Package-Level Type Names (total 8, in which 4 are exported)
/* sort exporteds by: | */
ALTSRecordCrypto is the interface for gRPC ALTS record protocol.
Decrypt decrypts ciphertext and verify the tag (if any). dst and
ciphertext may alias exactly or not at all. To reuse ciphertext's
storage for the decrypted output, use ciphertext[:0] as dst.
Encrypt encrypts the plaintext and computes the tag (if any) of dst
and plaintext. dst and plaintext may fully overlap or not at all.
EncryptionOverhead returns the tag size (if any) in bytes.
*aes128gcm
*aes128gcmRekey
func NewAES128GCM(side core.Side, key []byte) (ALTSRecordCrypto, error)
func NewAES128GCMRekey(side core.Side, key []byte) (ALTSRecordCrypto, error)
ALTSRecordFunc is a function type for factory functions that create
ALTSRecordCrypto instances.
func RegisterProtocol(protocol string, f ALTSRecordFunc) error
KeySizeError signals that the given key does not have the correct size.
( T) Error() string
T : error
aes128gcm is the struct that holds necessary information for ALTS record.
The counter value is NOT included in the payload during the encryption and
decryption operations.
aeadcipher.AEAD
inCounter is used in ALTS record to check that incoming counters are
as expected, since ALTS record guarantees that messages are unwrapped
in the same order that the peer wrapped them.
outCounterCounter(*T) Decrypt(dst, ciphertext []byte) ([]byte, error)
Encrypt is the encryption function. dst can contain bytes at the beginning of
the ciphertext that will not be encrypted but will be authenticated. If dst
has enough capacity to hold these bytes, the ciphertext and the tag, no
allocation and copy operations will be performed. dst and plaintext do not
overlap.
(*T) EncryptionOverhead() int
*T : ALTSRecordCrypto
aes128gcmRekey is the struct that holds necessary information for ALTS record.
The counter value is NOT included in the payload during the encryption and
decryption operations.
inAEADcipher.AEAD
inCounter is used in ALTS record to check that incoming counters are
as expected, since ALTS record guarantees that messages are unwrapped
in the same order that the peer wrapped them.
outAEADcipher.AEADoutCounterCounter(*T) Decrypt(dst, ciphertext []byte) ([]byte, error)
Encrypt is the encryption function. dst can contain bytes at the beginning of
the ciphertext that will not be encrypted but will be authenticated. If dst
has enough capacity to hold these bytes, the ciphertext and the tag, no
allocation and copy operations will be performed. dst and plaintext do not
overlap.
(*T) EncryptionOverhead() int
*T : ALTSRecordCrypto
conn represents a secured connection. It implements the net.Conn interface.
Connnet.Conn
buf holds data that has been read from the connection and decrypted,
but has not yet been returned by Read.
cryptoALTSRecordCrypto
nextFrame stores the next frame (in protected buffer) info.
overhead is the calculated overhead of each frame.
payloadLengthLimitint
protected holds data read from the network but have not yet been
decrypted. This data might not compose a complete frame.
writeBuf is a buffer used to contain encrypted frames before being
written to the network.
Close closes the connection.
Any blocked Read or Write operations will be unblocked and return errors.
LocalAddr returns the local network address.
Read reads and decrypts a frame from the underlying connection, and copies the
decrypted payload into b. If the size of the payload is greater than len(b),
Read retains the remaining bytes in an internal buffer, and subsequent calls
to Read will read from this buffer until it is exhausted.
RemoteAddr returns the remote network address.
SetDeadline sets the read and write deadlines associated
with the connection. It is equivalent to calling both
SetReadDeadline and SetWriteDeadline.
A deadline is an absolute time after which I/O operations
fail instead of blocking. The deadline applies to all future
and pending I/O, not just the immediately following call to
Read or Write. After a deadline has been exceeded, the
connection can be refreshed by setting a deadline in the future.
If the deadline is exceeded a call to Read or Write or to other
I/O methods will return an error that wraps os.ErrDeadlineExceeded.
This can be tested using errors.Is(err, os.ErrDeadlineExceeded).
The error's Timeout method will return true, but note that there
are other possible errors for which the Timeout method will
return true even if the deadline has not been exceeded.
An idle timeout can be implemented by repeatedly extending
the deadline after successful Read or Write calls.
A zero value for t means I/O operations will not time out.
SetReadDeadline sets the deadline for future Read calls
and any currently-blocked Read call.
A zero value for t means Read will not time out.
SetWriteDeadline sets the deadline for future Write calls
and any currently-blocked Write call.
Even if write times out, it may return n > 0, indicating that
some of the data was successfully written.
A zero value for t means Write will not time out.
Write encrypts, frames, and writes bytes from b to the underlying connection.
*T : github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband.Progress
*T : github.com/jbenet/go-context/io.Reader
*T : github.com/jbenet/go-context/io.Writer
T : io.Closer
*T : io.ReadCloser
*T : io.Reader
*T : io.ReadWriteCloser
*T : io.ReadWriter
*T : io.WriteCloser
*T : io.Writer
*T : net.Conn
rekeyAEAD holds the necessary information for an AEAD based on
AES-GCM that performs nonce-based key derivation and XORs the
nonce with a random mask.
gcmAEADcipher.AEADkdfCounter[]bytekdfKey[]bytenonceBuf[]bytenonceMask[]byte
NonceSize returns the required nonce size.
Open rekeys if nonce[2:8] is different than in the last call, masks the nonce,
and calls Open for aes128gcm.
Overhead returns the ciphertext overhead.
Seal rekeys if nonce[2:8] is different than in the last call, masks the nonce,
and calls Seal for aes128gcm.
rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil
or cannot be used with given nonce.
*T : crypto/cipher.AEAD
func newRekeyAEAD(key []byte) (*rekeyAEAD, error)
Package-Level Functions (total 14, in which 10 are exported)
CounterFromValue creates a new counter given an initial value.
CounterSide returns the connection side (client/server) a sequence counter is
associated with.
NewAES128GCM creates an instance that uses aes128gcm for ALTS record.
NewAES128GCMRekey creates an instance that uses aes128gcm with rekeying
for ALTS record. The key argument should be 44 bytes, the first 32 bytes
are used as a key for HKDF-expand and the remainining 12 bytes are used
as a random mask for the counter.
NewConn creates a new secure channel instance given the other party role and
handshaking result.
NewInCounter returns an incoming counter initialized to the starting sequence
number for the client/server side of a connection. This is used in ALTS record
to check that incoming counters are as expected, since ALTS record guarantees
that messages are unwrapped in the same order that the peer wrapped them.
NewOutCounter returns an outgoing counter initialized to the starting sequence
number for the client/server side of a connection.
ParseFramedMsg parse the provided buffer and returns a frame of the format
msgLength+msg and any remaining bytes in that buffer.
RegisterProtocol register a ALTS record encryption protocol.
SliceForAppend takes a slice and a requested number of bytes. It returns a
slice with the contents of the given slice followed by that many bytes and a
second slice that aliases into it and contains only the extra bytes. If the
original slice has sufficient capacity then no allocation is performed.
hkdfExpand computes the first 16 bytes of the HKDF-expand function
defined in RFC5869.
maskNonce XORs the given nonce with the mask and stores the result in dst.
newRekeyAEAD creates a new instance of aes128gcm with rekeying.
The key argument should be 44 bytes, the first 32 bytes are used as a key
for HKDF-expand and the remainining 12 bytes are used as a random mask for
the counter.
Package-Level Variables (total 3, in which 1 are exported)
The pages are generated with Goldsv0.3.2-preview. (GOOS=darwin GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.
