README
¶
go-libp2p-secio
go-libp2p's secio encrypted transport
Package go-libp2p-secio is a libp2p stream security transport. Connections wrapped by secio use secure sessions provided by this package to encrypt all traffic. A TLS-like handshake is used to setup the communication channel.
Install
go-libp2p-secio is a standard Go module which can be installed with:
go get github.com/libp2p/go-libp2p-secio
This repo is gomod-compatible, and users of
go 1.11 and later with modules enabled will automatically pull the latest tagged release
by referencing this package. Upgrades to future releases can be managed using go get,
or by editing your go.mod file as described by the gomod documentation.
Usage
For more information about how go-libp2p-secio is used in the libp2p context, you can see the go-libp2p-conn module.
Contribute
Feel free to join in. All welcome. Open an issue!
This repository falls under the IPFS Code of Conduct.
Want to hack on IPFS?
License
MIT
The last gx published version of this module was: 2.0.30: QmSVaJe1aRjc78cZARTtf4pqvXERYwihyYhZWoVWceHnsK
Documentation
¶
Overview ¶
Package secio is used to encrypt `go-libp2p-conn` connections. Connections wrapped by secio use secure sessions provided by this package to encrypt all traffic. A TLS-like handshake is used to setup the communication channel.
Index ¶
Constants ¶
const DefaultSupportedCiphers = "AES-256,AES-128"
const DefaultSupportedExchanges = "P-256,P-384,P-521"
const DefaultSupportedHashes = "SHA256,SHA512"
const ID = "/secio/1.0.0"
ID is secio's protocol ID (used when negotiating with multistream)
Variables ¶
var ErrBadSig = errors.New("bad signature")
ErrBadSig signals that the peer sent us a handshake packet with a bad signature.
var ErrClosed = errors.New("connection closed")
ErrClosed signals the closing of a connection.
var ErrEcho = errors.New("same keys and nonces. one side talking to self")
ErrEcho is returned when we're attempting to handshake with the same keys and nonces.
var ErrMACInvalid = errors.New("MAC verification failed")
ErrMACInvalid signals that a MAC verification failed
var ErrUnsupportedKeyType = errors.New("unsupported key type")
ErrUnsupportedKeyType is returned when a private key cast/type switch fails.
var ErrWrongPeer = errors.New("connected to wrong peer")
ErrWrongPeer is returned when we attempt to handshake with the wrong peer.
var HandshakeTimeout = time.Second * 30
HandshakeTimeout governs how long the handshake will be allowed to take place for. Making this number large means there could be many bogus connections waiting to timeout in flight. Typical handshakes take ~3RTTs, so it should be completed within seconds across a typical planet in the solar system.
var SupportedCiphers = DefaultSupportedCiphers
SupportedCiphers is the list of supported Ciphers
var SupportedExchanges = DefaultSupportedExchanges
SupportedExchanges is the list of supported ECDH curves
var SupportedHashes = DefaultSupportedHashes
SupportedHashes is the list of supported Hashes
Functions ¶
func NewETMReader ¶
NewETMReader Encrypt-Then-MAC
func NewETMWriter ¶
NewETMWriter Encrypt-Then-MAC
func SetPermissionedSecureTransport ¶
func SetPermissionedSecureTransport(pid permLayer.PermissionLayerID) (s interface{})
Types ¶
type Transport ¶
type Transport struct {
LocalID peer.ID
PrivateKey ci.PrivKey
PermissionLayer permLayer.PermissionLayer
}
SessionGenerator constructs secure communication sessions for a peer.
Source Files
Directories