Documentation ¶
Overview ¶
Package message implements repbin messages.
Index ¶
- Constants
- Variables
- func CalcKeys(sharedSecret [SharedKeySize]byte) (hmacKey *[HMACKeySize]byte, symmetricKey *[SymmetricKeySize]byte)
- func CalcMaxEmbedded(TotalLength int) int
- func CalcMessageID(msg []byte) *[MessageIDSize]byte
- func CalcSharedSecret(myKeys, peerKeys *KeyPack, nonce *[NonceSize]byte, sending bool) (sharedSecret [SharedKeySize]byte)
- func GenIV(d []byte) *[IVSize]byte
- func GenNonce() (*[NonceSize]byte, error)
- func GenPad(key *[PadKeySize]byte, length int) []byte
- func GenPadKey() (*[PadKeySize]byte, error)
- func KeyIsHidden(k *Curve25519Key) bool
- func KeyIsSync(k *Curve25519Key) bool
- func PackKeyHeader(senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte) *[KeyHeaderSize]byte
- func RePad(msg []byte, padKey *[PadKeySize]byte, totalLength int) []byte
- type Base64Message
- type Curve25519Key
- type DecryptBodyDef
- type EncryptBodyDef
- type EncryptedBody
- type KeyPack
- func GenKeyPack(privateConstant *Curve25519Key, deterministic bool) (*KeyPack, error)
- func GenReceiveKeys(publicConstant, publicTemporary *Curve25519Key) (*KeyPack, error)
- func GenSenderKeys(privateConstant *Curve25519Key) (*KeyPack, error)
- func ParseKeyHeader(keyHeader *[KeyHeaderSize]byte) (senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte)
- type Message
- type MetaDataRecieve
- type MetaDataSend
- type Receiver
- type Sender
- type SignKeyPair
- type SignatureDetails
Constants ¶
const ( // DefaultTotalLength is the size of the message. DefaultTotalLength = BodyMaxLength + SignHeaderSize + KeyHeaderSize // DefaultPadToLength is the size of the body including random padding. DefaultPadToLength = 4096 // DefaultHashCashBits is the minimum number of hashcash bits requried. DefaultHashCashBits = byte(23) )
const ( // Curve25519KeySize defines how big a curve25519 key is. Curve25519KeySize = 32 SharedKeySize = 64 // HMACKeySize is the size of the HMAC key. HMACKeySize = 32 // SymmetricKeySize is the size of the symmetric encryption key (for AES-CTR). SymmetricKeySize = 32 // NonceSize bytes of nonce. NonceSize = 32 // PadKeySize is the size of the padding key. PadKeySize = 32 // HMACSize is the size of the hmac output, we're using SHA256. HMACSize = 32 // IVSize defines the length of the IV, calculated by hashing pubkeys and nonce. IVSize = aes.BlockSize )
const ( // MsgTypeBlob signals a standard blob of data without special meaning. MsgTypeBlob = 0x01 // MsgTypeList signals a list of other messages. MsgTypeList = 0x02 // MsgTypeRepost signals a message that is sent to a reposter. MsgTypeRepost = 0x03 )
const ( // BodyMaxLength is the maximum length of the body that can be accepted. BodyMaxLength = 65535 // MessageIDSize is the size of a MessageID. MessageIDSize = sha256.Size // SignHeaderSize is the size of the signature header. SignHeaderSize = 1 + ed25519.PublicKeySize + ed25519.SignatureSize + MessageIDSize + hashcash.NonceSize // KeyHeaderSize is the size of the key header (four curve25519 public keys for DH and nonce). KeyHeaderSize = 4*Curve25519KeySize + NonceSize // Version of this protocol. Version = 0x01 )
const ( // SignerPubKeySize is the size of a public key used for signing. SignerPubKeySize = ed25519.PublicKeySize )
const VersionID = "0.0.1 very alpha"
VersionID of this release.
Variables ¶
var ( // ErrNoKeys is returned if no method for private key discovery is available. ErrNoKeys = errors.New("message: No private keys available") // ErrBadMessageID is returned when the message ID signed is different from the one calculated. ErrBadMessageID = errors.New("message: Unexpected message ID") // ErrBadSender is returned when another sender was expected. ErrBadSender = errors.New("message: Unexpected sender") )
var ( // ErrIncompleteKeyPack is returned if a KeyPack cannot be filled. ErrIncompleteKeyPack = errors.New("message: incomplete keypack") // ErrMissingKey is returned if too few keys are used fro keypack construction. ErrMissingKey = errors.New("message: missing temporary pubkey") )
var ( // ErrTooLong is returned if the message body is too big. ErrTooLong = errors.New("message: Content too long") // ErrTooShort is returned if the message is smaller than allowed. ErrTooShort = errors.New("message: Message too short") // ErrBadHMAC is returned if the HMAC does not verify. ErrBadHMAC = errors.New("message: Bad HMAC") )
var ( // ErrNoKeyFound is returned if no key could be found. ErrNoKeyFound = errors.New("message: No signature key found in generation") // ErrBadVersion is returned if a message does not conform to the right version. ErrBadVersion = errors.New("message: Wrong version") // ErrHashCash is returned if not enough bits are produced by the ErrHashCash challenge. ErrHashCash = errors.New("message: Not enough HashCash bits") // ErrBadSignature is returned if the post signature does not verify. ErrBadSignature = errors.New("message: Signature verification failed") )
var ( // ErrEnvelopeShort is returned if the envelope is too short to even contain a signature header. ErrEnvelopeShort = errors.New("message: Envelope too short") )
Functions ¶
func CalcKeys ¶
func CalcKeys(sharedSecret [SharedKeySize]byte) (hmacKey *[HMACKeySize]byte, symmetricKey *[SymmetricKeySize]byte)
CalcKeys generates the keys for hmac calculation and symmetric encryption from the shared secret.
func CalcMaxEmbedded ¶
CalcMaxEmbedded returns the maximum size of data that can be included in a message of TotalLength size.
func CalcMessageID ¶
func CalcMessageID(msg []byte) *[MessageIDSize]byte
CalcMessageID from raw message (skip signature part).
func CalcSharedSecret ¶
func CalcSharedSecret(myKeys, peerKeys *KeyPack, nonce *[NonceSize]byte, sending bool) (sharedSecret [SharedKeySize]byte)
CalcSharedSecret does a triple DH from the keypacks to generate the shared secret. myKeys needs to contain private keys, peerKeys only needs public keys Sending determines if one is sender or recipient of a message.
func GenIV ¶
GenIV generates the IV by sha256 d. d should be the slice containing the pubkeys and nonce from the message.
func GenPad ¶
func GenPad(key *[PadKeySize]byte, length int) []byte
GenPad produces a slice of bytes with length int, filled with pseudo-random numbers generated from key using AES-CTR.
func GenPadKey ¶
func GenPadKey() (*[PadKeySize]byte, error)
GenPadKey generates a random value suitable for the padding generator.
func KeyIsHidden ¶
func KeyIsHidden(k *Curve25519Key) bool
KeyIsHidden returns true if key index should be hidden.
func KeyIsSync ¶
func KeyIsSync(k *Curve25519Key) bool
KeyIsSync returns true if messages for this key should be synced.
func PackKeyHeader ¶
func PackKeyHeader(senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte) *[KeyHeaderSize]byte
PackKeyHeader constructs the header from the KeyPacks and Nonce.
Types ¶
type Base64Message ¶
type Base64Message []byte
Base64Message is a message encoded in Base64.
func EncodeBase64 ¶
func EncodeBase64(message []byte) Base64Message
EncodeBase64 encodes a message to base64.
func (Base64Message) Decode ¶
func (bm Base64Message) Decode() ([]byte, error)
Decode a base64 encoded message.
func (Base64Message) GetSignHeader ¶
func (bm Base64Message) GetSignHeader() (*[SignHeaderSize]byte, error)
GetSignHeader returns the signature header from an message.
type Curve25519Key ¶
type Curve25519Key [Curve25519KeySize]byte
Curve25519Key is a curve25519 public or private key.
func CalcPub ¶
func CalcPub(privateKey *Curve25519Key) *Curve25519Key
CalcPub generates a public key from a private key.
func GenLongTermKey ¶
func GenLongTermKey(hidden bool, sync bool) (*Curve25519Key, error)
GenLongTermKey returns a private key that is meant for long-term use and adheres to the hidden index rule. hidden means that the server should not allow index access without authentication. sync means that the server should not sync the message to other servers (it is not part of the global index).
func GenPubKey ¶
func GenPubKey(priv *Curve25519Key) *Curve25519Key
GenPubKey calculates the public key for a private key.
func GenRandomKey ¶
func GenRandomKey() (*Curve25519Key, error)
GenRandomKey generates a random key useable for temporary keys.
type DecryptBodyDef ¶
type DecryptBodyDef struct { IV [IVSize]byte // The IV to use. This is overkill since the key is unique anyways... anyways. }
DecryptBodyDef contains parameters for decryption.
func (*DecryptBodyDef) DecryptBody ¶
func (bd *DecryptBodyDef) DecryptBody(data []byte) ([]byte, byte, error)
DecryptBody decrypts a body and verifies the hmac.
type EncryptBodyDef ¶
type EncryptBodyDef struct { IV [IVSize]byte // The IV to use. This is overkill since the key is unique anyways... anyways. TotalLength int // Total size of body including padding. PadToLength int // PadToLength will pad the body to PadToLength size of random padding before adding deterministic padding, if any. MessageType byte }
EncryptBodyDef contains parameters for body encryption.
func (*EncryptBodyDef) EncryptBody ¶
func (bd *EncryptBodyDef) EncryptBody(data []byte) (*EncryptedBody, error)
EncryptBody takes data and creates a body out of it.
type EncryptedBody ¶
type EncryptedBody struct { Encrypted []byte // First element. RandomPadding []byte // Second element. DeterministicPadding []byte // Third element. PadKey [PadKeySize]byte // Will be set if deterministic padding is appended. HMACSum [HMACSize]byte // The HMAC. }
EncryptedBody contains the restuls of an encryption or parsing.
func (EncryptedBody) Bytes ¶
func (eb EncryptedBody) Bytes() []byte
Bytes returns the body as byteslice.
func (EncryptedBody) BytesNoPadding ¶
func (eb EncryptedBody) BytesNoPadding() []byte
BytesNoPadding returns the body as byteslice omitting deterministic padding.
type KeyPack ¶
type KeyPack struct { ConstantPubKey *Curve25519Key // Public key: SenderConstantPubKey. ConstantPrivKey *Curve25519Key // Private key of ConstantPubKey. TemporaryPubKey *Curve25519Key // Public key: SenderTemporaryPubKey. TemporaryPrivKey *Curve25519Key // Private key of TemporaryPubKey. }
KeyPack contains one side of keys.
func GenKeyPack ¶
func GenKeyPack(privateConstant *Curve25519Key, deterministic bool) (*KeyPack, error)
GenKeyPack generate a keypack. If privateConstant is nil, all keys will be ephemeral. If deterministic is true then the temporaryPrivKey will be generated from the constantPrivKey.
func GenReceiveKeys ¶
func GenReceiveKeys(publicConstant, publicTemporary *Curve25519Key) (*KeyPack, error)
GenReceiveKeys generates a KeyPack for the recipient unless public keys are available.
func GenSenderKeys ¶
func GenSenderKeys(privateConstant *Curve25519Key) (*KeyPack, error)
GenSenderKeys returns a keypack suitable for the sender. If PrivateConstant is nil, all keys will be ephemeral.
func ParseKeyHeader ¶
func ParseKeyHeader(keyHeader *[KeyHeaderSize]byte) (senderKeys, peerKeys *KeyPack, nonce *[NonceSize]byte)
ParseKeyHeader returns the KeyPacks and Nonce of a KeyHeader.
func (*KeyPack) FillKeys ¶
FillKeys constructs missing keys in a KeyPack. If deterministic==true then temporary keys are generated from the constant keys.
func (*KeyPack) MatchPrivate ¶
func (kp *KeyPack) MatchPrivate(constantPrivKey, temporaryPrivKey *Curve25519Key) bool
MatchPrivate tries to match given private key(s) to the KeyPack. Keys will be added to the keypack if a match is found.
type Message ¶
type Message struct { SignatureHeader *[SignHeaderSize]byte // Packet signature header. Header *[KeyHeaderSize]byte // Packed message header. Body []byte // Unpacked body. }
Message is a full message.
func ParseMessage ¶
ParseMessage cuts a byteslice into a Message struct.
func (Message) CalcMessageID ¶
func (msg Message) CalcMessageID() *[MessageIDSize]byte
CalcMessageID from encrypted body.
type MetaDataRecieve ¶
type MetaDataRecieve struct { SenderConstantPublicKey *Curve25519Key // Public key used by sender. ReceiveConstantPublicKey *Curve25519Key // Constant public key of recipient. ReceiveTemporaryPublicKey *Curve25519Key // Temporary public key of recipient. MessageID [MessageIDSize]byte // MessageID as calculated. MessageType byte // MessageType of message. }
MetaDataRecieve contains data from decryption
type MetaDataSend ¶
type MetaDataSend struct { MessageID [MessageIDSize]byte // MessageID of the message (calculated from header+body). PadKey *[PadKeySize]byte // Will be set if deterministic padding is appended and meaningful. MessageKey *Curve25519Key // Will be set if ephemeral recipient keys are used. ReceiverConstantPubKey *Curve25519Key }
MetaDataSend contains metadata for the message.
type Receiver ¶
type Receiver struct { SenderPublicKey *Curve25519Key // Optional. If set, verify for message. ReceiveConstantPrivateKey *Curve25519Key // Optional. Will use callback if not set. ReceiveTemporaryPrivateKey *Curve25519Key // Optional. Will try to generate from ReceiveConstantPrivateKey, then Callback. // KeyCallBack is an optional function to get private keys. It takes a public key as parameter and expects the private key or nil as return. KeyCallBack func(*Curve25519Key) *Curve25519Key // HashCashBits is the minimum number of hashcash bits required. Will be set to default if missing. HashCashBits byte }
Receiver defines receiver functionality.
type Sender ¶
type Sender struct { Signer *SignKeyPair // Optional, autogenerated when missing. SenderPrivateKey *Curve25519Key // Optional. Use ephemeral key if missing. ReceiveConstantPublicKey *Curve25519Key // Optional. Constant public key of receiver, ephemeral keys will be used if missing. ReceiveTemporaryPublicKey *Curve25519Key // MUST be set IF ReceiveConstantPublicKey is set. // TotalLength is the total size of body including padding. // Set to default if missing if 0. TotalLength int // PadToLength will pad the body to PadToLength size of random padding before adding deterministic padding, if any. // Set to default if missing if 0. PadToLength int // HashCashBits is the minimum number of hashcash bits required. Will be set to default if missing. HashCashBits byte }
Sender defines sender behavior
func (Sender) Encrypt ¶
func (sender Sender) Encrypt(messageType byte, message []byte) (encMessage []byte, meta *MetaDataSend, err error)
Encrypt encrypts a message.
func (Sender) EncryptRepost ¶
func (sender Sender) EncryptRepost(messageType byte, message []byte) (rewrapMessage []byte, meta *MetaDataSend, err error)
EncryptRepost encrypts a message for reposting, meaning that the deterministic padding is thrown away and there is no encoding.
type SignKeyPair ¶
type SignKeyPair struct { PublicKey *[SignerPubKeySize]byte PrivateKey *[ed25519.PrivateKeySize]byte Nonce [hashcash.NonceSize]byte // HashCash nonce Bits byte // Bits in hashcash }
SignKeyPair represents a signature key pair.
func GenKey ¶
func GenKey(bits byte) (keypair *SignKeyPair, err error)
GenKey calculates a keypair fit for signing, including hashcahs
func (*SignKeyPair) Marshal ¶
func (keypair *SignKeyPair) Marshal() []byte
Marshal a keypair into a byte slice.
func (*SignKeyPair) Sign ¶
func (keypair *SignKeyPair) Sign(msgID [MessageIDSize]byte) *[SignHeaderSize]byte
Sign a messageid.
func (SignKeyPair) Unmarshal ¶
func (keypair SignKeyPair) Unmarshal(d []byte) (*SignKeyPair, error)
Unmarshal d into keypair.
type SignatureDetails ¶
type SignatureDetails struct { MsgID [MessageIDSize]byte // MsgID of the message (sha256(KeyHeader|Body)) PublicKey [SignerPubKeySize]byte // Public key of signer HashCashNonce [hashcash.NonceSize]byte // The HashCash nonce HashCashBits byte // HashCash bits }
SignatureDetails contains the fields of the signature header (minus signature itself).
func VerifySignature ¶
func VerifySignature(header [SignHeaderSize]byte, minbits byte) (details *SignatureDetails, err error)
VerifySignature verifies a signature header. It checks if the version, signatures and hashcash are correct.