Documentation
¶
Overview ¶
Package wire implements the Katzenpost wire protocol.
Package wire implements the Katzenpost wire protocol.
Index ¶
Constants ¶
const ( // MaxAdditionalDataLength is the maximum length of the additional data // sent to the peer as part of the handshake authentication. MaxAdditionalDataLength = 255 )
const PublicKeyHashSize = 32
PublicKeyHashSize indicates the hash size returned from the PublicKey's Sum256 method.
Variables ¶
var DefaultScheme = &scheme{ KEM: kem.FromKEM( schemes.ByName("Kyber768-X25519"), ), }
Functions ¶
This section is empty.
Types ¶
type PeerAuthenticator ¶
type PeerAuthenticator interface {
// IsPeerValid authenticates the remote peer's credentials, returning true
// iff the peer is valid.
IsPeerValid(*PeerCredentials) bool
}
PeerAuthenticator is the interface used to authenticate the remote peer, based on the authenticated key exchange.
type PeerCredentials ¶
PeerCredentials is the peer's credentials received during the authenticated key exchange. By virtue of the Noise Protocol's design, the AdditionalData is guaranteed to have been sent from a peer possessing the private component of PublicKey.
type PrivateKey ¶
type PrivateKey interface {
encoding.BinaryMarshaler
encoding.BinaryUnmarshaler
encoding.TextMarshaler
encoding.TextUnmarshaler
// KeyType returns the key type string
KeyType() string
// Reset clears the PrivateKey structure such that no sensitive data is left
// in memory.
Reset()
// Bytes returns the raw public key.
Bytes() []byte
// FromBytes deserializes the byte slice b into the PrivateKey.
FromBytes(b []byte) error
// PublicKey returns the PublicKey corresponding to the PrivateKey.
PublicKey() PublicKey
}
PrivateKey is an interface used to abstract away the details of the KEM Private Key being used in the wire package.
type PublicKey ¶
type PublicKey interface {
encoding.BinaryMarshaler
encoding.BinaryUnmarshaler
encoding.TextMarshaler
encoding.TextUnmarshaler
// KeyType returns the key type string
KeyType() string
// Reset clears the PublicKey structure such that no sensitive data is left
// in memory.
Reset()
// Equal returns true if the two public keys are equal.
Equal(PublicKey) bool
// Bytes returns the raw public key.
Bytes() []byte
// FromBytes deserializes the byte slice b into the PublicKey.
FromBytes(b []byte) error
// Sum256 returns the Blake2b 256-bit checksum of the key's raw bytes.
Sum256() [32]byte
}
PublicKey is an interface used to abstract away the details of the KEM Public Key being used in the wire package.
type Scheme ¶
type Scheme interface {
// PrivateKeyFromPemFile unmarshals a private key from the PEM file,
// specified as file path.
PrivateKeyFromPemFile(f string) (PrivateKey, error)
// PrivateKeyToPemFile writes the given private key to
// the specified file path.
PrivateKeyToPemFile(f string, privKey PrivateKey) error
// PublicKeyFromPemFile unmarshals a public key from the PEM file,
// specified as file path.
PublicKeyFromPemFile(f string) (PublicKey, error)
// PublicKeyToPemFile writes the given public key to
// the specified file path.
PublicKeyToPemFile(f string, pubKey PublicKey) error
// UnmarshalTextPublicKey loads a public key from text encoded in base64.
UnmarshalTextPublicKey([]byte) (PublicKey, error)
// UnmarshalBinaryPublicKey loads a public key from byte slice.
UnmarshalBinaryPublicKey([]byte) (PublicKey, error)
// GenerateKeypair generates a new KEM keypair using the provided
// entropy source.
GenerateKeypair(r io.Reader) (PrivateKey, PublicKey)
// PublicKeyFromBytes returns a PublicKey using the provided
// bytes.
PublicKeyFromBytes(b []byte) (PublicKey, error)
// NewEmptyPublicKey returns an empty public key.
NewEmptyPublicKey() PublicKey
}
Scheme provides a minimal abstraction around our KEM Scheme.
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session is a wire protocol session.
func NewPKISession ¶
func NewPKISession(cfg *SessionConfig, isInitiator bool) (*Session, error)
NewPKISession creates a new session to be used with the PKI (authority). Unlike NewSession, NewPKISession does not require that you pass in a Sphinx geometry.
func NewSession ¶
func NewSession(cfg *SessionConfig, isInitiator bool) (*Session, error)
NewSession creates a new Session.
func (*Session) ClockSkew ¶
ClockSkew returns the approximate clock skew based on the responder's timestamp received as part of the handshake. This call MUST only be called from a session that has successfully completed Initialize(), and the peer is the responder.
func (*Session) Initialize ¶
Initialize takes an establised net.Conn, and binds it to a Session, and conducts the wire protocol handshake.
func (*Session) PeerCredentials ¶
func (s *Session) PeerCredentials() (*PeerCredentials, error)
PeerCredentials returns the peer's credentials. This call MUST only be called from a session that has successfully completed Initialize().
func (*Session) RecvCommand ¶
RecvCommand receives a wire protocol command off the network.
type SessionConfig ¶
type SessionConfig struct {
// Authenticator is the PeerAuthenticator instance that will be used to
// authenticate the remote peer for the newly created Session.
Authenticator PeerAuthenticator
// AdditionalData is the additional data that will be passed to the peer
// as part of the wire protocol handshake, the length of which MUST be less
// than or equal to MaxAdditionalDataLength.
AdditionalData []byte
// AuthenticationKey is the static long term authentication key used to
// authenticate with the remote peer.
AuthenticationKey PrivateKey
// RandomReader is a cryptographic entropy source.
RandomReader io.Reader
// Geometry is the geometry of the Sphinx cryptographic packets
// that we will use with our wire protocol.
Geometry *geo.Geometry
}
SessionConfig is the configuration used to create new Sessions.
type SessionInterface ¶
type SessionInterface interface {
Initialize(conn net.Conn) error
SendCommand(cmd commands.Command) error
RecvCommand() (commands.Command, error)
Close()
PeerCredentials() *PeerCredentials
ClockSkew() time.Duration
}
SessionInterface is the interface used to initialize or teardown a Session and send and receive command.Commands.
Source Files
Directories