crypto

package
v0.0.0-...-d6eac65 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2020 License: MIT Imports: 13 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	TargetKeyExchangeServer = "crypto.kex-cs"
	TargetKeyExchangeClient = "crypto.kex-cc"
)

Target names the Crypto extension reserves.

View Source 
const (
	// KeyNoCipher is a metadata key, which when set to "true" in a packet causes
	// the Crypto extension to skip that packet.
	KeyNoCrypto = "_no_crypto"
)

Metadata keys for Crypto extension

Variables

View Source 
var Curve = elliptic.P256()

Curve is the elliptic curve used by Crypto.

Functions

This section is empty.

Types

type Crypto 

type Crypto struct {
	// contains filtered or unexported fields
}

Crypto is a cyrptographic extension for a Server/Client. It provides, mainly, the ability to share keys and establish shared secrets. It uses the ECDSA algorithm with (currenly) NIST P-256 for the curve.

Before installation onto a Processor, a key exchange to the server will need to be performed. Due to the transforms that it installs on the in/out data pipelines on a client/server, these pipelines will fail if there is no shared key to the packet destination (when sending) or source (when receiving). To perform a server key exchange, create a packet and use the Crypto.ConfigureKeyExServerPkt method to configure it to target a server key exchange and then use Cryto.ProcessKeyExServer method to process the response, which when successful, will add the key to the internal key store, after which the pipelines will be unblocked.

func ConfigureClient 

func ConfigureClient(client client.Client, svrAddr string, pkt packet.Packet) (*Crypto, error)

ConfigureClient secures the given client by installing the Crypto extension on it (to which a pointer is returned). It then performs a key exchange with svrAddr. If successful, the connection between the server and the returned client will be secure i.e. packets sent between the server and the client will be encrypted with AES, using a shared key generated using ECDH. The `pkt` parameter will be used to compose the key exchange packet with the server (ownership of `pkt` is assumed by ConfigureClient).

func NewCrypto 

func NewCrypto(privKey *ecdsa.PrivateKey) (*Crypto, error)

func (*Crypto) ClientKEx 

func (cr *Crypto) ClientKEx(client client.Client, clientAddr string, pkt packet.Packet) error

ClientKEx performs a key exchange between the client and the client at clientAddr. If successful, there will then exist a shared key between `clientAddr` (remote) and `client` (local). This shared key can be used for end-to-end encryption with `clientAddr` with the {Encrypt,Decrypt}E2E methods.

func (*Crypto) ConfigureKeyExClientPkt 

func (cr *Crypto) ConfigureKeyExClientPkt(addr string, pw packet.Writer)

ConfigureKeyExClientPkt writes the configuration (target, metadata, body, etc) for a client-client key-exchange with the given address to the packet. The packet being written to must be new and after a call to this method, the packet's Write method should not be used. Also, this method will clear pw's underlying Packet.

func (*Crypto) ConfigureKeyExServerPkt 

func (cr *Crypto) ConfigureKeyExServerPkt(pw packet.Writer)

ConfigureKeyExServerPkt writes the configuration (target, metadata, body, etc) for a client-server key-exchange. The packet being written to must be new and after a call to this method, the packet's Write method should not be used. Also, this method will clear pw's underlying packet.

func (*Crypto) DecryptE2E 

func (cr *Crypto) DecryptE2E(sender string, pkt packet.Packet) error

DecryptE2E performs decryption on end-to-end encrypted packet data from the specified sender. The packet is modified so that its Data method returns the decrypted data. Clients should use this to decrypt packets.

Note that before this function can work, it needs a shared key with the sender of the packet. If a key exchange has been successfully performed, then there will most likely be no errors.

func (*Crypto) DecryptFrom 

func (cr *Crypto) DecryptFrom(addr string, data []byte) ([]byte, error)

DecryptFrom decrypts the given data using the shared key with `addr. The returned error is non-nil if there is no shared key between with the address and if there is an error in the decryption process.

It is used in end-to-end encryption to decrypt incoming payloads, which have been server-relayed from the given address. To generate a shared key with `addr`, a client-client key exchange has to be performed.

func (*Crypto) EncryptE2E 

func (cr *Crypto) EncryptE2E(to string, pkt packet.Packet) error

EncryptE2E performs encryption on the packet's data for end-to-end encryption during transit to the packet's destination. The packet is modified so that its Data method returns the encrypted data. Clients should use this to encrypt their application data. Note that E2E does not imply that the entire packet is encrypted since the packet metadata will still possibly be plain text. To get full-packet encryption, clients should install Crypto on their `client` handle, and perform a key-exchange with they servers they interact with to get full-packet encryption between the client and the servers.

Note that before this function can work, it needs a shared key with the destination to which the packet is destined. If a key exchange has been successfully performed, then there will most likely be no errors.

func (*Crypto) EncryptFor 

func (cr *Crypto) EncryptFor(addr string, data []byte) ([]byte, error)

EncryptFor encrypts the given data for the given address using the corresponding shared key. If there is no shared key, or there is an encryption error, the error returned will be non-nil and reflect this.

It is used in end-to-end encryption to encrypt outgoing payloads, being server-relayed to `addr`. To generate a shared key with `addr`, a client-client key exchange has to be performed.

func (*Crypto) Extend 

func (cr *Crypto) Extend(kind string, target core.Processor) error

Extend installs Crypto onto the given Processor's pipeline.

func (*Crypto) IsKeyExchanged 

func (cr *Crypto) IsKeyExchanged(addr string) bool

IsKeyExchanged reports whether or not a successful handshake has been performed with the given address.

func (*Crypto) ProcessKeyExResp 

func (cr *Crypto) ProcessKeyExResp(addr string, resp packet.Packet) error

ProcessKeyExResp processes the response to a key-exchange with the given address (server address if server and client address otherwise).

func (*Crypto) ServerKEx 

func (cr *Crypto) ServerKEx(client client.Client, svrAddr string, pkt packet.Packet) error

ServerKEx performs a key exchange between the client and the server at svrAddr. If successful, there will then exist a shared key between `svrAddr` and `client`. A side effect of this is that if the Crypto extension is installed on `client`, then all packets whose Dest method returns `svrAddr`, will have their content encrypted in transit. This is a full-packet encryption (metadata and data), in contrast to end-to-end encryption which is just a data encrytion i.e. the packet's metadata will still possibly be in plain text.

type PublicKey 

type PublicKey struct {
	X *big.Int `json:"x"`
	Y *big.Int `json:"y"`
}

PublicKey is the structure of the public key used by Crypto, and its clients. The curve used needs to be the same for all clients.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.