module
Raft::Transport::Handshake
Overview
Mutual HMAC-SHA256 cookie authentication for TCP connections.
Uses standard TLV framing (type 0x00 for handshake, 0xFF for error).
Both sides exchange a challenge frame and verify the peer holds the same
cookie. On failure, an ErrorMessage frame is sent before closing.
Protocol flow:
- Initiator sends TLV Handshake frame (hmac + nonce)
- Responder verifies, then sends its own TLV Handshake frame
- Initiator verifies the responder's frame
- Both sides are now authenticated — normal TLV messages follow
Defined in:
raft/transport/handshake.crConstant Summary
-
HMAC_SIZE =
32 -
Size of the HMAC-SHA256 digest in bytes.
-
NONCE_SIZE =
32 -
Size of the random nonce in bytes.
Class Method Summary
-
.initiate(io : IO, cookie : String) : Nil
Performs the initiator side of the handshake.
-
.respond(io : IO, cookie : String) : Nil
Performs the responder side of the handshake.
Class Method Detail
Performs the initiator side of the handshake.
Sends a TLV Handshake challenge, then verifies the responder's challenge.
Raises Error::AuthenticationFailed if the responder's HMAC is invalid
or if the responder sends an error frame.
Performs the responder side of the handshake.
Verifies the initiator's TLV Handshake challenge, then sends its own.
Raises Error::AuthenticationFailed if the initiator's HMAC is invalid.
Sends a TLV ErrorMessage frame before raising.