"github.com/agl/ed25519"
"github.com/agl/ed25519/extra25519"
+ "github.com/dchest/blake2b"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/salsa20"
- "golang.org/x/crypto/salsa20/salsa"
"golang.org/x/crypto/xtea"
)
return k
}
-// Apply HSalsa20 function for data. Used to hash public keys.
-func HApply(data *[32]byte) {
- salsa.HSalsa20(data, new([16]byte), data, &salsa.Sigma)
-}
-
// Zero handshake's memory state
func (h *Handshake) Zero() {
if h.rNonce != nil {
func dhKeyGen(priv, pub *[32]byte) *[32]byte {
key := new([32]byte)
curve25519.ScalarMult(key, priv, pub)
- HApply(key)
- return key
+ hashed := blake2b.Sum256(key[:])
+ return &hashed
}
// Create new handshake state.
}
state.dsaPubH = new([ed25519.PublicKeySize]byte)
copy(state.dsaPubH[:], state.Conf.Verifier.Pub[:])
- HApply(state.dsaPubH)
+ hashed := blake2b.Sum256(state.dsaPubH[:])
+ state.dsaPubH = &hashed
return &state
}
}
var enc []byte
if conf.Noise {
- enc = make([]byte, MTU-xtea.BlockSize-RSize)
+ enc = make([]byte, conf.MTU-xtea.BlockSize-RSize)
} else {
enc = make([]byte, 32)
}
copy(enc, dhPubRepr[:])
- if conf.EncLess {
+ if conf.Encless {
var err error
- enc, err = EncLessEncode(state.dsaPubH, state.rNonce[:], enc)
+ enc, err = EnclessEncode(state.dsaPubH, state.rNonce[:], enc)
if err != err {
panic(err)
}
// authenticated Peer is ready, then return nil.
func (h *Handshake) Server(data []byte) *Peer {
// R + ENC(H(DSAPub), R, El(CDHPub)) + IDtag
- if h.rNonce == nil && ((!h.Conf.EncLess && len(data) >= 48) ||
- (h.Conf.EncLess && len(data) == EncLessEnlargeSize+MTU)) {
+ if h.rNonce == nil && ((!h.Conf.Encless && len(data) >= 48) ||
+ (h.Conf.Encless && len(data) == EnclessEnlargeSize+h.Conf.MTU)) {
h.rNonce = new([RSize]byte)
copy(h.rNonce[:], data[:RSize])
// Decrypt remote public key
cDHRepr := new([32]byte)
- if h.Conf.EncLess {
- out, err := EncLessDecode(
+ if h.Conf.Encless {
+ out, err := EnclessDecode(
h.dsaPubH,
h.rNonce[:],
data[RSize:len(data)-xtea.BlockSize],
var encPub []byte
var err error
- if h.Conf.EncLess {
- encPub = make([]byte, MTU)
+ if h.Conf.Encless {
+ encPub = make([]byte, h.Conf.MTU)
copy(encPub, dhPubRepr[:])
- encPub, err = EncLessEncode(h.dsaPubH, h.rNonceNext(1), encPub)
+ encPub, err = EnclessEncode(h.dsaPubH, h.rNonceNext(1), encPub)
if err != nil {
panic(err)
}
log.Fatalln("Error reading random for S:", err)
}
var encRs []byte
- if h.Conf.Noise && !h.Conf.EncLess {
- encRs = make([]byte, MTU-len(encPub)-xtea.BlockSize)
- } else if h.Conf.EncLess {
- encRs = make([]byte, MTU-xtea.BlockSize)
+ if h.Conf.Noise && !h.Conf.Encless {
+ encRs = make([]byte, h.Conf.MTU-len(encPub)-xtea.BlockSize)
+ } else if h.Conf.Encless {
+ encRs = make([]byte, h.Conf.MTU-xtea.BlockSize)
} else {
encRs = make([]byte, RSize+SSize)
}
copy(encRs, append(h.rServer[:], h.sServer[:]...))
- if h.Conf.EncLess {
- encRs, err = EncLessEncode(h.key, h.rNonce[:], encRs)
+ if h.Conf.Encless {
+ encRs, err = EnclessEncode(h.key, h.rNonce[:], encRs)
if err != nil {
panic(err)
}
h.LastPing = time.Now()
} else
// ENC(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag
- if h.rClient == nil && ((!h.Conf.EncLess && len(data) >= 120) ||
- (h.Conf.EncLess && len(data) == EncLessEnlargeSize+MTU)) {
+ if h.rClient == nil && ((!h.Conf.Encless && len(data) >= 120) ||
+ (h.Conf.Encless && len(data) == EnclessEnlargeSize+h.Conf.MTU)) {
var dec []byte
var err error
- if h.Conf.EncLess {
- dec, err = EncLessDecode(
+ if h.Conf.Encless {
+ dec, err = EnclessDecode(
h.key,
h.rNonceNext(1),
data[:len(data)-xtea.BlockSize],
// Send final answer to client
var enc []byte
if h.Conf.Noise {
- enc = make([]byte, MTU-xtea.BlockSize)
+ enc = make([]byte, h.Conf.MTU-xtea.BlockSize)
} else {
enc = make([]byte, RSize)
}
copy(enc, dec[RSize:RSize+RSize])
- if h.Conf.EncLess {
- enc, err = EncLessEncode(h.key, h.rNonceNext(2), enc)
+ if h.Conf.Encless {
+ enc, err = EnclessEncode(h.key, h.rNonceNext(2), enc)
if err != nil {
panic(err)
}
func (h *Handshake) Client(data []byte) *Peer {
// ENC(H(DSAPub), R+1, El(SDHPub)) + ENC(K, R, RS + SS) + IDtag
if h.rServer == nil && h.key == nil &&
- ((!h.Conf.EncLess && len(data) >= 80) ||
- (h.Conf.EncLess && len(data) == 2*(EncLessEnlargeSize+MTU))) {
+ ((!h.Conf.Encless && len(data) >= 80) ||
+ (h.Conf.Encless && len(data) == 2*(EnclessEnlargeSize+h.Conf.MTU))) {
// Decrypt remote public key
sDHRepr := new([32]byte)
var tmp []byte
var err error
- if h.Conf.EncLess {
- tmp, err = EncLessDecode(
+ if h.Conf.Encless {
+ tmp, err = EnclessDecode(
h.dsaPubH,
h.rNonceNext(1),
data[:len(data)/2],
// Decrypt Rs
h.rServer = new([RSize]byte)
h.sServer = new([SSize]byte)
- if h.Conf.EncLess {
- tmp, err = EncLessDecode(
+ if h.Conf.Encless {
+ tmp, err = EnclessDecode(
h.key,
h.rNonce[:],
data[len(data)/2:len(data)-xtea.BlockSize],
var enc []byte
if h.Conf.Noise {
- enc = make([]byte, MTU-xtea.BlockSize)
+ enc = make([]byte, h.Conf.MTU-xtea.BlockSize)
} else {
enc = make([]byte, RSize+RSize+SSize+ed25519.SignatureSize)
}
copy(enc[RSize:], h.rClient[:])
copy(enc[RSize+RSize:], h.sClient[:])
copy(enc[RSize+RSize+SSize:], sign[:])
- if h.Conf.EncLess {
- enc, err = EncLessEncode(h.key, h.rNonceNext(1), enc)
+ if h.Conf.Encless {
+ enc, err = EnclessEncode(h.key, h.rNonceNext(1), enc)
if err != nil {
panic(err)
}
h.LastPing = time.Now()
} else
// ENC(K, R+2, RC) + IDtag
- if h.key != nil && ((!h.Conf.EncLess && len(data) >= 16) ||
- (h.Conf.EncLess && len(data) == EncLessEnlargeSize+MTU)) {
+ if h.key != nil && ((!h.Conf.Encless && len(data) >= 16) ||
+ (h.Conf.Encless && len(data) == EnclessEnlargeSize+h.Conf.MTU)) {
var err error
// Decrypt rClient
var dec []byte
- if h.Conf.EncLess {
- dec, err = EncLessDecode(
+ if h.Conf.Encless {
+ dec, err = EnclessDecode(
h.key,
h.rNonceNext(2),
data[:len(data)-xtea.BlockSize],