 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Variables
- func DecryptWithEd25519(tPrivKey ed25519.PrivateKey, context string, ciphertext []byte) ([]byte, error)
- func DecryptWithPrivKey(privKey crypto.PrivKey, context string, ciphertext []byte) ([]byte, error)
- func DecryptWithRSA(t *rsa.PrivateKey, context string, ciphertext []byte) ([]byte, error)
- func DeriveEd25519Key(context string, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)
- func DeriveKey(context string, privKey crypto.PrivKey, out []byte) error
- func EncryptToEd25519(tPubKey ed25519.PublicKey, context string, msgSrc []byte) ([]byte, error)
- func EncryptToPubKey(pubKey crypto.PubKey, context string, msgSrc []byte) ([]byte, error)
- func EncryptToRSA(t *rsa.PublicKey, context string, msgSrc []byte) ([]byte, error)
- func IDB58Encode(id ID) string
- func NewNetAddr(pid ID) net.Addr
- type GetPeer
- type GetPeerResolver
- type GetPeerValue
- type ID
- type NetAddr
- type Peer
- func GetPeerWithID(ctx context.Context, b bus.Bus, peerIDConstraint ID, returnIfIdle bool, ...) (Peer, directive.Instance, directive.Reference, error)
- func NewPeer(privKey crypto.PrivKey) (Peer, error)
- func NewPeerWithID(id lpeer.ID) (Peer, error)
- func NewPeerWithPubKey(pubKey crypto.PubKey) (Peer, error)
 
- type Signature
- func (m *Signature) CloneGenericVT() proto.Message
- func (m *Signature) CloneVT() *Signature
- func (*Signature) Descriptor() ([]byte, []int)deprecated
- func (this *Signature) EqualVT(that *Signature) bool
- func (x *Signature) GetHashType() hash.HashType
- func (x *Signature) GetPubKey() []byte
- func (x *Signature) GetSigData() []byte
- func (m *Signature) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *Signature) MarshalToVT(dAtA []byte) (int, error)
- func (m *Signature) MarshalVT() (dAtA []byte, err error)
- func (s *Signature) ParsePubKey() (crypto.PubKey, error)
- func (*Signature) ProtoMessage()
- func (x *Signature) ProtoReflect() protoreflect.Message
- func (x *Signature) Reset()
- func (m *Signature) SizeVT() (n int)
- func (x *Signature) String() string
- func (m *Signature) UnmarshalVT(dAtA []byte) error
- func (s *Signature) Validate() error
- func (s *Signature) VerifyWithPublic(pubKey crypto.PubKey, data []byte) (bool, error)
 
- type SignedMsg
- func (m *SignedMsg) CloneGenericVT() proto.Message
- func (m *SignedMsg) CloneVT() *SignedMsg
- func (m *SignedMsg) ComputeMessageID() string
- func (*SignedMsg) Descriptor() ([]byte, []int)deprecated
- func (this *SignedMsg) EqualVT(that *SignedMsg) bool
- func (m *SignedMsg) ExtractAndVerify() (crypto.PubKey, ID, error)
- func (m *SignedMsg) ExtractPubKey() (crypto.PubKey, ID, error)
- func (x *SignedMsg) GetData() []byte
- func (x *SignedMsg) GetFromPeerId() string
- func (x *SignedMsg) GetSignature() *Signature
- func (m *SignedMsg) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *SignedMsg) MarshalToVT(dAtA []byte) (int, error)
- func (m *SignedMsg) MarshalVT() (dAtA []byte, err error)
- func (m *SignedMsg) ParseFromPeerID() (ID, error)
- func (*SignedMsg) ProtoMessage()
- func (x *SignedMsg) ProtoReflect() protoreflect.Message
- func (x *SignedMsg) Reset()
- func (m *SignedMsg) Sign(privKey crypto.PrivKey, hashType hash.HashType) error
- func (m *SignedMsg) SizeVT() (n int)
- func (x *SignedMsg) String() string
- func (m *SignedMsg) UnmarshalVT(dAtA []byte) error
- func (m *SignedMsg) Validate() error
- func (m *SignedMsg) Verify(pubKey crypto.PubKey) error
 
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEmptyPeerID is returned if the peer id cannot be empty. ErrEmptyPeerID = errors.New("peer id cannot be empty") // ErrBodyEmpty is returned if the message body was empty. ErrBodyEmpty = errors.New("message body cannot be empty") // ErrSignatureInvalid is returned for an invalid signature. ErrSignatureInvalid = errors.New("message signature invalid") // ErrShortMessage is returned if a message is too short. ErrShortMessage = errors.New("message too short") // ErrNoPrivKey is returned if the private key is not available. ErrNoPrivKey = errors.New("private key not available for peer") // ErrInvalidEd25519PubKeyForCurve25519 is returned if a public key cannot be used for curve25519. ErrInvalidEd25519PubKeyForCurve25519 = errors.New("invalid ed25519 public key for curve25519") )
var ( ErrInvalidLength = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflow = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroup = fmt.Errorf("proto: unexpected end of group") )
var File_github_com_aperturerobotics_bifrost_peer_peer_proto protoreflect.FileDescriptor
    Functions ¶
func DecryptWithEd25519 ¶
func DecryptWithEd25519( tPrivKey ed25519.PrivateKey, context string, ciphertext []byte, ) ([]byte, error)
DecryptWithEd25519 decrypts with a ed25519 key using curve25519.
tPrivKey is the target (destination) private key.
derive aes256 key: blake3(context + tPubKey + ciphertext[:4]) decrypt msgPubKey with aes256 from ciphertext[4:][:32] convert the message public key to a curve25519 point convert the target private key to a curve25519 scalar derive key for chacha20poly1305 with ecdh(privKeyCurve25519, msgPubKeyCurve25519) derive nonce with blake3(context, msgPubKey)[:24] xor the nonce with blake3(context, msgPubKey)[24:] (8 bytes long)
ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))
context and destination key must be the same as when encrypting
func DecryptWithPrivKey ¶
DecryptWithPrivKey decrypts with the given private key.
Supported types: Ed25519, RSA Context must be same as when encrypting.
func DecryptWithRSA ¶
DecryptWithRSA decrypts a message with a RSA private key.
context must be the same as at encrypt time
func DeriveEd25519Key ¶
func DeriveEd25519Key(context string, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)
DeriveEd25519Key derives a ed25519 private key from an existing private key.
The context string will be mixed to determine which key is generated. Not all private key types are supported.
func DeriveKey ¶
DeriveKey derives a crypto key using a private key.
Not all private key types are supported. Data is written to out.
context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToEd25519 ¶
EncryptToEd25519 encrypts to a ed25519 key using curve25519.
t is the target ed25519 public key.
mix pub key into seed: blake3(context + msgSrc + tPubKey) generate the one-time use message priv key (ed25519) from seed convert the target public key to a curve25519 point convert the message private key to a curve25519 scalar generate the nonce with blake3(context + msgPubKeyEd25519 + msgPubKeyCurve25519)[:24] xor the nonce with blake3(msgPubKeyEd25519 + msgPubKeyCurve25519)[24:] (8 bytes long) generate msgPubKey aes256 key: blake3(context + tPubKey + msgNonce[:4]) generate key for chacha20poly1305 with ecdh(msgPrivKeyCurve25519, tPubKeyCurve25519)
ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))
context and destination public key must be the same when decrypting context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToPubKey ¶
EncryptToPubKey encrypts a message to a public key.
Supported types: Ed25519, RSA Context must be same when decrypting.
Context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" The purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToRSA ¶
EncryptToRSA encrypts a message to a RSA public key.
marshal public key to pkix derive 32byte message key with blake3(context + msgSrc + pubPkix) derive 32byte message nonce with blake3(context + msgKey + pubPkix) compress message with s2 (snappy2) encrypt message with chacha20-poly1305
ciphertext: oaep(message-key) + chacha20poly1305(s2(msgSrc))
context must be the same at decrypt time context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func NewNetAddr ¶
NewNetAddr constructs a new net.Addr from a peer ID.
Types ¶
type GetPeer ¶
type GetPeer interface {
	// Directive indicates GetPeer is a directive.
	directive.Directive
	// GetPeerIDConstraint returns a specific peer ID node we are looking for.
	// If empty, any node is matched.
	GetPeerIDConstraint() ID
}
    GetPeer is a directive to lookup a peer on a controller.
type GetPeerResolver ¶
type GetPeerResolver struct {
	// contains filtered or unexported fields
}
    GetPeerResolver resolves the GetPeer directive
func NewGetPeerResolver ¶
func NewGetPeerResolver( directive GetPeer, peer Peer, ) *GetPeerResolver
NewGetPeerResolver constructs a new GetPeer resolver
func (*GetPeerResolver) Resolve ¶
func (c *GetPeerResolver) Resolve(ctx context.Context, valHandler directive.ResolverHandler) error
Resolve resolves the values.
type ID ¶
ID is a peer identifier.
func IDFromBytes ¶
IDFromBytes cast a string to ID type, and validate the id to make sure it is a multihash.
func IDFromPrivateKey ¶
IDFromPrivateKey returns the Peer ID corresponding to sk
type NetAddr ¶
type NetAddr struct {
	// contains filtered or unexported fields
}
    NetAddr matches net.Addr with a peer ID
type Peer ¶
type Peer interface {
	// GetPeerID returns the peer ID.
	GetPeerID() ID
	// GetPubKey returns the public key of the peer.
	GetPubKey() crypto.PubKey
	// GetPrivKey returns the private key.
	// This may require an extra lookup operation.
	// Returns ErrNoPrivKey if the private key is unavailable.
	GetPrivKey(ctx context.Context) (crypto.PrivKey, error)
}
    Peer is the common interface for a keypair-based identity.
func GetPeerWithID ¶
func GetPeerWithID( ctx context.Context, b bus.Bus, peerIDConstraint ID, returnIfIdle bool, valDisposeCallback func(), ) (Peer, directive.Instance, directive.Reference, error)
GetPeerWithID gets a peer. If peer ID is empty, selects any peer. returnIfIdle if set, will return if the directive becomes idle. valDisposeCallback is called when the value is no longer valid. valDisposeCallback can be nil.
func NewPeer ¶
NewPeer builds a new Peer object with a private key. If privKey is nil, one will be generated.
func NewPeerWithID ¶ added in v0.7.3
NewPeerWithID constructs a new Peer by extracting the pubkey from the ID.
type Signature ¶
type Signature struct {
	// PubKey is the public key of the peer.
	// May be empty if the public key is to be inferred from context.
	PubKey []byte `protobuf:"bytes,1,opt,name=pub_key,json=pubKey,proto3" json:"pub_key,omitempty"`
	// HashType is the hash type used to hash the data.
	// The signature is then of the hash bytes (usually 32).
	HashType hash.HashType `protobuf:"varint,2,opt,name=hash_type,json=hashType,proto3,enum=hash.HashType" json:"hash_type,omitempty"`
	// SigData contains the signature data.
	// The format is defined by the key type.
	SigData []byte `protobuf:"bytes,3,opt,name=sig_data,json=sigData,proto3" json:"sig_data,omitempty"`
	// contains filtered or unexported fields
}
    Signature contains a signature by a peer.
func NewSignature ¶
func NewSignature( privKey crypto.PrivKey, hashType hash.HashType, data []byte, inclPubKey bool, ) (*Signature, error)
NewSignature constructs a signature.
func NewSignatureWithHashedData ¶ added in v0.8.7
func NewSignatureWithHashedData( privKey crypto.PrivKey, hashType hash.HashType, hashData []byte, inclPubKey bool, ) (*Signature, error)
NewSignatureWithHashedData builds a new signature with already-hashed data. Skips the hash step.
func (*Signature) CloneGenericVT ¶ added in v0.8.3
        
          
            func (*Signature) Descriptor
            deprecated
            
          
  
    
  
      
      
    func (*Signature) GetHashType ¶
func (*Signature) GetSigData ¶
func (*Signature) MarshalToSizedBufferVT ¶ added in v0.2.0
func (*Signature) MarshalToVT ¶ added in v0.2.0
func (*Signature) ParsePubKey ¶
ParsePubKey parses the incldued public key. Returns nil, nil if the pub key field was not set.
func (*Signature) ProtoMessage ¶
func (*Signature) ProtoMessage()
func (*Signature) ProtoReflect ¶ added in v0.2.0
func (x *Signature) ProtoReflect() protoreflect.Message
func (*Signature) UnmarshalVT ¶ added in v0.2.0
type SignedMsg ¶
type SignedMsg struct {
	// FromPeerId is the peer identifier of the sender.
	FromPeerId string `protobuf:"bytes,1,opt,name=from_peer_id,json=fromPeerId,proto3" json:"from_peer_id,omitempty"`
	// Signature is the sender signature.
	// Should not contain PubKey, which is inferred from peer id.
	Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// Data is the signed data.
	Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
	// contains filtered or unexported fields
}
    SignedMsg is a message from a peer with a signature.
func NewSignedMsg ¶
func NewSignedMsg( privKey crypto.PrivKey, hashType hash.HashType, innerData []byte, ) (*SignedMsg, error)
NewSignedMsg constructs/signs/encodes a new signed message.
func UnmarshalSignedMsg ¶
UnmarshalSignedMsg parses a signed message.
func (*SignedMsg) CloneGenericVT ¶ added in v0.8.3
func (*SignedMsg) ComputeMessageID ¶
ComputeMessageID computes a message id for a signed message.
        
          
            func (*SignedMsg) Descriptor
            deprecated
            
          
  
    
  
      
      
    func (*SignedMsg) ExtractAndVerify ¶
ExtractAndVerify extracts public key & uses it to verify message
func (*SignedMsg) ExtractPubKey ¶
ExtractPubKey extracts the public key from the peer id.
func (*SignedMsg) GetFromPeerId ¶
func (*SignedMsg) GetSignature ¶
func (*SignedMsg) MarshalToSizedBufferVT ¶ added in v0.2.0
func (*SignedMsg) MarshalToVT ¶ added in v0.2.0
func (*SignedMsg) ParseFromPeerID ¶
ParseFromPeerID unmarshals the peer id.
func (*SignedMsg) ProtoMessage ¶
func (*SignedMsg) ProtoMessage()
func (*SignedMsg) ProtoReflect ¶ added in v0.2.0
func (x *SignedMsg) ProtoReflect() protoreflect.Message