Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTryAgain is returned by transports when it is inconclusive with the current amount of data // whether the transport exists in the connection. ErrTryAgain = errors.New("not enough information to determine transport") // ErrNotTransport is returned by transports when they // can conclusively determine that the connection does not // contain this transport. The caller shouldn't retry // with this transport. ErrNotTransport = errors.New("connection does not contain transport") // ErrTransportNotSupported is returned when a transport is unable to service one or more of the // required functions because the clientLibVersion is to old and the transport is not backward // compatible to that version. ErrTransportNotSupported = errors.New("Transport not supported ") // ErrPublicKeyLen is returned when the length of the provided public key is incorrect for // ed25519. ErrPublicKeyLen = errors.New("Unexpected station pubkey length. Expected: 32B") )
Functions ¶
func PortSelectorRange ¶
PortSelectorRange provides a generic and basic way to return a seeded port selection function that uses a custom range.
func UnmarshalAnypbTo ¶
func UnmarshalAnypbTo(src *anypb.Any, dst protoreflect.ProtoMessage) error
UnmarshalAnypbTo unmarshals the src anypb to dst without reading the src type url. Used to unmarshal TransportParams in the registration message for saving space from the type url so that the registration payload is small enough for the DNS registrar.
Types ¶
type CTRObfuscator ¶
type CTRObfuscator struct{}
CTRObfuscator implements the Obfuscator interface using ECDHE and AES CTR. Prevents tag re-use.
func (CTRObfuscator) Obfuscate ¶
func (CTRObfuscator) Obfuscate(plainText []byte, stationPubkey []byte) ([]byte, error)
Obfuscate for CTRObfuscator derives a shared key using ECDHE an then encrypts the plaintext under that key using AES CTR. The elligator representative for the clients public key is prepended to the returned byte array. This means that the result length will likely be:
32 + len(plaintext)
[elligator encoded client Pub][Ciphertext]
func (CTRObfuscator) TryReveal ¶
func (CTRObfuscator) TryReveal(ciphertext []byte, privateKey [32]byte) ([]byte, error)
TryReveal for CTRObfuscator expects a ciphertext object where the first 32 bytes is an elligator encoded public key with which the server can derive an ECDHE shared secret. This secret is then used to decrypt the remainder of the plaintext using AES CTR.
type GCMObfuscator ¶
type GCMObfuscator struct{}
GCMObfuscator implements the Obfuscator interface using ECDHE and AES GCM. Prevents tag re-use.
func (GCMObfuscator) Obfuscate ¶
func (GCMObfuscator) Obfuscate(plainText []byte, stationPubkey []byte) ([]byte, error)
Obfuscate for GCMObfuscator derives a shared key using ECDHE an then encrypts the plaintext under that key using AES GCM. The elligator representative for the clients public key is prepended to the returned byte array. This means that the result length will likely be:
32 + len(plaintext) + 16
[elligator encoded client Pub][Ciphertext + Auth tag]
func (GCMObfuscator) TryReveal ¶
func (GCMObfuscator) TryReveal(ciphertext []byte, privateKey [32]byte) ([]byte, error)
TryReveal for GCMObfuscator expects a ciphertext object where the first 32 bytes is an elligator encoded public key with which the server can derive an ECDHE shared secret. This secret is then used to decrypt and authenticate the remainder of the plaintext using AES GCM.
type NilObfuscator ¶
type NilObfuscator struct{}
NilObfuscator implements the Obfuscator interface for no modification the provided tag / plaintext / ciphertext. Will NOT prevent tag re-use if a registration is re-used.
type Obfuscator ¶
type Obfuscator interface { // Take the plain text and perform an obfuscation to make it distinguishable to the station Obfuscate(plaintext []byte, stationPubkey []byte) ([]byte, error) // Take a cipher text and de-obfuscate to make it usable by the station TryReveal(cipherText []byte, privateKey [32]byte) ([]byte, error) }
Obfuscator provides an interface for obfuscating the tags that are sent by transports in order to indicate their knowledge of the shared secret to the station.
type PrefixConn ¶
PrefixConn allows arbitrary readers to serve as the data source of a net.Conn. This allows us to consume data from the socket while later making it available again (for things like handshakes).
func PrependToConn ¶
func PrependToConn(c net.Conn, r io.Reader) PrefixConn
PrependToConn creates a PrefixConn which allows arbitrary readers to serve as the data source of a net.Conn.
type RegManager ¶ added in v0.6.3
type RegManager interface {
GetRegistrations(phantomAddr net.IP) map[string]Registration
}
RegManager provides an abstraction for the RegistrationManager which tracks registrations.
type Registration ¶ added in v0.6.3
type Registration interface { GetRegistrationAddress() string GetSrcPort() uint16 GetDstPort() uint16 PhantomIP() *net.IP // Transport management functions TransportType() pb.TransportType TransportParams() any SetTransportKeys(interface{}) error TransportKeys() interface{} TransportReader() io.Reader }
Registration provides an abstraction around station tracked registrations.
type XORObfuscator ¶
type XORObfuscator struct{}
XORObfuscator implements the Obfuscator interface for no modification the provided tag / plaintext / ciphertext. Will NOT prevent tag re-use if a registration is re-used.