cryptoauth

README

CryptoAuth Package for Golang

CryptoAuth is the protocol used in cjdns to establish encrypted sessions and communicate with remote peers.

This is a work-in-progress package that implements cryptoauth. This enables you to build your own golang programs that can communicate using the cryptoauth protocol.

Status

Very alpha.

Documentation

Index

• Variables
• func Base32Decode(in []byte) (out []byte, err error)
• func Base32Encode(in []byte) (out []byte)
• func DecodePrivateKeyString(privateKeyString string) [32]byte
• func DecodePublicKeyString(pubKeyString string) [32]byte
• func HashPassword(password []byte) (passwordHash [32]byte)
• func HashPublicKey(publicKey [32]byte) []byte
• func HashPublicKeyString(pk string) []byte
• type Challenge
• type Connection
  • func NewConnection(conn *net.UDPConn, raddr *net.UDPAddr, local, remote *CryptoState) *Connection
  • func (c *Connection) CanDecodeDataPacket() error
  • func (c *Connection) CanSendHelloPacket(e *fsm.Event)
  • func (c *Connection) CanSendKeyPacket(e *fsm.Event)
  • func (c *Connection) DecodeHelloPacket(e *fsm.Event)
  • func (c *Connection) HandlePacket(p []byte) (data []byte, err error)
  • func (c *Connection) HandshakeComplete(e *fsm.Event)
  • func (c *Connection) NewChallenge() (*Challenge, error)
  • func (c *Connection) NewHelloPacket(e *fsm.Event)
  • func (c *Connection) NewKeyPacket(e *fsm.Event)
  • func (c *Connection) SetPassword(password string)
  • func (c *Connection) ValidateHelloPacket(e *fsm.Event)
  • func (c *Connection) ValidateKeyPacket(e *fsm.Event)
• type Credential
• type CryptoAuthError
  • func (err *CryptoAuthError) Error() string
• type CryptoState
  • func NewCryptoState(perm, temp *KeyPair, initiator bool) *CryptoState
  • func (c *CryptoState) NewTempKeys() (err error)
• type Handshake
• type Identity
  • func NewIdentity() (*Identity, error)
• type KeyPair
• type Node
• type Passwd
• type ReplayProtection

Variables

var AuthType uint8 = 1

By default, the authentication/challenge type is always 1

Functions

func Base32Decode

func Base32Decode(in []byte) (out []byte, err error)

func Base32Encode

func Base32Encode(in []byte) (out []byte)

func DecodePrivateKeyString

func DecodePrivateKeyString(privateKeyString string) [32]byte

func DecodePublicKeyString

func DecodePublicKeyString(pubKeyString string) [32]byte

func HashPassword

func HashPassword(password []byte) (passwordHash [32]byte)

func HashPublicKey

func HashPublicKey(publicKey [32]byte) []byte

func HashPublicKeyString

func HashPublicKeyString(pk string) []byte

Types

type Challenge

type Challenge struct {
	Type        uint8
	Lookup      [7]byte
	Derivations uint16
	Additional  uint16
}

type Connection

type Connection struct {
	Incoming chan []byte // Buffered channel to store decrypted data packets
	Outbound chan []byte
	// contains filtered or unexported fields
}

Each session is represented by a connection

func NewConnection

func NewConnection(conn *net.UDPConn, raddr *net.UDPAddr, local, remote *CryptoState) *Connection

func (*Connection) CanDecodeDataPacket

func (c *Connection) CanDecodeDataPacket() error

func (*Connection) CanSendHelloPacket

func (c *Connection) CanSendHelloPacket(e *fsm.Event)

func (*Connection) CanSendKeyPacket

func (c *Connection) CanSendKeyPacket(e *fsm.Event)

func (*Connection) DecodeHelloPacket

func (c *Connection) DecodeHelloPacket(e *fsm.Event)

func (*Connection) HandlePacket

func (c *Connection) HandlePacket(p []byte) (data []byte, err error)

func (*Connection) HandshakeComplete

func (c *Connection) HandshakeComplete(e *fsm.Event)

func (*Connection) NewChallenge

func (c *Connection) NewChallenge() (*Challenge, error)

func (*Connection) NewHelloPacket

func (c *Connection) NewHelloPacket(e *fsm.Event)

func (*Connection) NewKeyPacket

func (c *Connection) NewKeyPacket(e *fsm.Event)

func (*Connection) SetPassword

func (c *Connection) SetPassword(password string)

func (*Connection) ValidateHelloPacket

func (c *Connection) ValidateHelloPacket(e *fsm.Event)

func (*Connection) ValidateKeyPacket

func (c *Connection) ValidateKeyPacket(e *fsm.Event)

type Credential

type Credential struct {
	Addr      *net.Addr // optional for incoming peers
	Username  string    // optional
	Password  string    `json:"password"`
	Hashed    [32]byte
	PublicKey string `json:"publicKey"` // not required for incoming peers
}

type CryptoAuthError

type CryptoAuthError struct {
	Code  int
	Class string // the class of error - authentication, undeliverable
	Info  string // extra info about the error
}

func (*CryptoAuthError) Error

func (err *CryptoAuthError) Error() string

type CryptoState

type CryptoState struct {
	// contains filtered or unexported fields
}

func NewCryptoState

func NewCryptoState(perm, temp *KeyPair, initiator bool) *CryptoState

func (*CryptoState) NewTempKeys

func (c *CryptoState) NewTempKeys() (err error)

type Handshake

type Handshake struct {
	Stage               uint32
	Challenge           *Challenge
	Nonce               [24]byte
	PublicKey           [32]byte
	EncryptedTempPubKey [32]byte
}

type Identity

type Identity struct {
	Keys *KeyPair
	IPv6 net.IP
}

func NewIdentity

func NewIdentity() (*Identity, error)

type KeyPair

type KeyPair struct {
	PublicKey  [32]byte
	PrivateKey [32]byte
}

type Node

type Node struct {
	Identity    *Identity
	Bind        string
	Conn        *net.UDPConn
	Servers     []*Credential // remote servers
	Credentials []*Credential // credentials for incoming clients
	Password    string        // for testing just one password at a time
	Connections map[string]*Connection
}

type Passwd

type Passwd struct {
	User     string
	Password string
	Hash     [32]byte
}

type ReplayProtection

type ReplayProtection struct {
	// contains filtered or unexported fields
}