key

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2023 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package key provides the key management for the server and the client.

Index

Examples

Constants

View Source 
const (
	// GoogleDNSProvider is a DNS-over-HTTPS server.
	//
	// https://developers.google.com/speed/public-dns/docs/dns-over-https
	GoogleDNSProvider = "https://dns.google/resolve"
	// CloudflareDNSProvider is a DNS-over-HTTPS server.
	//
	// https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/make-api-requests/
	CloudflareDNSProvider = "https://1.1.1.1/dns-query"
)

Variables

This section is empty.

Functions

func ClientFetcherCacheWithTTL 

func ClientFetcherCacheWithTTL(ttl time.Duration) func(*ClientFetcherCacheOptions)

ClientFetcherCacheWithTTL sets the TTL for the cache. By default it will use 5 minutes.

func ClientFetcherDNSKEYWithTimeout 

func ClientFetcherDNSKEYWithTimeout(timeout time.Duration) func(*ClientFetcherDNSKEYOptions)

ClientFetcherDNSKEYWithTimeout sets the timeout for the DNS over HTTPS request. By default it will use 5 seconds.

func ClientFetcherTLSWithPort 

func ClientFetcherTLSWithPort(port uint64) func(*ClientFetcherTLSOptions)

ClientFetcherTLSWithPort sets the port to use when connecting to the server. By default it will use 443.

func ClientFetcherTLSWithRootCAs 

func ClientFetcherTLSWithRootCAs(rootCAs *x509.CertPool) func(*ClientFetcherTLSOptions)

ClientFetcherTLSWithRootCAs sets the root CAs to use when verifying the TLS certificate. By default it will use the host's root CA set.

Types

type ClientFetcher 

type ClientFetcher interface {
	Fetch(host string) (PublicKey, error)
}

ClientFetcher is a generic interface to allow fetching the server's public key from different sources.

type ClientFetcherCache 

type ClientFetcherCache struct {
	// contains filtered or unexported fields
}

ClientFetcherCache is a generic interface to allow fetching the server's public key from different sources. It will cache the public key for a given TTL.

func NewClientFetcherCache 

func NewClientFetcherCache(fetcher ClientFetcher, optFuncs ...func(*ClientFetcherCacheOptions)) *ClientFetcherCache

NewClientFetcherCache creates a new ClientFetcherCache.

func (*ClientFetcherCache) Fetch 

func (c *ClientFetcherCache) Fetch(host string) (PublicKey, error)

Fetch retrieves the server's public key from the cache or from the underlying fetcher. If the public key is not in the cache, it will be fetched and stored in the cache.

type ClientFetcherCacheOptions 

type ClientFetcherCacheOptions struct {
	// contains filtered or unexported fields
}

ClientFetcherCacheOptions contains options for the ClientFetcherCache.

type ClientFetcherDNSKEY 

type ClientFetcherDNSKEY struct {
	// contains filtered or unexported fields
}

ClientFetcherDNSKEY retrieves the server's public key in the DNSKEY resource record using DNS over HTTPS. It's highly recommended to wrap this fetcher in a cache (ClientFetcherCache) to avoid network overheads on every handshake.

It supports DNSKEY containing RSA, ECDSA and Ed25519 keys.

func NewClientFetcherDNSKEY 

func NewClientFetcherDNSKEY(provider string, optFuncs ...func(*ClientFetcherDNSKEYOptions)) ClientFetcherDNSKEY

NewClientFetcherDNSKEY creates a new ClientFetcherDNSKEY.

func (ClientFetcherDNSKEY) Fetch 

func (c ClientFetcherDNSKEY) Fetch(host string) (PublicKey, error)

Fetch retrieves the server's public key in the DNSKEY resource record.

Example 
package main

import (
	"log"

	"github.com/rafaeljusto/goe2ee"
	"github.com/rafaeljusto/goe2ee/key"
)

func main() {
	hostport := "example.com:123"
	client, err := goe2ee.DialTCP(hostport,
		goe2ee.ClientWithKeyFetcher(key.NewClientFetcherDNSKEY(key.GoogleDNSProvider)),
	)
	if err != nil {
		panic(err)
	}
	defer func() {
		if err := client.Close(); err != nil {
			log.Printf("failed to close client: %v", err)
		}
	}()
}

Output:

type ClientFetcherDNSKEYOptions 

type ClientFetcherDNSKEYOptions struct {
	// contains filtered or unexported fields
}

ClientFetcherDNSKEYOptions contains options for the KeyFetcherDNSKEY constructor.

type ClientFetcherInMemory 

type ClientFetcherInMemory struct {
	// contains filtered or unexported fields
}

ClientFetcherInMemory retrieves the server's public key from an in-memory storage.

func NewClientFetcherInMemory 

func NewClientFetcherInMemory(publicKey PublicKey) ClientFetcherInMemory

NewClientFetcherInMemory creates a new ClientFetcherInMemory from a public key.

func ParseClientFetcherPEM 

func ParseClientFetcherPEM(r io.Reader) (*ClientFetcherInMemory, error)

ParseClientFetcherPEM creates a new ClientFetcherPEM.

func (ClientFetcherInMemory) Fetch 

func (c ClientFetcherInMemory) Fetch(_ string) (PublicKey, error)

Fetch retrieves the server's public key from a PEM file.

type ClientFetcherProtocol 

type ClientFetcherProtocol struct {
	// contains filtered or unexported fields
}

ClientFetcherProtocol retrieves the server's public key using the goe2ee protocol. This fetcher could be vulnerable to man-in-the-middle attacks. It's highly recommended to wrap this fetcher in a cache (ClientFetcherCache) to avoid network overheads on every handshake.

func NewClientFetcherProtocol 

func NewClientFetcherProtocol(network, serverAddr string) ClientFetcherProtocol

NewClientFetcherProtocol creates a new ClientFetcherProtocol.

func (ClientFetcherProtocol) Fetch 

func (c ClientFetcherProtocol) Fetch(_ string) (PublicKey, error)

Fetch retrieves the server's public key using the goe2ee protocol.

Example 
package main

import (
	"log"

	"github.com/rafaeljusto/goe2ee"
	"github.com/rafaeljusto/goe2ee/key"
)

func main() {
	hostport := "example.com:123"
	client, err := goe2ee.DialTCP(hostport,
		goe2ee.ClientWithKeyFetcher(key.NewClientFetcherProtocol("tcp", hostport)),
	)
	if err != nil {
		panic(err)
	}
	defer func() {
		if err := client.Close(); err != nil {
			log.Printf("failed to close client: %v", err)
		}
	}()
}

Output:

type ClientFetcherTLS 

type ClientFetcherTLS struct {
	// contains filtered or unexported fields
}

ClientFetcherTLS retrieves the server's public key in the TLS certificate. It's highly recommended to wrap this fetcher in a cache (ClientFetcherCache) to avoid network overheads on every handshake.

func NewClientFetcherTLS 

func NewClientFetcherTLS(optFuncs ...func(*ClientFetcherTLSOptions)) ClientFetcherTLS

NewClientFetcherTLS creates a new FetcherTLS.

func (ClientFetcherTLS) Fetch 

func (c ClientFetcherTLS) Fetch(host string) (publicKey PublicKey, err error)

Fetch retrieves the server's public key in the TLS certificate. It will use host's root CA set to verify the certificate.

Example 
package main

import (
	"log"

	"github.com/rafaeljusto/goe2ee"
	"github.com/rafaeljusto/goe2ee/key"
)

func main() {
	hostport := "example.com:123"
	client, err := goe2ee.DialTCP(hostport,
		goe2ee.ClientWithKeyFetcher(key.NewClientFetcherTLS()),
	)
	if err != nil {
		panic(err)
	}
	defer func() {
		if err := client.Close(); err != nil {
			log.Printf("failed to close client: %v", err)
		}
	}()
}

Output:

type ClientFetcherTLSOptions 

type ClientFetcherTLSOptions struct {
	// contains filtered or unexported fields
}

ClientFetcherTLSOptions contains options for the ClientFetcherTLS.

type PublicKey 

type PublicKey struct {
	crypto.PublicKey
}

PublicKey adds some extra functionality to the crypto.PublicKey interface.

func (PublicKey) VerifySignature 

func (p PublicKey) VerifySignature(hashType crypto.Hash, content, signature []byte) (bool, error)

VerifySignature verifies the signature of the content using the public key.

type ServerManager 

type ServerManager interface {
	FetchKey() (protocol.KeyAlgorithm, PublicKey, error)
	Sign(crypto.Hash, []byte) ([]byte, error)
}

ServerManager is a generic interface to manage the server's key-pair.

type ServerManagerInMemory 

type ServerManagerInMemory struct {
	// contains filtered or unexported fields
}

ServerManagerInMemory loads the private key and stores it in-memory.

func NewServerManager 

func NewServerManager(privateKey crypto.PrivateKey) *ServerManagerInMemory

NewServerManager creates a new server manager with the given private key.

func ServerManagerGenerateOnTheFly 

func ServerManagerGenerateOnTheFly(algorithm protocol.KeyAlgorithm) (*ServerManagerInMemory, error)

ServerManagerGenerateOnTheFly generates a new key-pair on the fly. This is not recommended for production use.

func ServerManagerParsePEM 

func ServerManagerParsePEM(r io.Reader) (*ServerManagerInMemory, error)

ServerManagerParsePEM parses a PEM encoded private key, unencrypting the private key in PKCS #8, ASN.1 DER form.

func (*ServerManagerInMemory) FetchKey 

func (s *ServerManagerInMemory) FetchKey() (protocol.KeyAlgorithm, PublicKey, error)

FetchKey returns the server's public key.

func (*ServerManagerInMemory) Sign 

func (s *ServerManagerInMemory) Sign(hashType crypto.Hash, content []byte) ([]byte, error)

Sign signs the content using the server's private key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.