Documentation ¶
Index ¶
- Constants
- Variables
- func CalcKeys(sharedSecret [SharedKeySize]byte) (hmacKey *[HMACKeySize]byte, symmetricKey *[SymmetricKeySize]byte)
- func CalcMaxEmbedded(TotalLength int) int
- func CalcMessageID(msg []byte) *[MessageIDSize]byte
- func CalcSharedSecret(myKeys, peerKeys *KeyPack, nonce *[NonceSize]byte, sending bool) (sharedSecret [SharedKeySize]byte)
- func GenIV(d []byte) *[IVSize]byte
- func GenNonce() (*[NonceSize]byte, error)
- func GenPad(key *[PadKeySize]byte, length int) []byte
- func GenPadKey() (*[PadKeySize]byte, error)
- func KeyIsHidden(k *Curve25519Key) bool
- func KeyIsSync(k *Curve25519Key) bool
- func PackKeyHeader(senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte) *[KeyHeaderSize]byte
- func RePad(msg []byte, padKey *[PadKeySize]byte, totalLength int) []byte
- type Base64Message
- type Curve25519Key
- type DecryptBodyDef
- type EncryptBodyDef
- type EncryptedBody
- type KeyPack
- func GenKeyPack(privateConstant *Curve25519Key, deterministic bool) (*KeyPack, error)
- func GenReceiveKeys(publicConstant, publicTemporary *Curve25519Key) (*KeyPack, error)
- func GenSenderKeys(privateConstant *Curve25519Key) (*KeyPack, error)
- func ParseKeyHeader(keyHeader *[KeyHeaderSize]byte) (senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte)
- type Message
- type MetaDataRecieve
- type MetaDataSend
- type Receiver
- type Sender
- type SignKeyPair
- type SignatureDetails
Constants ¶
const ( // DefaultTotalLength is the size of the message. DefaultTotalLength = BodyMaxLength + SignHeaderSize + KeyHeaderSize // DefaultPadToLength is the size of the body including random padding DefaultPadToLength = 4096 // DefaultHashCashBits is the minimum number of hashcash bits requried DefaultHashCashBits = byte(23) )
const ( // Curve25519KeySize defines how big a curve25519 key is Curve25519KeySize = 32 SharedKeySize = 64 // HMACKeySize is the size of the HMAC key HMACKeySize = 32 // SymmetricKeySize is the size of the symmetric encryption key (for AES-CTR) SymmetricKeySize = 32 // NonceSize bytes of nonce NonceSize = 32 // PadKeySize is the size of the padding key PadKeySize = 32 // HMACSize is the size of the hmac output, we're using SHA256 HMACSize = 32 // IVSize defines the length of the IV, calculated by hashing pubkeys and nonce IVSize = aes.BlockSize )
const ( // MsgTypeBlob signals a standard blob of data without special meaning MsgTypeBlob = 0x01 // MsgTypeList signals a list of other messages MsgTypeList = 0x02 // MsgTypeRepost signals a message that is sent to a reposter MsgTypeRepost = 0x03 )
const ( // BodyMaxLength is the maximum length of the body that can be accepted BodyMaxLength = 65535 // MessageIDSize is the size of a MessageID MessageIDSize = sha256.Size // SignHeaderSize is the size of the signature header SignHeaderSize = 1 + ed25519.PublicKeySize + ed25519.SignatureSize + MessageIDSize + hashcash.NonceSize // KeyHeaderSize is the size of the key header (four curve25519 public keys for DH and nonce) KeyHeaderSize = 4*Curve25519KeySize + NonceSize // Version of this protocol Version = 0x01 )
const ( // SignerPubKeySize is the size of a public key used for signing SignerPubKeySize = ed25519.PublicKeySize )
const VersionID = "0.0.1 very alpha"
VersionID of this release
Variables ¶
var ( //ErrNoKeys is returned if no method for private key discovery is available ErrNoKeys = errors.New("message: No private keys available") // ErrBadMessageID is returned when the message ID signed is different from the one calculated ErrBadMessageID = errors.New("message: Unexpected message ID") // ErrBadSender is returned when another sender was expected ErrBadSender = errors.New("message: Unexpected sender") )
var ( // ErrIncompleteKeyPack is returned if a KeyPack cannot be filled ErrIncompleteKeyPack = errors.New("message: incomplete keypack") // ErrMissingKey is returned if too few keys are used fro keypack construction ErrMissingKey = errors.New("message: missing temporary pubkey") )
var ( // ErrTooLong is returned if the message body is too big ErrTooLong = errors.New("message: Content too long") // ErrTooShort is returned if the message is smaller than allowed ErrTooShort = errors.New("message: Message too short") // ErrBadHMAC is returned if the HMAC does not verify ErrBadHMAC = errors.New("message: Bad HMAC") )
var ( // ErrNoKeyFound is returned if no key could be found ErrNoKeyFound = errors.New("message: No signature key found in generation") // ErrBadVersion is returned if a message does not conform to the right version ErrBadVersion = errors.New("message: Wrong version") // ErrHashCash is returned if not enough bits are produced by the ErrHashCash challenge ErrHashCash = errors.New("message: Not enough HashCash bits") // ErrBadSignature is returned if the post signature does not verify ErrBadSignature = errors.New("message: Signature verification failed") )
var ( // ErrEnvelopeShort is returned if the envelope is too short to even contain a signature header ErrEnvelopeShort = errors.New("message: Envelope too short") )
Functions ¶
func CalcKeys ¶
func CalcKeys(sharedSecret [SharedKeySize]byte) (hmacKey *[HMACKeySize]byte, symmetricKey *[SymmetricKeySize]byte)
CalcKeys generates the keys for hmac calculation and symmetric encryption from the shared secret
func CalcMaxEmbedded ¶
CalcMaxEmbedded returns the maximum size of data that can be included in a message of TotalLength size
func CalcMessageID ¶
func CalcMessageID(msg []byte) *[MessageIDSize]byte
CalcMessageID from raw message (skip signature part)
func CalcSharedSecret ¶
func CalcSharedSecret(myKeys, peerKeys *KeyPack, nonce *[NonceSize]byte, sending bool) (sharedSecret [SharedKeySize]byte)
CalcSharedSecret does a triple DH from the keypacks to generate the shared secret. myKeys needs to contain private keys, peerKeys only needs public keys Sending determines if one is sender or recipient of a message
func GenIV ¶
GenIV generates the IV by sha256 d. d should be the slice containing the pubkeys and nonce from the message
func GenPad ¶
func GenPad(key *[PadKeySize]byte, length int) []byte
GenPad produces a slice of bytes with length int, filled with pseudo-random numbers generated from key using AES-CTR
func GenPadKey ¶
func GenPadKey() (*[PadKeySize]byte, error)
GenPadKey generates a random value suitable for the padding generator
func KeyIsHidden ¶
func KeyIsHidden(k *Curve25519Key) bool
KeyIsHidden returns true if key index should be hidden
func KeyIsSync ¶
func KeyIsSync(k *Curve25519Key) bool
KeyIsSync returns true if messages for this key should be synced
func PackKeyHeader ¶
func PackKeyHeader(senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte) *[KeyHeaderSize]byte
PackKeyHeader constructs the header from the KeyPacks and Nonce.
Types ¶
type Base64Message ¶
type Base64Message []byte
Base64Message is a message encoded in Base64
func EncodeBase64 ¶
func EncodeBase64(message []byte) Base64Message
EncodeBase64 encodes a message to base64
func (Base64Message) Decode ¶
func (bm Base64Message) Decode() ([]byte, error)
Decode a base64 encoded message
func (Base64Message) GetSignHeader ¶
func (bm Base64Message) GetSignHeader() (*[SignHeaderSize]byte, error)
GetSignHeader returns the signature header from an message
type Curve25519Key ¶
type Curve25519Key [Curve25519KeySize]byte
Curve25519Key is a curve25519 public or private key
func CalcPub ¶
func CalcPub(privateKey *Curve25519Key) *Curve25519Key
CalcPub generates a public key from a private key
func GenLongTermKey ¶
func GenLongTermKey(hidden bool, sync bool) (*Curve25519Key, error)
GenLongTermKey returns a private key that is meant for long-term use and adheres to the hidden index rule hidden means that the server should not allow index access without authentication sync means that the server should not sync the message to other servers (it is not part of the global index)
func GenPubKey ¶
func GenPubKey(priv *Curve25519Key) *Curve25519Key
GenPubKey calculates the public key for a private key
func GenRandomKey ¶
func GenRandomKey() (*Curve25519Key, error)
GenRandomKey generates a random key useable for temporary keys
type DecryptBodyDef ¶
type DecryptBodyDef struct { IV [IVSize]byte // The IV to use. This is overkill since the key is unique anyways... anyways }
DecryptBodyDef contains parameters for decryption
func (*DecryptBodyDef) DecryptBody ¶
func (bd *DecryptBodyDef) DecryptBody(data []byte) ([]byte, byte, error)
DecryptBody decrypts a body and verifies the hmac
type EncryptBodyDef ¶
type EncryptBodyDef struct { IV [IVSize]byte // The IV to use. This is overkill since the key is unique anyways... anyways TotalLength int // Total size of body including padding PadToLength int // PadToLength will pad the body to PadToLength size of random padding before adding deterministic padding, if any MessageType byte }
EncryptBodyDef contains parameters for body encryption
func (*EncryptBodyDef) EncryptBody ¶
func (bd *EncryptBodyDef) EncryptBody(data []byte) (*EncryptedBody, error)
EncryptBody takes data and creates a body out of it
type EncryptedBody ¶
type EncryptedBody struct { Encrypted []byte // First element RandomPadding []byte // Second element DeterministicPadding []byte // Third element PadKey [PadKeySize]byte // Will be set if deterministic padding is appended HMACSum [HMACSize]byte // The HMAC }
EncryptedBody contains the restuls of an encryption or parsing
func (EncryptedBody) Bytes ¶
func (eb EncryptedBody) Bytes() []byte
Bytes returns the body as byteslice
func (EncryptedBody) BytesNoPadding ¶
func (eb EncryptedBody) BytesNoPadding() []byte
BytesNoPadding returns the body as byteslice omitting deterministic padding
type KeyPack ¶
type KeyPack struct { ConstantPubKey *Curve25519Key // Public key: SenderConstantPubKey ConstantPrivKey *Curve25519Key // Private key of ConstantPubKey TemporaryPubKey *Curve25519Key // Public key: SenderTemporaryPubKey TemporaryPrivKey *Curve25519Key // Private key of TemporaryPubKey }
KeyPack contains one side of keys
func GenKeyPack ¶
func GenKeyPack(privateConstant *Curve25519Key, deterministic bool) (*KeyPack, error)
GenKeyPack generate a keypack. If privateConstant is nil, all keys will be ephemeral. If deterministic is true then the temporaryPrivKey will be generated from the constantPrivKey
func GenReceiveKeys ¶
func GenReceiveKeys(publicConstant, publicTemporary *Curve25519Key) (*KeyPack, error)
GenReceiveKeys generates a KeyPack for the recipient unless public keys are available
func GenSenderKeys ¶
func GenSenderKeys(privateConstant *Curve25519Key) (*KeyPack, error)
GenSenderKeys returns a keypack suitable for the sender. If PrivateConstant is nil, all keys will be ephemeral
func ParseKeyHeader ¶
func ParseKeyHeader(keyHeader *[KeyHeaderSize]byte) (senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte)
ParseKeyHeader returns the KeyPacks and Nonce of a KeyHeader
func (*KeyPack) FillKeys ¶
FillKeys constructs missing keys in a KeyPack. If deterministic==true then temporary keys are generated from the constant keys
func (*KeyPack) MatchPrivate ¶
func (kp *KeyPack) MatchPrivate(constantPrivKey, temporaryPrivKey *Curve25519Key) bool
MatchPrivate tries to match given private key(s) to the KeyPack. Keys will be added to the keypack if a match is found
type Message ¶
type Message struct { SignatureHeader *[SignHeaderSize]byte // Packet signature header Header *[KeyHeaderSize]byte // Packed message header Body []byte // Unpacked body }
Message is a full message
func ParseMessage ¶
ParseMessage cuts a byteslice into a Message struct
func (Message) CalcMessageID ¶
func (msg Message) CalcMessageID() *[MessageIDSize]byte
CalcMessageID from encrypted body
type MetaDataRecieve ¶
type MetaDataRecieve struct { SenderConstantPublicKey *Curve25519Key // Public key used by sender ReceiveConstantPublicKey *Curve25519Key // Constant public key of recipient ReceiveTemporaryPublicKey *Curve25519Key // Temporary public key of recipient MessageID [MessageIDSize]byte // MessageID as calculated MessageType byte // MessageType of message }
MetaDataRecieve contains data from decryption
type MetaDataSend ¶
type MetaDataSend struct { MessageID [MessageIDSize]byte // MessageID of the message (calculated from header+body) PadKey *[PadKeySize]byte // Will be set if deterministic padding is appended and meaningful MessageKey *Curve25519Key // Will be set if ephemeral recipient keys are used ReceiverConstantPubKey *Curve25519Key }
MetaDataSend contains metadata for the message
type Receiver ¶
type Receiver struct { SenderPublicKey *Curve25519Key // Optional. If set, verify for message ReceiveConstantPrivateKey *Curve25519Key // Optional. Will use callback if not set ReceiveTemporaryPrivateKey *Curve25519Key // Optional. Will try to generate from ReceiveConstantPrivateKey, then Callback // KeyCallBack is an optional function to get private keys. It takes a public key as parameter and expects the private key or nil as return KeyCallBack func(*Curve25519Key) *Curve25519Key // HashCashBits is the minimum number of hashcash bits required. Will be set to default if missing HashCashBits byte }
Receiver defines receiver functionality
type Sender ¶
type Sender struct { Signer *SignKeyPair // Optional, autogenerated when missing SenderPrivateKey *Curve25519Key // Optional. Use ephemeral key if missing ReceiveConstantPublicKey *Curve25519Key // Optional. Constant public key of receiver, ephemeral keys will be used if missing ReceiveTemporaryPublicKey *Curve25519Key // MUST be set IF ReceiveConstantPublicKey is set // TotalLength is the total size of body including padding. // Set to default if missing if 0 TotalLength int // PadToLength will pad the body to PadToLength size of random padding before adding deterministic padding, if any. // Set to default if missing if 0 PadToLength int // HashCashBits is the minimum number of hashcash bits required. Will be set to default if missing HashCashBits byte }
Sender defines sender behavior
func (Sender) Encrypt ¶
func (sender Sender) Encrypt(messageType byte, message []byte) (encMessage []byte, meta *MetaDataSend, err error)
Encrypt encrypts a message
func (Sender) EncryptRepost ¶
func (sender Sender) EncryptRepost(messageType byte, message []byte) (rewrapMessage []byte, meta *MetaDataSend, err error)
EncryptRepost encrypts a message for reposting, meaning that the deterministic padding is thrown away and there is no encoding
type SignKeyPair ¶
type SignKeyPair struct { PublicKey *[SignerPubKeySize]byte PrivateKey *[ed25519.PrivateKeySize]byte Nonce [hashcash.NonceSize]byte // HashCash nonce Bits byte // Bits in hashcash }
SignKeyPair represents a signature key pari
func GenKey ¶
func GenKey(bits byte) (keypair *SignKeyPair, err error)
GenKey calculates a keypair fit for signing, including hashcahs
func (*SignKeyPair) Marshal ¶
func (keypair *SignKeyPair) Marshal() []byte
Marshal a keypair into a byte slice
func (*SignKeyPair) Sign ¶
func (keypair *SignKeyPair) Sign(msgID [MessageIDSize]byte) *[SignHeaderSize]byte
Sign a messageid
func (SignKeyPair) Unmarshal ¶
func (keypair SignKeyPair) Unmarshal(d []byte) (*SignKeyPair, error)
Unmarshal d into keypair
type SignatureDetails ¶
type SignatureDetails struct { MsgID [MessageIDSize]byte // MsgID of the message (sha256(KeyHeader|Body)) PublicKey [SignerPubKeySize]byte // Public key of signer HashCashNonce [hashcash.NonceSize]byte // The HashCash nonce HashCashBits byte // HashCash bits }
SignatureDetails contains the fields of the signature header (minus signature itself)
func VerifySignature ¶
func VerifySignature(header [SignHeaderSize]byte, minbits byte) (details *SignatureDetails, err error)
VerifySignature verifies a signature header. It checks if the version, signatures and hashcash are correct