Documentation
¶
Overview ¶
package secio handles establishing secure communication between two peers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrClosed = errors.New("connection closed")
ErrClosed signals the closing of a connection.
var ErrEcho = errors.New("same keys and nonces. one side talking to self.")
ErrEcho is returned when we're attempting to handshake with the same keys and nonces.
var ErrMACInvalid = errors.New("MAC verification failed")
ErrMACInvalid signals that a MAC verification failed
var ErrUnsupportedKeyType = errors.New("unsupported key type")
ErrUnsupportedKeyType is returned when a private key cast/type switch fails.
var SupportedCiphers = "AES-256,AES-128,Blowfish"
List of supported Ciphers
var SupportedExchanges = "P-256,P-224,P-384,P-521"
List of supported ECDH curves
var SupportedHashes = "SHA256,SHA512"
List of supported Hashes
Functions ¶
func NewETMReader ¶
func NewETMReader(r io.Reader, s cipher.Stream, mac HMAC) msgio.ReadCloser
NewETMReader Encrypt-Then-MAC
func NewETMWriter ¶
func NewETMWriter(w io.Writer, s cipher.Stream, mac HMAC) msgio.WriteCloser
NewETMWriter Encrypt-Then-MAC
Types ¶
type Session ¶
type Session interface {
// ReadWriter returns the encrypted communication channel
ReadWriter() msgio.ReadWriteCloser
// LocalPeer retrieves the local peer.
LocalPeer() peer.ID
// LocalPrivateKey retrieves the local private key
LocalPrivateKey() ci.PrivKey
// RemotePeer retrieves the remote peer.
RemotePeer() peer.ID
// RemotePublicKey retrieves the remote's public key
// which was received during the handshake.
RemotePublicKey() ci.PubKey
// Close closes the secure session
Close() error
}
type SessionGenerator ¶
type SessionGenerator struct {
LocalID peer.ID
PrivateKey ci.PrivKey
}
SessionGenerator constructs secure communication sessions for a peer.
func (*SessionGenerator) NewSession ¶
func (sg *SessionGenerator) NewSession(ctx context.Context,
insecure io.ReadWriter) (Session, error)
NewSession takes an insecure io.ReadWriter, performs a TLS-like handshake with the other side, and returns a secure session. See the source for the protocol details and security implementation. The provided Context is only needed for the duration of this function.