Documentation ¶
Index ¶
- Constants
- Variables
- func FingerprintIsEqual(a, b *Fingerprint) bool
- func MakeDefaultVerifierUDP(allowed []*Fingerprint, database TrustDatabase) func(*x509.Certificate, bool) error
- func VerifierAllowAll(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
- func VerifierAllowAllUDP(cert *x509.Certificate, verified bool) error
- type Config
- type Conn
- type Connector
- type DelegatorMessage
- type DelegatorNode
- type Dialer
- type DirectoryClient
- func (a *DirectoryClient) Announce(payload *DirectoryRecordSet) error
- func (a *DirectoryClient) AnnounceAddresses(addresses []string, ttl uint) error
- func (a *DirectoryClient) AnnounceBlob(data []byte, ttl uint) error
- func (a *DirectoryClient) Discover(fingerprint *Fingerprint) (*DirectoryRecordSet, error)
- func (a *DirectoryClient) DiscoverAddresses(fingerprint *Fingerprint) ([]string, error)
- func (a *DirectoryClient) DiscoverBlob(fingerprint *Fingerprint) ([]byte, error)
- func (a *DirectoryClient) DiscoverRelays(fingerprint *Fingerprint) ([]string, error)
- type DirectoryRecordSet
- type Fingerprint
- func FingerprintFromCertificate(cert []byte) (*Fingerprint, error)
- func FingerprintFromNIString(rawFingerprint string) (*Fingerprint, error)
- func FingerprintFromPublicKey(pubKey crypto.PublicKey) (*Fingerprint, error)
- func FingerprintFromPublicKeyDER(pubKey []byte) (*Fingerprint, error)
- func FingerprintFromRawNI(niURL *ni.URL) (*Fingerprint, error)
- type Listener
- type MemoryDB
- type RelayClient
- type RelayMessage
- type RelayNode
- type SEPVerifier
- type TCPConn
- func (c *TCPConn) Close() error
- func (c *TCPConn) LocalAddr() net.Addr
- func (c *TCPConn) LocalFingerprint() *Fingerprint
- func (c *TCPConn) RawConnection() net.Conn
- func (c *TCPConn) Read(b []byte) (int, error)
- func (c *TCPConn) RemoteAddr() net.Addr
- func (c *TCPConn) RemoteFingerprint() *Fingerprint
- func (c *TCPConn) SetDeadline(t time.Time) error
- func (c *TCPConn) SetReadDeadline(t time.Time) error
- func (c *TCPConn) SetWriteDeadline(t time.Time) error
- func (c *TCPConn) Write(b []byte) (int, error)
- type TrustDatabase
- type TrustManager
- type UDPConn
- func (c *UDPConn) Close() error
- func (c *UDPConn) LocalAddr() net.Addr
- func (c *UDPConn) LocalFingerprint() *Fingerprint
- func (c *UDPConn) RawConnection() net.Conn
- func (c *UDPConn) Read(b []byte) (int, error)
- func (c *UDPConn) RemoteAddr() net.Addr
- func (c *UDPConn) RemoteFingerprint() *Fingerprint
- func (c *UDPConn) SetDeadline(t time.Time) error
- func (c *UDPConn) SetReadDeadline(t time.Time) error
- func (c *UDPConn) SetWriteDeadline(t time.Time) error
- func (c *UDPConn) Write(b []byte) (int, error)
Constants ¶
const ( // flags == 0 means default, ergo all connectors are enabled ConnectorFlagDefault = iota ConnectorFlagDialDirect ConnectorFlagListenDirect ConnectorFlagDialRelay ConnectorFlagListenRelay )
const ( DelegMsgTypeDelegate = iota DelegMsgTypeSubscribe DelegMsgTypeAddPeer DelegMsgTypeDelPeer DelegMsgTypeFinish DelegMsgTypeACK DelegMsgTypeNACK DelegMsgTypePing )
const ( RelayMsgTypeRequest = iota RelayMsgTypeExpose RelayMsgTypePing RelayMsgTypePong RelayMsgTypeAck RelayMsgTypeNack )
const DefaultFingerprintSuite = "sha3-256"
Variables ¶
Functions ¶
func FingerprintIsEqual ¶
func FingerprintIsEqual(a, b *Fingerprint) bool
FingerprintIsEqual checks whether two fingerprints are identical. The check is based on the hash of the public key and the used algorithm. This means two fingerprints based on the same public key but with different domains are considered identical. Different NI strings can also be identical due to Base64 encoding.
func MakeDefaultVerifierUDP ¶
func MakeDefaultVerifierUDP(allowed []*Fingerprint, database TrustDatabase) func(*x509.Certificate, bool) error
XXX: The prototypes are different, that's why these guys are needed…
func VerifierAllowAll ¶
func VerifierAllowAll(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
func VerifierAllowAllUDP ¶
func VerifierAllowAllUDP(cert *x509.Certificate, verified bool) error
XXX: The prototypes are different, that's why these guys are needed…
Types ¶
type Config ¶
type Config struct { TLSConfig *tls.Config DTLSConfig *dtls.Config AllowedPeers []*Fingerprint TrustDB TrustDatabase Directory *DirectoryClient }
type Conn ¶
type Conn interface { net.Conn RawConnection() net.Conn RemoteFingerprint() *Fingerprint LocalFingerprint() *Fingerprint }
type Connector ¶
type Connector struct { Config Config Relay *Fingerprint ListenAddr string Flags int // contains filtered or unexported fields }
type DelegatorMessage ¶
type DelegatorNode ¶
type DelegatorNode struct { Conn Conn Encoder *cbor.Encoder Decoder *cbor.Decoder }
func NewDelegatorNode ¶
func NewDelegatorNode(conn Conn) *DelegatorNode
func (*DelegatorNode) AcceptDelegate ¶
func (c *DelegatorNode) AcceptDelegate() error
func (*DelegatorNode) Close ¶
func (c *DelegatorNode) Close() error
func (*DelegatorNode) Delegate ¶
func (c *DelegatorNode) Delegate() error
func (*DelegatorNode) Fetch ¶
func (c *DelegatorNode) Fetch(db TrustDatabase) error
func (*DelegatorNode) Finish ¶
func (c *DelegatorNode) Finish() error
func (*DelegatorNode) PushFingerprint ¶
func (c *DelegatorNode) PushFingerprint(fp *Fingerprint, valid time.Time) error
type DirectoryClient ¶
type DirectoryClient struct { AnnounceEndpoint string // contains filtered or unexported fields }
func NewDirectoryClient ¶
func NewDirectoryClient(addr string, config *tls.Config) *DirectoryClient
NewDirectoryClient creates a new type DirectoryClient with default settings
func (*DirectoryClient) Announce ¶
func (a *DirectoryClient) Announce(payload *DirectoryRecordSet) error
Announce serves as universal function call for announcing a given record set. Depending on the AnnounceFlags set different schemes are executed simultaneously.
func (*DirectoryClient) AnnounceAddresses ¶
func (a *DirectoryClient) AnnounceAddresses(addresses []string, ttl uint) error
AnnounceAddresses is a helper function that wraps the more generic Announce()
func (*DirectoryClient) AnnounceBlob ¶
func (a *DirectoryClient) AnnounceBlob(data []byte, ttl uint) error
AnnounceBlob is a helper function that wraps the more generic Announce()
func (*DirectoryClient) Discover ¶
func (a *DirectoryClient) Discover(fingerprint *Fingerprint) (*DirectoryRecordSet, error)
func (*DirectoryClient) DiscoverAddresses ¶
func (a *DirectoryClient) DiscoverAddresses(fingerprint *Fingerprint) ([]string, error)
DiscoverAddresses is a helper function that wraps the more generic Discover().
func (*DirectoryClient) DiscoverBlob ¶
func (a *DirectoryClient) DiscoverBlob(fingerprint *Fingerprint) ([]byte, error)
DiscoverBlob is a helper function that wraps the more generic discoverViaHTTPS().
func (*DirectoryClient) DiscoverRelays ¶
func (a *DirectoryClient) DiscoverRelays(fingerprint *Fingerprint) ([]string, error)
DiscoverRelays is a helper function that wraps the more generic Discover().
type DirectoryRecordSet ¶
type DirectoryRecordSet struct { Addresses []string `json:"addresses,omitempty"` Relays []string `json:"relay,omitempty"` Blob []byte `json:"blob,omitempty"` PubKey []byte `json:"pubkey"` TTL uint `json:"ttl"` Timestamp time.Time `json:"timestamp"` Signature []byte `json:"signature"` Version uint `json:"version"` }
func (*DirectoryRecordSet) CheckSignature ¶
func (a *DirectoryRecordSet) CheckSignature(fingerprint *Fingerprint) (bool, error)
CheckSignature verifies the integrity and authenticity of a DirectoryPayload by validating the signature of the payload and checking whether the key used for signing matches the given fingerprint.
func (*DirectoryRecordSet) Fingerprint ¶
func (rs *DirectoryRecordSet) Fingerprint() (*Fingerprint, error)
Fingerprint returns the canonical fingerprint which is associated with this RecordSet instance. It errors out if the PubKey record is empty or invalid. The returned fingerprint is always canonical.
func (*DirectoryRecordSet) Pretty ¶
func (a *DirectoryRecordSet) Pretty() string
Pretty generates a nice, human readable representation of the RecordSet. This is useful for debugging.
func (*DirectoryRecordSet) Sign ¶
func (a *DirectoryRecordSet) Sign(privateKey crypto.PrivateKey) error
Sign appends a base64-encoded signature, current timestamp and public key to the DirectoryPayload. The signature consists of the following data; | means concatenation, binary data must be converted to base64 strings first.
SHA3-256(Addresses | Delegators | Relays | Blob | TTL | Timestamp | PubKey)
type Fingerprint ¶
func FingerprintFromCertificate ¶
func FingerprintFromCertificate(cert []byte) (*Fingerprint, error)
FingerprintFromCertificate transforms a TLS certificate to a DER-encoded public key and calls FingerprintFromPublicKey.
func FingerprintFromNIString ¶
func FingerprintFromNIString(rawFingerprint string) (*Fingerprint, error)
FingerprintFromNIString parses an NI string to type fingerprint.
func FingerprintFromPublicKey ¶
func FingerprintFromPublicKey(pubKey crypto.PublicKey) (*Fingerprint, error)
func FingerprintFromPublicKeyDER ¶
func FingerprintFromPublicKeyDER(pubKey []byte) (*Fingerprint, error)
FingerprintFromPublicKey transforms a DER-encoded public key to a fingerprint. This is done by hashing the public key with the specified suite and inserting the given authority.
func FingerprintFromRawNI ¶
func FingerprintFromRawNI(niURL *ni.URL) (*Fingerprint, error)
FingerprintFromRawNI transforms an NI URL to type fingerprint.
func (*Fingerprint) Canonical ¶
func (fp *Fingerprint) Canonical() string
Canonical returns a string representation of the Fingerprint with an empty authority. This form is intended to be used internally e.g. for map or database keys, since the authority carries no relevant information for authentication.
func (*Fingerprint) FQDN ¶
func (fp *Fingerprint) FQDN() string
FQDN returns the Fully Qualified Domain Name representation of a fingerprint. For this purpose the byte representation of the fingerprint is reversed and prepended to the authority.
func (*Fingerprint) Short ¶
func (fp *Fingerprint) Short() string
Short returns a short string describing the node. Useful for logs.
func (*Fingerprint) WellKnownURI ¶
func (fp *Fingerprint) WellKnownURI() string
WellKnownURI returns the WellKnown representation of a fingerprint. This translates to the representation given in RCF6920, Section 4, with the addition that https is used instead of http.
type MemoryDB ¶
type MemoryDB struct {
// contains filtered or unexported fields
}
func NewMemoryDB ¶
func NewMemoryDB() *MemoryDB
func (*MemoryDB) AddPeer ¶
func (db *MemoryDB) AddPeer(fingerprint *Fingerprint, ttl time.Duration) error
func (*MemoryDB) DelPeer ¶
func (db *MemoryDB) DelPeer(fingerprint *Fingerprint) error
func (*MemoryDB) IsTrusted ¶
func (db *MemoryDB) IsTrusted(fingerprint *Fingerprint) bool
type RelayClient ¶
type RelayClient struct {
// contains filtered or unexported fields
}
func NewRelayClient ¶
func NewRelayClient(relay *Fingerprint, config Config) (RelayClient, error)
func (*RelayClient) Accept ¶
func (c *RelayClient) Accept() (Conn, error)
func (*RelayClient) Close ¶
func (c *RelayClient) Close() error
func (*RelayClient) Dial ¶
func (c *RelayClient) Dial(target *Fingerprint) (Conn, error)
type RelayMessage ¶
type RelayMessage struct { Type byte Version byte Initiator string Target string TTL uint16 Timestamp time.Time PubKey []byte Signature []byte }
func (*RelayMessage) CheckSignature ¶
func (m *RelayMessage) CheckSignature(fingerprint *Fingerprint) (bool, error)
func (*RelayMessage) Sign ¶
func (m *RelayMessage) Sign(privateKey crypto.PrivateKey) error
SHA3-256(Type | Initiator | Target | Timestamp | PubKey)
type RelayNode ¶
type RelayNode struct { Conn Conn Encoder *cbor.Encoder Decoder *cbor.Decoder Keypair tls.Certificate Trusted []*Fingerprint }
func (*RelayNode) Recv ¶
func (r *RelayNode) Recv() (RelayMessage, error)
func (*RelayNode) RecvFrom ¶
func (r *RelayNode) RecvFrom(from *Fingerprint) (RelayMessage, error)
func (*RelayNode) RecvRaw ¶
func (r *RelayNode) RecvRaw() (RelayMessage, error)
func (*RelayNode) Send ¶
func (r *RelayNode) Send(msg RelayMessage) error
DoRequest is a low level message primitive. It is used to implement relay clients.
func (*RelayNode) SendRaw ¶
func (r *RelayNode) SendRaw(msg RelayMessage) error
type SEPVerifier ¶
type SEPVerifier func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
func MakeDefaultVerifier ¶
func MakeDefaultVerifier(allowed []*Fingerprint, database TrustDatabase) SEPVerifier
type TCPConn ¶
type TCPConn struct {
// contains filtered or unexported fields
}
func (*TCPConn) LocalFingerprint ¶
func (c *TCPConn) LocalFingerprint() *Fingerprint
func (*TCPConn) RawConnection ¶
func (*TCPConn) RemoteAddr ¶
func (*TCPConn) RemoteFingerprint ¶
func (c *TCPConn) RemoteFingerprint() *Fingerprint
type TrustDatabase ¶
type TrustDatabase interface { AddPeer(fingerprint *Fingerprint, ttl time.Duration) error DelPeer(fingerprint *Fingerprint) error IsTrusted(fingerprint *Fingerprint) bool }
type TrustManager ¶
type TrustManager struct { Delegator *Fingerprint Dialer Dialer DB TrustDatabase }
func (*TrustManager) UpdateTrust ¶
func (m *TrustManager) UpdateTrust() error
type UDPConn ¶
type UDPConn struct {
// contains filtered or unexported fields
}
func (*UDPConn) LocalFingerprint ¶
func (c *UDPConn) LocalFingerprint() *Fingerprint
func (*UDPConn) RawConnection ¶
func (*UDPConn) RemoteAddr ¶
func (*UDPConn) RemoteFingerprint ¶
func (c *UDPConn) RemoteFingerprint() *Fingerprint