Documentation ¶
Index ¶
- func WithCrypto(c Crypto) option
- func WithKeysStorage(ks KeysStorage) option
- func WithMaxKeep(n int) option
- func WithMaxMessageKeysPerSession(n int) option
- func WithMaxSkip(n int) option
- type Crypto
- type DHPair
- type DefaultCrypto
- func (c DefaultCrypto) DH(dhPair DHPair, dhPub Key) (Key, error)
- func (c DefaultCrypto) Decrypt(mk Key, authCiphertext, ad []byte) ([]byte, error)
- func (c DefaultCrypto) Encrypt(mk Key, plaintext, ad []byte) ([]byte, error)
- func (c DefaultCrypto) GenerateDH() (DHPair, error)
- func (c DefaultCrypto) KdfCK(ck Key) (Key, Key)
- func (c DefaultCrypto) KdfRK(rk, dhOut Key) (Key, Key, Key)
- type InMemoryKey
- type KDFer
- type Key
- type KeysStorage
- type KeysStorageInMemory
- func (s *KeysStorageInMemory) All() (map[string]map[uint]Key, error)
- func (s *KeysStorageInMemory) Count(pubKey Key) (uint, error)
- func (s *KeysStorageInMemory) DeleteMk(pubKey Key, msgNum uint) error
- func (s *KeysStorageInMemory) DeleteOldMks(sessionID []byte, deleteUntilSeqKey uint) error
- func (s *KeysStorageInMemory) Get(pubKey Key, msgNum uint) (Key, bool, error)
- func (s *KeysStorageInMemory) Put(sessionID []byte, pubKey Key, msgNum uint, mk Key, seqNum uint) error
- func (s *KeysStorageInMemory) TruncateMks(sessionID []byte, maxKeys int) error
- type Message
- type MessageEncHeader
- type MessageHE
- type MessageHeader
- type Session
- type SessionStorage
- type State
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithCrypto ¶
func WithCrypto(c Crypto) option
WithCrypto replaces the default cryptographic supplement with the specified. nolint: golint
func WithKeysStorage ¶
func WithKeysStorage(ks KeysStorage) option
WithKeysStorage replaces the default keys storage with the specified. nolint: golint
func WithMaxKeep ¶
func WithMaxKeep(n int) option
WithMaxKeep specifies how long we keep message keys, counted in number of messages received nolint: golint
func WithMaxMessageKeysPerSession ¶
func WithMaxMessageKeysPerSession(n int) option
WithMaxMessageKeysPerSession specifies the maximum number of message keys per session nolint: golint
func WithMaxSkip ¶
func WithMaxSkip(n int) option
WithMaxSkip specifies the maximum number of skipped message in a single chain. nolint: golint
Types ¶
type Crypto ¶
type Crypto interface { // GenerateDH creates a new Diffie-Hellman key pair. GenerateDH() (DHPair, error) // DH returns the output from the Diffie-Hellman calculation between // the private key from the DH key pair dhPair and the DH public key dbPub. DH(dhPair DHPair, dhPub Key) (Key, error) // Encrypt returns an AEAD encryption of plaintext with message key mk. The associated_data // is authenticated but is not included in the ciphertext. The AEAD nonce may be set to a constant. Encrypt(mk Key, plaintext, ad []byte) (authCiphertext []byte, err error) // Decrypt returns the AEAD decryption of ciphertext with message key mk. Decrypt(mk Key, ciphertext, ad []byte) (plaintext []byte, err error) KDFer }
Crypto is a cryptography supplement for the library.
type DefaultCrypto ¶
type DefaultCrypto struct{}
DefaultCrypto is an implementation of Crypto with cryptographic primitives recommended by the Double Ratchet Algorithm specification. However, some details are different, see function comments for details.
func (DefaultCrypto) DH ¶
func (c DefaultCrypto) DH(dhPair DHPair, dhPub Key) (Key, error)
DH returns the output from the Diffie-Hellman calculation between the private key from the DH key pair dhPair and the DH public key dbPub.
func (DefaultCrypto) Decrypt ¶
func (c DefaultCrypto) Decrypt(mk Key, authCiphertext, ad []byte) ([]byte, error)
Decrypt returns the AEAD decryption of ciphertext with message key mk.
func (DefaultCrypto) Encrypt ¶
func (c DefaultCrypto) Encrypt(mk Key, plaintext, ad []byte) ([]byte, error)
Encrypt uses a slightly different approach than in the algorithm specification: it uses AES-256-CTR instead of AES-256-CBC for security, ciphertext length and implementation complexity considerations.
func (DefaultCrypto) GenerateDH ¶
func (c DefaultCrypto) GenerateDH() (DHPair, error)
GenerateDH creates a new Diffie-Hellman key pair.
type InMemoryKey ¶
type InMemoryKey struct {
// contains filtered or unexported fields
}
type KDFer ¶
type KDFer interface { // KdfRK returns a pair (32-byte root key, 32-byte chain key) as the output of applying // a KDF keyed by a 32-byte root key rk to a Diffie-Hellman output dhOut. KdfRK(rk, dhOut Key) (rootKey, chainKey, newHeaderKey Key) // KdfCK returns a pair (32-byte chain key, 32-byte message key) as the output of applying // a KDF keyed by a 32-byte chain key ck to some constant. KdfCK(ck Key) (chainKey, msgKey Key) }
KDFer performs key derivation functions for chains.
type KeysStorage ¶
type KeysStorage interface { // Get returns a message key by the given key and message number. Get(k Key, msgNum uint) (mk Key, ok bool, err error) // Put saves the given mk under the specified key and msgNum. Put(sessionID []byte, k Key, msgNum uint, mk Key, keySeqNum uint) error // DeleteMk ensures there's no message key under the specified key and msgNum. DeleteMk(k Key, msgNum uint) error // DeleteOldMKeys deletes old message keys for a session. DeleteOldMks(sessionID []byte, deleteUntilSeqKey uint) error // TruncateMks truncates the number of keys to maxKeys. TruncateMks(sessionID []byte, maxKeys int) error // Count returns number of message keys stored under the specified key. Count(k Key) (uint, error) // All returns all the keys All() (map[string]map[uint]Key, error) }
KeysStorage is an interface of an abstract in-memory or persistent keys storage.
type KeysStorageInMemory ¶
type KeysStorageInMemory struct {
// contains filtered or unexported fields
}
KeysStorageInMemory is an in-memory message keys storage.
func (*KeysStorageInMemory) All ¶
func (s *KeysStorageInMemory) All() (map[string]map[uint]Key, error)
All returns all the keys
func (*KeysStorageInMemory) Count ¶
func (s *KeysStorageInMemory) Count(pubKey Key) (uint, error)
Count returns number of message keys stored under the specified key.
func (*KeysStorageInMemory) DeleteMk ¶
func (s *KeysStorageInMemory) DeleteMk(pubKey Key, msgNum uint) error
DeleteMk ensures there's no message key under the specified key and msgNum.
func (*KeysStorageInMemory) DeleteOldMks ¶
func (s *KeysStorageInMemory) DeleteOldMks(sessionID []byte, deleteUntilSeqKey uint) error
DeleteOldMKeys deletes old message keys for a session.
func (*KeysStorageInMemory) Put ¶
func (s *KeysStorageInMemory) Put(sessionID []byte, pubKey Key, msgNum uint, mk Key, seqNum uint) error
Put saves the given mk under the specified key and msgNum.
func (*KeysStorageInMemory) TruncateMks ¶
func (s *KeysStorageInMemory) TruncateMks(sessionID []byte, maxKeys int) error
TruncateMks truncates the number of keys to maxKeys.
type Message ¶
type Message struct { Header MessageHeader `json:"header"` Ciphertext []byte `json:"ciphertext"` }
Message is a single message exchanged by the parties.
type MessageEncHeader ¶
type MessageEncHeader []byte
MessageEncHeader is a binary-encoded representation of a message header.
func (MessageEncHeader) Decode ¶
func (mh MessageEncHeader) Decode() (MessageHeader, error)
Decode message header out of the binary-encoded representation.
type MessageHeader ¶
type MessageHeader struct { // DHr is the sender's current ratchet public key. DH Key `json:"dh"` // N is the number of the message in the sending chain. N uint32 `json:"n"` // PN is the length of the previous sending chain. PN uint32 `json:"pn"` }
MessageHeader that is prepended to every message.
func (MessageHeader) Encode ¶
func (mh MessageHeader) Encode() MessageEncHeader
Encode the header in the binary format.
type Session ¶
type Session interface { // RatchetEncrypt performs a symmetric-key ratchet step, then AEAD-encrypts the message with // the resulting message key. RatchetEncrypt(plaintext, associatedData []byte) (Message, error) // RatchetDecrypt is called to AEAD-decrypt messages. RatchetDecrypt(m Message, associatedData []byte) ([]byte, error) //DeleteMk remove a message key from the database DeleteMk(Key, uint32) error }
Session of the party involved in the Double Ratchet Algorithm.
func Load ¶
func Load(id []byte, store SessionStorage, opts ...option) (Session, error)
Load a session from a SessionStorage implementation and apply options.
func New ¶
func New(id []byte, sharedKey Key, keyPair DHPair, storage SessionStorage, opts ...option) (Session, error)
New creates session with the shared key.
func NewWithRemoteKey ¶
func NewWithRemoteKey(id []byte, sharedKey, remoteKey Key, storage SessionStorage, opts ...option) (Session, error)
NewWithRemoteKey creates session with the shared key and public key of the other party.
type SessionStorage ¶
type State ¶
type State struct { Crypto Crypto // DH Ratchet public key (the remote key). DHr Key // DH Ratchet key pair (the self ratchet key). DHs DHPair // Symmetric ratchet root chain. RootCh kdfRootChain // Symmetric ratchet sending and receiving chains. SendCh, RecvCh kdfChain // Number of messages in previous sending chain. PN uint32 // Dictionary of skipped-over message keys, indexed by ratchet public key or header key // and message number. MkSkipped KeysStorage // The maximum number of message keys that can be skipped in a single chain. // WithMaxSkip should be set high enough to tolerate routine lost or delayed messages, // but low enough that a malicious sender can't trigger excessive recipient computation. MaxSkip uint // Receiving header key and next header key. Only used for header encryption. HKr, NHKr Key // Sending header key and next header key. Only used for header encryption. HKs, NHKs Key // How long we keep messages keys, counted in number of messages received, // for example if MaxKeep is 5 we only keep the last 5 messages keys, deleting everything n - 5. MaxKeep uint // Max number of message keys per session, older keys will be deleted in FIFO fashion MaxMessageKeysPerSession int // The number of the current ratchet step. Step uint // KeysCount the number of keys generated for decrypting KeysCount uint }
The double ratchet state.