X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=src%2Fcypherpunks.ru%2Fgovpn%2Fencless.go;h=7a576ab54b922ab725b331006063a6f4c4da3d3d;hb=70e70dfded87dc2d737160444829c58ed8ed2fa0;hp=30eb4a5e33d9446f07c646c03bede769c4043339;hpb=a87ec543051d428aaa3888804d6c8451f6d537c9;p=govpn.git

diff --git a/src/cypherpunks.ru/govpn/encless.go b/src/cypherpunks.ru/govpn/encless.go
index 30eb4a5..7a576ab 100644
--- a/src/cypherpunks.ru/govpn/encless.go
+++ b/src/cypherpunks.ru/govpn/encless.go
@@ -1,6 +1,6 @@
 /*
 GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2018 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -19,6 +19,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package govpn
 
 import (
+	"io"
+
 	"cypherpunks.ru/govpn/aont"
 	"cypherpunks.ru/govpn/cnw"
 )
@@ -33,10 +35,10 @@ const (
 // encryption nor steganography) over All-Or-Nothing-Transformed data.
 // nonce is 64-bit nonce. Output data will be EnclessEnlargeSize larger.
 // It also consumes 64-bits of entropy.
-func EnclessEncode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
+func EnclessEncode(authKey *[32]byte, nonce *[16]byte, in []byte) ([]byte, error) {
 	r := new([aont.RSize]byte)
 	var err error
-	if _, err = Rand.Read(r[:]); err != nil {
+	if _, err = io.ReadFull(Rand, r[:]); err != nil {
 		return nil, err
 	}
 	aonted, err := aont.Encode(r, in)
@@ -44,7 +46,7 @@ func EnclessEncode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
 		return nil, err
 	}
 	out := append(
-		cnw.Chaff(authKey, nonce, aonted[:aont.RSize]),
+		cnw.Chaff(authKey, nonce[8:], aonted[:aont.RSize]),
 		aonted[aont.RSize:]...,
 	)
 	SliceZero(aonted[:aont.RSize])
@@ -52,10 +54,10 @@ func EnclessEncode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
 }
 
 // Decode EnclessEncode-ed data.
-func EnclessDecode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
+func EnclessDecode(authKey *[32]byte, nonce *[16]byte, in []byte) ([]byte, error) {
 	var err error
 	winnowed, err := cnw.Winnow(
-		authKey, nonce, in[:aont.RSize*cnw.EnlargeFactor],
+		authKey, nonce[8:], in[:aont.RSize*cnw.EnlargeFactor],
 	)
 	if err != nil {
 		return nil, err