X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=blobdiff_plain;f=src%2Fcypherpunks.ru%2Fgovpn%2Faont%2Foaep.go;h=4b780ba427ed2e6f87e8d5724ed2488b4f8e8f17;hp=3d1a1c6731722eecef657ffa3a6e9074b7368d6e;hb=0bf04621961589bc735dc8bd8a075d7db24c4178;hpb=ff0a6c5cc7b34dd19cab9e4532e69dbf92ac9b0d diff --git a/src/cypherpunks.ru/govpn/aont/oaep.go b/src/cypherpunks.ru/govpn/aont/oaep.go index 3d1a1c6..4b780ba 100644 --- a/src/cypherpunks.ru/govpn/aont/oaep.go +++ b/src/cypherpunks.ru/govpn/aont/oaep.go @@ -30,7 +30,7 @@ along with this program. If not, see . // package PKG: // // PKG = P1 || P2 -// P1 = Salsa20(key=r, nonce=0x00, 0x00) XOR (M || BLAKE2b(r || M)) +// P1 = ChaCha20(key=r, nonce=0x00, 0x00) XOR (M || BLAKE2b(r || M)) // P2 = BLAKE2b(P1) XOR r package aont @@ -38,8 +38,8 @@ import ( "crypto/subtle" "errors" + "chacha20" "golang.org/x/crypto/blake2b" - "golang.org/x/crypto/salsa20" ) const ( @@ -48,7 +48,7 @@ const ( ) var ( - dummyNonce []byte = make([]byte, 8) + dummyNonce *[16]byte = new([16]byte) ) // Encode the data, produce AONT package. Data size will be larger than @@ -63,9 +63,9 @@ func Encode(r *[RSize]byte, in []byte) ([]byte, error) { h.Write(r[:]) h.Write(in) copy(out[len(in):], h.Sum(nil)) - salsaKey := new([32]byte) - copy(salsaKey[:], r[:]) - salsa20.XORKeyStream(out, out, dummyNonce, salsaKey) + chachaKey := new([32]byte) + copy(chachaKey[:], r[:]) + chacha20.XORKeyStream(out, out, dummyNonce, chachaKey) h.Reset() h.Write(out[:len(in)+32]) for i, b := range h.Sum(nil)[:RSize] { @@ -85,14 +85,14 @@ func Decode(in []byte) ([]byte, error) { return nil, err } h.Write(in[:len(in)-RSize]) - salsaKey := new([32]byte) + chachaKey := new([32]byte) for i, b := range h.Sum(nil)[:RSize] { - salsaKey[i] = b ^ in[len(in)-RSize+i] + chachaKey[i] = b ^ in[len(in)-RSize+i] } h.Reset() - h.Write(salsaKey[:RSize]) + h.Write(chachaKey[:RSize]) out := make([]byte, len(in)-RSize) - salsa20.XORKeyStream(out, in[:len(in)-RSize], dummyNonce, salsaKey) + chacha20.XORKeyStream(out, in[:len(in)-RSize], dummyNonce, chachaKey) h.Write(out[:len(out)-HSize]) if subtle.ConstantTimeCompare(h.Sum(nil), out[len(out)-HSize:]) != 1 { return nil, errors.New("Invalid checksum")