Documentation ¶
Overview ¶
Package secio is used to encrypt `go-libp2p-conn` connections. Connections wrapped by secio use secure sessions provided by this package to encrypt all traffic. A TLS-like handshake is used to setup the communication channel.
Index ¶
Constants ¶
const DefaultSupportedCiphers = "AES-256,AES-128,Blowfish"
const DefaultSupportedExchanges = "P-256,P-384,P-521"
const DefaultSupportedHashes = "SHA256,SHA512"
Variables ¶
var ErrBadSig = errors.New("bad signature")
ErrBadSig signals that the peer sent us a handshake packet with a bad signature.
var ErrClosed = errors.New("connection closed")
ErrClosed signals the closing of a connection.
var ErrEcho = errors.New("same keys and nonces. one side talking to self")
ErrEcho is returned when we're attempting to handshake with the same keys and nonces.
var ErrMACInvalid = errors.New("MAC verification failed")
ErrMACInvalid signals that a MAC verification failed
var ErrUnsupportedKeyType = errors.New("unsupported key type")
ErrUnsupportedKeyType is returned when a private key cast/type switch fails.
var HandshakeTimeout = time.Second * 30
HandshakeTimeout governs how long the handshake will be allowed to take place for. Making this number large means there could be many bogus connections waiting to timeout in flight. Typical handshakes take ~3RTTs, so it should be completed within seconds across a typical planet in the solar system.
var SupportedCiphers = DefaultSupportedCiphers
SupportedCiphers is the list of supported Ciphers
var SupportedExchanges = DefaultSupportedExchanges
SupportedExchanges is the list of supported ECDH curves
var SupportedHashes = DefaultSupportedHashes
SupportedHashes is the list of supported Hashes
Functions ¶
func NewETMReader ¶
NewETMReader Encrypt-Then-MAC
func NewETMWriter ¶
NewETMWriter Encrypt-Then-MAC
Types ¶
type Session ¶
type Session interface { // ReadWriter returns the encrypted communication channel ReadWriter() msgio.ReadWriteCloser // LocalPeer retrieves the local peer. LocalPeer() peer.ID // LocalPrivateKey retrieves the local private key LocalPrivateKey() ci.PrivKey // RemotePeer retrieves the remote peer. RemotePeer() peer.ID // RemotePublicKey retrieves the remote's public key // which was received during the handshake. RemotePublicKey() ci.PubKey // Close closes the secure session Close() error }
Session provides the necessary functionality to wrap a connection and tunnel it through a secure channel via the provided ReadWriter.
type SessionGenerator ¶
SessionGenerator constructs secure communication sessions for a peer.
func (*SessionGenerator) NewSession ¶
func (sg *SessionGenerator) NewSession(ctx context.Context, insecure io.ReadWriteCloser) (Session, error)
NewSession takes an insecure io.ReadWriter, performs a TLS-like handshake with the other side, and returns a secure session. See the source for the protocol details and security implementation.