p2ptls

package
v0.47.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package p2ptls provides TLS identity for bifrost peer authentication.

It generates x509 certificates with an embedded signed public key extension (OID 1.3.6.1.4.1.53594.1.1) that cryptographically ties the TLS certificate to a bifrost peer identity. Wire-compatible with go-libp2p's TLS handshake.

Loosely based on the go-libp2p TLS implementation, covered under the MIT license: https://github.com/libp2p/go-libp2p/tree/master/p2p/security/tls Original reference commit: github.com/aperturerobotics/go-libp2p@5cfbb50b74e0

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateSignedExtension 

func GenerateSignedExtension(sk crypto.PrivKey, pubKey gocrypto.PublicKey) (pkix.Extension, error)

GenerateSignedExtension uses the provided private key to sign the public key, and returns the signature within a pkix.Extension. This extension is included in a certificate to cryptographically tie it to the bifrost private key.

func PubKeyFromCertChain 

func PubKeyFromCertChain(chain []*x509.Certificate) (crypto.PubKey, error)

PubKeyFromCertChain verifies the certificate chain and extracts the remote's public key.

Types

type Identity 

type Identity struct {
	// contains filtered or unexported fields
}

Identity is used to secure connections with TLS.

func NewIdentity 

func NewIdentity(privKey crypto.PrivKey, opts ...IdentityOption) (*Identity, error)

NewIdentity creates a new TLS identity from a bifrost private key.

func (*Identity) ConfigForPeer 

func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan crypto.PubKey)

ConfigForPeer creates a new single-use tls.Config that verifies the peer's certificate chain and returns the peer's public key via the channel. If the peer ID is empty, the returned config will accept any peer.

type IdentityConfig 

type IdentityConfig struct {
	CertTemplate *x509.Certificate
	KeyLogWriter io.Writer
}

IdentityConfig is used to configure an Identity.

type IdentityOption 

type IdentityOption func(r *IdentityConfig)

IdentityOption transforms an IdentityConfig to apply optional settings.

func WithCertTemplate 

func WithCertTemplate(template *x509.Certificate) IdentityOption

WithCertTemplate specifies the template to use when generating a new certificate.

func WithKeyLogWriter 

func WithKeyLogWriter(w io.Writer) IdentityOption

WithKeyLogWriter optionally specifies a destination for TLS master secrets in NSS key log format that can be used to allow external programs such as Wireshark to decrypt TLS connections.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.