README
¶
go-libp2p-secio
go-libp2p's secio encrypted transport
Package go-libp2p-secio is a libp2p stream security transport. Connections wrapped by secio use secure sessions provided by this package to encrypt all traffic. A TLS-like handshake is used to setup the communication channel.
Install
go-libp2p-secio is a standard Go module which can be installed with:
go get github.com/libp2p/go-libp2p-secio
Note that go-libp2p-secio is packaged with Gx, so it is recommended to use Gx to install and use it (see the Usage section).
Usage
This module is packaged with Gx. In order to use it in your own project it is recommended that you:
go get -u github.com/whyrusleeping/gx
go get -u github.com/whyrusleeping/gx-go
cd <your-project-repository>
gx init
gx import github.com/libp2p/go-libp2p-secio
gx install --global
gx-go --rewrite
Please check Gx and Gx-go documentation for more information.
For more information about how go-libp2p-secio is used in the libp2p context, you can see the go-libp2p-conn module.
Contribute
Feel free to join in. All welcome. Open an issue!
This repository falls under the IPFS Code of Conduct.
Want to hack on IPFS?
License
MIT
Documentation
¶
Overview ¶
Package secio is used to encrypt `go-libp2p-conn` connections. Connections wrapped by secio use secure sessions provided by this package to encrypt all traffic. A TLS-like handshake is used to setup the communication channel.
Index ¶
Constants ¶
const DefaultSupportedCiphers = "AES-256,AES-128,Blowfish"
const DefaultSupportedExchanges = "P-256,P-384,P-521"
const DefaultSupportedHashes = "SHA256,SHA512"
const ID = "/secio/1.0.0"
ID is secio's protocol ID (used when negotiating with multistream)
Variables ¶
var ErrBadSig = errors.New("bad signature")
ErrBadSig signals that the peer sent us a handshake packet with a bad signature.
var ErrClosed = errors.New("connection closed")
ErrClosed signals the closing of a connection.
var ErrEcho = errors.New("same keys and nonces. one side talking to self")
ErrEcho is returned when we're attempting to handshake with the same keys and nonces.
var ErrMACInvalid = errors.New("MAC verification failed")
ErrMACInvalid signals that a MAC verification failed
var ErrUnsupportedKeyType = errors.New("unsupported key type")
ErrUnsupportedKeyType is returned when a private key cast/type switch fails.
var ErrWrongPeer = errors.New("connected to wrong peer")
ErrWrongPeer is returned when we attempt to handshake with the wrong peer.
var HandshakeTimeout = time.Second * 30
HandshakeTimeout governs how long the handshake will be allowed to take place for. Making this number large means there could be many bogus connections waiting to timeout in flight. Typical handshakes take ~3RTTs, so it should be completed within seconds across a typical planet in the solar system.
var SupportedCiphers = DefaultSupportedCiphers
SupportedCiphers is the list of supported Ciphers
var SupportedExchanges = DefaultSupportedExchanges
SupportedExchanges is the list of supported ECDH curves
var SupportedHashes = DefaultSupportedHashes
SupportedHashes is the list of supported Hashes
Functions ¶
func NewETMReader ¶
NewETMReader Encrypt-Then-MAC
func NewETMWriter ¶
NewETMWriter Encrypt-Then-MAC
Types ¶
type Transport ¶
SessionGenerator constructs secure communication sessions for a peer.
Source Files
Directories