libp2p.security package

Subpackages

• libp2p.security.insecure package
  • Subpackages
    • libp2p.security.insecure.pb package
      • Submodules
      • libp2p.security.insecure.pb.plaintext_pb2 module
      • Module contents
  • Submodules
  • libp2p.security.insecure.transport module
    • InsecureSession
      • InsecureSession.close()
      • InsecureSession.get_remote_address()
      • InsecureSession.read()
      • InsecureSession.write()
    • InsecureTransport
      • InsecureTransport.secure_inbound()
      • InsecureTransport.secure_outbound()
    • PlaintextHandshakeReadWriter
      • PlaintextHandshakeReadWriter.max_msg_size
    • make_exchange_message()
    • run_handshake()
  • Module contents
• libp2p.security.noise package
  • Subpackages
    • libp2p.security.noise.pb package
      • Submodules
      • libp2p.security.noise.pb.noise_pb2 module
      • Module contents
  • Submodules
  • libp2p.security.noise.exceptions module
    • HandshakeHasNotFinished
    • InvalidSignature
    • NoiseFailure
    • NoiseStateError
    • PeerIDMismatchesPubkey
  • libp2p.security.noise.io module
    • BaseNoiseMsgReadWriter
      • BaseNoiseMsgReadWriter.close()
      • BaseNoiseMsgReadWriter.get_remote_address()
      • BaseNoiseMsgReadWriter.noise_state
      • BaseNoiseMsgReadWriter.prefix
      • BaseNoiseMsgReadWriter.read_msg()
      • BaseNoiseMsgReadWriter.read_writer
      • BaseNoiseMsgReadWriter.write_msg()
    • NoiseHandshakeReadWriter
      • NoiseHandshakeReadWriter.decrypt()
      • NoiseHandshakeReadWriter.encrypt()
    • NoisePacketReadWriter
      • NoisePacketReadWriter.size_len_bytes
    • NoiseTransportReadWriter
      • NoiseTransportReadWriter.decrypt()
      • NoiseTransportReadWriter.encrypt()
  • libp2p.security.noise.messages module
    • NoiseExtensions
      • NoiseExtensions.early_data
      • NoiseExtensions.from_protobuf()
      • NoiseExtensions.has_early_data()
      • NoiseExtensions.has_stream_muxers()
      • NoiseExtensions.has_webtransport_certhashes()
      • NoiseExtensions.is_empty()
      • NoiseExtensions.stream_muxers
      • NoiseExtensions.to_protobuf()
      • NoiseExtensions.webtransport_certhashes
    • NoiseHandshakePayload
      • NoiseHandshakePayload.deserialize()
      • NoiseHandshakePayload.extensions
      • NoiseHandshakePayload.get_early_data()
      • NoiseHandshakePayload.has_early_data()
      • NoiseHandshakePayload.has_extensions()
      • NoiseHandshakePayload.id_pubkey
      • NoiseHandshakePayload.id_sig
      • NoiseHandshakePayload.serialize()
    • make_data_to_be_signed()
    • make_handshake_payload_sig()
    • verify_handshake_payload_sig()
  • libp2p.security.noise.patterns module
    • BasePattern
      • BasePattern.create_noise_state()
      • BasePattern.early_data
      • BasePattern.libp2p_privkey
      • BasePattern.local_peer
      • BasePattern.make_handshake_payload()
      • BasePattern.noise_static_key
      • BasePattern.protocol_name
    • IPattern
      • IPattern.handshake_inbound()
      • IPattern.handshake_outbound()
    • PatternXX
      • PatternXX.handshake_inbound()
      • PatternXX.handshake_outbound()
  • libp2p.security.noise.transport module
    • Transport
      • Transport.cache_static_key()
      • Transport.clear_static_key_cache()
      • Transport.early_data
      • Transport.early_data_manager
      • Transport.get_cached_static_key()
      • Transport.get_pattern()
      • Transport.libp2p_privkey
      • Transport.local_peer
      • Transport.noise_privkey
      • Transport.rekey_manager
      • Transport.secure_inbound()
      • Transport.secure_outbound()
      • Transport.webtransport_support
  • Module contents
• libp2p.security.pnet package
  • Submodules
  • libp2p.security.pnet.protector module
    • new_protected_conn()
  • libp2p.security.pnet.psk_conn module
    • PskConn
      • PskConn.close()
      • PskConn.get_remote_address()
      • PskConn.read()
      • PskConn.write()
  • Module contents
• libp2p.security.secio package
  • Subpackages
    • libp2p.security.secio.pb package
      • Submodules
      • libp2p.security.secio.pb.spipe_pb2 module
      • Module contents
  • Submodules
  • libp2p.security.secio.exceptions module
    • IncompatibleChoices
    • InconsistentNonce
    • InvalidSignatureOnExchange
    • PeerMismatchException
    • SecioException
    • SedesException
    • SelfEncryption
  • libp2p.security.secio.transport module
    • EncryptionParameters
      • EncryptionParameters.cipher_type
      • EncryptionParameters.curve_type
      • EncryptionParameters.ephemeral_public_key
      • EncryptionParameters.hash_type
      • EncryptionParameters.permanent_public_key
    • Proposal
      • Proposal.calculate_peer_id()
      • Proposal.ciphers
      • Proposal.deserialize()
      • Proposal.exchanges
      • Proposal.hashes
      • Proposal.nonce
      • Proposal.public_key
      • Proposal.serialize()
    • SecioMsgReadWriter
      • SecioMsgReadWriter.close()
      • SecioMsgReadWriter.decrypt()
      • SecioMsgReadWriter.encrypt()
      • SecioMsgReadWriter.local_encrypter
      • SecioMsgReadWriter.read_msg()
      • SecioMsgReadWriter.read_writer
      • SecioMsgReadWriter.remote_encrypter
      • SecioMsgReadWriter.write_msg()
    • SecioPacketReadWriter
      • SecioPacketReadWriter.size_len_bytes
    • SessionParameters
      • SessionParameters.local_encryption_parameters
      • SessionParameters.local_peer
      • SessionParameters.order
      • SessionParameters.remote_encryption_parameters
      • SessionParameters.remote_peer
      • SessionParameters.shared_key
    • Transport
      • Transport.get_nonce()
      • Transport.secure_inbound()
      • Transport.secure_outbound()
    • create_secure_session()
  • Module contents
• libp2p.security.tls package
  • Submodules
  • libp2p.security.tls.certificate module
    • SignedKey
      • SignedKey.public_key_bytes
      • SignedKey.signature
    • add_libp2p_extension()
    • create_cert_template()
    • decode_signed_key()
    • encode_signed_key()
    • generate_certificate()
    • generate_self_signed_cert()
    • pub_key_from_cert_chain()
    • verify_certificate_chain()
  • libp2p.security.tls.io module
    • TLSReadWriter
      • TLSReadWriter.close()
      • TLSReadWriter.decrypt()
      • TLSReadWriter.encrypt()
      • TLSReadWriter.get_negotiated_protocol()
      • TLSReadWriter.get_peer_certificate()
      • TLSReadWriter.get_remote_address()
      • TLSReadWriter.handshake()
      • TLSReadWriter.read_msg()
      • TLSReadWriter.stream_writer
      • TLSReadWriter.write_msg()
    • TLSStreamReadWriter
      • TLSStreamReadWriter.close()
      • TLSStreamReadWriter.get_negotiated_protocol()
      • TLSStreamReadWriter.get_peer_certificate()
      • TLSStreamReadWriter.get_remote_address()
      • TLSStreamReadWriter.handshake()
      • TLSStreamReadWriter.read()
      • TLSStreamReadWriter.should_do_primitive_key_exchang()
      • TLSStreamReadWriter.write()
  • libp2p.security.tls.transport module
    • IdentityConfig
      • IdentityConfig.cert_template
      • IdentityConfig.key_log_writer
    • TLSTransport
      • TLSTransport.create_ssl_context()
      • TLSTransport.early_data
      • TLSTransport.get_certificate_pem()
      • TLSTransport.get_negotiated_muxer()
      • TLSTransport.get_preferred_muxers()
      • TLSTransport.get_protocol_id()
      • TLSTransport.libp2p_privkey
      • TLSTransport.local_peer
      • TLSTransport.secure_inbound()
      • TLSTransport.secure_outbound()
      • TLSTransport.trust_peer_cert_pem()
    • create_tls_transport()
  • Module contents
    • IdentityConfig
      • IdentityConfig.cert_template
      • IdentityConfig.key_log_writer
    • SignedKey
      • SignedKey.public_key_bytes
      • SignedKey.signature
    • TLSReadWriter
      • TLSReadWriter.close()
      • TLSReadWriter.conn
      • TLSReadWriter.decrypt()
      • TLSReadWriter.encrypt()
      • TLSReadWriter.get_negotiated_protocol()
      • TLSReadWriter.get_peer_certificate()
      • TLSReadWriter.get_remote_address()
      • TLSReadWriter.handshake()
      • TLSReadWriter.read_msg()
      • TLSReadWriter.stream_writer
      • TLSReadWriter.write_msg()
    • TLSTransport
      • TLSTransport.create_ssl_context()
      • TLSTransport.early_data
      • TLSTransport.get_certificate_pem()
      • TLSTransport.get_negotiated_muxer()
      • TLSTransport.get_preferred_muxers()
      • TLSTransport.get_protocol_id()
      • TLSTransport.libp2p_privkey
      • TLSTransport.local_peer
      • TLSTransport.secure_inbound()
      • TLSTransport.secure_outbound()
      • TLSTransport.trust_peer_cert_pem()
    • create_cert_template()
    • create_tls_transport()
    • generate_certificate()
    • pub_key_from_cert_chain()
    • verify_certificate_chain()

Submodules

libp2p.security.base_session module

class libp2p.security.base_session.BaseSession(*, local_peer: ID, local_private_key: PrivateKey, remote_peer: ID, remote_permanent_pubkey: PublicKey, is_initiator: bool)

Bases: ISecureConn

BaseSession is not fully instantiated from its abstract classes as it is only meant to be used in clases that derive from it.

get_local_peer() → ID

Retrieve the local peer’s identifier.

Returns:

The local peer ID.

get_local_private_key() → PrivateKey

Retrieve the local peer’s private key.

Returns:

The private key of the local peer.

get_remote_peer() → ID

Retrieve the remote peer’s identifier.

Returns:

The remote peer ID.

get_remote_public_key() → PublicKey

Retrieve the remote peer’s public key.

Returns:

The public key of the remote peer.

local_peer: ID

local_private_key: PrivateKey

remote_peer: ID

remote_permanent_pubkey: PublicKey

libp2p.security.base_transport module

class libp2p.security.base_transport.BaseSecureTransport(local_key_pair: ~libp2p.crypto.keys.KeyPair, secure_bytes_provider: ~collections.abc.Callable[[int], bytes] = <function default_secure_bytes_provider>)

Bases: ISecureTransport

BaseSecureTransport is not fully instantiated from its abstract classes as it is only meant to be used in clases that derive from it.

Clients can provide a strategy to get cryptographically secure bytes of a given length. A default implementation is provided using the secrets module from the standard library.

libp2p.security.base_transport.default_secure_bytes_provider(n: int) → bytes

libp2p.security.exceptions module

exception libp2p.security.exceptions.HandshakeFailure

Bases: BaseLibp2pError

exception libp2p.security.exceptions.SecurityError

Bases: BaseLibp2pError

libp2p.security.secure_session module

class libp2p.security.secure_session.SecureSession(*, local_peer: ID, local_private_key: PrivateKey, remote_peer: ID, remote_permanent_pubkey: PublicKey, is_initiator: bool, conn: EncryptedMsgReadWriter)

Bases: BaseSession

buf: BytesIO

async close() → None

get_remote_address() → tuple[str, int] | None

Delegate to the underlying connection’s get_remote_address method.

high_watermark: int

low_watermark: int

async read(n: int | None = None) → bytes

async write(data: bytes) → None

libp2p.security.security_multistream module

class libp2p.security.security_multistream.SecurityMultistream(secure_transports_by_protocol: Mapping[TProtocol, object])

Bases: ABC

SSMuxer is a multistream stream security transport multiplexer.

Go implementation: github.com/libp2p/go-conn-security-multistream/ssms.go

add_transport(protocol: TProtocol, transport: ISecureTransport) → None

Add a protocol and its corresponding transport to multistream- select(multiselect). The order that a protocol is added is exactly the precedence it is negotiated in multiselect.

Parameters:

• protocol – the protocol name, which is negotiated in multiselect.

• transport – the corresponding transportation to the protocol.

multiselect: Multiselect

multiselect_client: MultiselectClient

async secure_inbound(conn: IRawConnection) → ISecureConn

Secure the connection, either locally or by communicating with opposing node via conn, for an inbound connection (i.e. we are not the initiator)

Returns:

secure connection object (that implements secure_conn_interface)

async secure_outbound(conn: IRawConnection, peer_id: ID) → ISecureConn

Secure the connection, either locally or by communicating with opposing node via conn, for an inbound connection (i.e. we are the initiator)

Returns:

secure connection object (that implements secure_conn_interface)

async select_transport(conn: IRawConnection, is_initiator: bool) → ISecureTransport

Select a transport that both us and the node on the other end of conn support and agree on.

Parameters:

• conn – conn to choose a transport over

• is_initiator – true if we are the initiator, false otherwise

Returns:

selected secure transport

transports: OrderedDict[TProtocol, ISecureTransport]

libp2p.security.security_multistream.logger = <Logger libp2p.security.security_multistream (DEBUG)>

Represents a secured connection object, which includes a connection and details about the security involved in the secured connection

Relevant go repo: https://github.com/libp2p/go-conn-security/blob/master/interface.go

Module contents

Security modules for libp2p.

This package provides various security implementations including: - TLS transport - Noise protocol - SECIO protocol - Insecure transport (for testing)