Documentation

Overview

    Package secrethandshake is a Go implementation of Dominic Tarr's secret-handshake: https://github.com/auditdrivencrypto/secret-handshake
    

    Two instances of go-shs can secretly shake hands over a connection.

    The implementation is compatible with the JS implementation. Run `npm ci && go test -tags interop_nodejs`.

    Index

    Constants

    View Source
    const ChallengeLength = 64

      ChallengeLength is the length of a challenge message in bytes

      View Source
      const ClientAuthLength = 16 + 32 + 64

        ClientAuthLength is the length of a clientAuth message in bytes

        View Source
        const MACLength = 16

          MACLength is the length of a MAC in bytes

          View Source
          const ServerAuthLength = 16 + 64

            ServerAuthLength is the length of a serverAuth message in bytes

            Variables

            View Source
            var ErrInvalidKeyPair = fmt.Errorf("secrethandshake/NewKeyPair: invalid public key")

            Functions

            func Client

            func Client(state *State, conn io.ReadWriter) (err error)

              Client shakes hands using the cryptographic identity specified in s using conn in the client role

              func Server

              func Server(state *State, conn io.ReadWriter) (err error)

                Server shakes hands using the cryptographic identity specified in s using conn in the server role

                Types

                type CurveKeyPair

                type CurveKeyPair struct {
                	Public [32]byte
                	Secret [32]byte
                }

                  CurveKeyPair is a keypair for use with github.com/agl/ed25519

                  type EdKeyPair

                  type EdKeyPair struct {
                  	Public ed25519.PublicKey
                  	Secret ed25519.PrivateKey
                  }

                    EdKeyPair is a keypair for use with github.com/agl/ed25519

                    func GenEdKeyPair

                    func GenEdKeyPair(r io.Reader) (*EdKeyPair, error)

                      GenEdKeyPair generates a ed25519 keyPair using the passed reader if r == nil it uses crypto/rand.Reader

                      func NewKeyPair

                      func NewKeyPair(public, secret []byte) (*EdKeyPair, error)

                      type ErrEncoding

                      type ErrEncoding struct {
                      	// contains filtered or unexported fields
                      }

                      func (ErrEncoding) Error

                      func (e ErrEncoding) Error() string

                      func (ErrEncoding) Unwrap

                      func (e ErrEncoding) Unwrap() error

                        Unwrap returns the cause

                        type ErrKeySize

                        type ErrKeySize struct {
                        	// contains filtered or unexported fields
                        }

                        func (ErrKeySize) Error

                        func (eks ErrKeySize) Error() string

                        type ErrProcessing

                        type ErrProcessing struct {
                        	// contains filtered or unexported fields
                        }

                          ErrProcessing is returned if I/O fails during the handshake TODO: supply Unwrap() for cause?

                          func (ErrProcessing) Error

                          func (e ErrProcessing) Error() string

                          func (ErrProcessing) Unwrap

                          func (e ErrProcessing) Unwrap() error

                            Unwrap returns the cause

                            type ErrProtocol

                            type ErrProtocol struct {
                            	// contains filtered or unexported fields
                            }

                            func (ErrProtocol) Error

                            func (e ErrProtocol) Error() string

                            type State

                            type State struct {
                            	// contains filtered or unexported fields
                            }

                              State is the state each peer holds during the handshake

                              func NewClientState

                              func NewClientState(appKey []byte, local EdKeyPair, remotePublic ed25519.PublicKey) (*State, error)

                                NewClientState initializes the state for the client side

                                func NewServerState

                                func NewServerState(appKey []byte, local EdKeyPair) (*State, error)

                                  NewServerState initializes the state for the server side

                                  func (*State) GetBoxstreamDecKeys

                                  func (s *State) GetBoxstreamDecKeys() ([32]byte, [24]byte)

                                    GetBoxstreamDecKeys returns the decryption key and nonce suitable for boxstream

                                    func (*State) GetBoxstreamEncKeys

                                    func (s *State) GetBoxstreamEncKeys() ([32]byte, [24]byte)

                                      GetBoxstreamEncKeys returns the encryption key and nonce suitable for boxstream

                                      func (*State) Remote

                                      func (s *State) Remote() []byte

                                        Remote returns the public key of the remote party

                                        Directories

                                        Path Synopsis
                                        internal
                                        extra25519
                                        blatent grep of github.com/agl/ed25519/extra25519 until we have a better solution
                                        blatent grep of github.com/agl/ed25519/extra25519 until we have a better solution