dialer

package
v1.23.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: BSD-3-Clause Imports: 25 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	AnnounceDestLen      = endpoints.RNSDestinationLen // 16 bytes
	AnnounceEd25519Len   = 32
	AnnounceX25519Len    = 32
	AnnounceAppDataLenSz = 2
	AnnounceSigLen       = 64
	AnnounceHopsLen      = 1
	AnnounceTimestampLen = 8

	// AnnounceMinSize is minimum wire size without app data.
	AnnounceMinSize = AnnounceDestLen + AnnounceEd25519Len + AnnounceX25519Len +
		AnnounceAppDataLenSz + AnnounceSigLen + AnnounceHopsLen + AnnounceTimestampLen

	// AnnounceMaxAppData limits application data size.
	AnnounceMaxAppData = 1024

	// DefaultAnnounceInterval between periodic announcements.
	DefaultAnnounceInterval = 5 * time.Minute
	// DefaultAnnounceExpiry is how long announcements remain valid.
	DefaultAnnounceExpiry = 30 * time.Minute
	// DefaultMaxHops limits propagation depth.
	DefaultMaxHops = 16
	// DefaultDestTableSize is LRU cache capacity.
	DefaultDestTableSize = 10000
)

Wire format constants for RNS announcements. Format: [16 dest][32 ed25519][32 x25519][2 applen][appdata][64 sig][1 hops][8 timestamp]

View Source 
const (

	// Message types (TLS 1.3-like wire format)
	MsgTypeLinkRequest  = 0x01
	MsgTypeLinkAccept   = 0x02
	MsgTypeLinkProof    = 0x03
	MsgTypeLinkComplete = 0x04
	MsgTypeData         = 0x05
	MsgTypeKeyExchange  = 0x06
)

Variables

View Source 
var (
	// ErrRNSNotConfigured is returned when dialing an RNS endpoint without an RNS transport.
	ErrRNSNotConfigured = errors.New("RNS transport not configured")
	// ErrRNSDialFailed is returned when the RNS transport fails to establish a link.
	ErrRNSDialFailed = errors.New("RNS dial failed")
)
View Source 
var (
	ErrAnnounceInvalidSize      = errors.New("announce: invalid wire size")
	ErrAnnounceInvalidSignature = errors.New("announce: invalid signature")
	ErrAnnounceExpired          = errors.New("announce: expired")
	ErrAnnounceMaxHops          = errors.New("announce: max hops exceeded")
	ErrAnnounceDestMismatch     = errors.New("announce: destination mismatch")
	ErrAnnounceAppDataTooLarge  = errors.New("announce: app data too large")
	ErrAnnounceFutureTimestamp  = errors.New("announce: timestamp in future")
	ErrAnnounceNoIdentity       = errors.New("announce: identity not set")
	ErrDestinationUnknown       = errors.New("destination unknown")
)

Announce errors.

View Source 
var (
	// ErrInvalidIdentity is returned when identity data is malformed.
	ErrInvalidIdentity = errors.New("invalid RNS identity")
	// ErrInvalidSignature is returned when signature verification fails.
	ErrInvalidSignature = errors.New("invalid signature")
	// ErrDecryptionFailed is returned when decryption fails.
	ErrDecryptionFailed = errors.New("decryption failed")
)
View Source 
var (
	// ErrHybridSignatureInvalid is returned when either signature component fails.
	ErrHybridSignatureInvalid = errors.New("hybrid signature verification failed")
	// ErrHybridDecapsulationFailed is returned when key decapsulation fails.
	ErrHybridDecapsulationFailed = errors.New("hybrid decapsulation failed")
	// ErrInvalidHybridIdentity is returned when hybrid identity data is malformed.
	ErrInvalidHybridIdentity = errors.New("invalid hybrid identity")
)
View Source 
var (
	ErrLinkHandshakeFailed = errors.New("RNS link handshake failed")
	ErrLinkIntegrityFailed = errors.New("RNS link integrity check failed")
	ErrLinkKeyExchange     = errors.New("RNS link key exchange failed")
)
View Source 
var (
	// ErrRNSLinkClosed is returned when operating on a closed RNS link.
	ErrRNSLinkClosed = errors.New("RNS link closed")
	// ErrRNSTimeout is returned when an RNS operation times out.
	ErrRNSTimeout = errors.New("RNS operation timed out")
)

Functions

func DestinationFromPublicKeys added in v1.23.5 

func DestinationFromPublicKeys(edPublicKey, xPublicKey []byte) ([endpoints.RNSDestinationLen]byte, error)

DestinationFromPublicKeys computes the destination hash from public keys. This is useful for computing destinations without creating full identity objects.

func VerifyWithPubKey added in v1.23.5 

func VerifyWithPubKey(publicKey, message, signature []byte) bool

VerifyWithPubKey is an alias for VerifyWithPublicKey. Used by the RNS link protocol.

func VerifyWithPublicKey added in v1.23.5 

func VerifyWithPublicKey(publicKey, message, signature []byte) bool

VerifyWithPublicKey verifies a signature using an external public key. This is a static method for verifying signatures from other identities.

Types

type Announce added in v1.23.5 

type Announce struct {
	Destination   [AnnounceDestLen]byte
	Ed25519PubKey [AnnounceEd25519Len]byte
	X25519PubKey  [AnnounceX25519Len]byte
	AppData       []byte
	Signature     [AnnounceSigLen]byte
	Hops          uint8
	Timestamp     int64 // Unix milliseconds
}

Announce represents a Reticulum destination announcement.

func UnmarshalAnnounce added in v1.23.5 

func UnmarshalAnnounce(data []byte) (*Announce, error)

UnmarshalAnnounce deserializes from wire format.

func (*Announce) Marshal added in v1.23.5 

func (a *Announce) Marshal() []byte

Marshal serializes to wire format.

func (*Announce) Sign added in v1.23.5 

func (a *Announce) Sign(priv ed25519.PrivateKey)

Sign signs the announcement with an Ed25519 private key.

func (*Announce) SignableBytes added in v1.23.5 

func (a *Announce) SignableBytes() []byte

SignableBytes returns bytes covered by the signature.

func (*Announce) Verify added in v1.23.5 

func (a *Announce) Verify() bool

Verify checks the signature against the embedded public key.

func (*Announce) VerifyDestination added in v1.23.5 

func (a *Announce) VerifyDestination() bool

VerifyDestination checks destination matches the public keys.

type AnnounceEntry added in v1.23.5 

type AnnounceEntry struct {
	Destination   [endpoints.RNSDestinationLen]byte
	SigningKey    ed25519.PublicKey
	ExchangeKey   [32]byte
	TransportAddr netip.AddrPort
	LastSeen      time.Time
	ExpiresAt     time.Time
	Hops          uint8
}

AnnounceEntry contains information about a known destination.

type AnnounceHandler added in v1.23.5 

type AnnounceHandler interface {
	OnAnnounce(announce *Announce) error
}

AnnounceHandler receives validated announcements.

type AnnounceHandlerFunc added in v1.23.5 

type AnnounceHandlerFunc func(*Announce) error

AnnounceHandlerFunc adapts a function to AnnounceHandler.

func (AnnounceHandlerFunc) OnAnnounce added in v1.23.5 

func (f AnnounceHandlerFunc) OnAnnounce(a *Announce) error

type Announcer added in v1.23.5 

type Announcer struct {
	// contains filtered or unexported fields
}

Announcer manages announcement creation, validation, and propagation.

func NewAnnouncer added in v1.23.5 

func NewAnnouncer(config AnnouncerConfig, logger log.Logger) *Announcer

NewAnnouncer creates an Announcer.

func (*Announcer) AddHandler added in v1.23.5 

func (a *Announcer) AddHandler(h AnnounceHandler)

AddHandler registers a handler for received announcements.

func (*Announcer) CreateAnnounce added in v1.23.5 

func (a *Announcer) CreateAnnounce() (*Announce, error)

CreateAnnounce creates a signed announcement for our identity.

func (*Announcer) DestTable added in v1.23.5 

func (a *Announcer) DestTable() *DestTable

DestTable returns the underlying destination table.

func (*Announcer) HandleReceived added in v1.23.5 

func (a *Announcer) HandleReceived(data []byte) (*Announce, error)

HandleReceived processes a received announcement. Returns the announcement for forwarding (with hops incremented) or nil.

func (*Announcer) Lookup added in v1.23.5 

func (a *Announcer) Lookup(dest [AnnounceDestLen]byte) *Announce

Lookup returns the announcement for a destination.

func (*Announcer) SetBroadcastFunc added in v1.23.5 

func (a *Announcer) SetBroadcastFunc(fn func(*Announce) error)

SetBroadcastFunc sets the function to broadcast announcements.

func (*Announcer) SetIdentity added in v1.23.5 

func (a *Announcer) SetIdentity(identity *RNSIdentity, appData []byte)

SetIdentity sets the identity for signing announcements.

func (*Announcer) Start added in v1.23.5 

func (a *Announcer) Start()

Start begins periodic announcement broadcasting.

func (*Announcer) Stop added in v1.23.5 

func (a *Announcer) Stop()

Stop halts periodic announcements.

func (*Announcer) Validate added in v1.23.5 

func (a *Announcer) Validate(ann *Announce) error

Validate checks an announcement for validity.

type AnnouncerConfig added in v1.23.5 

type AnnouncerConfig struct {
	AnnounceInterval time.Duration
	AnnounceExpiry   time.Duration
	MaxHops          uint8
	DestTableSize    int
	ClockSkew        time.Duration
}

AnnouncerConfig configures the Announcer.

func DefaultAnnouncerConfig added in v1.23.5 

func DefaultAnnouncerConfig() AnnouncerConfig

DefaultAnnouncerConfig returns defaults.

type Config 

type Config struct {
	ThrottleRps       uint32        `json:"throttleRps"`
	ConnectionTimeout time.Duration `json:"connectionTimeout"`
}

type DNSCacheConfig added in v1.22.84 

type DNSCacheConfig struct {
	// TTL is how long resolved IPs are cached.
	TTL time.Duration `json:"ttl"`
	// MaxEntries is the maximum number of cached resolutions.
	MaxEntries int `json:"maxEntries"`
	// ResolveTimeout is the timeout for DNS resolution.
	ResolveTimeout time.Duration `json:"resolveTimeout"`
}

DNSCacheConfig configures the DNS resolution cache.

func DefaultDNSCacheConfig added in v1.22.84 

func DefaultDNSCacheConfig() DNSCacheConfig

DefaultDNSCacheConfig returns sensible defaults for DNS caching.

type DestTable added in v1.23.5 

type DestTable struct {
	// contains filtered or unexported fields
}

DestTable tracks destinations with LRU eviction and expiry.

func NewDestTable added in v1.23.5 

func NewDestTable(maxSize int, expiry time.Duration) *DestTable

NewDestTable creates a destination table.

func (*DestTable) All added in v1.23.5 

func (t *DestTable) All() []*Announce

All returns all non-expired announcements.

func (*DestTable) Get added in v1.23.5 

func (t *DestTable) Get(dest [AnnounceDestLen]byte) *Announce

Get retrieves an announcement by destination.

func (*DestTable) Len added in v1.23.5 

func (t *DestTable) Len() int

Len returns entry count.

func (*DestTable) Prune added in v1.23.5 

func (t *DestTable) Prune() int

Prune removes expired entries. Returns count pruned.

func (*DestTable) Put added in v1.23.5 

func (t *DestTable) Put(a *Announce) bool

Put stores an announcement. Returns true if newer than existing.

func (*DestTable) Remove added in v1.23.5 

func (t *DestTable) Remove(dest [AnnounceDestLen]byte)

Remove deletes a destination.

type Dialer 

type Dialer interface {
	// If [ctx] is canceled, gives up trying to connect to [ip]
	// and returns an error.
	Dial(ctx context.Context, ip netip.AddrPort) (net.Conn, error)
}

Dialer attempts to create a connection with the provided IP/port pair

func NewDialer 

func NewDialer(network string, dialerConfig Config, logger log.Logger) Dialer

NewDialer returns a new Dialer that calls net.Dial with the provided network. [network] is the network passed into Dial. Should probably be "TCP". [dialerConfig.connectionTimeout] gives the timeout when dialing an IP. [dialerConfig.throttleRps] gives the max number of outgoing connection attempts/second. If [dialerConfig.throttleRps] == 0, outgoing connections aren't rate-limited.

type EndpointDialer added in v1.22.84 

type EndpointDialer interface {
	// DialEndpoint dials an endpoint (IP, hostname, or RNS).
	DialEndpoint(ctx context.Context, endpoint endpoints.Endpoint) (net.Conn, error)

	// Dial is the legacy IP-only dial method for backward compatibility.
	Dial(ctx context.Context, ip netip.AddrPort) (net.Conn, error)
}

EndpointDialer attempts to create a connection with IP:port, hostname:port, or RNS destination.

func NewEndpointDialer added in v1.22.84 

func NewEndpointDialer(network string, config EndpointDialerConfig, logger log.Logger) EndpointDialer

NewEndpointDialer creates a dialer that supports IP, hostname, and RNS endpoints.

type EndpointDialerConfig added in v1.22.84 

type EndpointDialerConfig struct {
	Config
	DNSConfig    DNSCacheConfig `json:"dnsConfig"`
	RNSTransport RNSTransport   `json:"-"` // Optional RNS transport (not serialized)
}

EndpointDialerConfig extends Config with DNS and RNS settings.

type HybridIdentity added in v1.23.5 

type HybridIdentity struct {
	// contains filtered or unexported fields
}

HybridIdentity represents a post-quantum hybrid RNS identity. It combines classical (Ed25519/X25519) and post-quantum (ML-DSA-65/ML-KEM-768) algorithms for TLS 1.3-like hybrid security.

func LoadHybridIdentity added in v1.23.5 

func LoadHybridIdentity(path string) (*HybridIdentity, error)

LoadHybridIdentity loads a hybrid identity from a file. Note: The hybrid KEM keys are regenerated since the kem package doesn't expose PrivateKeyFromBytes. This means loaded identities get new KEM keys. For production use, consider adding key deserialization to the kem package.

func LoadOrGenerateHybridIdentity added in v1.23.5 

func LoadOrGenerateHybridIdentity(path string) (*HybridIdentity, error)

LoadOrGenerateHybridIdentity loads or generates a hybrid identity.

func NewHybridIdentity added in v1.23.5 

func NewHybridIdentity() (*HybridIdentity, error)

NewHybridIdentity generates a new random hybrid identity.

func (*HybridIdentity) Close added in v1.23.5 

func (id *HybridIdentity) Close() error

Close clears sensitive key material from memory.

func (*HybridIdentity) Destination added in v1.23.5 

func (id *HybridIdentity) Destination() [endpoints.RNSDestinationLen]byte

Destination returns the 128-bit destination hash.

func (*HybridIdentity) Hash added in v1.23.5 

func (id *HybridIdentity) Hash() [endpoints.RNSDestinationLen]byte

Hash returns the identity hash (alias for Destination).

func (*HybridIdentity) HybridDecapsulate added in v1.23.5 

func (id *HybridIdentity) HybridDecapsulate(ciphertext []byte) ([]byte, error)

HybridDecapsulate recovers the shared secret from hybrid ciphertext.

func (*HybridIdentity) HybridEncapsulate added in v1.23.5 

func (id *HybridIdentity) HybridEncapsulate(recipientPub *HybridPublicIdentity) ([]byte, []byte, error)

HybridEncapsulate performs hybrid key encapsulation using X25519 + ML-KEM-768. Returns (ciphertext, sharedSecret) where sharedSecret is derived via HKDF from both classical and post-quantum secrets.

func (*HybridIdentity) HybridKEMPublicKey added in v1.23.5 

func (id *HybridIdentity) HybridKEMPublicKey() []byte

HybridKEMPublicKey returns the hybrid KEM (X25519 + ML-KEM-768) public key.

func (*HybridIdentity) IsHybrid added in v1.23.5 

func (id *HybridIdentity) IsHybrid() bool

IsHybrid returns true, indicating this is a hybrid identity.

func (*HybridIdentity) MLDSAPublicKey added in v1.23.5 

func (id *HybridIdentity) MLDSAPublicKey() []byte

MLDSAPublicKey returns the ML-DSA-65 public key.

func (*HybridIdentity) PublicIdentity added in v1.23.5 

func (id *HybridIdentity) PublicIdentity() (*HybridPublicIdentity, error)

PublicIdentity returns the public portion of this identity.

func (*HybridIdentity) Save added in v1.23.5 

func (id *HybridIdentity) Save(path string) error

Save persists the hybrid identity to a file. Format: Magic(4) || Version(4) || Ed25519Seed(32) || MLDSAPriv(~4032) || HybridKEMPriv(X25519+MLKEM)

func (*HybridIdentity) Sign added in v1.23.5 

func (id *HybridIdentity) Sign(message []byte) ([]byte, error)

Sign creates a hybrid signature (Ed25519 || ML-DSA-65). Both signatures must verify for the hybrid signature to be valid.

func (*HybridIdentity) SignEd25519 added in v1.23.5 

func (id *HybridIdentity) SignEd25519(message []byte) []byte

SignEd25519 signs a message with Ed25519 only (for backward compatibility).

func (*HybridIdentity) SignMLDSA added in v1.23.5 

func (id *HybridIdentity) SignMLDSA(message []byte) ([]byte, error)

SignMLDSA signs a message with ML-DSA-65 only.

func (*HybridIdentity) SigningPublicKey added in v1.23.5 

func (id *HybridIdentity) SigningPublicKey() []byte

SigningPublicKey returns the Ed25519 public key.

func (*HybridIdentity) ToClassicalIdentity added in v1.23.5 

func (id *HybridIdentity) ToClassicalIdentity() (*RNSIdentity, error)

ToClassicalIdentity extracts the classical (Ed25519/X25519) portion for backward compatibility with legacy peers.

func (*HybridIdentity) Verify added in v1.23.5 

func (id *HybridIdentity) Verify(message, signature []byte) bool

Verify checks a hybrid signature using AND logic. Both the Ed25519 and ML-DSA-65 signatures must verify.

func (*HybridIdentity) X25519PublicKey added in v1.23.5 

func (id *HybridIdentity) X25519PublicKey() [x25519KeySize]byte

X25519PublicKey returns the X25519 public key.

type HybridPublicIdentity added in v1.23.5 

type HybridPublicIdentity struct {
	// contains filtered or unexported fields
}

HybridPublicIdentity represents the public portion of a hybrid identity. Used for verifying signatures and encapsulating secrets to remote peers.

func NewHybridPublicIdentity added in v1.23.5 

func NewHybridPublicIdentity(
	edPubKey, xPubKey []byte,
	mldsaPubKey *mldsa.PublicKey,
	hybridKEMPubKey kem.PublicKey,
) (*HybridPublicIdentity, error)

NewHybridPublicIdentity creates a public identity from raw public keys.

func UnmarshalHybridPublicIdentity added in v1.23.5 

func UnmarshalHybridPublicIdentity(data []byte) (*HybridPublicIdentity, error)

UnmarshalHybridPublicIdentity deserializes a hybrid public identity.

func (*HybridPublicIdentity) Destination added in v1.23.5 

func (pub *HybridPublicIdentity) Destination() [endpoints.RNSDestinationLen]byte

Destination returns the 128-bit destination hash.

func (*HybridPublicIdentity) HybridKEMPublicKey added in v1.23.5 

func (pub *HybridPublicIdentity) HybridKEMPublicKey() []byte

HybridKEMPublicKey returns the hybrid KEM (X25519 + ML-KEM-768) public key.

func (*HybridPublicIdentity) MLDSAPublicKey added in v1.23.5 

func (pub *HybridPublicIdentity) MLDSAPublicKey() []byte

MLDSAPublicKey returns the ML-DSA-65 public key.

func (*HybridPublicIdentity) MarshalBinary added in v1.23.5 

func (pub *HybridPublicIdentity) MarshalBinary() ([]byte, error)

MarshalBinary serializes the hybrid public identity. Format: Ed25519Pub(32) || X25519Pub(32) || MLDSAPub(~1952) || HybridKEMPub(X25519+MLKEM)

func (*HybridPublicIdentity) SigningPublicKey added in v1.23.5 

func (pub *HybridPublicIdentity) SigningPublicKey() []byte

SigningPublicKey returns the Ed25519 public key.

func (*HybridPublicIdentity) Verify added in v1.23.5 

func (pub *HybridPublicIdentity) Verify(message, signature []byte) bool

Verify checks a hybrid signature using AND logic.

func (*HybridPublicIdentity) X25519PublicKey added in v1.23.5 

func (pub *HybridPublicIdentity) X25519PublicKey() [x25519KeySize]byte

X25519PublicKey returns the X25519 public key.

type PublicIdentity added in v1.23.5 

type PublicIdentity struct {
	// contains filtered or unexported fields
}

PublicIdentity represents a read-only identity from public keys. This is used to verify signatures and encrypt messages to a remote identity.

func NewPublicIdentity added in v1.23.5 

func NewPublicIdentity(edPublicKey, xPublicKey []byte) (*PublicIdentity, error)

NewPublicIdentity creates a public identity from Ed25519 and X25519 public keys.

func UnmarshalPublicIdentity added in v1.23.5 

func UnmarshalPublicIdentity(data []byte) (*PublicIdentity, error)

UnmarshalPublicIdentity deserializes a public identity from bytes.

func (*PublicIdentity) Destination added in v1.23.5 

func (pi *PublicIdentity) Destination() [endpoints.RNSDestinationLen]byte

Destination returns the 128-bit destination hash.

func (*PublicIdentity) EncryptionPublicKey added in v1.23.5 

func (pi *PublicIdentity) EncryptionPublicKey() []byte

EncryptionPublicKey returns the X25519 public key.

func (*PublicIdentity) MarshalBinary added in v1.23.5 

func (pi *PublicIdentity) MarshalBinary() ([]byte, error)

MarshalBinary serializes the public identity to bytes. Format: edPublicKey (32) || xPublicKey (32) = 64 bytes

func (*PublicIdentity) PublicKey added in v1.23.5 

func (pi *PublicIdentity) PublicKey() []byte

PublicKey returns the Ed25519 public key.

func (*PublicIdentity) Verify added in v1.23.5 

func (pi *PublicIdentity) Verify(message, signature []byte) bool

Verify checks an Ed25519 signature against this identity's public key.

type RNSAnnouncer added in v1.23.5 

type RNSAnnouncer struct {
	*Announcer
	// contains filtered or unexported fields
}

RNSAnnouncer wraps Announcer with the interface expected by rns_transport.go.

func NewRNSAnnouncer added in v1.23.5 

func NewRNSAnnouncer(identity *RNSIdentity, config RNSAnnouncerConfig, loggers ...log.Logger) *RNSAnnouncer

NewRNSAnnouncer creates an RNS announcer wrapping an identity. The logger parameter is optional for backwards compatibility.

func (*RNSAnnouncer) AddEntry added in v1.23.5 

func (a *RNSAnnouncer) AddEntry(entry *AnnounceEntry)

AddEntry manually adds an entry to the table.

func (*RNSAnnouncer) Announce added in v1.23.5 

func (a *RNSAnnouncer) Announce() error

Announce broadcasts our destination to the network.

func (*RNSAnnouncer) GetTable added in v1.23.5 

func (a *RNSAnnouncer) GetTable() map[[endpoints.RNSDestinationLen]byte]*AnnounceEntry

GetTable returns a copy of the destination table (for rns_transport.go).

func (*RNSAnnouncer) Lookup added in v1.23.5 

func (a *RNSAnnouncer) Lookup(dest [endpoints.RNSDestinationLen]byte) *Announce

Lookup returns the underlying Announce for a destination (for rns_transport.go). Returns nil if destination is unknown.

func (*RNSAnnouncer) LookupEntry added in v1.23.5 

func (a *RNSAnnouncer) LookupEntry(dest [endpoints.RNSDestinationLen]byte) (*AnnounceEntry, error)

LookupEntry returns the entry for a destination with error handling.

func (*RNSAnnouncer) ProcessAnnouncement added in v1.23.5 

func (a *RNSAnnouncer) ProcessAnnouncement(packet []byte, transportAddr netip.AddrPort) error

ProcessAnnouncement processes a received announcement packet.

func (*RNSAnnouncer) RegisterHandler added in v1.23.5 

func (a *RNSAnnouncer) RegisterHandler(handler interface{})

RegisterHandler adds a handler (legacy interface for rns_transport.go).

func (*RNSAnnouncer) Size added in v1.23.5 

func (a *RNSAnnouncer) Size() int

Size returns the number of known destinations.

func (*RNSAnnouncer) Start added in v1.23.5 

func (a *RNSAnnouncer) Start() error

Start begins announcing and listening for announcements.

type RNSAnnouncerConfig added in v1.23.5 

type RNSAnnouncerConfig struct {
	AnnounceInterval time.Duration
	GatewayAddr      string
	ListenAddr       string
}

RNSAnnouncerConfig configures the RNS announcer.

func DefaultRNSAnnouncerConfig added in v1.23.5 

func DefaultRNSAnnouncerConfig() RNSAnnouncerConfig

DefaultRNSAnnouncerConfig returns defaults.

type RNSConfig added in v1.23.5 

type RNSConfig struct {
	// ConfigPath is the path to the Reticulum config directory.
	// If empty, uses default ~/.reticulum/
	ConfigPath string `json:"configPath"`

	// IdentityPath is where to store/load the RNS identity.
	// If empty, defaults to ConfigPath/identity
	IdentityPath string `json:"identityPath"`

	// GatewayAddr is an optional RNS gateway for initial connectivity.
	// Format: "host:port"
	GatewayAddr string `json:"gatewayAddr"`

	// AnnounceInterval is how often to re-announce our destination.
	AnnounceInterval time.Duration `json:"announceInterval"`

	// Interfaces configures which RNS interfaces to use.
	// Examples: "AutoInterface", "TCPClientInterface", "LoRaInterface"
	Interfaces []string `json:"interfaces"`

	// LinkTimeout is the timeout for establishing RNS links.
	LinkTimeout time.Duration `json:"linkTimeout"`

	// Enabled controls whether RNS transport is active.
	Enabled bool `json:"enabled"`
}

RNSConfig configures the Reticulum Network Stack transport.

func DefaultRNSConfig added in v1.23.5 

func DefaultRNSConfig() RNSConfig

DefaultRNSConfig returns sensible defaults for RNS transport.

type RNSIdentity added in v1.23.5 

type RNSIdentity struct {
	// contains filtered or unexported fields
}

RNSIdentity represents a Reticulum Network Stack identity. It consists of an Ed25519 keypair for signing and an X25519 keypair for encryption. The destination hash is derived from the public keys.

func LoadOrGenerateIdentity added in v1.23.5 

func LoadOrGenerateIdentity(path string) (*RNSIdentity, error)

LoadOrGenerateIdentity loads an identity from file or generates a new one. If the file does not exist, a new identity is generated and saved. If path is empty, a new ephemeral identity is generated (not saved).

func LoadRNSIdentity added in v1.23.5 

func LoadRNSIdentity(path string) (*RNSIdentity, error)

LoadRNSIdentity loads an identity from a file.

func NewRNSIdentity added in v1.23.5 

func NewRNSIdentity() (*RNSIdentity, error)

NewRNSIdentity generates a new random RNS identity.

func (*RNSIdentity) Close added in v1.23.5 

func (id *RNSIdentity) Close() error

Close clears sensitive key material from memory. This should be called when the identity is no longer needed.

func (*RNSIdentity) Decrypt added in v1.23.5 

func (id *RNSIdentity) Decrypt(ephemeralPublicKey []byte) (sharedSecret []byte, err error)

Decrypt recovers the shared secret from an ephemeral public key. The sender should have used Encrypt() to generate the ephemeral key.

func (*RNSIdentity) Destination added in v1.23.5 

func (id *RNSIdentity) Destination() [endpoints.RNSDestinationLen]byte

Destination returns the 128-bit destination hash. This uniquely identifies the identity on the Reticulum network.

func (*RNSIdentity) Encrypt added in v1.23.5 

func (id *RNSIdentity) Encrypt(recipientXPublicKey []byte) (ephemeralPub []byte, sharedSecret []byte, err error)

Encrypt performs X25519 key exchange with the recipient's public key and returns the ephemeral public key and shared secret. The caller should use the shared secret with an AEAD cipher.

func (*RNSIdentity) EncryptionPublicKey added in v1.23.5 

func (id *RNSIdentity) EncryptionPublicKey() []byte

EncryptionPublicKey returns the X25519 public key (32 bytes).

func (*RNSIdentity) Hash added in v1.23.5 

func (id *RNSIdentity) Hash() [endpoints.RNSDestinationLen]byte

Hash returns the identity hash (alias for Destination). Used by the RNS link protocol.

func (*RNSIdentity) PublicKey added in v1.23.5 

func (id *RNSIdentity) PublicKey() []byte

PublicKey returns the Ed25519 public key (32 bytes).

func (*RNSIdentity) Save added in v1.23.5 

func (id *RNSIdentity) Save(path string) error

Save persists the identity to a file. Only the seed is stored; keys are derived on load.

func (*RNSIdentity) Sign added in v1.23.5 

func (id *RNSIdentity) Sign(message []byte) []byte

Sign creates an Ed25519 signature over the message.

func (*RNSIdentity) SigningPublicKey added in v1.23.5 

func (id *RNSIdentity) SigningPublicKey() []byte

SigningPublicKey returns the Ed25519 public key as a slice. Used for signature verification in handshakes.

func (*RNSIdentity) Verify added in v1.23.5 

func (id *RNSIdentity) Verify(message, signature []byte) bool

Verify checks an Ed25519 signature against this identity's public key.

func (*RNSIdentity) X25519Exchange added in v1.23.5 

func (id *RNSIdentity) X25519Exchange(peerPublicKey [x25519KeySize]byte) ([x25519KeySize]byte, error)

X25519Exchange performs ECDH key exchange with the peer's X25519 public key. Returns a 32-byte shared secret.

func (*RNSIdentity) X25519PublicKey added in v1.23.5 

func (id *RNSIdentity) X25519PublicKey() [x25519KeySize]byte

X25519PublicKey returns the X25519 public key as a fixed-size array. Used for key exchange in handshakes. 

type RNSLink struct {
	// contains filtered or unexported fields
}

RNSLink represents an encrypted bidirectional link between two RNS identities. Supports both classical (X25519-only) and hybrid (X25519 + ML-KEM-768) modes. 

func NewHybridRNSLink(conn net.Conn, identity *HybridIdentity) *RNSLink

NewHybridRNSLink creates a new link over an existing connection using hybrid identity. 

func NewRNSLink(conn net.Conn, identity *RNSIdentity) *RNSLink

NewRNSLink creates a new link over an existing connection using classical identity.

func (*RNSLink) Close added in v1.23.5 

func (l *RNSLink) Close() error

Close closes the link.

func (*RNSLink) Handshake added in v1.23.5 

func (l *RNSLink) Handshake(initiator bool, peerDestination [endpoints.RNSDestinationLen]byte) error

Handshake performs the link establishment handshake. If initiator is true, we initiate the handshake (client side). Automatically negotiates hybrid mode if both peers support it.

func (*RNSLink) IsEstablished added in v1.23.5 

func (l *RNSLink) IsEstablished() bool

IsEstablished returns true if the link handshake is complete.

func (*RNSLink) IsHybrid added in v1.23.5 

func (l *RNSLink) IsHybrid() bool

IsHybrid returns true if this link was established using hybrid cryptography.

func (*RNSLink) LocalAddr added in v1.23.5 

func (l *RNSLink) LocalAddr() net.Addr

LocalAddr returns the local address.

func (*RNSLink) PeerDestination added in v1.23.5 

func (l *RNSLink) PeerDestination() [endpoints.RNSDestinationLen]byte

PeerDestination returns the peer's destination hash.

func (*RNSLink) PeerIdentity added in v1.23.5 

func (l *RNSLink) PeerIdentity() *HybridPublicIdentity

PeerIdentity returns the peer's hybrid public identity if available. Returns nil if the peer is using classical-only cryptography.

func (*RNSLink) Read added in v1.23.5 

func (l *RNSLink) Read(b []byte) (int, error)

Read reads decrypted data from the link.

func (*RNSLink) RemoteAddr added in v1.23.5 

func (l *RNSLink) RemoteAddr() net.Addr

RemoteAddr returns the remote address.

func (*RNSLink) SetDeadline added in v1.23.5 

func (l *RNSLink) SetDeadline(t time.Time) error

SetDeadline sets both read and write deadlines.

func (*RNSLink) SetReadDeadline added in v1.23.5 

func (l *RNSLink) SetReadDeadline(t time.Time) error

SetReadDeadline sets the read deadline.

func (*RNSLink) SetWriteDeadline added in v1.23.5 

func (l *RNSLink) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the write deadline.

func (*RNSLink) Write added in v1.23.5 

func (l *RNSLink) Write(b []byte) (int, error)

Write writes encrypted data to the link.

type RNSTransport added in v1.23.5 

type RNSTransport interface {
	// Dial establishes a link to an RNS destination and returns it as net.Conn.
	Dial(ctx context.Context, destination [endpoints.RNSDestinationLen]byte) (net.Conn, error)

	// Available returns true if RNS transport is ready to use.
	Available() bool

	// Close shuts down the RNS transport.
	Close() error
}

RNSTransport provides connectivity over Reticulum Network Stack. Implementations wrap RNS Links as net.Conn interfaces.

func NewRNSTransport added in v1.23.5 

func NewRNSTransport(config RNSConfig, logger log.Logger) RNSTransport

NewRNSTransport creates an RNS transport with the given configuration. The transport must be started with Start() before use.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.