ndncert

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2025 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const AeadSizeNonce = 12
View Source 
const AeadSizeRand = 8
View Source 
const AeadSizeTag = 16
View Source 
const KwCode = "code"
View Source 
const KwEmail = "email"

Keywords

View Source 
const KwPin = "pin"

Variables

View Source 
var ErrChallengeBefore = errors.New("challenge before request")

Challenge Errors

View Source 
var ErrChallengeFailed = errors.New("challenge failed")
View Source 
var ErrChallengePending = errors.New("challenge pending")
View Source 
var ErrChallengeStatusUnknown = errors.New("unknown challenge status")
View Source 
var ErrNoKeySuggestions = errors.New("no key suggestions")

Functions

func AeadDecrypt 

func AeadDecrypt(
	key [AeadSizeTag]byte,
	message AeadMessage,
	info []byte,
) ([]byte, error)

func EcdhHkdf 

func EcdhHkdf(skey *ecdh.PrivateKey, pkey []byte, salt []byte, info []byte) ([]byte, error)

EcdhHkdf computes a shared secret using ECDH and HKDF.

func EcdhKeygen 

func EcdhKeygen() (*ecdh.PrivateKey, error)

EcdhKeygen generates an ECDH key pair.

func IsError 

func IsError(wire enc.Wire) error

IsError checks if a packet contains an NDNCERT error.

Types

type AeadCounter 

type AeadCounter struct {
	// contains filtered or unexported fields
}

func NewAeadCounter 

func NewAeadCounter() *AeadCounter

type AeadMessage 

type AeadMessage struct {
	IV         [AeadSizeNonce]byte
	AuthTag    [AeadSizeTag]byte
	CipherText []byte
}

func AeadEncrypt 

func AeadEncrypt(
	key [AeadSizeTag]byte,
	plaintext []byte,
	info []byte,
	counter *AeadCounter,
) (*AeadMessage, error)

func (*AeadMessage) FromTLV 

func (m *AeadMessage) FromTLV(t *tlv.CipherMsg)

func (*AeadMessage) TLV 

func (m *AeadMessage) TLV() *tlv.CipherMsg

type Challenge 

type Challenge interface {
	// Name returns the name of the challenge.
	Name() string

	// Request gets the params of the challenge request.
	// The input provides the params of the previous challenge response.
	// Input is nil for the initial request.
	// Status is for the previous challenge response.
	Request(input ParamMap, status optional.Optional[string]) (ParamMap, error)
}

Challenge is the interface for an NDNCERT challenge.

type ChallengeEmail 

type ChallengeEmail struct {
	// Email address to send the challenge to.
	Email string
	// Callback to get the code from the user.
	CodeCallback func(status string) string
}

func (*ChallengeEmail) Name 

func (*ChallengeEmail) Name() string

func (*ChallengeEmail) Request 

func (c *ChallengeEmail) Request(input ParamMap, status optional.Optional[string]) (ParamMap, error)

type ChallengePin 

type ChallengePin struct {
	// Callback to get the code from the user.
	CodeCallback func(status string) string
}

func (*ChallengePin) Name 

func (*ChallengePin) Name() string

func (*ChallengePin) Request 

func (c *ChallengePin) Request(input ParamMap, status optional.Optional[string]) (ParamMap, error)

type ChallengeStatus 

type ChallengeStatus uint64
const (
	ChallengeStatusBefore    ChallengeStatus = 0
	ChallengeStatusChallenge ChallengeStatus = 1
	ChallengeStatusPending   ChallengeStatus = 2
	ChallengeStatusSuccess   ChallengeStatus = 3
	ChallengeStatusFailure   ChallengeStatus = 4
)

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(engine ndn.Engine, caCert []byte) (*Client, error)

NewClient creates a new NDNCERT client. 

engine: NDN engine
caCert: CA certificate raw wire
signer: signer for the client

func (*Client) CaPrefix 

func (c *Client) CaPrefix() enc.Name

CaPrefix returns the CA prefix.

func (*Client) Challenge 

func (c *Client) Challenge(
	challenge Challenge,
	newRes *tlv.NewRes,
	prevRes *tlv.ChallengeRes,
) (*tlv.ChallengeRes, error)

Challenge sends a CHALLENGE request to the CA (blocking).

func (*Client) FetchIssuedCert 

func (c *Client) FetchIssuedCert(chRes *tlv.ChallengeRes) (ndn.Data, enc.Wire, error)

FetchIssuedCert fetches the issued certificate from the CA (blocking).

func (*Client) FetchProbe 

func (c *Client) FetchProbe(params ParamMap) (*tlv.ProbeRes, error)

FetchProbe sends a PROBE request to the CA (blocking).

func (*Client) FetchProbeRedirect 

func (c *Client) FetchProbeRedirect(params ParamMap) (probe *tlv.ProbeRes, err error)

FetchProbeRedirect sends a PROBE request to the CA (blocking). If a redirect is received, the request is sent to the new location.

func (*Client) FetchProfile 

func (c *Client) FetchProfile() (*tlv.CaProfile, error)

FetchProfile fetches the profile from the CA (blocking).

func (*Client) New 

func (c *Client) New(challenge Challenge, expiry time.Time) (*tlv.NewRes, error)

New sends a NEW request to the CA (blocking).

func (*Client) RequestCert 

func (c *Client) RequestCert(args RequestCertArgs) (*RequestCertResult, error)

RequestCert is the high level function to issue a certificate. This API is recommended to be used for most cases. This is a blocking function and should be called in a separate goroutine.

func (*Client) SetSigner 

func (c *Client) SetSigner(signer ndn.Signer)

SetSigner sets the signer for the client.

type ErrSignerProbeMismatch 

type ErrSignerProbeMismatch struct {
	KeyName   enc.Name
	Suggested []enc.Name
}

RequestCert Errors

func (ErrSignerProbeMismatch) Error 

func (e ErrSignerProbeMismatch) Error() string

type ParamMap 

type ParamMap map[string][]byte

ParamMap is a map of challenge parameters.

type RequestCertArgs 

type RequestCertArgs struct {
	// Challenge is the challenge to be used for the certificate request.
	Challenge Challenge
	// OnProfile is called when a CA profile is fetched.
	// Returning an error will abort the request.
	OnProfile func(profile *tlv.CaProfile) error
	// DisableProbe is a flag to disable the probe step.
	// If true, the key will be used directly.
	DisableProbe bool
	// OnProbeParam is the callback to get the probe parameter.
	// Returning an error will abort the request.
	OnProbeParam func(key string) ([]byte, error)
	// OnChooseKey is the callback to choose a key suggestion.
	// Returning an invalid index will abort the request.
	// If nil, the first suggestion is used.
	OnChooseKey func(suggestions []enc.Name) int
	// OnKeyChosen is called when a key is chosen.
	// Returning an error will abort the request.
	OnKeyChosen func(keyName enc.Name) error
}

RequestCertArgs is the arguments for the Issue function.

type RequestCertResult 

type RequestCertResult struct {
	// CertData is the issued certificate data.
	CertData ndn.Data
	// CertWire is the raw certificate data.
	CertWire enc.Wire
	// Signer is the signer used for the certificate.
	Signer ndn.Signer
}

RequestCertResult is the result of the Issue function.

Source Files

View all Source files

Directories

Path Synopsis
Code generated by ndn tlv codegen DO NOT EDIT.
 Code generated by ndn tlv codegen DO NOT EDIT.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.