/*
GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2017 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
import (
"bytes"
"encoding/base64"
- "errors"
"fmt"
+ "hash"
"io/ioutil"
- "log"
"os"
"strings"
+ "syscall"
"github.com/agl/ed25519"
- "github.com/magical/argon2"
+ "github.com/pkg/errors"
+ "golang.org/x/crypto/blake2b"
"golang.org/x/crypto/ssh/terminal"
+
+ "cypherpunks.ru/balloon"
)
const (
- DefaultM = 1 << 12
- DefaultT = 1 << 7
- DefaultP = 1
+ // DefaultS default Balloon space cost
+ DefaultS = 1 << 20 / 32
+ // DefaultT default Balloon time cost
+ DefaultT = 1 << 4
+ // DefaultP default Balloon number of job
+ DefaultP = 2
+
+ wrapDecodeString = "base64.RawStdEncoding.DecodeString"
)
+// Verifier is used to authenticate a peer
type Verifier struct {
- M int
+ S int
T int
P int
- Id *PeerId
+ ID *PeerID
Pub *[ed25519.PublicKeySize]byte
}
-// Generate new verifier for given peer, with specified password and
-// hashing parameters.
-func VerifierNew(m, t, p int, id *PeerId) *Verifier {
- return &Verifier{M: m, T: t, P: p, Id: id}
+// VerifierNew generates new verifier for given peer,
+// with specified password and hashing parameters.
+func VerifierNew(s, t, p int, id *PeerID) *Verifier {
+ return &Verifier{S: s, T: t, P: p, ID: id}
}
-// Apply the password: create Ed25519 keypair based on it, save public
-// key in verifier.
-func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte {
- r, err := argon2.Key([]byte(password), v.Id[:], v.T, v.P, int64(v.M), 32)
+// PasswordApply applies the password: create Ed25519 keypair based on it,
+// saves public key in verifier.
+func (v *Verifier) PasswordApply(password string) (*[ed25519.PrivateKeySize]byte, error) {
+ // TODO: there is an extremely weird bug, "balloon.H" panic if I the `hash.Hash`
+ // outside the "hasher" function.
+ var err error
+ hasher := func() hash.Hash {
+ var nilHash hash.Hash
+ nilHash, err = blake2b.New256(nil)
+ return nilHash
+ }
+ r := balloon.H(hasher, []byte(password), v.ID[:], v.S, v.T, v.P)
if err != nil {
- log.Fatalln("Unable to apply Argon2d", err)
+ return nil, errors.Wrap(err, wrapBlake2bNew256)
}
+
defer SliceZero(r)
src := bytes.NewBuffer(r)
pub, prv, err := ed25519.GenerateKey(src)
if err != nil {
- log.Fatalln("Unable to generate Ed25519 keypair", err)
+ return nil, errors.Wrap(err, "ed25519.GenerateKey")
}
v.Pub = pub
- return prv
+ return prv, nil
}
-// Parse either short or long verifier form.
+// VerifierFromString parses either short or long verifier form.
func VerifierFromString(input string) (*Verifier, error) {
- s := strings.Split(input, "$")
- if len(s) < 4 || s[1] != "argon2d" {
+ ss := strings.Split(input, "$")
+ if len(ss) < 4 || ss[1] != "balloon" {
return nil, errors.New("Invalid verifier structure")
}
- var m, t, p int
- n, err := fmt.Sscanf(s[2], "m=%d,t=%d,p=%d", &m, &t, &p)
- if n != 3 || err != nil {
+ var s, t, p int
+ n, err := fmt.Sscanf(ss[2], "s=%d,t=%d,p=%d", &s, &t, &p)
+ if err != nil {
+ return nil, errors.Wrap(err, "fmt.Sscanf")
+ }
+ if n != 3 {
return nil, errors.New("Invalid verifier parameters")
}
- salt, err := base64.RawStdEncoding.DecodeString(s[3])
+ salt, err := base64.RawStdEncoding.DecodeString(ss[3])
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, wrapDecodeString)
}
- v := Verifier{M: m, T: t, P: p}
+ v := Verifier{S: s, T: t, P: p}
id := new([IDSize]byte)
copy(id[:], salt)
- pid := PeerId(*id)
- v.Id = &pid
- if len(s) == 5 {
- pub, err := base64.RawStdEncoding.DecodeString(s[4])
+ pid := PeerID(*id)
+ v.ID = &pid
+ if len(ss) == 5 {
+ pub, err := base64.RawStdEncoding.DecodeString(ss[4])
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, wrapDecodeString)
}
v.Pub = new([ed25519.PublicKeySize]byte)
copy(v.Pub[:], pub)
return &v, nil
}
-// Short verifier string form -- it is useful for the client.
-// Does not include public key.
+// ShortForm outputs the short verifier string form -- it is useful
+// for the client. It does not include public key.
func (v *Verifier) ShortForm() string {
return fmt.Sprintf(
- "$argon2d$m=%d,t=%d,p=%d$%s",
- v.M, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]),
+ "$balloon$s=%d,t=%d,p=%d$%s",
+ v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.ID[:]),
)
}
-// Long verifier string form -- it is useful for the server.
-// Includes public key.
+// LongForm outputs long verifier string form -- it is useful for the server.
+// It includes public key.
func (v *Verifier) LongForm() string {
return fmt.Sprintf(
"%s$%s", v.ShortForm(),
)
}
-// Read the key either from text file (if path is specified), or
+// KeyRead reads the key either from text file (if path is specified), or
// from the terminal.
func KeyRead(path string) (string, error) {
+ const (
+ emptyString = ""
+ wrapOsStderrWrite = "os.Stderr.Write"
+ )
var p []byte
var err error
var pass string
- if path == "" {
- os.Stderr.Write([]byte("Passphrase:"))
- p, err = terminal.ReadPassword(0)
- os.Stderr.Write([]byte("\n"))
+ if path == emptyString {
+ if _, err = os.Stderr.Write([]byte("Passphrase:")); err != nil {
+ return emptyString, errors.Wrap(err, wrapOsStderrWrite)
+ }
+ p, err = terminal.ReadPassword(int(uintptr(syscall.Stdin)))
+ if err != nil {
+ return emptyString, errors.Wrap(err, "terminal.ReadPassword")
+ }
+ if _, err = os.Stderr.Write([]byte("\n")); err != nil {
+ return emptyString, errors.Wrap(err, wrapOsStderrWrite)
+ }
pass = string(p)
} else {
- p, err = ioutil.ReadFile(path)
+ if p, err = ioutil.ReadFile(path); err != nil {
+ return emptyString, errors.Wrap(err, "ioutil.ReadFile")
+ }
pass = strings.TrimRight(string(p), "\n")
}
- if err != nil {
- return "", err
- }
if len(pass) == 0 {
- return "", errors.New("Empty passphrase submitted")
+ return emptyString, errors.New("Empty passphrase submitted")
}
- return pass, err
+ return pass, nil
}