tang

package module

v0.0.0-...-dcc6e94 Latest Latest Go to latest Published: Jul 25, 2023 License: BSD-3-Clause Imports: 23 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/anatol/tang.go

Links

Open Source Insights

README ¶

Tang.go

Tang.go pure-go library that implement server side of ECMR key exchange. It functionally similar to Tang project.

The library also provides a convenient way to perform ECMR exchange with a specific key

Usage

package main

import "github.com/anatol/tang.go"

func main() {
	// Start Tang service
	srv := tang.NewServer()
	keySet, _ := tang.ReadKeysFromDir("/var/db/tang")
	srv.Keys = keySet
	srv.Addr = ":0"
	_ = srv.ListenAndServe()
}

Or you can operate with keyset directly and do you own server-side exchange manually:

package main

import (
	"github.com/anatol/tang.go"
	"github.com/lestrrat-go/jwx/jwk"
)

func main() {
	ks := tang.NewKeySet()
	priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
	key, err := jwk.New(priv)
	key.Set(jwk.KeyOpsKey, []jwk.KeyOperation{jwk.KeyOpDeriveKey})
	key.Set(jwk.AlgorithmKey, "ECMR")
	ks.AppendKey(key, true)

	privRec, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
	pubRec := privRec.Public()
	keyRec, err := jwk.New(pubRec)
	keyRec.Set(jwk.AlgorithmKey, "ECMR")
	finalKey, err := ks.RecoverKey("$THP_OF_THE_GENERATED_KEY", keyRec)

	var finalKeyPub ecdsa.PublicKey
	finalKey.Raw(&finalKeyPub)
	// finalKeyPub.X and finalKeyPub.Y are going to be your derived values
}

Acknowledgments

This project has been inspired by:

tang

Important contributions to this project are done by:

Documentation ¶

Index ¶

func GenerateExchangeKey() (jwk.Key, error)
func GenerateVerifyKey() (jwk.Key, error)
func ReverseTangHandshake(address string, ks *KeySet) error
type KeySet
- func NewKeySet() *KeySet
- func ReadKeys(keyOrDir ...string) (*KeySet, error)
type NativeServer
- func NewNativeServer(keysDir string, port int) (*NativeServer, error)
- func (s *NativeServer) Serve()
- func (s *NativeServer) Stop()
type Server
- func NewServer() *Server

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateExchangeKey ¶

func GenerateExchangeKey() (jwk.Key, error)

GenerateExchangeKey generates an exchange key for Tang

func GenerateVerifyKey ¶

func GenerateVerifyKey() (jwk.Key, error)

GenerateVerifyKey generates a verify/sign key for Tang

func ReverseTangHandshake ¶

func ReverseTangHandshake(address string, ks *KeySet) error

ReverseTangHandshake performs a key exchange with "remote" clevis client

Types ¶

type KeySet ¶

type KeySet struct {
	DefaultAdvertisement []byte
	// contains filtered or unexported fields
}

KeySet represents a set of all keys handled by Tang

func ReadKeys ¶

func ReadKeys(keyOrDir ...string) (*KeySet, error)

ReadKeys reads all key files and as wells as keys from the given directories and makes a KeySet instance out of it. Any key file that starts from "." (dot) is marked as non-advertised. In case of directory scanning only files with *.jwk suffix are parsed as keys, other files are ignored

func (*KeySet) AppendKey ¶

func (ks *KeySet) AppendKey(jwkKey jwk.Key, advertised bool) error

AppendKey appends the given key to the KeySet. Advertisements are not recalculated.

func (*KeySet) RecomputeAdvertisements ¶

func (ks *KeySet) RecomputeAdvertisements() error

RecomputeAdvertisements recomputes advertisement files for the keys and default for the KeySet itself

func (*KeySet) Recover ¶

func (ks *KeySet) Recover(thp string, data []byte) ([]byte, error)

Recover performs server-side recover of the ECMR algorithm

func (*KeySet) RecoverKey ¶

func (ks *KeySet) RecoverKey(thp string, webKey jwk.Key) (jwk.Key, error)

RecoverKey performs server-side recover of the ECMR algorithm

type NativeServer ¶

type NativeServer struct {
	KeysDir string
	Port    int
	// contains filtered or unexported fields
}

NativeServer is a server implementation that redirects requests to the native "tangd" binary. This code is useful for tests or when one needs a wrapper around tangd binary.

func NewNativeServer ¶

func NewNativeServer(keysDir string, port int) (*NativeServer, error)

NewNativeServer creates instance of a native Tang server

func (*NativeServer) Serve ¶

func (s *NativeServer) Serve()

Serve serves HTTP requests

func (*NativeServer) Stop ¶

func (s *NativeServer) Stop()

Stop stops the server

type Server ¶

type Server struct {
	http.Server
	Keys *KeySet
}

Server is a HTTP server instance that handles Tang exchange requests

func NewServer ¶

func NewServer() *Server

NewServer creates a new instance of http server that handles tang requests

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
tangctl
passive-tang Module
tang-create-key Module
tang-generate-advertisement Module
tangd Module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL