2 GoVPN -- simple secure free software virtual private network daemon
3 Copyright (C) 2014-2017 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
32 "cypherpunks.ru/balloon"
33 "github.com/agl/ed25519"
34 "golang.org/x/crypto/blake2b"
35 "golang.org/x/crypto/ssh/terminal"
39 // DefaultS default Balloon space cost
40 DefaultS = 1 << 20 / 32
41 // DefaultT default Balloon time cost
43 // DefaultP default Balloon number of job
47 // Verifier is used to verify a peer
48 type Verifier struct {
53 Pub *[ed25519.PublicKeySize]byte
56 // VerifierNew generate new verifier for given peer, with specified password and
57 // hashing parameters.
58 func VerifierNew(s, t, p int, id *PeerID) *Verifier {
59 return &Verifier{S: s, T: t, P: p, ID: id}
62 func blake2bKeyless() hash.Hash {
63 h, err := blake2b.New256(nil)
70 // PasswordApply apply the password: create Ed25519 keypair based on it, save public
72 func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte {
73 r := balloon.H(blake2bKeyless, []byte(password), v.ID[:], v.S, v.T, v.P)
75 src := bytes.NewBuffer(r)
76 pub, prv, err := ed25519.GenerateKey(src)
78 log.Fatalln("Unable to generate Ed25519 keypair", err)
84 // VerifierFromString parse either short or long verifier form.
85 func VerifierFromString(input string) (*Verifier, error) {
86 ss := strings.Split(input, "$")
87 if len(ss) < 4 || ss[1] != "balloon" {
88 return nil, errors.New("Invalid verifier structure")
91 n, err := fmt.Sscanf(ss[2], "s=%d,t=%d,p=%d", &s, &t, &p)
92 if n != 3 || err != nil {
93 return nil, errors.New("Invalid verifier parameters")
95 salt, err := base64.RawStdEncoding.DecodeString(ss[3])
99 v := Verifier{S: s, T: t, P: p}
100 id := new([IDSize]byte)
105 pub, err := base64.RawStdEncoding.DecodeString(ss[4])
109 v.Pub = new([ed25519.PublicKeySize]byte)
115 // ShortForm short verifier string form -- it is useful for the client.
116 // Does not include public key.
117 func (v *Verifier) ShortForm() string {
119 "$balloon$s=%d,t=%d,p=%d$%s",
120 v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.ID[:]),
124 // LongForm long verifier string form -- it is useful for the server.
125 // Includes public key.
126 func (v *Verifier) LongForm() string {
128 "%s$%s", v.ShortForm(),
129 base64.RawStdEncoding.EncodeToString(v.Pub[:]),
133 // KeyRead read the key either from text file (if path is specified), or
134 // from the terminal.
135 func KeyRead(path string) (string, error) {
140 os.Stderr.Write([]byte("Passphrase:"))
141 p, err = terminal.ReadPassword(0)
142 os.Stderr.Write([]byte("\n"))
145 p, err = ioutil.ReadFile(path)
146 pass = strings.TrimRight(string(p), "\n")
152 return "", errors.New("Empty passphrase submitted")