Documentation ¶
Overview ¶
Package wire implements the Katzenpost wire protocol.
Package wire implements the Katzenpost wire protocol.
Index ¶
Constants ¶
const ( // MaxAdditionalDataLength is the maximum length of the additional data // sent to the peer as part of the handshake authentication. MaxAdditionalDataLength = 255 )
const PublicKeyHashSize = 32
PublicKeyHashSize indicates the hash size returned from the PublicKey's Sum256 method.
Variables ¶
var DefaultScheme = &scheme{ KEM: kem.FromKEM( schemes.ByName("Kyber768-X25519"), ), }
Functions ¶
This section is empty.
Types ¶
type PeerAuthenticator ¶
type PeerAuthenticator interface { // IsPeerValid authenticates the remote peer's credentials, returning true // iff the peer is valid. IsPeerValid(*PeerCredentials) bool }
PeerAuthenticator is the interface used to authenticate the remote peer, based on the authenticated key exchange.
type PeerCredentials ¶
PeerCredentials is the peer's credentials received during the authenticated key exchange. By virtue of the Noise Protocol's design, the AdditionalData is guaranteed to have been sent from a peer possessing the private component of PublicKey.
type PrivateKey ¶
type PrivateKey interface { encoding.BinaryMarshaler encoding.BinaryUnmarshaler encoding.TextMarshaler encoding.TextUnmarshaler // KeyType returns the key type string KeyType() string // Reset clears the PrivateKey structure such that no sensitive data is left // in memory. Reset() // Bytes returns the raw public key. Bytes() []byte // FromBytes deserializes the byte slice b into the PrivateKey. FromBytes(b []byte) error // PublicKey returns the PublicKey corresponding to the PrivateKey. PublicKey() PublicKey }
PrivateKey is an interface used to abstract away the details of the KEM Private Key being used in the wire package.
type PublicKey ¶
type PublicKey interface { encoding.BinaryMarshaler encoding.BinaryUnmarshaler encoding.TextMarshaler encoding.TextUnmarshaler // KeyType returns the key type string KeyType() string // Reset clears the PublicKey structure such that no sensitive data is left // in memory. Reset() // Equal returns true if the two public keys are equal. Equal(PublicKey) bool // Bytes returns the raw public key. Bytes() []byte // FromBytes deserializes the byte slice b into the PublicKey. FromBytes(b []byte) error // Sum256 returns the Blake2b 256-bit checksum of the key's raw bytes. Sum256() [32]byte }
PublicKey is an interface used to abstract away the details of the KEM Public Key being used in the wire package.
type Scheme ¶
type Scheme interface { // PrivateKeyFromPemFile unmarshals a private key from the PEM file, // specified as file path. PrivateKeyFromPemFile(f string) (PrivateKey, error) // PrivateKeyToPemFile writes the given private key to // the specified file path. PrivateKeyToPemFile(f string, privKey PrivateKey) error // PublicKeyFromPemFile unmarshals a public key from the PEM file, // specified as file path. PublicKeyFromPemFile(f string) (PublicKey, error) // PublicKeyToPemFile writes the given public key to // the specified file path. PublicKeyToPemFile(f string, pubKey PublicKey) error // UnmarshalTextPublicKey loads a public key from text encoded in base64. UnmarshalTextPublicKey([]byte) (PublicKey, error) // UnmarshalBinaryPublicKey loads a public key from byte slice. UnmarshalBinaryPublicKey([]byte) (PublicKey, error) // GenerateKeypair generates a new KEM keypair using the provided // entropy source. GenerateKeypair(r io.Reader) (PrivateKey, PublicKey) // PublicKeyFromBytes returns a PublicKey using the provided // bytes. PublicKeyFromBytes(b []byte) (PublicKey, error) // NewEmptyPublicKey returns an empty public key. NewEmptyPublicKey() PublicKey }
Scheme provides a minimal abstraction around our KEM Scheme.
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session is a wire protocol session.
func NewPKISession ¶
func NewPKISession(cfg *SessionConfig, isInitiator bool) (*Session, error)
NewPKISession creates a new session to be used with the PKI (authority). Unlike NewSession, NewPKISession does not require that you pass in a Sphinx geometry.
func NewSession ¶
func NewSession(cfg *SessionConfig, isInitiator bool) (*Session, error)
NewSession creates a new Session.
func (*Session) ClockSkew ¶
ClockSkew returns the approximate clock skew based on the responder's timestamp received as part of the handshake. This call MUST only be called from a session that has successfully completed Initialize(), and the peer is the responder.
func (*Session) Initialize ¶
Initialize takes an establised net.Conn, and binds it to a Session, and conducts the wire protocol handshake.
func (*Session) PeerCredentials ¶
func (s *Session) PeerCredentials() (*PeerCredentials, error)
PeerCredentials returns the peer's credentials. This call MUST only be called from a session that has successfully completed Initialize().
func (*Session) RecvCommand ¶
RecvCommand receives a wire protocol command off the network.
type SessionConfig ¶
type SessionConfig struct { // Authenticator is the PeerAuthenticator instance that will be used to // authenticate the remote peer for the newly created Session. Authenticator PeerAuthenticator // AdditionalData is the additional data that will be passed to the peer // as part of the wire protocol handshake, the length of which MUST be less // than or equal to MaxAdditionalDataLength. AdditionalData []byte // AuthenticationKey is the static long term authentication key used to // authenticate with the remote peer. AuthenticationKey PrivateKey // RandomReader is a cryptographic entropy source. RandomReader io.Reader // Geometry is the geometry of the Sphinx cryptographic packets // that we will use with our wire protocol. Geometry *geo.Geometry }
SessionConfig is the configuration used to create new Sessions.
type SessionInterface ¶
type SessionInterface interface { Initialize(conn net.Conn) error SendCommand(cmd commands.Command) error RecvCommand() (commands.Command, error) Close() PeerCredentials() *PeerCredentials ClockSkew() time.Duration }
SessionInterface is the interface used to initialize or teardown a Session and send and receive command.Commands.