secure

package

v1.6.2 Latest Latest Go to latest Published: Apr 9, 2026 License: AGPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/TeoSlayer/pilotprotocol

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckReplayNonce(nonce [16]byte) error
func InjectReplayNonce(nonce [16]byte)
func ResetReplayCache()
type Handler
type HandshakeConfig
type PeerPubKeyLookup
type SecureConn
type Server
- func NewAuthServer(d *driver.Driver, handler Handler, nodeID uint32, signer ed25519.PrivateKey, ...) *Server
- func NewServer(d *driver.Driver, handler Handler) *Server
- func (s *Server) ListenAndServe() error

Constants ¶

View Source

const HandshakeTimeout = 10 * time.Second

HandshakeTimeout is the maximum time allowed for the ECDH handshake.

View Source

const MaxEncryptedMessageLen = 16 * 1024 * 1024 // 16 MB

MaxEncryptedMessageLen limits the maximum decrypted message size to prevent memory exhaustion from a malicious peer advertising a huge msgLen.

Variables ¶

This section is empty.

Functions ¶

func CheckReplayNonce ¶ added in v1.5.1

func CheckReplayNonce(nonce [16]byte) error

CheckReplayNonce checks if a nonce is in the replay cache without recording it. Exported for testing only.

func InjectReplayNonce ¶ added in v1.5.1

func InjectReplayNonce(nonce [16]byte)

InjectReplayNonce adds a nonce to the replay cache. Exported for testing only.

func ResetReplayCache ¶ added in v1.5.1

func ResetReplayCache()

ResetReplayCache clears the replay cache. Exported for testing only.

Types ¶

type Handler ¶

type Handler func(conn net.Conn)

Handler is called for each new secure connection.

type HandshakeConfig ¶ added in v1.5.1

type HandshakeConfig struct {
	NodeID     uint32
	Signer     ed25519.PrivateKey
	PeerPubKey ed25519.PublicKey
}

HandshakeConfig holds identity authentication parameters for the secure channel handshake. If nil is passed to Handshake, authentication is skipped (backward compatibility for tests and unauthenticated channels).

type PeerPubKeyLookup ¶ added in v1.5.1

type PeerPubKeyLookup func(nodeID uint32) ed25519.PublicKey

PeerPubKeyLookup returns the Ed25519 public key for a given node ID. Used by the server to look up a connecting client's identity for auth verification. Returns nil if the node is unknown.

type SecureConn ¶

type SecureConn struct {
	PeerNodeID uint32 // authenticated peer node ID (0 if unauthenticated)
	// contains filtered or unexported fields
}

SecureConn wraps a net.Conn with AES-256-GCM encryption. After a successful ECDH handshake, all reads and writes are encrypted.

func Dial ¶

func Dial(d *driver.Driver, addr protocol.Addr, auth ...*HandshakeConfig) (*SecureConn, error)

Dial connects to a remote agent's secure port and performs the handshake. Returns an encrypted connection that implements net.Conn.

func Handshake ¶

func Handshake(conn net.Conn, isServer bool, auth ...*HandshakeConfig) (*SecureConn, error)

Handshake performs an ECDH key exchange over the connection. isServer determines which side reads first. An optional HandshakeConfig enables mutual Ed25519 authentication inside the encrypted channel after the ECDH exchange. Pass nil or omit for unauthenticated mode (backward compatible). A deadline is set to prevent indefinite blocking (M14 fix).

func HandshakeWithLookup ¶ added in v1.5.1

func HandshakeWithLookup(conn net.Conn, isServer bool, cfg *HandshakeConfig, lookup PeerPubKeyLookup) (*SecureConn, error)

HandshakeWithLookup is like Handshake with auth, but uses a lookup function to resolve the peer's Ed25519 public key by nodeID. This is used by servers that don't know the peer's identity until they read the auth frame.

func HandshakeWithTimestampOffset ¶ added in v1.5.1

func HandshakeWithTimestampOffset(conn net.Conn, isServer bool, cfg *HandshakeConfig, offset time.Duration) (*SecureConn, error)

HandshakeWithTimestampOffset performs an authenticated handshake but shifts the auth frame timestamp by the given offset. Exported for testing only.

func (*SecureConn) Close ¶

func (sc *SecureConn) Close() error

func (*SecureConn) LocalAddr ¶

func (sc *SecureConn) LocalAddr() net.Addr

func (*SecureConn) Read ¶

func (sc *SecureConn) Read(b []byte) (int, error)

Read decrypts and reads data from the connection. Leftover plaintext from a previous decryption is returned first (H14 fix).

func (*SecureConn) RemoteAddr ¶

func (sc *SecureConn) RemoteAddr() net.Addr

func (*SecureConn) SetDeadline ¶

func (sc *SecureConn) SetDeadline(t time.Time) error

func (*SecureConn) SetReadDeadline ¶

func (sc *SecureConn) SetReadDeadline(t time.Time) error

func (*SecureConn) SetWriteDeadline ¶

func (sc *SecureConn) SetWriteDeadline(t time.Time) error

func (*SecureConn) Write ¶

func (sc *SecureConn) Write(b []byte) (int, error)

Write encrypts and writes data to the connection.

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server listens on port 443 and upgrades connections to encrypted channels.

func NewAuthServer ¶ added in v1.5.1

func NewAuthServer(d *driver.Driver, handler Handler, nodeID uint32, signer ed25519.PrivateKey, lookup PeerPubKeyLookup) *Server

NewAuthServer creates a secure channel server with Ed25519 authentication. The server authenticates itself and verifies connecting clients using the lookup function to obtain each client's expected Ed25519 public key.

func NewServer ¶

func NewServer(d *driver.Driver, handler Handler) *Server

NewServer creates a secure channel server (unauthenticated ECDH).

func (*Server) ListenAndServe ¶

func (s *Server) ListenAndServe() error

ListenAndServe binds port 443 and starts accepting secure connections.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL