ppe

package

v0.0.0-...-03c876f Latest Latest Go to latest Published: Mar 19, 2016 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/artbin/cryptostack

Links

Open Source Insights

README ¶

ppe - peer to peer encryption protocol based on Curve25519

Inspired by curve_tun.

WARNING: This is alpha-code. Do not use it in a project.

This document describes the ppe protocol. It provides cryptographic tunnels over stream transport like TCP and packet transport like UDP in order to build secure communication between endpoints which provide confidentiality and integrity while also providing a certain amount of availability.

The protocol also provides active forward secrecy against attackers. I.e., an attacker who is a man-in-the-middle and has the ability to act and change data. Even in that case, the protocol provides forward secrecy. Naturally, this also means the protocol is safe against a passive adversary.

Build

$ go get github.com/ArtemKulyabin/cryptostack/ppe

Security

A cryptographic system is no more safe than its weakest link.

PROTOCOL.md — describes the protocol design, which owes much, if not everything, to Dan J. Bernstein.

Specific attack vectors:

The specific security considerations and mitigations goes here in the future. System description is not entirely done, and there are parts which have been fully implemented or verified yet.

No way to disable or downgrade encryption: The protocol doesn not allow for any kind of protocol downgrade, either to an earlier variant of the protocol, nor to an earlier or less safe suite of ciphers. The ciphers used are selected by Schwabe, Lange and Bernstein (between 2007–2011) and they are used as-is.

Documentation ¶

Index ¶

func KeyID(pkey []byte) (id []byte, err error)
type ClientPeer
type KeyPair
type KeyPool
- func NewKeyPool() *KeyPool
- func (kp *KeyPool) AddKey(pkey, skey *[32]byte) (err error)
- func (kp KeyPool) GetKeys(id []byte) []KeyPair
type Nonce
- func NewNonce(v []byte) (nonce Nonce, err error)
- func (n Nonce) Read(delta uint32) *[24]byte
type Peer
- func NewClientPeer(tr Transport, w io.Writer, r io.Reader, pkey *[32]byte, skey *[32]byte, ...) Peer
- func NewServerPeer(tr Transport, w io.Writer, r io.Reader, keypool *KeyPool, clientpool *KeyPool) Peer
type ServerPeer
type State
type Transport
type UDPConn
- func NewUDPConn(conn *net.UDPConn, readbuf int) *UDPConn
- func (u *UDPConn) Read(p []byte) (n int, err error)
- func (u *UDPConn) Write(p []byte) (n int, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func KeyID ¶

func KeyID(pkey []byte) (id []byte, err error)

Types ¶

type ClientPeer ¶

type ClientPeer struct {
	C   *[32]byte
	Cs  *[32]byte
	S   *[32]byte
	EC  *[32]byte
	ECs *[32]byte
	// contains filtered or unexported fields
}

func (*ClientPeer) Close ¶

func (peer *ClientPeer) Close() error

func (*ClientPeer) HandShake ¶

func (peer *ClientPeer) HandShake() error

func (*ClientPeer) Read ¶

func (peer *ClientPeer) Read(p []byte) (n int, err error)

func (*ClientPeer) ReadBlock ¶

func (peer *ClientPeer) ReadBlock() (buf []byte, err error)

func (*ClientPeer) State ¶

func (peer *ClientPeer) State() State

func (*ClientPeer) Write ¶

func (peer *ClientPeer) Write(p []byte) (n int, err error)

func (*ClientPeer) WriteBlock ¶

func (peer *ClientPeer) WriteBlock(p []byte) (n int, err error)

type KeyPair ¶

type KeyPair struct {
	Pkey *[32]byte
	Skey *[32]byte
}

type KeyPool ¶

type KeyPool struct {
	// contains filtered or unexported fields
}

func NewKeyPool ¶

func NewKeyPool() *KeyPool

func (*KeyPool) AddKey ¶

func (kp *KeyPool) AddKey(pkey, skey *[32]byte) (err error)

func (KeyPool) GetKeys ¶

func (kp KeyPool) GetKeys(id []byte) []KeyPair

type Nonce ¶

type Nonce struct {
	*big.Int
}

func NewNonce ¶

func NewNonce(v []byte) (nonce Nonce, err error)

func (Nonce) Read ¶

func (n Nonce) Read(delta uint32) *[24]byte

type Peer ¶

type Peer interface {
	io.ReadWriteCloser
	HandShake() error
	State() State
}

func NewClientPeer ¶

func NewClientPeer(tr Transport, w io.Writer, r io.Reader, pkey *[32]byte, skey *[32]byte, serverpkey *[32]byte) Peer

func NewServerPeer ¶

func NewServerPeer(tr Transport, w io.Writer, r io.Reader, keypool *KeyPool, clientpool *KeyPool) Peer

type ServerPeer ¶

type ServerPeer struct {
	S  *[32]byte
	Ss *[32]byte
	C  *[32]byte
	// contains filtered or unexported fields
}

func (*ServerPeer) Close ¶

func (peer *ServerPeer) Close() error

func (*ServerPeer) HandShake ¶

func (peer *ServerPeer) HandShake() error

func (*ServerPeer) Read ¶

func (peer *ServerPeer) Read(p []byte) (n int, err error)

func (*ServerPeer) ReadBlock ¶

func (peer *ServerPeer) ReadBlock() (buf []byte, err error)

func (*ServerPeer) State ¶

func (peer *ServerPeer) State() State

func (*ServerPeer) Write ¶

func (peer *ServerPeer) Write(p []byte) (n int, err error)

func (*ServerPeer) WriteBlock ¶

func (peer *ServerPeer) WriteBlock(p []byte) (n int, err error)

type State ¶

type State struct {
	PeerKey *[32]byte
	AssocID uint32
	Nonce   uint32
}

type Transport ¶

type Transport bool

const (
	Stream Transport = true
	Packet           = false
)

type UDPConn ¶

type UDPConn struct {
	*net.UDPConn
	*net.UDPAddr
	// contains filtered or unexported fields
}

func NewUDPConn ¶

func NewUDPConn(conn *net.UDPConn, readbuf int) *UDPConn

func (*UDPConn) Read ¶

func (u *UDPConn) Read(p []byte) (n int, err error)

func (*UDPConn) Write ¶

func (u *UDPConn) Write(p []byte) (n int, err error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL