Documentation ¶
Overview ¶
Package wormhole implements a signalling protocol to establish password protected WebRTC connections between peers.
WebRTC uses DTLS-SRTP (https://tools.ietf.org/html/rfc5764) to secure its data. The mechanism it uses to exchange keys relies on exchanging metadata that includes both endpoints' certificate fingerprints via some trusted channel, typically a signalling server over https and websockets. More in RFC5763 (https://tools.ietf.org/html/rfc5763).
This package removes the signalling server from the trust model by using a PAKE to estabish the authenticity of the WebRTC metadata. In other words, it's a clone of Magic Wormhole made to use WebRTC as the transport.
The protocol requires a signalling server that facilitates exchanging arbitrary messages via a slot system. The server subcommand of the gowormhole tool is an implementation of this over WebSockets.
Rough sketch of the handshake:
Peer Signalling Server Peer ----open------------------> | <---new_slot,TURN_ticket--- | | <------------------open---- | ------------TURN_ticket---> <---------------------------|--------------pake_msg_a---- ----pake_msg_b--------------|---------------------------> ----sbox(offer)-------------|---------------------------> <---------------------------|------------sbox(answer)---- ----sbox(candidates...)-----|---------------------------> <---------------------------|-----sbox(candidates...)----
Index ¶
Constants ¶
const ( // CloseNoSuchSlot is the WebSocket status returned if the slot is not valid. CloseNoSuchSlot = 4000 + iota // CloseSlotTimedOut is the WebSocket status returned when the slot times out. CloseSlotTimedOut // CloseNoMoreSlots is the WebSocket status returned when the signalling server // cannot allocate any new slots at the time. CloseNoMoreSlots // CloseWrongProto is the WebSocket status returned when the signalling server // runs a different version of the signalling protocol. CloseWrongProto // ClosePeerHungUp is the WebSocket status returned when the peer has closed // its connection. ClosePeerHungUp // CloseBadKey is the WebSocket status returned when the peer has closed its // connection because the key it derived is bad. CloseBadKey // CloseWebRTCSuccess indicates a WebRTC connection was successful. CloseWebRTCSuccess // CloseWebRTCSuccessDirect indicates a WebRTC connection was successful and we // know it's peer-to-peer. CloseWebRTCSuccessDirect // CloseWebRTCSuccessRelay indicates a WebRTC connection was successful and we // know it's going via a relay. CloseWebRTCSuccessRelay // CloseWebRTCFailed we couldn't establish a WebRTC connection. CloseWebRTCFailed )
const Protocol = "4"
Protocol is an identifier for the current signalling scheme. It's intended to help clients print a friendlier message urging them to upgrade if the signalling server has a different version.
Variables ¶
var ( // ErrBadVersion is returned when the signalling server runs an incompatible // version of the signalling protocol. ErrBadVersion = errors.New("bad version") // ErrBadKey is returned when the peer on the same slot uses a different password. ErrBadKey = errors.New("bad key") // ErrTimedOut indicates signalling has timed out. ErrTimedOut = errors.New("timed out") )
var Verbose = false
Verbose logging.
Functions ¶
This section is empty.
Types ¶
type InitMsg ¶
type InitMsg struct { Mode SlotItemMode `json:"exists,omitempty"` Slot string `json:"slot,omitempty"` ICEServers []webrtc.ICEServer `json:"iceServers,omitempty"` }
type SlotItemMode ¶
type SlotItemMode int
const ( ModeNone SlotItemMode = iota // 当前 Slot 为保留(预先生成 code 专用) ModePeer1 // 当前 Slot 已经有一方与信令服务器建立 WebSocket 连接 ModePeer2 // 当前 Slot 已经有两方与信令服务器建立 WebSocket 连接 )
func (SlotItemMode) String ¶
func (mode SlotItemMode) String() string
type Timeouts ¶
type Timeouts struct { DisconnectedTimeout util.Duration `json:"disconnectedTimeout" default:"5s"` FailedTimeout util.Duration `json:"failedTimeout" default:"10s"` KeepAliveInterval util.Duration `json:"keepAliveInterval" default:"2s"` // CloseTimeout set the timeout for the closing, see Wormhole.Close CloseTimeout util.Duration `json:"closeTimeout" default:"10s"` // RwTimeout set the read/write timeout for data channel io. RwTimeout util.Duration `json:"rwTimeout" default:"10s"` }
type Wormhole ¶
type Wormhole struct { // code for the current Code string Timeouts *Timeouts // contains filtered or unexported fields }
A Wormhole is a WebRTC connection established via the WebWormhole signalling protocol. It is wraps webrtc.PeerConnection and webrtc.DataChannel.
BUG(s): A PeerConnection established via Wormhole will always have a DataChannel created for it, with the name "data" and id 0.
func (*Wormhole) Close ¶
Close attempts to flush the DataChannel buffers then close it and its PeerConnection.
func (*Wormhole) IsRelay ¶
IsRelay returns whether the peer connection is over a TURN relay server or not.
Notes ¶
Bugs ¶
A PeerConnection established via Wormhole will always have a DataChannel created for it, with the name "data" and id 0.