Documentation

Overview

Package secrethandshake is a Go implementation of Dominic Tarr's secret-handshake: https://github.com/auditdrivencrypto/secret-handshake

Two instances of go-shs can secretly shake hands over a connection.

The implementation is compatible with the JS implementation. Run `npm ci && go test -tags interop_nodejs`.

Index

Constants

View Source
const ChallengeLength = 64

ChallengeLength is the length of a challenge message in bytes

View Source
const ClientAuthLength = 16 + 32 + 64

ClientAuthLength is the length of a clientAuth message in bytes

View Source
const MACLength = 16

MACLength is the length of a MAC in bytes

View Source
const ServerAuthLength = 16 + 64

ServerAuthLength is the length of a serverAuth message in bytes

Variables

View Source
var ErrInvalidKeyPair = fmt.Errorf("secrethandshake/NewKeyPair: invalid public key")

Functions

func Client

func Client(state *State, conn io.ReadWriter) (err error)

Client shakes hands using the cryptographic identity specified in s using conn in the client role

func Server

func Server(state *State, conn io.ReadWriter) (err error)

Server shakes hands using the cryptographic identity specified in s using conn in the server role

Types

type CurveKeyPair

type CurveKeyPair struct {
	Public [32]byte
	Secret [32]byte
}

CurveKeyPair is a keypair for use with github.com/agl/ed25519

type EdKeyPair

type EdKeyPair struct {
	Public ed25519.PublicKey
	Secret ed25519.PrivateKey
}

EdKeyPair is a keypair for use with github.com/agl/ed25519

func GenEdKeyPair

func GenEdKeyPair(r io.Reader) (*EdKeyPair, error)

GenEdKeyPair generates a ed25519 keyPair using the passed reader if r == nil it uses crypto/rand.Reader

func NewKeyPair

func NewKeyPair(public, secret []byte) (*EdKeyPair, error)

type ErrEncoding

type ErrEncoding struct {
	// contains filtered or unexported fields
}

func (ErrEncoding) Error

func (e ErrEncoding) Error() string

func (ErrEncoding) Unwrap

func (e ErrEncoding) Unwrap() error

Unwrap returns the cause

type ErrKeySize

type ErrKeySize struct {
	// contains filtered or unexported fields
}

func (ErrKeySize) Error

func (eks ErrKeySize) Error() string

type ErrProcessing

type ErrProcessing struct {
	// contains filtered or unexported fields
}

ErrProcessing is returned if I/O fails during the handshake TODO: supply Unwrap() for cause?

func (ErrProcessing) Error

func (e ErrProcessing) Error() string

func (ErrProcessing) Unwrap

func (e ErrProcessing) Unwrap() error

Unwrap returns the cause

type ErrProtocol

type ErrProtocol struct {
	// contains filtered or unexported fields
}

func (ErrProtocol) Error

func (e ErrProtocol) Error() string

type State

type State struct {
	// contains filtered or unexported fields
}

State is the state each peer holds during the handshake

func NewClientState

func NewClientState(appKey []byte, local EdKeyPair, remotePublic ed25519.PublicKey) (*State, error)

NewClientState initializes the state for the client side

func NewServerState

func NewServerState(appKey []byte, local EdKeyPair) (*State, error)

NewServerState initializes the state for the server side

func (*State) GetBoxstreamDecKeys

func (s *State) GetBoxstreamDecKeys() ([32]byte, [24]byte)

GetBoxstreamDecKeys returns the decryption key and nonce suitable for boxstream

func (*State) GetBoxstreamEncKeys

func (s *State) GetBoxstreamEncKeys() ([32]byte, [24]byte)

GetBoxstreamEncKeys returns the encryption key and nonce suitable for boxstream

func (*State) Remote

func (s *State) Remote() []byte

Remote returns the public key of the remote party

Directories

Path Synopsis
internal/extra25519 blatent grep of github.com/agl/ed25519/extra25519 until we have a better solution
tests