sep

package module
v0.0.0-...-69611cc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2020 License: GPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// flags == 0 means default, ergo all connectors are enabled
	ConnectorFlagDefault = iota
	ConnectorFlagDialDirect
	ConnectorFlagListenDirect
	ConnectorFlagDialRelay
	ConnectorFlagListenRelay
)
View Source 
const (
	DelegMsgTypeDelegate = iota
	DelegMsgTypeSubscribe
	DelegMsgTypeAddPeer
	DelegMsgTypeDelPeer
	DelegMsgTypeFinish
	DelegMsgTypeACK
	DelegMsgTypeNACK
	DelegMsgTypePing
)
View Source 
const (
	RelayMsgTypeRequest = iota
	RelayMsgTypeExpose
	RelayMsgTypePing
	RelayMsgTypePong
	RelayMsgTypeAck
	RelayMsgTypeNack
)
View Source 
const DefaultFingerprintSuite = "sha3-256"

Variables

View Source 
var (
	Logger        = rlog.NewLogger(ioutil.Discard)
	ErrInvalidKey = errors.New("invalid key: only ed25519 keys are supported")
)

Functions

func FingerprintIsEqual 

func FingerprintIsEqual(a, b *Fingerprint) bool

FingerprintIsEqual checks whether two fingerprints are identical. The check is based on the hash of the public key and the used algorithm. This means two fingerprints based on the same public key but with different domains are considered identical. Different NI strings can also be identical due to Base64 encoding.

func MakeDefaultVerifierUDP 

func MakeDefaultVerifierUDP(allowed []*Fingerprint, database TrustDatabase) func(*x509.Certificate, bool) error

XXX: The prototypes are different, that's why these guys are needed…

func VerifierAllowAll 

func VerifierAllowAll(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

func VerifierAllowAllUDP 

func VerifierAllowAllUDP(cert *x509.Certificate, verified bool) error

XXX: The prototypes are different, that's why these guys are needed…

Types

type Config 

type Config struct {
	TLSConfig    *tls.Config
	DTLSConfig   *dtls.Config
	AllowedPeers []*Fingerprint
	TrustDB      TrustDatabase
	Directory    *DirectoryClient
}

func (*Config) Clone 

func (c *Config) Clone() Config

type Conn 

type Conn interface {
	net.Conn
	RawConnection() net.Conn
	RemoteFingerprint() *Fingerprint
	LocalFingerprint() *Fingerprint
}

type Connector 

type Connector struct {
	Config     Config
	Relay      *Fingerprint
	ListenAddr string
	Flags      int
	// contains filtered or unexported fields
}

func (*Connector) Connect 

func (c *Connector) Connect(target *Fingerprint, timeout time.Duration) (Conn, error)

type DelegatorMessage 

type DelegatorMessage struct {
	Type       byte
	Peer       string
	ValidUntil string
}

type DelegatorNode 

type DelegatorNode struct {
	Conn    Conn
	Encoder *cbor.Encoder
	Decoder *cbor.Decoder
}

func NewDelegatorNode 

func NewDelegatorNode(conn Conn) *DelegatorNode

func (*DelegatorNode) AcceptDelegate 

func (c *DelegatorNode) AcceptDelegate() error

func (*DelegatorNode) Close 

func (c *DelegatorNode) Close() error

func (*DelegatorNode) Delegate 

func (c *DelegatorNode) Delegate() error

func (*DelegatorNode) Fetch 

func (c *DelegatorNode) Fetch(db TrustDatabase) error

func (*DelegatorNode) Finish 

func (c *DelegatorNode) Finish() error

func (*DelegatorNode) PushFingerprint 

func (c *DelegatorNode) PushFingerprint(fp *Fingerprint, valid time.Time) error

type Dialer 

type Dialer interface {
	DialTimeout(network, target string, timeout time.Duration) (Conn, error)
}

func NewDialer 

func NewDialer(transport string, config Config) (Dialer, error)

type DirectoryClient 

type DirectoryClient struct {
	AnnounceEndpoint string
	// contains filtered or unexported fields
}

func NewDirectoryClient 

func NewDirectoryClient(addr string, config *tls.Config) *DirectoryClient

NewDirectoryClient creates a new type DirectoryClient with default settings

func (*DirectoryClient) Announce 

func (a *DirectoryClient) Announce(payload *DirectoryRecordSet) error

Announce serves as universal function call for announcing a given record set. Depending on the AnnounceFlags set different schemes are executed simultaneously.

func (*DirectoryClient) AnnounceAddresses 

func (a *DirectoryClient) AnnounceAddresses(addresses []string, ttl uint) error

AnnounceAddresses is a helper function that wraps the more generic Announce()

func (*DirectoryClient) AnnounceBlob 

func (a *DirectoryClient) AnnounceBlob(data []byte, ttl uint) error

AnnounceBlob is a helper function that wraps the more generic Announce()

func (*DirectoryClient) Discover 

func (a *DirectoryClient) Discover(fingerprint *Fingerprint) (*DirectoryRecordSet, error)

func (*DirectoryClient) DiscoverAddresses 

func (a *DirectoryClient) DiscoverAddresses(fingerprint *Fingerprint) ([]string, error)

DiscoverAddresses is a helper function that wraps the more generic Discover().

func (*DirectoryClient) DiscoverBlob 

func (a *DirectoryClient) DiscoverBlob(fingerprint *Fingerprint) ([]byte, error)

DiscoverBlob is a helper function that wraps the more generic discoverViaHTTPS().

func (*DirectoryClient) DiscoverRelays 

func (a *DirectoryClient) DiscoverRelays(fingerprint *Fingerprint) ([]string, error)

DiscoverRelays is a helper function that wraps the more generic Discover().

type DirectoryRecordSet 

type DirectoryRecordSet struct {
	Addresses []string  `json:"addresses,omitempty"`
	Relays    []string  `json:"relay,omitempty"`
	Blob      []byte    `json:"blob,omitempty"`
	PubKey    []byte    `json:"pubkey"`
	TTL       uint      `json:"ttl"`
	Timestamp time.Time `json:"timestamp"`
	Signature []byte    `json:"signature"`
	Version   uint      `json:"version"`
}

func (*DirectoryRecordSet) CheckSignature 

func (a *DirectoryRecordSet) CheckSignature(fingerprint *Fingerprint) (bool, error)

CheckSignature verifies the integrity and authenticity of a DirectoryPayload by validating the signature of the payload and checking whether the key used for signing matches the given fingerprint.

func (*DirectoryRecordSet) Fingerprint 

func (rs *DirectoryRecordSet) Fingerprint() (*Fingerprint, error)

Fingerprint returns the canonical fingerprint which is associated with this RecordSet instance. It errors out if the PubKey record is empty or invalid. The returned fingerprint is always canonical.

func (*DirectoryRecordSet) Pretty 

func (a *DirectoryRecordSet) Pretty() string

Pretty generates a nice, human readable representation of the RecordSet. This is useful for debugging.

func (*DirectoryRecordSet) Sign 

func (a *DirectoryRecordSet) Sign(privateKey crypto.PrivateKey) error

Sign appends a base64-encoded signature, current timestamp and public key to the DirectoryPayload. The signature consists of the following data; | means concatenation, binary data must be converted to base64 strings first. 

SHA3-256(Addresses | Delegators | Relays | Blob | TTL | Timestamp | PubKey)

type Fingerprint 

type Fingerprint struct {
	*ni.URL
}

func FingerprintFromCertificate 

func FingerprintFromCertificate(cert []byte) (*Fingerprint, error)

FingerprintFromCertificate transforms a TLS certificate to a DER-encoded public key and calls FingerprintFromPublicKey.

func FingerprintFromNIString 

func FingerprintFromNIString(rawFingerprint string) (*Fingerprint, error)

FingerprintFromNIString parses an NI string to type fingerprint.

func FingerprintFromPublicKey 

func FingerprintFromPublicKey(pubKey crypto.PublicKey) (*Fingerprint, error)

func FingerprintFromPublicKeyDER 

func FingerprintFromPublicKeyDER(pubKey []byte) (*Fingerprint, error)

FingerprintFromPublicKey transforms a DER-encoded public key to a fingerprint. This is done by hashing the public key with the specified suite and inserting the given authority.

func FingerprintFromRawNI 

func FingerprintFromRawNI(niURL *ni.URL) (*Fingerprint, error)

FingerprintFromRawNI transforms an NI URL to type fingerprint.

func (*Fingerprint) Canonical 

func (fp *Fingerprint) Canonical() string

Canonical returns a string representation of the Fingerprint with an empty authority. This form is intended to be used internally e.g. for map or database keys, since the authority carries no relevant information for authentication.

func (*Fingerprint) FQDN 

func (fp *Fingerprint) FQDN() string

FQDN returns the Fully Qualified Domain Name representation of a fingerprint. For this purpose the byte representation of the fingerprint is reversed and prepended to the authority.

func (*Fingerprint) Short 

func (fp *Fingerprint) Short() string

Short returns a short string describing the node. Useful for logs.

func (*Fingerprint) WellKnownURI 

func (fp *Fingerprint) WellKnownURI() string

WellKnownURI returns the WellKnown representation of a fingerprint. This translates to the representation given in RCF6920, Section 4, with the addition that https is used instead of http.

type Listener 

type Listener interface {
	Accept() (Conn, error)
	Close() error
	Addr() net.Addr
}

func Listen 

func Listen(network, address string, config Config) (Listener, error)

type MemoryDB 

type MemoryDB struct {
	// contains filtered or unexported fields
}

func NewMemoryDB 

func NewMemoryDB() *MemoryDB

func (*MemoryDB) AddPeer 

func (db *MemoryDB) AddPeer(fingerprint *Fingerprint, ttl time.Duration) error

func (*MemoryDB) DelPeer 

func (db *MemoryDB) DelPeer(fingerprint *Fingerprint) error

func (*MemoryDB) IsTrusted 

func (db *MemoryDB) IsTrusted(fingerprint *Fingerprint) bool

type RelayClient 

type RelayClient struct {
	// contains filtered or unexported fields
}

func NewRelayClient 

func NewRelayClient(relay *Fingerprint, config Config) (RelayClient, error)

func (*RelayClient) Accept 

func (c *RelayClient) Accept() (Conn, error)

func (*RelayClient) Close 

func (c *RelayClient) Close() error

func (*RelayClient) Dial 

func (c *RelayClient) Dial(target *Fingerprint) (Conn, error)

type RelayMessage 

type RelayMessage struct {
	Type      byte
	Version   byte
	Initiator string
	Target    string
	TTL       uint16
	Timestamp time.Time
	PubKey    []byte
	Signature []byte
}

func (*RelayMessage) CheckSignature 

func (m *RelayMessage) CheckSignature(fingerprint *Fingerprint) (bool, error)

func (*RelayMessage) Sign 

func (m *RelayMessage) Sign(privateKey crypto.PrivateKey) error

SHA3-256(Type | Initiator | Target | Timestamp | PubKey)

type RelayNode 

type RelayNode struct {
	Conn    Conn
	Encoder *cbor.Encoder
	Decoder *cbor.Decoder
	Keypair tls.Certificate
	Trusted []*Fingerprint
}

func (*RelayNode) Recv 

func (r *RelayNode) Recv() (RelayMessage, error)

func (*RelayNode) RecvFrom 

func (r *RelayNode) RecvFrom(from *Fingerprint) (RelayMessage, error)

func (*RelayNode) RecvRaw 

func (r *RelayNode) RecvRaw() (RelayMessage, error)

func (*RelayNode) Send 

func (r *RelayNode) Send(msg RelayMessage) error

DoRequest is a low level message primitive. It is used to implement relay clients.

func (*RelayNode) SendRaw 

func (r *RelayNode) SendRaw(msg RelayMessage) error

type SEPVerifier 

type SEPVerifier func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

func MakeDefaultVerifier 

func MakeDefaultVerifier(allowed []*Fingerprint, database TrustDatabase) SEPVerifier

type TCPConn 

type TCPConn struct {
	// contains filtered or unexported fields
}

func (*TCPConn) Close 

func (c *TCPConn) Close() error

func (*TCPConn) LocalAddr 

func (c *TCPConn) LocalAddr() net.Addr

func (*TCPConn) LocalFingerprint 

func (c *TCPConn) LocalFingerprint() *Fingerprint

func (*TCPConn) RawConnection 

func (c *TCPConn) RawConnection() net.Conn

func (*TCPConn) Read 

func (c *TCPConn) Read(b []byte) (int, error)

func (*TCPConn) RemoteAddr 

func (c *TCPConn) RemoteAddr() net.Addr

func (*TCPConn) RemoteFingerprint 

func (c *TCPConn) RemoteFingerprint() *Fingerprint

func (*TCPConn) SetDeadline 

func (c *TCPConn) SetDeadline(t time.Time) error

func (*TCPConn) SetReadDeadline 

func (c *TCPConn) SetReadDeadline(t time.Time) error

func (*TCPConn) SetWriteDeadline 

func (c *TCPConn) SetWriteDeadline(t time.Time) error

func (*TCPConn) Write 

func (c *TCPConn) Write(b []byte) (int, error)

type TrustDatabase 

type TrustDatabase interface {
	AddPeer(fingerprint *Fingerprint, ttl time.Duration) error
	DelPeer(fingerprint *Fingerprint) error
	IsTrusted(fingerprint *Fingerprint) bool
}

type TrustManager 

type TrustManager struct {
	Delegator *Fingerprint
	Dialer    Dialer
	DB        TrustDatabase
}

func (*TrustManager) UpdateTrust 

func (m *TrustManager) UpdateTrust() error

type UDPConn 

type UDPConn struct {
	// contains filtered or unexported fields
}

func (*UDPConn) Close 

func (c *UDPConn) Close() error

func (*UDPConn) LocalAddr 

func (c *UDPConn) LocalAddr() net.Addr

func (*UDPConn) LocalFingerprint 

func (c *UDPConn) LocalFingerprint() *Fingerprint

func (*UDPConn) RawConnection 

func (c *UDPConn) RawConnection() net.Conn

func (*UDPConn) Read 

func (c *UDPConn) Read(b []byte) (int, error)

func (*UDPConn) RemoteAddr 

func (c *UDPConn) RemoteAddr() net.Addr

func (*UDPConn) RemoteFingerprint 

func (c *UDPConn) RemoteFingerprint() *Fingerprint

func (*UDPConn) SetDeadline 

func (c *UDPConn) SetDeadline(t time.Time) error

func (*UDPConn) SetReadDeadline 

func (c *UDPConn) SetReadDeadline(t time.Time) error

func (*UDPConn) SetWriteDeadline 

func (c *UDPConn) SetWriteDeadline(t time.Time) error

func (*UDPConn) Write 

func (c *UDPConn) Write(b []byte) (int, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.