key

package

v1.0.0 Latest Latest Go to latest Published: Jun 7, 2023 License: MIT Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rafaeljusto/goe2ee

Links

Open Source Insights

Documentation ¶

Overview ¶

Package key provides the key management for the server and the client.

Index ¶

Constants
func ClientFetcherCacheWithTTL(ttl time.Duration) func(*ClientFetcherCacheOptions)
func ClientFetcherDNSKEYWithTimeout(timeout time.Duration) func(*ClientFetcherDNSKEYOptions)
func ClientFetcherTLSWithPort(port uint64) func(*ClientFetcherTLSOptions)
func ClientFetcherTLSWithRootCAs(rootCAs *x509.CertPool) func(*ClientFetcherTLSOptions)
type ClientFetcher
type ClientFetcherCache
- func NewClientFetcherCache(fetcher ClientFetcher, optFuncs ...func(*ClientFetcherCacheOptions)) *ClientFetcherCache
- func (c *ClientFetcherCache) Fetch(host string) (PublicKey, error)
type ClientFetcherCacheOptions
type ClientFetcherDNSKEY
- func NewClientFetcherDNSKEY(provider string, optFuncs ...func(*ClientFetcherDNSKEYOptions)) ClientFetcherDNSKEY
- func (c ClientFetcherDNSKEY) Fetch(host string) (PublicKey, error)
type ClientFetcherDNSKEYOptions
type ClientFetcherInMemory
- func NewClientFetcherInMemory(publicKey PublicKey) ClientFetcherInMemory
- func ParseClientFetcherPEM(r io.Reader) (*ClientFetcherInMemory, error)
- func (c ClientFetcherInMemory) Fetch(_ string) (PublicKey, error)
type ClientFetcherProtocol
- func NewClientFetcherProtocol(network, serverAddr string) ClientFetcherProtocol
- func (c ClientFetcherProtocol) Fetch(_ string) (PublicKey, error)
type ClientFetcherTLS
- func NewClientFetcherTLS(optFuncs ...func(*ClientFetcherTLSOptions)) ClientFetcherTLS
- func (c ClientFetcherTLS) Fetch(host string) (publicKey PublicKey, err error)
type ClientFetcherTLSOptions
type PublicKey
- func (p PublicKey) VerifySignature(hashType crypto.Hash, content, signature []byte) (bool, error)
type ServerManager
type ServerManagerInMemory
- func NewServerManager(privateKey crypto.PrivateKey) *ServerManagerInMemory
- func ServerManagerGenerateOnTheFly(algorithm protocol.KeyAlgorithm) (*ServerManagerInMemory, error)
- func ServerManagerParsePEM(r io.Reader) (*ServerManagerInMemory, error)
- func (s *ServerManagerInMemory) FetchKey() (protocol.KeyAlgorithm, PublicKey, error)
- func (s *ServerManagerInMemory) Sign(hashType crypto.Hash, content []byte) ([]byte, error)

Constants ¶

View Source

const (
	// GoogleDNSProvider is a DNS-over-HTTPS server.
	//
	// https://developers.google.com/speed/public-dns/docs/dns-over-https
	GoogleDNSProvider = "https://dns.google/resolve"
	// CloudflareDNSProvider is a DNS-over-HTTPS server.
	//
	// https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/make-api-requests/
	CloudflareDNSProvider = "https://1.1.1.1/dns-query"
)

Variables ¶

This section is empty.

Functions ¶

func ClientFetcherCacheWithTTL ¶

func ClientFetcherCacheWithTTL(ttl time.Duration) func(*ClientFetcherCacheOptions)

ClientFetcherCacheWithTTL sets the TTL for the cache. By default it will use 5 minutes.

func ClientFetcherDNSKEYWithTimeout ¶

func ClientFetcherDNSKEYWithTimeout(timeout time.Duration) func(*ClientFetcherDNSKEYOptions)

ClientFetcherDNSKEYWithTimeout sets the timeout for the DNS over HTTPS request. By default it will use 5 seconds.

func ClientFetcherTLSWithPort ¶

func ClientFetcherTLSWithPort(port uint64) func(*ClientFetcherTLSOptions)

ClientFetcherTLSWithPort sets the port to use when connecting to the server. By default it will use 443.

func ClientFetcherTLSWithRootCAs ¶

func ClientFetcherTLSWithRootCAs(rootCAs *x509.CertPool) func(*ClientFetcherTLSOptions)

ClientFetcherTLSWithRootCAs sets the root CAs to use when verifying the TLS certificate. By default it will use the host's root CA set.

Types ¶

type ClientFetcher ¶

type ClientFetcher interface {
	Fetch(host string) (PublicKey, error)
}

ClientFetcher is a generic interface to allow fetching the server's public key from different sources.

type ClientFetcherCache ¶

type ClientFetcherCache struct {
	// contains filtered or unexported fields
}

ClientFetcherCache is a generic interface to allow fetching the server's public key from different sources. It will cache the public key for a given TTL.

func NewClientFetcherCache ¶

func NewClientFetcherCache(fetcher ClientFetcher, optFuncs ...func(*ClientFetcherCacheOptions)) *ClientFetcherCache

NewClientFetcherCache creates a new ClientFetcherCache.

func (*ClientFetcherCache) Fetch ¶

func (c *ClientFetcherCache) Fetch(host string) (PublicKey, error)

Fetch retrieves the server's public key from the cache or from the underlying fetcher. If the public key is not in the cache, it will be fetched and stored in the cache.

type ClientFetcherCacheOptions ¶

type ClientFetcherCacheOptions struct {
	// contains filtered or unexported fields
}

ClientFetcherCacheOptions contains options for the ClientFetcherCache.

type ClientFetcherDNSKEY ¶

type ClientFetcherDNSKEY struct {
	// contains filtered or unexported fields
}

ClientFetcherDNSKEY retrieves the server's public key in the DNSKEY resource record using DNS over HTTPS. It's highly recommended to wrap this fetcher in a cache (ClientFetcherCache) to avoid network overheads on every handshake.

It supports DNSKEY containing RSA, ECDSA and Ed25519 keys.

func NewClientFetcherDNSKEY ¶

func NewClientFetcherDNSKEY(provider string, optFuncs ...func(*ClientFetcherDNSKEYOptions)) ClientFetcherDNSKEY

NewClientFetcherDNSKEY creates a new ClientFetcherDNSKEY.

func (ClientFetcherDNSKEY) Fetch ¶

func (c ClientFetcherDNSKEY) Fetch(host string) (PublicKey, error)

Fetch retrieves the server's public key in the DNSKEY resource record.

Example ¶

package main

import (
	"log"

	"github.com/rafaeljusto/goe2ee"
	"github.com/rafaeljusto/goe2ee/key"
)

func main() {
	hostport := "example.com:123"
	client, err := goe2ee.DialTCP(hostport,
		goe2ee.ClientWithKeyFetcher(key.NewClientFetcherDNSKEY(key.GoogleDNSProvider)),
	)
	if err != nil {
		panic(err)
	}
	defer func() {
		if err := client.Close(); err != nil {
			log.Printf("failed to close client: %v", err)
		}
	}()
}

Output:

type ClientFetcherDNSKEYOptions ¶

type ClientFetcherDNSKEYOptions struct {
	// contains filtered or unexported fields
}

ClientFetcherDNSKEYOptions contains options for the KeyFetcherDNSKEY constructor.

type ClientFetcherInMemory ¶

type ClientFetcherInMemory struct {
	// contains filtered or unexported fields
}

ClientFetcherInMemory retrieves the server's public key from an in-memory storage.

func NewClientFetcherInMemory ¶

func NewClientFetcherInMemory(publicKey PublicKey) ClientFetcherInMemory

NewClientFetcherInMemory creates a new ClientFetcherInMemory from a public key.

func ParseClientFetcherPEM ¶

func ParseClientFetcherPEM(r io.Reader) (*ClientFetcherInMemory, error)

ParseClientFetcherPEM creates a new ClientFetcherPEM.

func (ClientFetcherInMemory) Fetch ¶

func (c ClientFetcherInMemory) Fetch(_ string) (PublicKey, error)

Fetch retrieves the server's public key from a PEM file.

type ClientFetcherProtocol ¶

type ClientFetcherProtocol struct {
	// contains filtered or unexported fields
}

ClientFetcherProtocol retrieves the server's public key using the goe2ee protocol. This fetcher could be vulnerable to man-in-the-middle attacks. It's highly recommended to wrap this fetcher in a cache (ClientFetcherCache) to avoid network overheads on every handshake.

func NewClientFetcherProtocol ¶

func NewClientFetcherProtocol(network, serverAddr string) ClientFetcherProtocol

NewClientFetcherProtocol creates a new ClientFetcherProtocol.

func (ClientFetcherProtocol) Fetch ¶

func (c ClientFetcherProtocol) Fetch(_ string) (PublicKey, error)

Fetch retrieves the server's public key using the goe2ee protocol.

Example ¶

package main

import (
	"log"

	"github.com/rafaeljusto/goe2ee"
	"github.com/rafaeljusto/goe2ee/key"
)

func main() {
	hostport := "example.com:123"
	client, err := goe2ee.DialTCP(hostport,
		goe2ee.ClientWithKeyFetcher(key.NewClientFetcherProtocol("tcp", hostport)),
	)
	if err != nil {
		panic(err)
	}
	defer func() {
		if err := client.Close(); err != nil {
			log.Printf("failed to close client: %v", err)
		}
	}()
}

Output:

type ClientFetcherTLS ¶

type ClientFetcherTLS struct {
	// contains filtered or unexported fields
}

ClientFetcherTLS retrieves the server's public key in the TLS certificate. It's highly recommended to wrap this fetcher in a cache (ClientFetcherCache) to avoid network overheads on every handshake.

func NewClientFetcherTLS ¶

func NewClientFetcherTLS(optFuncs ...func(*ClientFetcherTLSOptions)) ClientFetcherTLS

NewClientFetcherTLS creates a new FetcherTLS.

func (ClientFetcherTLS) Fetch ¶

func (c ClientFetcherTLS) Fetch(host string) (publicKey PublicKey, err error)

Fetch retrieves the server's public key in the TLS certificate. It will use host's root CA set to verify the certificate.

Example ¶

package main

import (
	"log"

	"github.com/rafaeljusto/goe2ee"
	"github.com/rafaeljusto/goe2ee/key"
)

func main() {
	hostport := "example.com:123"
	client, err := goe2ee.DialTCP(hostport,
		goe2ee.ClientWithKeyFetcher(key.NewClientFetcherTLS()),
	)
	if err != nil {
		panic(err)
	}
	defer func() {
		if err := client.Close(); err != nil {
			log.Printf("failed to close client: %v", err)
		}
	}()
}

Output:

type ClientFetcherTLSOptions ¶

type ClientFetcherTLSOptions struct {
	// contains filtered or unexported fields
}

ClientFetcherTLSOptions contains options for the ClientFetcherTLS.

type PublicKey ¶

type PublicKey struct {
	crypto.PublicKey
}

PublicKey adds some extra functionality to the crypto.PublicKey interface.

func (PublicKey) VerifySignature ¶

func (p PublicKey) VerifySignature(hashType crypto.Hash, content, signature []byte) (bool, error)

VerifySignature verifies the signature of the content using the public key.

type ServerManager ¶

type ServerManager interface {
	FetchKey() (protocol.KeyAlgorithm, PublicKey, error)
	Sign(crypto.Hash, []byte) ([]byte, error)
}

ServerManager is a generic interface to manage the server's key-pair.

type ServerManagerInMemory ¶

type ServerManagerInMemory struct {
	// contains filtered or unexported fields
}

ServerManagerInMemory loads the private key and stores it in-memory.

func NewServerManager ¶

func NewServerManager(privateKey crypto.PrivateKey) *ServerManagerInMemory

NewServerManager creates a new server manager with the given private key.

func ServerManagerGenerateOnTheFly ¶

func ServerManagerGenerateOnTheFly(algorithm protocol.KeyAlgorithm) (*ServerManagerInMemory, error)

ServerManagerGenerateOnTheFly generates a new key-pair on the fly. This is not recommended for production use.

func ServerManagerParsePEM ¶

func ServerManagerParsePEM(r io.Reader) (*ServerManagerInMemory, error)

ServerManagerParsePEM parses a PEM encoded private key, unencrypting the private key in PKCS #8, ASN.1 DER form.

func (*ServerManagerInMemory) FetchKey ¶

func (s *ServerManagerInMemory) FetchKey() (protocol.KeyAlgorithm, PublicKey, error)

FetchKey returns the server's public key.

func (*ServerManagerInMemory) Sign ¶

func (s *ServerManagerInMemory) Sign(hashType crypto.Hash, content []byte) ([]byte, error)

Sign signs the content using the server's private key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL