Documentation
¶
Index ¶
- Constants
- Variables
- func PeekRemotePubkey(addr string, rp *repo.Repository, bk netBackend.Backend, ctx context.Context) ([]byte, string, error)
- type AuthReadWriter
- func (ath *AuthReadWriter) IsAuthorised() bool
- func (ath *AuthReadWriter) Read(buf []byte) (int, error)
- func (ath *AuthReadWriter) RemoteName() string
- func (ath *AuthReadWriter) RemotePubKey() []byte
- func (ath *AuthReadWriter) Trigger() error
- func (ath *AuthReadWriter) Write(buf []byte) (int, error)
- type Client
- type LocateMask
- type LocateResult
- type PingMap
- type PrivDecrypter
- type RemoteChecker
- type Server
- func (sv *Server) Close() error
- func (sv *Server) Connect() error
- func (sv *Server) Disconnect() error
- func (sv *Server) Identity() (peer.Info, error)
- func (sv *Server) IsOnline() bool
- func (sv *Server) Locate(ctx context.Context, who peer.Name, mask LocateMask) chan LocateResult
- func (sv *Server) PeekFingerprint(ctx context.Context, addr string) (peer.Fingerprint, string, error)
- func (sv *Server) PingMap() *PingMap
- func (sv *Server) Quit()
- func (sv *Server) Serve() error
Constants ¶
const ( LocateNone = 0 LocateExact = 1 << iota LocateDomain LocateUser LocateEmail LocateAll = LocateExact | LocateDomain | LocateUser | LocateEmail )
const ( // MaxMessageSize is the max size of a messsage that can be send to us. // The limit is arbitary and should avoid being spammed by huge messages. // (Later on we could also implement a proper streaming protocol) MaxMessageSize = 16 * 1024 * 1024 )
Variables ¶
var ( ErrPingMapClosed = errors.New("Pinger Map was already closed") ErrNoSuchAddr = errors.New("No such addr known to ping map") )
Functions ¶
func PeekRemotePubkey ¶
func PeekRemotePubkey( addr string, rp *repo.Repository, bk netBackend.Backend, ctx context.Context, ) ([]byte, string, error)
Types ¶
type AuthReadWriter ¶
type AuthReadWriter struct {
// contains filtered or unexported fields
}
AuthReadWriter acts as a layer on top of a normal io.ReadWriteCloser that adds authentication of the communication partners. It does this by employing the following protocol:
- Upon opening the connection, the public keys of both partners are exchanged. The received public key is hashed and checked to be the same as the fingerprint we're storing from this person. (This should suffice as authentication of the remote user)
- A random nonce of 62 bytes is generated and encrypted with the remote's public key. The resulting ciphertext is then send to the remote. On their side they decrypt the ciphertext (proving that they posess the respective private key).
- The resulting nonce from the remote is then hashed with sha3 and send back. Each sides check if the response matched the challenge. If so, the user is authenticated. The nonces are then used to generate a symmetric key (using scrypt) which is then used to encrypt further communication and to authenticate messages.
- Further communication writes messages with a hmac, a 4 byte size header and the actual payload.
func NewAuthReadWriter ¶
func NewAuthReadWriter( rwc io.ReadWriteCloser, privKey PrivDecrypter, ownPubKey []byte, ownName string, remoteChecker RemoteChecker, ) *AuthReadWriter
NewAuthReadWriter returns a new AuthReadWriter, adding an auth layer on top of `rwc`. `privKey` is used to decrypt the remote's challenge, while `ownPubKey` is the pub key we send to them. `remoteChecker` is a callback that is being used by the user to verify if the remote's public key is the one we're expecting.
func (*AuthReadWriter) IsAuthorised ¶
func (ath *AuthReadWriter) IsAuthorised() bool
Authorised will return true if the partner was succesfully authenticated. It will return false if no call to Read() or Write() was made.
func (*AuthReadWriter) Read ¶
func (ath *AuthReadWriter) Read(buf []byte) (int, error)
Read will try to fill `buf` with as many bytes as available.
func (*AuthReadWriter) RemoteName ¶
func (ath *AuthReadWriter) RemoteName() string
Return the remote's screen name. Note that this name only serves as indication for display and should not be relied on since it can be easily faked.
func (*AuthReadWriter) RemotePubKey ¶
func (ath *AuthReadWriter) RemotePubKey() []byte
RemotePubKey returns the partner's public key, if it was authorised already. Otherwise an error will be returned.
func (*AuthReadWriter) Trigger ¶
func (ath *AuthReadWriter) Trigger() error
Trigger the authentication machinery manually.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func Dial ¶
func Dial(name string, rp *repo.Repository, bk netBackend.Backend, ctx context.Context) (*Client, error)
func DialByAddr ¶
func DialByAddr( addr string, fingerprint peer.Fingerprint, rp *repo.Repository, bk netBackend.Backend, ctx context.Context, ) (*Client, error)
type LocateMask ¶
type LocateMask int
func LocateMaskFromString ¶
func LocateMaskFromString(s string) (LocateMask, error)
func (LocateMask) String ¶
func (lm LocateMask) String() string
type LocateResult ¶
type LocateResult struct {
Peers []peer.Info
Mask LocateMask
Name string
Err error
}
LocateResult is one result returned by Locate's result channel.
type PrivDecrypter ¶
PrivDecrypter is anything that can decrypt a message that was previously encrypted with a public key.
type RemoteChecker ¶
RemoteChecker is a function that is called once the public key of the remote has been received. If an error is returned, the authentication will fail. Use this to check the remote's public key against the fingerprint we store of it.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func (*Server) Disconnect ¶
func (*Server) Locate ¶
func (sv *Server) Locate(ctx context.Context, who peer.Name, mask LocateMask) chan LocateResult
func (*Server) PeekFingerprint ¶
func (sv *Server) PeekFingerprint(ctx context.Context, addr string) (peer.Fingerprint, string, error)
PeekFingerprint fetches the fingerprint of a peer without authenticating ourselves or them.
Source Files
Directories