Documentation
¶
Overview ¶
Package epic contains methods for the creation and verification of the EPIC packet timestamp and validation fields.
Index ¶
- Constants
- func CalcMac(auth []byte, pktID epic.PktID, s *slayers.SCION, timestamp uint32, ...) ([]byte, error)
- func CoreFromPktCounter(counter uint32) (uint8, uint32)
- func CreateTimestamp(input time.Time, now time.Time) (uint32, error)
- func PktCounterFromCore(coreID uint8, coreCounter uint32) uint32
- func VerifyHVF(auth []byte, pktID epic.PktID, s *slayers.SCION, timestamp uint32, hvf []byte, ...) error
- func VerifyTimestamp(timestamp time.Time, epicTS uint32, now time.Time) error
Constants ¶
const ( // AuthLen denotes the size of the authenticator in bytes AuthLen = 16 // MaxPacketLifetime denotes the maximal lifetime of a packet MaxPacketLifetime time.Duration = 2 * time.Second // MaxClockSkew denotes the maximal clock skew MaxClockSkew time.Duration = time.Second // TimestampResolution denotes the resolution of the epic timestamp TimestampResolution = 21 * time.Microsecond // MACBufferSize denotes the buffer size of the CBC input and output. MACBufferSize = 48 )
Variables ¶
This section is empty.
Functions ¶
func CalcMac ¶
func CalcMac(auth []byte, pktID epic.PktID, s *slayers.SCION, timestamp uint32, buffer []byte) ([]byte, error)
CalcMac derives the EPIC MAC (PHVF/LHVF) given the full 16 bytes of the SCION path type MAC (auth), the EPIC packet ID (pktID), the timestamp in the Info Field (timestamp), and the SCION common/address header (s). If the same buffer is provided in subsequent calls to this function, the previously returned EPIC MAC may get overwritten. Only the most recently returned EPIC MAC is guaranteed to be valid.
func CoreFromPktCounter ¶
CoreFromPktCounter reads the core ID and the core counter from a counter belonging to a packet identifier.
func CreateTimestamp ¶
CreateTimestamp returns the epic timestamp, which encodes the current time (now) relative to the input timestamp. The input timestamp must not be in the future (compared to the current time), otherwise an error is returned. An error is also returned if the current time is more than 1 day and 63 minutes after the input timestamp.
func PktCounterFromCore ¶
PktCounterFromCore creates a counter for the packet identifier based on the core ID and the core counter.
func VerifyHVF ¶
func VerifyHVF(auth []byte, pktID epic.PktID, s *slayers.SCION, timestamp uint32, hvf []byte, buffer []byte) error
VerifyHVF verifies the correctness of the HVF (PHVF or the LHVF) field in the EPIC packet by recalculating and comparing it. If the EPIC authenticator (auth), which denotes the full 16 bytes of the SCION path type MAC, has invalid length, or if the MAC calculation gives an error, also VerifyHVF returns an error. The verification was successful if and only if VerifyHVF returns nil.
func VerifyTimestamp ¶
VerifyTimestamp checks whether an EPIC packet is fresh. This means that the time the packet was sent from the source host, which is encoded by the timestamp and the epicTimestamp, does not date back more than the maximal packet lifetime of two seconds. The function also takes a possible clock drift between the packet source and the verifier of up to one second into account.
Types ¶
This section is empty.
Source Files