README
¶
core
FleeGrid core library, provides PSK-AEAD encrypted connections.
Security
All commits and emails should be signed with GPG key 0xE160DAF25E30EB52
Contribution
This project is for personal usage only, contact me via unit.2b@yorha.army if you have any questions.
You MUST encrypt your email with the GPG key mentioned above and also provide your own GPG public key, or I will ignore your email.
Credits
- A project that must not be named
License
MIT License, see LICENSE file.
Documentation
¶
Index ¶
- Constants
- Variables
- func DeriveMasterKey(password string, keyLen int) []byte
- func DeriveSubkey(master, salt, out []byte)
- func OpenPacket(dst, src []byte, ciph Cipher) ([]byte, error)
- func ResolveCipherName(cipher string) (string, bool)
- func SealPacket(dst, plain []byte, ciph Cipher) ([]byte, error)
- type AESGCMCipher
- type BadKeyLengthError
- type ChapoCipher
- type Cipher
- type CipherDescriptor
- type Config
- type DummyCipher
- type PacketConn
- type StreamConn
- type StreamReader
- type StreamWriter
Constants ¶
const PacketMaxSize = 64 * 1024
PacketMaxSize usually 64k
const PayloadMaxSize = 0x3FFF // 16*1024 - 1
PayloadMaxSize is the maximum size of payload in bytes.
Variables ¶
var ( // SupportedCipherNames names of supported ciphers SupportedCipherNames = []string{ "AEAD_CHACHA20_POLY1305", "AEAD_AES_128_GCM", "AEAD_AES_192_GCM", "AEAD_AES_256_GCM", "AEAD_DUMMY", } // SupportedCiphers array of supported ciphers SupportedCiphers = map[string]*CipherDescriptor{ "AEAD_CHACHA20_POLY1305": { KeySize: 32, CipherFactory: NewChapoCipher, }, "AEAD_AES_128_GCM": { KeySize: 16, CipherFactory: NewAESGCMCipher, }, "AEAD_AES_192_GCM": { KeySize: 24, CipherFactory: NewAESGCMCipher, }, "AEAD_AES_256_GCM": { KeySize: 32, CipherFactory: NewAESGCMCipher, }, "AEAD_DUMMY": { KeySize: 32, CipherFactory: NewDummyCipher, }, } )
var ( // ErrBadURL URL is mal-formatted ErrBadURL = errors.New("bad url") // ErrBadScheme URL scheme is not 'flee' ErrBadScheme = errors.New("url scheme is not '" + FleeScheme + "'") // ErrBadCipher Cipher is not in SupportedCipherNames ErrBadCipher = errors.New("cipher is not supported, only " + strings.Join(SupportedCipherNames, ",") + " are supported") // ErrMissingPasswd password is missing from url ErrMissingPasswd = errors.New("password is not specified in url") // ErrMissingAddress host:port is missing from url ErrMissingAddress = errors.New("host:port is not specified in url") )
var ErrPacketTooShort = errors.New("short packet")
ErrPacketTooShort packet is too short for a valid encrypted packet
var FleeScheme = "flee"
FleeScheme URL scheme for FleeGrid
var HKDFInfo = []byte("ss-subkey")
HKDFInfo pre-defined HKDF info
Functions ¶
func DeriveMasterKey ¶
DeriveMasterKey derive master key from password string
func DeriveSubkey ¶
func DeriveSubkey(master, salt, out []byte)
DeriveSubkey expand password with HKDF_SHA1
func OpenPacket ¶
OpenPacket decrypt packet
func ResolveCipherName ¶
ResolveCipherName resolve cipher alises and check if cipher is supported
Types ¶
type AESGCMCipher ¶
type AESGCMCipher struct {
// contains filtered or unexported fields
}
AESGCMCipher is for AES_XXX_GCM
func (*AESGCMCipher) CreateAEAD ¶
func (c *AESGCMCipher) CreateAEAD(salt []byte) (cipher.AEAD, error)
CreateAEAD for AESGCM
type BadKeyLengthError ¶
type BadKeyLengthError int
BadKeyLengthError error when key length is bad
func (BadKeyLengthError) Error ¶
func (e BadKeyLengthError) Error() string
type ChapoCipher ¶
type ChapoCipher struct {
// contains filtered or unexported fields
}
ChapoCipher is for ChaCha20-Poly1305
func (*ChapoCipher) CreateAEAD ¶
func (c *ChapoCipher) CreateAEAD(salt []byte) (cipher.AEAD, error)
CreateAEAD for ChaCha20-Poly1305
func (*ChapoCipher) NonceSize ¶
func (c *ChapoCipher) NonceSize() int
NonceSize for ChaCha20-Poly1305
type Cipher ¶
type Cipher interface {
// size of key
KeySize() int
// size of salt
SaltSize() int
// size of nonce
NonceSize() int
// create a AEAD with given salt
CreateAEAD(salt []byte) (cipher.AEAD, error)
}
Cipher represents a AEAD cipher
func NewAESGCMCipher ¶
NewAESGCMCipher create a new AES_XXX_GCM cipher one of 16, 24, or 32 to select AES-128/196/256-GCM.
func NewChapoCipher ¶
NewChapoCipher create a new ChapoCipher base on a key string
type CipherDescriptor ¶
CipherDescriptor describes ciphers
type Config ¶
type Config struct {
// full address of ss protocol, for both server and client
Address string
// AEAD cipher, see https://www.iana.org/assignments/aead-parameters/aead-parameters.xhtml for names
// default to "AEAD_CHACHA20_POLY1305"
Cipher string
// password
Passwd string
}
Config represents a basic configuration with address, cipher and password
func ParseConfigFromURL ¶
ParseConfigFromURL decode url string to Config Format:
flee://CIPHER:PASSWORD@ADDRESS:PORT
type DummyCipher ¶
type DummyCipher struct{}
DummyCipher a non-encryption cipher for debug purpose
func (*DummyCipher) CreateAEAD ¶
func (d *DummyCipher) CreateAEAD(salt []byte) (cipher.AEAD, error)
CreateAEAD for DummyCipher
type PacketConn ¶
type PacketConn struct {
net.PacketConn
Cipher
sync.Mutex
// contains filtered or unexported fields
}
PacketConn wraps a net.PacketConn with Cipher
func NewPacketConn ¶
func NewPacketConn(conn net.PacketConn, c Cipher) (*PacketConn, error)
NewPacketConn wraps a net.PacketConn with Cipher
type StreamConn ¶
StreamConn wraps a net.Conn with automatically encryption and decryption
func NewStreamConn ¶
func NewStreamConn(conn net.Conn, c Cipher) *StreamConn
NewStreamConn create a new StreamConn
type StreamReader ¶
StreamReader reads a encrypted io.Reader and decrypt
func NewStreamReader ¶
func NewStreamReader(r io.Reader, a cipher.AEAD) *StreamReader
NewStreamReader Create a New StreamReader
type StreamWriter ¶
StreamWriter encrypt data and write to underlying io.Writer
func NewStreamWriter ¶
func NewStreamWriter(w io.Writer, a cipher.AEAD) *StreamWriter
NewStreamWriter create a StreamWriter
Source Files