Documentation
¶
Overview ¶
Package conn contains an implementation of a secure channel created by gRPC handshakers.
Index ¶
- Constants
- Variables
- func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, ...) (net.Conn, error)
- func ParseFramedMsg(b []byte, maxLen uint32) ([]byte, []byte, error)
- func RegisterProtocol(protocol string, f ALTSRecordFunc) error
- func SliceForAppend(in []byte, n int) (head, tail []byte)
- type ALTSRecordCrypto
- type ALTSRecordFunc
- type KeySizeError
Constants ¶
const ( // GcmTagSize is the GCM tag size is the difference in length between // plaintext and ciphertext. From crypto/cipher/gcm.go in Go crypto // library. GcmTagSize = 16 )
const ( // MsgLenFieldSize is the byte size of the frame length field of a // framed message. MsgLenFieldSize = 4 )
Variables ¶
var ErrAuth = errors.New("message authentication failed")
ErrAuth occurs on authentication failure.
Functions ¶
func NewConn ¶
func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, protected []byte) (net.Conn, error)
NewConn creates a new secure channel instance given the other party role and handshaking result.
func ParseFramedMsg ¶
ParseFramedMsg parse the provided buffer and returns a frame of the format msgLength+msg and any remaining bytes in that buffer.
func RegisterProtocol ¶
func RegisterProtocol(protocol string, f ALTSRecordFunc) error
RegisterProtocol register a ALTS record encryption protocol.
func SliceForAppend ¶
SliceForAppend takes a slice and a requested number of bytes. It returns a slice with the contents of the given slice followed by that many bytes and a second slice that aliases into it and contains only the extra bytes. If the original slice has sufficient capacity then no allocation is performed.
Types ¶
type ALTSRecordCrypto ¶
type ALTSRecordCrypto interface {
// Encrypt encrypts the plaintext and computes the tag (if any) of dst
// and plaintext, dst and plaintext do not overlap.
Encrypt(dst, plaintext []byte) ([]byte, error)
// EncryptionOverhead returns the tag size (if any) in bytes.
EncryptionOverhead() int
// Decrypt decrypts ciphertext and verify the tag (if any). dst and
// ciphertext may alias exactly or not at all. To reuse ciphertext's
// storage for the decrypted output, use ciphertext[:0] as dst.
Decrypt(dst, ciphertext []byte) ([]byte, error)
}
ALTSRecordCrypto is the interface for gRPC ALTS record protocol.
func NewAES128GCM ¶
func NewAES128GCM(side core.Side, key []byte) (ALTSRecordCrypto, error)
NewAES128GCM creates an instance that uses aes128gcm for ALTS record.
func NewAES128GCMRekey ¶
func NewAES128GCMRekey(side core.Side, key []byte) (ALTSRecordCrypto, error)
NewAES128GCMRekey creates an instance that uses aes128gcm with rekeying for ALTS record. The key argument should be 44 bytes, the first 32 bytes are used as a key for HKDF-expand and the remainining 12 bytes are used as a random mask for the counter.
type ALTSRecordFunc ¶
type ALTSRecordFunc func(s core.Side, keyData []byte) (ALTSRecordCrypto, error)
ALTSRecordFunc is a function type for factory functions that create ALTSRecordCrypto instances.
type KeySizeError ¶
type KeySizeError int
KeySizeError signals that the given key does not have the correct size.
func (KeySizeError) Error ¶
func (k KeySizeError) Error() string
Source Files