miniss

package module
v1.0.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 19, 2016 License: ISC Imports: 7 Imported by: 0

README

MiniSS: Mini Secure Sockets

(Read the documentation: https://godoc.org/gopkg.in/bunsim/miniss.v1)

MiniSS is an insanely simple, ridiculously fast, but highly secure secure sockets implementation. It uses triple Diffie-Hellman over Curve25519 elliptic curves to exchange keys, and ChaCha20-Poly1305 to encrypt data within a session. It provides confidentiality and authenticity equivalent to TLS, while providing forward secrecy and deniability at all times. The only dependency is on natrium.

Unlike TLS, MiniSS does not contain any bells and whistles such as heartbeats, session resumption, different choices of ciphers, etc, easing implementation and vastly reducing the attack surface. It is PKI-neutral and does not even contain a certificate mechanism: applications are expected to have their own way of verifying public keys.

MiniSS presents a single interface: Handshake(...), taking in the local end's long-term secret key. Applications should then verify the returned socket for authenticity by means of methods like RemotePK().

All commits on the master branch are cryptographically signed by the PGP key:

bunsim <bunsim@protonmail.com>
4096R/4551108DD0CB1E11E9EBF56351B896CAB3EB3B42

Note on security: One very slight weakening of security of MiniSS compared to TLS is that it does not prevent truncation attacks. However, this is only a concern with application protocols that interpret connection closing as an application-level message, which are highly uncommon nowadays.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Socket 

type Socket struct {
	// contains filtered or unexported fields
}

Socket represents a MiniSS connection; it implements net.Conn but with more methods.

func Handshake 

func Handshake(plain net.Conn, mysk natrium.ECDHPrivate) (sok *Socket, err error)

Handshake upgrades a plaintext socket to a MiniSS socket, given our secret key.

func (*Socket) Close 

func (sk *Socket) Close() error

Close closes the socket.

func (*Socket) LocalAddr 

func (sk *Socket) LocalAddr() net.Addr

LocalAddr returns the local address.

func (*Socket) LocalSK 

func (sk *Socket) LocalSK() natrium.ECDHPrivate

LocalSK returns the local long-term secret key.

func (*Socket) Read 

func (sk *Socket) Read(p []byte) (n int, err error)

Read reads into the given byte slice.

func (*Socket) RemoteAddr 

func (sk *Socket) RemoteAddr() net.Addr

RemoteAddr returns the remote address.

func (*Socket) RemotePK 

func (sk *Socket) RemotePK() natrium.ECDHPublic

RemotePK returns the remote long-term public key.

func (*Socket) SetDeadline 

func (sk *Socket) SetDeadline(t time.Time) error

SetDeadline sets the deadline.

func (*Socket) SetReadDeadline 

func (sk *Socket) SetReadDeadline(t time.Time) error

SetReadDeadline sets the read deadline.

func (*Socket) SetWriteDeadline 

func (sk *Socket) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the write deadline.

func (*Socket) Write 

func (sk *Socket) Write(p []byte) (n int, err error)

Write writes out the given byte slice. No guarantees are made regarding the number of low-level segments sent over the wire.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.