openspalib

package
v0.0.0-...-edc748c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2023 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ADKSecretLen        = ADKLength // in bytes
	ADKSecretEncodedLen = 7
)
View Source 
const (
	DefaultServerPort = 22211
	MaxPDUSize        = 1444
)
View Source 
const (
	TimestampKey  uint8 = 1
	ClientUUIDKey uint8 = 2
	FirewallKey   uint8 = 3
)

OpenSPA Packet TLV8 definition keys

View Source 
const (
	TargetProtocolKey  uint8 = 1
	TargetPortStartKey uint8 = 2
	TargetPortEndKey   uint8 = 3
	ClientIPv4Key      uint8 = 4
	ClientIPv6Key      uint8 = 5
	TargetIPv4Key      uint8 = 6
	TargetIPv6Key      uint8 = 7
	DurationKey        uint8 = 8
)

Firewall TLV8 definition keys

View Source 
const (
	TimestampSize      = 8
	TargetProtocolSize = 1
	TargetPortSize     = 2
	IPV4Size           = 4
	IPV6Size           = 16
	DurationSize       = 3
	ClientUUIDSize     = 16
)
View Source 
const (
	HeaderLength    = 8
	ADKLength       = 4
	ProtocolVersion = 2
)
View Source 
const VersionMajor = 2
View Source 
const VersionMinor = 0

Variables

View Source 
var (
	ErrInvalidBytes            = errors.New("invalid bytes")
	ErrMissingEntry            = errors.New("missing entry")
	ErrBadInput                = errors.New("bad input")
	ErrViolationOfProtocolSpec = errors.New("violation of protocol spec")
	ErrCipherSuiteRequired     = errors.New("cipher suite required")
	ErrPDUTooLarge             = errors.New("pdu too large")
)
View Source 
var (
	ProtocolUndefined = InternetProtocolNumber{
		Number:   0,
		Protocol: "",
	}
	ProtocolICMP = InternetProtocolNumber{
		Number:   1,
		Protocol: "ICMP",
	}
	ProtocolIPV4 = InternetProtocolNumber{
		Number:   4,
		Protocol: "IPv4",
	}
	ProtocolTCP = InternetProtocolNumber{
		Number:   6,
		Protocol: "TCP",
	}
	ProtocolUDP = InternetProtocolNumber{
		Number:   17,
		Protocol: "UDP",
	}
	ProtocolICMPv6 = InternetProtocolNumber{
		Number:   58,
		Protocol: "ICMPv6",
	}
)
View Source 
var DurationMax = int(math.Pow(2, 8*DurationSize)) - 1
View Source 
var ErrADKProofMismatch = errors.New("adk proof mismatch")

Functions

func ADKGenerateNextProof 

func ADKGenerateNextProof(secret string) (uint32, error)

func ADKGenerateProof 

func ADKGenerateProof(secret string) (uint32, error)

func ADKGenerateProofCustom 

func ADKGenerateProofCustom(secret string, t time.Time) (uint32, error)

func ADKGenerateSecret 

func ADKGenerateSecret() (string, error)

func ClientIPFromContainer 

func ClientIPFromContainer(c tlv.Container) (net.IP, error)

func ClientIPv4FromContainer 

func ClientIPv4FromContainer(c tlv.Container) (net.IP, error)

func ClientIPv4ToContainer 

func ClientIPv4ToContainer(c tlv.Container, ip net.IP) error

func ClientIPv6FromContainer 

func ClientIPv6FromContainer(c tlv.Container) (net.IP, error)

func ClientIPv6ToContainer 

func ClientIPv6ToContainer(c tlv.Container, ip net.IP) error

func ClientUUIDDecode 

func ClientUUIDDecode(b []byte) (string, error)

func ClientUUIDEncode 

func ClientUUIDEncode(u string) ([]byte, error)

func ClientUUIDFromContainer 

func ClientUUIDFromContainer(c tlv.Container) (string, error)

func ClientUUIDToContainer 

func ClientUUIDToContainer(c tlv.Container, uuid string) error

func DurationDecode 

func DurationDecode(b []byte) (time.Duration, error)

func DurationEncode 

func DurationEncode(d time.Duration) ([]byte, error)

func DurationFromContainer 

func DurationFromContainer(c tlv.Container) (time.Duration, error)

func DurationToContainer 

func DurationToContainer(c tlv.Container, d time.Duration) error

func IPv4Decode 

func IPv4Decode(b []byte) (net.IP, error)

func IPv4Encode 

func IPv4Encode(ip net.IP) ([]byte, error)

func IPv6Decode 

func IPv6Decode(b []byte) (net.IP, error)

func IPv6Encode 

func IPv6Encode(ip net.IP) ([]byte, error)

func RandomTransactionID 

func RandomTransactionID() uint8

func RandomUUID 

func RandomUUID() string

func RequestDataToContainer 

func RequestDataToContainer(d RequestData, ed RequestExtendedData) (tlv.Container, error)

func TLVFromContainer 

func TLVFromContainer(c tlv.Container, key uint8) (tlv.Container, error)

func TLVToContainer 

func TLVToContainer(parent, child tlv.Container, key uint8) error

func TargetIPFromContainer 

func TargetIPFromContainer(c tlv.Container) (net.IP, error)

func TargetIPv4FromContainer 

func TargetIPv4FromContainer(c tlv.Container) (net.IP, error)

func TargetIPv4ToContainer 

func TargetIPv4ToContainer(c tlv.Container, ip net.IP) error

func TargetIPv6FromContainer 

func TargetIPv6FromContainer(c tlv.Container) (net.IP, error)

func TargetIPv6ToContainer 

func TargetIPv6ToContainer(c tlv.Container, ip net.IP) error

func TargetPortEndDecode 

func TargetPortEndDecode(b []byte) (int, error)

func TargetPortEndEncode 

func TargetPortEndEncode(p int) ([]byte, error)

func TargetPortEndFromContainer 

func TargetPortEndFromContainer(c tlv.Container) (int, error)

func TargetPortEndToContainer 

func TargetPortEndToContainer(c tlv.Container, p int) error

func TargetPortStartDecode 

func TargetPortStartDecode(b []byte) (int, error)

func TargetPortStartEncode 

func TargetPortStartEncode(p int) ([]byte, error)

func TargetPortStartFromContainer 

func TargetPortStartFromContainer(c tlv.Container) (int, error)

func TargetPortStartToContainer 

func TargetPortStartToContainer(c tlv.Container, p int) error

func TargetProtocolEncode 

func TargetProtocolEncode(p InternetProtocolNumber) (byte, error)

func TargetProtocolToContainer 

func TargetProtocolToContainer(c tlv.Container, p InternetProtocolNumber) error

func TimestampDecode 

func TimestampDecode(b []byte) (time.Time, error)

func TimestampEncode 

func TimestampEncode(t time.Time) ([]byte, error)

func TimestampFromContainer 

func TimestampFromContainer(c tlv.Container) (time.Time, error)

func TimestampToContainer 

func TimestampToContainer(c tlv.Container, t time.Time) error

func Version 

func Version() string

Types

type ADKProver 

type ADKProver struct {
	// contains filtered or unexported fields
}

ADKProver is a cached version of the ADKGenerateProof function, which recalculates the proof when the cached version is older than a second. This avoids calculating the same proof for every single packet and instead calculating the proof at least every second opposed to multiple times per second (when receiving multiple packets with a second). Run the benchmarks to see the speedup numbers for your setup.

func NewADKProver 

func NewADKProver(secret string) (ADKProver, error)

func (*ADKProver) Proof 

func (a *ADKProver) Proof() (uint32, error)

func (*ADKProver) Valid 

func (a *ADKProver) Valid(proof uint32) error

Valid compares the inputted proof with the actual proof, verifying that the inputted ADK proof is valid. 

type Header struct {
	Type          PDUType
	Version       int
	TransactionID uint8
	CipherSuiteID crypto.CipherSuiteID
	ADKProof      uint32
}

func NewHeader 

func NewHeader(t PDUType, c crypto.CipherSuiteID) Header

func RequestUnmarshalHeader 

func RequestUnmarshalHeader(b []byte) (Header, error)

func UnmarshalHeader 

func UnmarshalHeader(b []byte) (Header, error)

func (*Header) Marshal 

func (h *Header) Marshal() ([]byte, error)

type InternetProtocolNumber 

type InternetProtocolNumber struct {
	Number   uint8
	Protocol string
}

InternetProtocolNumber is the protocol found in the IPv4 header field Protocol. See: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

func InternetProtocolFromNumber 

func InternetProtocolFromNumber(i uint8) (InternetProtocolNumber, error)

func InternetProtocolFromString 

func InternetProtocolFromString(s string) (InternetProtocolNumber, error)

func InternetProtocolNumberSupported 

func InternetProtocolNumberSupported() []InternetProtocolNumber

InternetProtocolNumberSupported returns a slice of InternetProtocolNumber that are supported.

func TargetProtocolDecode 

func TargetProtocolDecode(b []byte) (InternetProtocolNumber, error)

func TargetProtocolFromContainer 

func TargetProtocolFromContainer(c tlv.Container) (InternetProtocolNumber, error)

func (InternetProtocolNumber) String 

func (i InternetProtocolNumber) String() string

func (InternetProtocolNumber) ToBin 

func (i InternetProtocolNumber) ToBin() byte

type PDUType 

type PDUType string
const (
	RequestPDU  PDUType = "request"
	ResponsePDU PDUType = "response"
)

type Request 

type Request struct {
	Header Header
	Body   tlv.Container
	// contains filtered or unexported fields
}

func NewRequest 

func NewRequest(d RequestData, c crypto.CipherSuite, opt RequestDataOpt) (*Request, error)

func RequestUnmarshal 

func RequestUnmarshal(b []byte, cs crypto.CipherSuite) (*Request, error)

func (*Request) Marshal 

func (r *Request) Marshal() ([]byte, error)

type RequestData 

type RequestData struct {
	TransactionID uint8
	ClientUUID    string

	ClientIP net.IP

	TargetProtocol  InternetProtocolNumber
	TargetIP        net.IP
	TargetPortStart int
	TargetPortEnd   int
}

type RequestDataOpt 

type RequestDataOpt struct {
	ADKSecret string
}

type RequestExtendedData 

type RequestExtendedData struct {
	Timestamp time.Time
}

type RequestFirewallData 

type RequestFirewallData struct {
	Timestamp  time.Time
	ClientUUID string

	ClientIP        net.IP
	TargetProtocol  InternetProtocolNumber
	TargetIP        net.IP
	TargetPortStart int
	TargetPortEnd   int
}

func RequestFirewallDataFromContainer 

func RequestFirewallDataFromContainer(c tlv.Container) (RequestFirewallData, error)

type Response 

type Response struct {
	Header Header
	Body   tlv.Container

	// Metadata is not actually sent, but it is passed to the CipherSuite implementation, so we can provide additional
	// data that can be used by CipherSuite implementation for security purposes. This data is not packed into OpenSPA
	// request/responses, it is merely passed along various subsystems.
	Metadata tlv.Container
	// contains filtered or unexported fields
}

func NewResponse 

func NewResponse(d ResponseData, c crypto.CipherSuite) (*Response, error)

func ResponseUnmarshal 

func ResponseUnmarshal(b []byte, cs crypto.CipherSuite) (*Response, error)

func (*Response) Marshal 

func (r *Response) Marshal() ([]byte, error)

type ResponseData 

type ResponseData struct {
	TransactionID uint8

	ClientUUID string

	TargetProtocol  InternetProtocolNumber
	TargetIP        net.IP
	TargetPortStart int
	TargetPortEnd   int

	Duration time.Duration
}

type ResponseExtendedData 

type ResponseExtendedData struct {
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.