 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Variables
- func DecryptWithEd25519(tPrivKey ed25519.PrivateKey, context string, ciphertext []byte) ([]byte, error)
- func DecryptWithPrivKey(privKey crypto.PrivKey, context string, ciphertext []byte) ([]byte, error)
- func DecryptWithRSA(t *rsa.PrivateKey, context string, ciphertext []byte) ([]byte, error)
- func DeriveEd25519Key(context string, salt []byte, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)
- func DeriveKey(context string, salt []byte, privKey crypto.PrivKey, out []byte) error
- func EncryptToEd25519(tPubKey ed25519.PublicKey, context string, msgSrc []byte) ([]byte, error)
- func EncryptToPubKey(pubKey crypto.PubKey, context string, msgSrc []byte) ([]byte, error)
- func EncryptToRSA(t *rsa.PublicKey, context string, msgSrc []byte) ([]byte, error)
- func IDB58Encode(id ID) string
- func IDsToString(ids []ID) []string
- func NewNetAddr(pid ID) net.Addr
- type GetPeer
- type GetPeerResolver
- type GetPeerValue
- type ID
- type NetAddr
- type Peer
- func GetPeerWithID(ctx context.Context, b bus.Bus, peerIDConstraint ID, returnIfIdle bool, ...) (Peer, directive.Instance, directive.Reference, error)
- func NewPeer(privKey crypto.PrivKey) (Peer, error)
- func NewPeerWithGenerateED25519() (Peer, crypto.PrivKey, crypto.PubKey, error)
- func NewPeerWithID(id lpeer.ID) (Peer, error)
- func NewPeerWithPubKey(pubKey crypto.PubKey) (Peer, error)
 
- type Signature
- func (m *Signature) CloneMessageVT() protobuf_go_lite.CloneMessage
- func (m *Signature) CloneVT() *Signature
- func (this *Signature) EqualMessageVT(thatMsg any) bool
- func (this *Signature) EqualVT(that *Signature) bool
- func (x *Signature) GetHashType() hash.HashType
- func (x *Signature) GetPubKey() []byte
- func (x *Signature) GetSigData() []byte
- func (x *Signature) MarshalJSON() ([]byte, error)
- func (x *Signature) MarshalProtoJSON(s *json.MarshalState)
- func (x *Signature) MarshalProtoText() string
- func (m *Signature) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *Signature) MarshalToVT(dAtA []byte) (int, error)
- func (m *Signature) MarshalVT() (dAtA []byte, err error)
- func (s *Signature) ParsePubKey() (crypto.PubKey, error)
- func (*Signature) ProtoMessage()
- func (x *Signature) Reset()
- func (m *Signature) SizeVT() (n int)
- func (x *Signature) String() string
- func (x *Signature) UnmarshalJSON(b []byte) error
- func (x *Signature) UnmarshalProtoJSON(s *json.UnmarshalState)
- func (m *Signature) UnmarshalVT(dAtA []byte) error
- func (s *Signature) Validate() error
- func (s *Signature) VerifyWithPublic(encContext string, pubKey crypto.PubKey, data []byte) (bool, error)
 
- type SignedMsg
- func (m *SignedMsg) CloneMessageVT() protobuf_go_lite.CloneMessage
- func (m *SignedMsg) CloneVT() *SignedMsg
- func (m *SignedMsg) ComputeMessageID() string
- func (this *SignedMsg) EqualMessageVT(thatMsg any) bool
- func (this *SignedMsg) EqualVT(that *SignedMsg) bool
- func (m *SignedMsg) ExtractAndVerify(encContext string) (crypto.PubKey, ID, error)
- func (m *SignedMsg) ExtractPubKey() (crypto.PubKey, ID, error)
- func (x *SignedMsg) GetData() []byte
- func (x *SignedMsg) GetFromPeerId() string
- func (x *SignedMsg) GetSignature() *Signature
- func (x *SignedMsg) MarshalJSON() ([]byte, error)
- func (x *SignedMsg) MarshalProtoJSON(s *json.MarshalState)
- func (x *SignedMsg) MarshalProtoText() string
- func (m *SignedMsg) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *SignedMsg) MarshalToVT(dAtA []byte) (int, error)
- func (m *SignedMsg) MarshalVT() (dAtA []byte, err error)
- func (m *SignedMsg) ParseFromPeerID() (ID, error)
- func (*SignedMsg) ProtoMessage()
- func (x *SignedMsg) Reset()
- func (m *SignedMsg) Sign(encContext string, privKey crypto.PrivKey, hashType hash.HashType) error
- func (m *SignedMsg) SizeVT() (n int)
- func (x *SignedMsg) String() string
- func (x *SignedMsg) UnmarshalJSON(b []byte) error
- func (x *SignedMsg) UnmarshalProtoJSON(s *json.UnmarshalState)
- func (m *SignedMsg) UnmarshalVT(dAtA []byte) error
- func (m *SignedMsg) Verify(encContext string, pubKey crypto.PubKey) error
 
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEmptyPeerID is returned if the peer id cannot be empty. ErrEmptyPeerID = errors.New("peer id cannot be empty") // ErrEmptyBody is returned if the message body was empty. ErrEmptyBody = errors.New("message body cannot be empty") // ErrSignatureInvalid is returned for an invalid signature. ErrSignatureInvalid = errors.New("message signature invalid") // ErrShortMessage is returned if a message is too short. ErrShortMessage = errors.New("message too short") // ErrNoPrivKey is returned if the private key is not available. ErrNoPrivKey = errors.New("private key not available for peer") // ErrInvalidEd25519PubKeyForCurve25519 is returned if a public key cannot be used for curve25519. ErrInvalidEd25519PubKeyForCurve25519 = errors.New("invalid ed25519 public key for curve25519") )
Functions ¶
func DecryptWithEd25519 ¶
func DecryptWithEd25519( tPrivKey ed25519.PrivateKey, context string, ciphertext []byte, ) ([]byte, error)
DecryptWithEd25519 decrypts with a ed25519 key using curve25519.
tPrivKey is the target (destination) private key.
derive aes256 key: blake3(context + tPubKey + ciphertext[:4]) decrypt msgPubKey with aes256 from ciphertext[4:][:32] convert the message public key to a curve25519 point convert the target private key to a curve25519 scalar derive key for chacha20poly1305 with ecdh(privKeyCurve25519, msgPubKeyCurve25519) derive nonce with blake3(context, msgPubKey)[:24] xor the nonce with blake3(context, msgPubKey)[24:] (8 bytes long)
ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))
context and destination key must be the same as when encrypting
func DecryptWithPrivKey ¶
DecryptWithPrivKey decrypts with the given private key.
Supported types: Ed25519, RSA Context must be same as when encrypting.
func DecryptWithRSA ¶
DecryptWithRSA decrypts a message with a RSA private key.
context must be the same as at encrypt time
func DeriveEd25519Key ¶
func DeriveEd25519Key(context string, salt []byte, privKey crypto.PrivKey) (crypto.PrivKey, crypto.PubKey, error)
DeriveEd25519Key derives a ed25519 private key from an existing private key.
context should be globally unique, and application-specific. salt is any additional data to mix with the private key.
A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1"
the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func DeriveKey ¶
DeriveKey derives a secret using a private key.
Not all private key types are supported. Data is written to out.
context should be globally unique, and application-specific. salt is any additional data to mix with the private key.
A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1"
the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToEd25519 ¶
EncryptToEd25519 encrypts to a ed25519 key using curve25519.
t is the target ed25519 public key.
mix pub key into seed: blake3(context + msgSrc + tPubKey) generate the one-time use message priv key (ed25519) from seed convert the target public key to a curve25519 point convert the message private key to a curve25519 scalar generate the nonce with blake3(context + msgPubKeyEd25519 + msgPubKeyCurve25519)[:24] xor the nonce with blake3(msgPubKeyEd25519 + msgPubKeyCurve25519)[24:] (8 bytes long) generate msgPubKey aes256 key: blake3(context + tPubKey + msgNonce[:4]) generate key for chacha20poly1305 with ecdh(msgPrivKeyCurve25519, tPubKeyCurve25519)
ciphertext: msgNonce[:4] + aes256(msgPubKey) + chacha20poly1305(s2(message))
context and destination public key must be the same when decrypting context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToPubKey ¶
EncryptToPubKey encrypts a message to a public key.
Supported types: Ed25519, RSA Context must be same when decrypting.
Context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" The purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func EncryptToRSA ¶
EncryptToRSA encrypts a message to a RSA public key.
marshal public key to pkix derive 32byte message key with blake3(context + msgSrc + pubPkix) derive 32byte message nonce with blake3(context + msgKey + pubPkix) compress message with s2 (snappy2) encrypt message with chacha20-poly1305
ciphertext: oaep(message-key) + chacha20poly1305(s2(msgSrc))
context must be the same at decrypt time context should be globally unique, and application-specific. A good format for ctx strings is: [application] [commit timestamp] [purpose] e.g., "example.com 2019-12-25 16:18:03 session tokens v1" the purpose of these requirements is to ensure that an attacker cannot trick two different applications into using the same context string.
func IDsToString ¶ added in v0.22.2
IDsToString converts a slice of IDs to strings.
func NewNetAddr ¶
NewNetAddr constructs a new net.Addr from a peer ID.
Types ¶
type GetPeer ¶
type GetPeer interface {
	// Directive indicates GetPeer is a directive.
	directive.Directive
	// GetPeerIDConstraint returns a specific peer ID node we are looking for.
	// If empty, any node is matched.
	GetPeerIDConstraint() ID
}
    GetPeer is a directive to lookup a peer on a controller.
type GetPeerResolver ¶
type GetPeerResolver struct {
	// contains filtered or unexported fields
}
    GetPeerResolver resolves the GetPeer directive
func NewGetPeerResolver ¶
func NewGetPeerResolver( directive GetPeer, peer Peer, ) *GetPeerResolver
NewGetPeerResolver constructs a new GetPeer resolver
func (*GetPeerResolver) Resolve ¶
func (c *GetPeerResolver) Resolve(ctx context.Context, valHandler directive.ResolverHandler) error
Resolve resolves the values.
type ID ¶
ID is a peer identifier.
func IDB58Decode ¶
IDB58Decode returns a b58-decoded Peer ID.
func IDFromBytes ¶
IDFromBytes cast a string to ID type, and validate the id to make sure it is a multihash.
func IDFromPrivateKey ¶
IDFromPrivateKey returns the Peer ID corresponding to sk
func IDFromPublicKey ¶
IDFromPublicKey returns the Peer ID corresponding to pk
type NetAddr ¶
type NetAddr struct {
	// contains filtered or unexported fields
}
    NetAddr matches net.Addr with a peer ID
type Peer ¶
type Peer interface {
	// GetPeerID returns the peer ID.
	GetPeerID() ID
	// GetPubKey returns the public key of the peer.
	GetPubKey() crypto.PubKey
	// GetPrivKey returns the private key.
	// This may require an extra lookup operation.
	// Returns ErrNoPrivKey if the private key is unavailable.
	GetPrivKey(ctx context.Context) (crypto.PrivKey, error)
}
    Peer is the common interface for a keypair-based identity.
func GetPeerWithID ¶
func GetPeerWithID( ctx context.Context, b bus.Bus, peerIDConstraint ID, returnIfIdle bool, valDisposeCallback func(), ) (Peer, directive.Instance, directive.Reference, error)
GetPeerWithID gets a peer. If peer ID is empty, selects any peer. valDisposeCallback is called when the value is no longer valid. valDisposeCallback can be nil.
func NewPeer ¶
NewPeer builds a new Peer object with a private key. If privKey is nil, one will be generated.
func NewPeerWithGenerateED25519 ¶ added in v0.24.3
NewPeerWithGenerateED25519 generates an ED25519 key and returns it + the peer.
func NewPeerWithID ¶ added in v0.7.3
NewPeerWithID constructs a new Peer by extracting the pubkey from the ID.
type Signature ¶
type Signature struct {
	// PubKey is the public key of the peer.
	// May be empty if the public key is to be inferred from context.
	PubKey []byte `protobuf:"bytes,1,opt,name=pub_key,json=pubKey,proto3" json:"pubKey,omitempty"`
	// HashType is the hash type used to hash the data.
	// The signature is then of the hash bytes (usually 32).
	HashType hash.HashType `protobuf:"varint,2,opt,name=hash_type,json=hashType,proto3" json:"hashType,omitempty"`
	// SigData contains the signature data.
	// The format is defined by the key type.
	SigData []byte `protobuf:"bytes,3,opt,name=sig_data,json=sigData,proto3" json:"sigData,omitempty"`
	// contains filtered or unexported fields
}
    Signature contains a signature by a peer.
func NewSignature ¶
func NewSignature( encContext string, privKey crypto.PrivKey, hashType hash.HashType, data []byte, inclPubKey bool, ) (*Signature, error)
NewSignature constructs a signature.
encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".
func NewSignatureWithHashedData ¶ added in v0.8.7
func NewSignatureWithHashedData( encContext string, privKey crypto.PrivKey, hashType hash.HashType, hashData []byte, inclPubKey bool, ) (*Signature, error)
NewSignatureWithHashedData builds a new signature with already-hashed data. Skips the hash step.
encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".
func (*Signature) CloneMessageVT ¶ added in v0.15.6
func (m *Signature) CloneMessageVT() protobuf_go_lite.CloneMessage
func (*Signature) EqualMessageVT ¶ added in v0.15.6
func (*Signature) GetHashType ¶
func (*Signature) GetSigData ¶
func (*Signature) MarshalJSON ¶ added in v0.29.0
MarshalJSON marshals the Signature to JSON.
func (*Signature) MarshalProtoJSON ¶ added in v0.29.0
func (x *Signature) MarshalProtoJSON(s *json.MarshalState)
MarshalProtoJSON marshals the Signature message to JSON.
func (*Signature) MarshalProtoText ¶ added in v0.29.2
func (*Signature) MarshalToSizedBufferVT ¶ added in v0.2.0
func (*Signature) MarshalToVT ¶ added in v0.2.0
func (*Signature) ParsePubKey ¶
ParsePubKey parses the incldued public key. Returns nil, nil if the pub key field was not set.
func (*Signature) ProtoMessage ¶
func (*Signature) ProtoMessage()
func (*Signature) UnmarshalJSON ¶ added in v0.29.0
UnmarshalJSON unmarshals the Signature from JSON.
func (*Signature) UnmarshalProtoJSON ¶ added in v0.29.0
func (x *Signature) UnmarshalProtoJSON(s *json.UnmarshalState)
UnmarshalProtoJSON unmarshals the Signature message from JSON.
func (*Signature) UnmarshalVT ¶ added in v0.2.0
func (*Signature) VerifyWithPublic ¶
func (s *Signature) VerifyWithPublic(encContext string, pubKey crypto.PubKey, data []byte) (bool, error)
VerifyWithPublic checks a signature with a public key, hashing the data. Returns ok and any error interpeting the signature.
encContext must match the context used when creating the signature.
type SignedMsg ¶
type SignedMsg struct {
	// FromPeerId is the peer identifier of the sender.
	FromPeerId string `protobuf:"bytes,1,opt,name=from_peer_id,json=fromPeerId,proto3" json:"fromPeerId,omitempty"`
	// Signature is the sender signature.
	// Should not contain PubKey, which is inferred from peer id.
	Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// Data is the signed data.
	Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"`
	// contains filtered or unexported fields
}
    SignedMsg is a message from a peer with a signature.
func NewSignedMsg ¶
func NewSignedMsg( encContext string, privKey crypto.PrivKey, hashType hash.HashType, innerData []byte, ) (*SignedMsg, error)
NewSignedMsg constructs/signs/encodes a new signed message.
encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".
func UnmarshalSignedMsg ¶
UnmarshalSignedMsg parses a signed message.
func (*SignedMsg) CloneMessageVT ¶ added in v0.15.6
func (m *SignedMsg) CloneMessageVT() protobuf_go_lite.CloneMessage
func (*SignedMsg) ComputeMessageID ¶
ComputeMessageID computes a message id for a signed message.
func (*SignedMsg) EqualMessageVT ¶ added in v0.15.6
func (*SignedMsg) ExtractAndVerify ¶
ExtractAndVerify extracts public key & uses it to verify message
encContext must match the context used when creating the signature.
func (*SignedMsg) ExtractPubKey ¶
ExtractPubKey extracts the public key from the peer id.
func (*SignedMsg) GetFromPeerId ¶
func (*SignedMsg) GetSignature ¶
func (*SignedMsg) MarshalJSON ¶ added in v0.29.0
MarshalJSON marshals the SignedMsg to JSON.
func (*SignedMsg) MarshalProtoJSON ¶ added in v0.29.0
func (x *SignedMsg) MarshalProtoJSON(s *json.MarshalState)
MarshalProtoJSON marshals the SignedMsg message to JSON.
func (*SignedMsg) MarshalProtoText ¶ added in v0.29.2
func (*SignedMsg) MarshalToSizedBufferVT ¶ added in v0.2.0
func (*SignedMsg) MarshalToVT ¶ added in v0.2.0
func (*SignedMsg) ParseFromPeerID ¶
ParseFromPeerID unmarshals the peer id.
func (*SignedMsg) ProtoMessage ¶
func (*SignedMsg) ProtoMessage()
func (*SignedMsg) Sign ¶
Sign signs the inner body with the private key. Disallows empty message.
encContext strings must be hardcoded constants, and the recommended format is "[application] [commit timestamp] [purpose]", e.g., "example.com 2019-12-25 16:18:03 session tokens v1".
func (*SignedMsg) UnmarshalJSON ¶ added in v0.29.0
UnmarshalJSON unmarshals the SignedMsg from JSON.
func (*SignedMsg) UnmarshalProtoJSON ¶ added in v0.29.0
func (x *SignedMsg) UnmarshalProtoJSON(s *json.UnmarshalState)
UnmarshalProtoJSON unmarshals the SignedMsg message from JSON.