Conf: conf,
}
state.dsaPubH = new([ed25519.PublicKeySize]byte)
- copy(state.dsaPubH[:], state.Conf.DSAPub[:])
+ copy(state.dsaPubH[:], state.Conf.Verifier.Pub[:])
HApply(state.dsaPubH)
return &state
}
log.Fatalln("Error reading random for nonce:", err)
}
var enc []byte
- if conf.NoiseEnable {
+ if conf.Noise {
enc = make([]byte, MTU-xtea.BlockSize-RSize)
} else {
enc = make([]byte, 32)
// authenticated Peer is ready, then return nil.
func (h *Handshake) Server(data []byte) *Peer {
// R + ENC(H(DSAPub), R, El(CDHPub)) + IDtag
- if h.rNonce == nil {
+ if h.rNonce == nil && len(data) >= 48 {
// Generate DH keypair
var dhPubRepr *[32]byte
h.dhPriv, dhPubRepr = dhKeypairGen()
log.Fatalln("Error reading random for S:", err)
}
var encRs []byte
- if h.Conf.NoiseEnable {
+ if h.Conf.Noise {
encRs = make([]byte, MTU-len(encPub)-xtea.BlockSize)
} else {
encRs = make([]byte, RSize+SSize)
h.LastPing = time.Now()
} else
// ENC(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag
- if h.rClient == nil {
+ if h.rClient == nil && len(data) >= 120 {
// Decrypted Rs compare rServer
dec := make([]byte, RSize+RSize+SSize+ed25519.SignatureSize)
salsa20.XORKeyStream(
}
sign := new([ed25519.SignatureSize]byte)
copy(sign[:], dec[RSize+RSize+SSize:])
- if !ed25519.Verify(h.Conf.DSAPub, h.key[:], sign) {
+ if !ed25519.Verify(h.Conf.Verifier.Pub, h.key[:], sign) {
log.Println("Invalid signature from", h.addr)
return nil
}
// Send final answer to client
var enc []byte
- if h.Conf.NoiseEnable {
+ if h.Conf.Noise {
enc = make([]byte, MTU-xtea.BlockSize)
} else {
enc = make([]byte, RSize)
// authenticated Peer is ready, then return nil.
func (h *Handshake) Client(data []byte) *Peer {
// ENC(H(DSAPub), R+1, El(SDHPub)) + ENC(K, R, RS + SS) + IDtag
- if h.rServer == nil {
- if h.key != nil {
- log.Println("Invalid handshake stage from", h.addr)
- return nil
- }
-
+ if h.rServer == nil && h.key == nil && len(data) >= 80 {
// Decrypt remote public key and compute shared key
sDHRepr := new([32]byte)
salsa20.XORKeyStream(sDHRepr[:], data[:32], h.rNonceNext(1), h.dsaPubH)
sign := ed25519.Sign(h.Conf.DSAPriv, h.key[:])
var enc []byte
- if h.Conf.NoiseEnable {
+ if h.Conf.Noise {
enc = make([]byte, MTU-xtea.BlockSize)
} else {
enc = make([]byte, RSize+RSize+SSize+ed25519.SignatureSize)
// Send that to server
h.conn.Write(append(enc, idTag(h.Conf.Id, enc)...))
h.LastPing = time.Now()
- } else {
- // ENC(K, R+2, RC) + IDtag
- if h.key == nil {
- log.Println("Invalid handshake stage from", h.addr)
- return nil
- }
-
+ } else
+ // ENC(K, R+2, RC) + IDtag
+ if h.key != nil && len(data) >= 16 {
// Decrypt rClient
dec := make([]byte, RSize)
salsa20.XORKeyStream(dec, data[:RSize], h.rNonceNext(2), h.key)
)
h.LastPing = time.Now()
return peer
+ } else {
+ log.Println("Invalid handshake stage from", h.addr)
}
return nil
}