Documentation ¶
Overview ¶
Package spipe implements Colin Percival's spiped protocol (http://www.tarsnap.com/spiped.html) for creating symmetrically encrypted and authenticated connections.
Communication between client and server requires a pre-shared symmetric key with at least 256 bits of entropy. The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14". Packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256.
The Dial function connects to a server and performs handshake:
conn, err := spipe.Dial(sharedKey, "tcp", "127.0.0.1:8080") if err != nil { // handle error } fmt.Fprintf(conn, "Hello\n")
The Listen function creates servers:
ln, err := spipe.Listen(sharedKey, "tcp", ":8080") if err != nil { // handle error } for { conn, err := ln.Accept() if err != nil { // handle error continue } go handleConnection(conn) }
Shared key can be of any length, as it is compressed with SHA256 before using.
Index ¶
- func Listen(key []byte, network, laddr string) (net.Listener, error)
- type Conn
- func (c *Conn) Close() error
- func (c *Conn) Flush() error
- func (c *Conn) Handshake() error
- func (c *Conn) LocalAddr() net.Addr
- func (c *Conn) Read(p []byte) (nn int, err error)
- func (c *Conn) RemoteAddr() net.Addr
- func (c *Conn) SetDeadline(t time.Time) error
- func (c *Conn) SetReadDeadline(t time.Time) error
- func (c *Conn) SetWriteDeadline(t time.Time) error
- func (c *Conn) Write(p []byte) (nn int, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
func Dial ¶
Dial connects to remote address raddr on the given network, which must be running spipe server with the same shared secret key. It then performs handshake to authenticate itself, and returns the connection on success.
func (*Conn) Handshake ¶
Handshake runs handshake if it has not yet been run. Most users of this package need not call Handshake explicitly: the first Read or Write will call it automatically.