libp2p.security package

Subpackages

• libp2p.security.insecure package
  • Subpackages
    • libp2p.security.insecure.pb package
      • Submodules
      • libp2p.security.insecure.pb.plaintext_pb2 module
      • Module contents
  • Submodules
  • libp2p.security.insecure.transport module
    • InsecureSession
      • InsecureSession.close()
      • InsecureSession.read()
      • InsecureSession.write()
    • InsecureTransport
      • InsecureTransport.secure_inbound()
      • InsecureTransport.secure_outbound()
    • PlaintextHandshakeReadWriter
      • PlaintextHandshakeReadWriter.max_msg_size
    • make_exchange_message()
    • run_handshake()
  • Module contents
• libp2p.security.noise package
  • Subpackages
    • libp2p.security.noise.pb package
      • Submodules
      • libp2p.security.noise.pb.noise_pb2 module
      • Module contents
  • Submodules
  • libp2p.security.noise.exceptions module
    • HandshakeHasNotFinished
    • InvalidSignature
    • NoiseFailure
    • NoiseStateError
    • PeerIDMismatchesPubkey
  • libp2p.security.noise.io module
    • BaseNoiseMsgReadWriter
      • BaseNoiseMsgReadWriter.close()
      • BaseNoiseMsgReadWriter.noise_state
      • BaseNoiseMsgReadWriter.prefix
      • BaseNoiseMsgReadWriter.read_msg()
      • BaseNoiseMsgReadWriter.read_writer
      • BaseNoiseMsgReadWriter.write_msg()
    • NoiseHandshakeReadWriter
      • NoiseHandshakeReadWriter.decrypt()
      • NoiseHandshakeReadWriter.encrypt()
    • NoisePacketReadWriter
      • NoisePacketReadWriter.size_len_bytes
    • NoiseTransportReadWriter
      • NoiseTransportReadWriter.decrypt()
      • NoiseTransportReadWriter.encrypt()
  • libp2p.security.noise.messages module
    • NoiseHandshakePayload
      • NoiseHandshakePayload.deserialize()
      • NoiseHandshakePayload.early_data
      • NoiseHandshakePayload.id_pubkey
      • NoiseHandshakePayload.id_sig
      • NoiseHandshakePayload.serialize()
    • make_data_to_be_signed()
    • make_handshake_payload_sig()
    • verify_handshake_payload_sig()
  • libp2p.security.noise.patterns module
    • BasePattern
      • BasePattern.create_noise_state()
      • BasePattern.early_data
      • BasePattern.libp2p_privkey
      • BasePattern.local_peer
      • BasePattern.make_handshake_payload()
      • BasePattern.noise_static_key
      • BasePattern.protocol_name
    • IPattern
      • IPattern.handshake_inbound()
      • IPattern.handshake_outbound()
    • PatternXX
      • PatternXX.handshake_inbound()
      • PatternXX.handshake_outbound()
  • libp2p.security.noise.transport module
    • Transport
      • Transport.early_data
      • Transport.get_pattern()
      • Transport.libp2p_privkey
      • Transport.local_peer
      • Transport.noise_privkey
      • Transport.secure_inbound()
      • Transport.secure_outbound()
      • Transport.with_noise_pipes
  • Module contents
• libp2p.security.secio package
  • Subpackages
    • libp2p.security.secio.pb package
      • Submodules
      • libp2p.security.secio.pb.spipe_pb2 module
      • Module contents
  • Submodules
  • libp2p.security.secio.exceptions module
    • IncompatibleChoices
    • InconsistentNonce
    • InvalidSignatureOnExchange
    • PeerMismatchException
    • SecioException
    • SedesException
    • SelfEncryption
  • libp2p.security.secio.transport module
    • EncryptionParameters
      • EncryptionParameters.cipher_type
      • EncryptionParameters.curve_type
      • EncryptionParameters.ephemeral_public_key
      • EncryptionParameters.hash_type
      • EncryptionParameters.permanent_public_key
    • Proposal
      • Proposal.calculate_peer_id()
      • Proposal.ciphers
      • Proposal.deserialize()
      • Proposal.exchanges
      • Proposal.hashes
      • Proposal.nonce
      • Proposal.public_key
      • Proposal.serialize()
    • SecioMsgReadWriter
      • SecioMsgReadWriter.close()
      • SecioMsgReadWriter.decrypt()
      • SecioMsgReadWriter.encrypt()
      • SecioMsgReadWriter.read_msg()
      • SecioMsgReadWriter.read_writer
      • SecioMsgReadWriter.write_msg()
    • SecioPacketReadWriter
      • SecioPacketReadWriter.size_len_bytes
    • SessionParameters
      • SessionParameters.local_encryption_parameters
      • SessionParameters.local_peer
      • SessionParameters.order
      • SessionParameters.remote_encryption_parameters
      • SessionParameters.remote_peer
      • SessionParameters.shared_key
    • Transport
      • Transport.get_nonce()
      • Transport.secure_inbound()
      • Transport.secure_outbound()
    • create_secure_session()
  • Module contents

Submodules

libp2p.security.base_session module

class libp2p.security.base_session.BaseSession(*, local_peer: ID, local_private_key: PrivateKey, remote_peer: ID, remote_permanent_pubkey: PublicKey, is_initiator: bool)

Bases: ISecureConn

BaseSession is not fully instantiated from its abstract classes as it is only meant to be used in clases that derive from it.

get_local_peer() → ID

get_local_private_key() → PrivateKey

get_remote_peer() → ID

get_remote_public_key() → PublicKey | None

local_peer: ID

local_private_key: PrivateKey

remote_peer: ID

remote_permanent_pubkey: PublicKey

libp2p.security.base_transport module

class libp2p.security.base_transport.BaseSecureTransport(local_key_pair: ~libp2p.crypto.keys.KeyPair, secure_bytes_provider: ~typing.Callable[[int], bytes] = <function default_secure_bytes_provider>)

Bases: ISecureTransport

BaseSecureTransport is not fully instantiated from its abstract classes as it is only meant to be used in clases that derive from it.

Clients can provide a strategy to get cryptographically secure bytes of a given length. A default implementation is provided using the secrets module from the standard library.

libp2p.security.base_transport.default_secure_bytes_provider(n: int) → bytes

libp2p.security.exceptions module

exception libp2p.security.exceptions.HandshakeFailure

Bases: BaseLibp2pError

libp2p.security.secure_conn_interface module

class libp2p.security.secure_conn_interface.AbstractSecureConn

Bases: ABC

abstract get_local_peer() → ID

abstract get_local_private_key() → PrivateKey

abstract get_remote_peer() → ID

abstract get_remote_public_key() → PublicKey

class libp2p.security.secure_conn_interface.ISecureConn

Bases: AbstractSecureConn, IRawConnection

libp2p.security.secure_session module

class libp2p.security.secure_session.SecureSession(*, local_peer: ID, local_private_key: PrivateKey, remote_peer: ID, remote_permanent_pubkey: PublicKey, is_initiator: bool, conn: EncryptedMsgReadWriter)

Bases: BaseSession

buf: BytesIO

async close() → None

high_watermark: int

low_watermark: int

async read(n: int | None = None) → bytes

async write(data: bytes) → None

libp2p.security.secure_transport_interface module

class libp2p.security.secure_transport_interface.ISecureTransport

Bases: ABC

abstract async secure_inbound(conn: IRawConnection) → ISecureConn

Secure the connection, either locally or by communicating with opposing node via conn, for an inbound connection (i.e. we are not the initiator)

Returns:

secure connection object (that implements secure_conn_interface)

abstract async secure_outbound(conn: IRawConnection, peer_id: ID) → ISecureConn

Secure the connection, either locally or by communicating with opposing node via conn, for an inbound connection (i.e. we are the initiator)

Returns:

secure connection object (that implements secure_conn_interface)

libp2p.security.security_multistream module

class libp2p.security.security_multistream.SecurityMultistream(secure_transports_by_protocol: Mapping[TProtocol, ISecureTransport])

Bases: ABC

SSMuxer is a multistream stream security transport multiplexer.

Go implementation: github.com/libp2p/go-conn-security-multistream/ssms.go

add_transport(protocol: TProtocol, transport: ISecureTransport) → None

Add a protocol and its corresponding transport to multistream- select(multiselect). The order that a protocol is added is exactly the precedence it is negotiated in multiselect.

Parameters:

• protocol – the protocol name, which is negotiated in multiselect.

• transport – the corresponding transportation to the protocol.

multiselect: Multiselect

multiselect_client: MultiselectClient

async secure_inbound(conn: IRawConnection) → ISecureConn

Secure the connection, either locally or by communicating with opposing node via conn, for an inbound connection (i.e. we are not the initiator)

Returns:

secure connection object (that implements secure_conn_interface)

async secure_outbound(conn: IRawConnection, peer_id: ID) → ISecureConn

Secure the connection, either locally or by communicating with opposing node via conn, for an inbound connection (i.e. we are the initiator)

Returns:

secure connection object (that implements secure_conn_interface)

async select_transport(conn: IRawConnection, is_initiator: bool) → ISecureTransport

Select a transport that both us and the node on the other end of conn support and agree on.

Parameters:

• conn – conn to choose a transport over

• is_initiator – true if we are the initiator, false otherwise

Returns:

selected secure transport

transports: OrderedDict[TProtocol, ISecureTransport]

Module contents