the other party role and handshaking result.
func ParseFramedMsg ¶
ParseFramedMsg parse the provided buffer and returns a frame of the format msgLength+msg and any remaining bytes in that buffer.
func RegisterProtocol ¶
func RegisterProtocol(protocol string, f internal.ALTSRecordFunc) error
RegisterProtocol register a ALTS record encryption protocol.
func SliceForAppend ¶
SliceForAppend takes a slice and a requested number of bytes. It returns a slice with the contents of the given slice followed by that many bytes and a second slice that aliases into it and contains only the extra bytes. If the original slice has sufficient capacity then no allocation is performed.
Types ¶
type Counter ¶
type Counter struct {
// contains filtered or unexported fields
}
Counter is a 96-bit, little-endian counter.
func CounterFromValue ¶
CounterFromValue creates a new counter given an initial value.
func NewInCounter ¶
NewInCounter returns an incoming counter initialized to the starting sequence number for the client/server side of a connection. This is used in ALTS record to check that incoming counters are as expected, since ALTS record guarantees that messages are unwrapped in the same order that the peer wrapped them.
func NewOutCounter ¶
NewOutCounter returns an outgoing counter initialized to the starting sequence number for the client/server side of a connection.
type KeySizeError ¶
type KeySizeError int
KeySizeError signals that the given key does not have the correct size.
func (KeySizeError) Error ¶
func (k KeySizeError) Error() string
Source Files