nego

Documentation

Overview

Package nego implements cryptographic negotiation and secret entrypoint finding.

Index

• func BitFill(z, x *big.Int, i, j int, b uint)
• func BitScan(x *big.Int, i, j int, b uint) int
• type Entry
  • func (e *Entry) String() string
• type Writer
  • func (w *Writer) Layout(suiteLevel map[abstract.Suite]int, entrypoints []Entry, rand cipher.Stream) (int, error)
  • func (w *Writer) Payload(data []byte, encrypt cipher.Stream) int
  • func (w *Writer) SetMaxLen(max int)
  • func (w *Writer) Write(rand cipher.Stream) []byte

Functions

func BitFill

func BitFill(z, x *big.Int, i, j int, b uint)

Set z to x, but with the bit-field from bit i up or down to bit j filled with bit value b.

func BitScan

func BitScan(x *big.Int, i, j int, b uint) int

Scan a bit-field within x starting from bit i, either upward or downward to but not including bit j, for the first bit with value b. Returns the position of the first b-bit found, or -1 if every bit in the bit-field is set to 1-b.

Types

type Entry

type Entry struct {
	Suite  abstract.Suite // Ciphersuite this public key is drawn from
	PubKey abstract.Point // Public key of this entrypoint's owner
	Data   []byte         // Entrypoint data decryptable by owner
}

func (*Entry) String

func (e *Entry) String() string

type Writer

type Writer struct {
	// contains filtered or unexported fields
}

Writer produces a cryptographic negotiation header, which conceals a variable number of "entrypoints" within a variable-length binary blob of random-looking bits. Each entrypoint hidden in the blob is discoverable and usable only by the owner of a particular public key. Different public keys may be drawn from different ciphersuites, in any combination, without coordination between the ciphersuites.

Each entrypoint contains a short fixed-length blob of encrypted data, which the owner of the entrypoint can decrypt and use to obtain keys and pointers to the "real" content. This "real" content is typically located after the negotiation header and encrypted with a symmetric key included in the entrypoint data, which can be (but doesn't have to be) shared by many or all entrypoints.

func (*Writer) Layout

func (w *Writer) Layout(suiteLevel map[abstract.Suite]int,
	entrypoints []Entry,
	rand cipher.Stream) (int, error)

Initialize a Writer to produce one or more negotiation header containing a specified set of entrypoints, whose owners' public keys are drawn from a given set of ciphersuites.

The caller must provide a map 'suiteLevel' with one key per ciphersuite, whose value is the maximum "level" in the header at which the ciphersuite's ephemeral Diffie-Hellman Point may be encoded. This maximum level must be standardized for each ciphersuite, and should be log2(maxsuites), where maxsuites is the maximum number of unique ciphersuites that are likely to exist when this suite is defined.

The Data slices in all entrypoints must have been allocated and sized according to the data the caller wants to suppy each entrypoint, but the content of these Data slices need not be filled in yet.

This function lays out the entrypoints in the negotiation header, and returns the total size of the negotiation headers that will be produced from this layout.

After this initialization and layout computation, multiple independent negotiation headers with varying entrypoint data may be produced more efficiently via Write().

XXX if multiple entrypoints are improperly passed for the same keyholder, bad things happen to security - we should harden the API against that.

func (*Writer) Payload

func (w *Writer) Payload(data []byte, encrypt cipher.Stream) int

After Layout() has been called to layout the header, the client may call Payload() any number of times to reserve regions for encrypted payloads in the message. Returns the byte offset in the message where the payload was placed.

Although the client could as well encrypt the data before calling Payload(), we take a cleartext and a cipher.Stream to "make sure" it gets encrypted. (Callers who really want to do their own encryption can pass in a no-op cipher.Stream, but this isn't recommended.)

func (*Writer) SetMaxLen

func (w *Writer) SetMaxLen(max int)

Set the optional maximum length for the negotiation header, affecting subsequent calls to Layout()

func (*Writer) Write

func (w *Writer) Write(rand cipher.Stream) []byte

Finalize and encrypt the negotiation message. The data slices in all the entrypoints must be filled in before calling this function.