Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
Timeout: time.Second * time.Duration(timeout),
Noise: *noisy,
CPR: *cpr,
Timeout: time.Second * time.Duration(timeout),
Noise: *noisy,
CPR: *cpr,
Verifier: verifier,
DSAPriv: priv,
}
Verifier: verifier,
DSAPriv: priv,
}
func handleTCP(conn *net.TCPConn, timeouted, rehandshaking, termination chan struct{}) {
hs := govpn.HandshakeStart(*remoteAddr, conn, conf)
func handleTCP(conn *net.TCPConn, timeouted, rehandshaking, termination chan struct{}) {
hs := govpn.HandshakeStart(*remoteAddr, conn, conf)
- buf := make([]byte, 2*(govpn.EncLessEnlargeSize+*mtu)+*mtu)
+ buf := make([]byte, 2*(govpn.EnclessEnlargeSize+*mtu)+*mtu)
var n int
var err error
var prev int
var n int
var err error
var prev int
if err != nil {
log.Fatalln("Unable to decode the key:", err.Error(), pc.VerifierRaw)
}
if err != nil {
log.Fatalln("Unable to decode the key:", err.Error(), pc.VerifierRaw)
}
pc.Noise = true
}
if pc.MTU == 0 {
pc.Noise = true
}
if pc.MTU == 0 {
Down: pc.Down,
Noise: pc.Noise,
CPR: pc.CPR,
Down: pc.Down,
Noise: pc.Noise,
CPR: pc.CPR,
}
if pc.TimeoutInt <= 0 {
pc.TimeoutInt = govpn.TimeoutDefault
}
if pc.TimeoutInt <= 0 {
pc.TimeoutInt = govpn.TimeoutDefault
func handleTCP(conn net.Conn) {
addr := conn.RemoteAddr().String()
func handleTCP(conn net.Conn) {
addr := conn.RemoteAddr().String()
- buf := make([]byte, govpn.EncLessEnlargeSize+2*govpn.MTUMax)
+ buf := make([]byte, govpn.EnclessEnlargeSize+2*govpn.MTUMax)
var n int
var err error
var prev int
var n int
var err error
var prev int
Timeout time.Duration `json:"-"`
Noise bool `json:"noise"`
CPR int `json:"cpr"`
Timeout time.Duration `json:"-"`
Noise bool `json:"noise"`
CPR int `json:"cpr"`
- EncLess bool `json:"encless"`
+ Encless bool `json:"encless"`
VerifierRaw string `json:"verifier"`
// This is passphrase verifier
VerifierRaw string `json:"verifier"`
// This is passphrase verifier
- EncLessEnlargeSize = aont.HSize + aont.RSize*cnw.EnlargeFactor
+ EnclessEnlargeSize = aont.HSize + aont.RSize*cnw.EnlargeFactor
)
// Confidentiality preserving (but encryptionless) encoding.
//
// It uses Chaffing-and-Winnowing technology (it is neither
// encryption nor steganography) over All-Or-Nothing-Transformed data.
)
// Confidentiality preserving (but encryptionless) encoding.
//
// It uses Chaffing-and-Winnowing technology (it is neither
// encryption nor steganography) over All-Or-Nothing-Transformed data.
-// nonce is 64-bit nonce. Output data will be EncLessEnlargeSize larger.
+// nonce is 64-bit nonce. Output data will be EnclessEnlargeSize larger.
// It also consumes 64-bits of entropy.
// It also consumes 64-bits of entropy.
-func EncLessEncode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
+func EnclessEncode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
r := new([aont.RSize]byte)
var err error
if _, err = Rand.Read(r[:]); err != nil {
r := new([aont.RSize]byte)
var err error
if _, err = Rand.Read(r[:]); err != nil {
-// Decode EncLessEncode-ed data.
-func EncLessDecode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
+// Decode EnclessEncode-ed data.
+func EnclessDecode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
var err error
winnowed, err := cnw.Winnow(
authKey, nonce, in[:aont.RSize*cnw.EnlargeFactor],
var err error
winnowed, err := cnw.Winnow(
authKey, nonce, in[:aont.RSize*cnw.EnlargeFactor],
-func TestEncLessSymmetric(t *testing.T) {
+func TestEnclessSymmetric(t *testing.T) {
nonce := make([]byte, 8)
f := func(pktNum uint64, in []byte) bool {
binary.BigEndian.PutUint64(nonce, pktNum)
nonce := make([]byte, 8)
f := func(pktNum uint64, in []byte) bool {
binary.BigEndian.PutUint64(nonce, pktNum)
- encoded, err := EncLessEncode(testKey, nonce, in)
+ encoded, err := EnclessEncode(testKey, nonce, in)
if err != nil {
return false
}
if err != nil {
return false
}
- decoded, err := EncLessDecode(testKey, nonce, encoded)
+ decoded, err := EnclessDecode(testKey, nonce, encoded)
if err != nil {
return false
}
if err != nil {
return false
}
-func BenchmarkEncLessEncode(b *testing.B) {
+func BenchmarkEnclessEncode(b *testing.B) {
nonce := make([]byte, 8)
data := make([]byte, 128)
rand.Read(nonce)
rand.Read(data)
b.ResetTimer()
for i := 0; i < b.N; i++ {
nonce := make([]byte, 8)
data := make([]byte, 128)
rand.Read(nonce)
rand.Read(data)
b.ResetTimer()
for i := 0; i < b.N; i++ {
- EncLessEncode(testKey, nonce, data)
+ EnclessEncode(testKey, nonce, data)
-func BenchmarkEncLessDecode(b *testing.B) {
+func BenchmarkEnclessDecode(b *testing.B) {
nonce := make([]byte, 8)
data := make([]byte, 128)
rand.Read(nonce)
rand.Read(data)
nonce := make([]byte, 8)
data := make([]byte, 128)
rand.Read(nonce)
rand.Read(data)
- encoded, _ := EncLessEncode(testKey, nonce, data)
+ encoded, _ := EnclessEncode(testKey, nonce, data)
b.ResetTimer()
for i := 0; i < b.N; i++ {
b.ResetTimer()
for i := 0; i < b.N; i++ {
- EncLessDecode(testKey, nonce, encoded)
+ EnclessDecode(testKey, nonce, encoded)
enc = make([]byte, 32)
}
copy(enc, dhPubRepr[:])
enc = make([]byte, 32)
}
copy(enc, dhPubRepr[:])
- enc, err = EncLessEncode(state.dsaPubH, state.rNonce[:], enc)
+ enc, err = EnclessEncode(state.dsaPubH, state.rNonce[:], enc)
if err != err {
panic(err)
}
if err != err {
panic(err)
}
// authenticated Peer is ready, then return nil.
func (h *Handshake) Server(data []byte) *Peer {
// R + ENC(H(DSAPub), R, El(CDHPub)) + IDtag
// authenticated Peer is ready, then return nil.
func (h *Handshake) Server(data []byte) *Peer {
// R + ENC(H(DSAPub), R, El(CDHPub)) + IDtag
- if h.rNonce == nil && ((!h.Conf.EncLess && len(data) >= 48) ||
- (h.Conf.EncLess && len(data) == EncLessEnlargeSize+h.Conf.MTU)) {
+ if h.rNonce == nil && ((!h.Conf.Encless && len(data) >= 48) ||
+ (h.Conf.Encless && len(data) == EnclessEnlargeSize+h.Conf.MTU)) {
h.rNonce = new([RSize]byte)
copy(h.rNonce[:], data[:RSize])
// Decrypt remote public key
cDHRepr := new([32]byte)
h.rNonce = new([RSize]byte)
copy(h.rNonce[:], data[:RSize])
// Decrypt remote public key
cDHRepr := new([32]byte)
- if h.Conf.EncLess {
- out, err := EncLessDecode(
+ if h.Conf.Encless {
+ out, err := EnclessDecode(
h.dsaPubH,
h.rNonce[:],
data[RSize:len(data)-xtea.BlockSize],
h.dsaPubH,
h.rNonce[:],
data[RSize:len(data)-xtea.BlockSize],
var encPub []byte
var err error
var encPub []byte
var err error
encPub = make([]byte, h.Conf.MTU)
copy(encPub, dhPubRepr[:])
encPub = make([]byte, h.Conf.MTU)
copy(encPub, dhPubRepr[:])
- encPub, err = EncLessEncode(h.dsaPubH, h.rNonceNext(1), encPub)
+ encPub, err = EnclessEncode(h.dsaPubH, h.rNonceNext(1), encPub)
if err != nil {
panic(err)
}
if err != nil {
panic(err)
}
log.Fatalln("Error reading random for S:", err)
}
var encRs []byte
log.Fatalln("Error reading random for S:", err)
}
var encRs []byte
- if h.Conf.Noise && !h.Conf.EncLess {
+ if h.Conf.Noise && !h.Conf.Encless {
encRs = make([]byte, h.Conf.MTU-len(encPub)-xtea.BlockSize)
encRs = make([]byte, h.Conf.MTU-len(encPub)-xtea.BlockSize)
- } else if h.Conf.EncLess {
+ } else if h.Conf.Encless {
encRs = make([]byte, h.Conf.MTU-xtea.BlockSize)
} else {
encRs = make([]byte, RSize+SSize)
}
copy(encRs, append(h.rServer[:], h.sServer[:]...))
encRs = make([]byte, h.Conf.MTU-xtea.BlockSize)
} else {
encRs = make([]byte, RSize+SSize)
}
copy(encRs, append(h.rServer[:], h.sServer[:]...))
- if h.Conf.EncLess {
- encRs, err = EncLessEncode(h.key, h.rNonce[:], encRs)
+ if h.Conf.Encless {
+ encRs, err = EnclessEncode(h.key, h.rNonce[:], encRs)
if err != nil {
panic(err)
}
if err != nil {
panic(err)
}
h.LastPing = time.Now()
} else
// ENC(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag
h.LastPing = time.Now()
} else
// ENC(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag
- if h.rClient == nil && ((!h.Conf.EncLess && len(data) >= 120) ||
- (h.Conf.EncLess && len(data) == EncLessEnlargeSize+h.Conf.MTU)) {
+ if h.rClient == nil && ((!h.Conf.Encless && len(data) >= 120) ||
+ (h.Conf.Encless && len(data) == EnclessEnlargeSize+h.Conf.MTU)) {
var dec []byte
var err error
var dec []byte
var err error
- if h.Conf.EncLess {
- dec, err = EncLessDecode(
+ if h.Conf.Encless {
+ dec, err = EnclessDecode(
h.key,
h.rNonceNext(1),
data[:len(data)-xtea.BlockSize],
h.key,
h.rNonceNext(1),
data[:len(data)-xtea.BlockSize],
enc = make([]byte, RSize)
}
copy(enc, dec[RSize:RSize+RSize])
enc = make([]byte, RSize)
}
copy(enc, dec[RSize:RSize+RSize])
- if h.Conf.EncLess {
- enc, err = EncLessEncode(h.key, h.rNonceNext(2), enc)
+ if h.Conf.Encless {
+ enc, err = EnclessEncode(h.key, h.rNonceNext(2), enc)
if err != nil {
panic(err)
}
if err != nil {
panic(err)
}
func (h *Handshake) Client(data []byte) *Peer {
// ENC(H(DSAPub), R+1, El(SDHPub)) + ENC(K, R, RS + SS) + IDtag
if h.rServer == nil && h.key == nil &&
func (h *Handshake) Client(data []byte) *Peer {
// ENC(H(DSAPub), R+1, El(SDHPub)) + ENC(K, R, RS + SS) + IDtag
if h.rServer == nil && h.key == nil &&
- ((!h.Conf.EncLess && len(data) >= 80) ||
- (h.Conf.EncLess && len(data) == 2*(EncLessEnlargeSize+h.Conf.MTU))) {
+ ((!h.Conf.Encless && len(data) >= 80) ||
+ (h.Conf.Encless && len(data) == 2*(EnclessEnlargeSize+h.Conf.MTU))) {
// Decrypt remote public key
sDHRepr := new([32]byte)
var tmp []byte
var err error
// Decrypt remote public key
sDHRepr := new([32]byte)
var tmp []byte
var err error
- if h.Conf.EncLess {
- tmp, err = EncLessDecode(
+ if h.Conf.Encless {
+ tmp, err = EnclessDecode(
h.dsaPubH,
h.rNonceNext(1),
data[:len(data)/2],
h.dsaPubH,
h.rNonceNext(1),
data[:len(data)/2],
// Decrypt Rs
h.rServer = new([RSize]byte)
h.sServer = new([SSize]byte)
// Decrypt Rs
h.rServer = new([RSize]byte)
h.sServer = new([SSize]byte)
- if h.Conf.EncLess {
- tmp, err = EncLessDecode(
+ if h.Conf.Encless {
+ tmp, err = EnclessDecode(
h.key,
h.rNonce[:],
data[len(data)/2:len(data)-xtea.BlockSize],
h.key,
h.rNonce[:],
data[len(data)/2:len(data)-xtea.BlockSize],
copy(enc[RSize:], h.rClient[:])
copy(enc[RSize+RSize:], h.sClient[:])
copy(enc[RSize+RSize+SSize:], sign[:])
copy(enc[RSize:], h.rClient[:])
copy(enc[RSize+RSize:], h.sClient[:])
copy(enc[RSize+RSize+SSize:], sign[:])
- if h.Conf.EncLess {
- enc, err = EncLessEncode(h.key, h.rNonceNext(1), enc)
+ if h.Conf.Encless {
+ enc, err = EnclessEncode(h.key, h.rNonceNext(1), enc)
if err != nil {
panic(err)
}
if err != nil {
panic(err)
}
h.LastPing = time.Now()
} else
// ENC(K, R+2, RC) + IDtag
h.LastPing = time.Now()
} else
// ENC(K, R+2, RC) + IDtag
- if h.key != nil && ((!h.Conf.EncLess && len(data) >= 16) ||
- (h.Conf.EncLess && len(data) == EncLessEnlargeSize+h.Conf.MTU)) {
+ if h.key != nil && ((!h.Conf.Encless && len(data) >= 16) ||
+ (h.Conf.Encless && len(data) == EnclessEnlargeSize+h.Conf.MTU)) {
var err error
// Decrypt rClient
var dec []byte
var err error
// Decrypt rClient
var dec []byte
- if h.Conf.EncLess {
- dec, err = EncLessDecode(
+ if h.Conf.Encless {
+ dec, err = EnclessDecode(
h.key,
h.rNonceNext(2),
data[:len(data)-xtea.BlockSize],
h.key,
h.rNonceNext(2),
data[:len(data)-xtea.BlockSize],
v := VerifierNew(DefaultM, DefaultT, DefaultP, &peerId)
conf.Verifier = v
conf.DSAPriv = v.PasswordApply("does not matter")
v := VerifierNew(DefaultM, DefaultT, DefaultP, &peerId)
conf.Verifier = v
conf.DSAPriv = v.PasswordApply("does not matter")
conf.Noise = true
hsS := NewHandshake("server", Dummy{&ciphertext}, conf)
hsC := HandshakeStart("client", Dummy{&ciphertext}, conf)
conf.Noise = true
hsS := NewHandshake("server", Dummy{&ciphertext}, conf)
hsC := HandshakeStart("client", Dummy{&ciphertext}, conf)
if hsC.Client(ciphertext) == nil {
t.Fail()
}
if hsC.Client(ciphertext) == nil {
t.Fail()
}
NoiseEnable bool
CPR int
CPRCycle time.Duration `json:"-"`
NoiseEnable bool
CPR int
CPRCycle time.Duration `json:"-"`
MTU int
// Cryptography related
MTU int
// Cryptography related
}
bufSize := S20BS + 2*conf.MTU
}
bufSize := S20BS + 2*conf.MTU
- if conf.EncLess {
- bufSize += EncLessEnlargeSize
+ if conf.Encless {
+ bufSize += EnclessEnlargeSize
noiseEnable = true
}
peer := Peer{
noiseEnable = true
}
peer := Peer{
NoiseEnable: noiseEnable,
CPR: conf.CPR,
CPRCycle: cprCycle,
NoiseEnable: noiseEnable,
CPR: conf.CPR,
CPRCycle: cprCycle,
p.BytesPayloadOut += int64(len(data))
}
p.BytesPayloadOut += int64(len(data))
}
- if p.NoiseEnable && !p.EncLess {
+ if p.NoiseEnable && !p.Encless {
p.frameT = p.bufT[S20BS : S20BS+p.MTU-TagSize]
p.frameT = p.bufT[S20BS : S20BS+p.MTU-TagSize]
p.frameT = p.bufT[S20BS : S20BS+p.MTU]
} else {
p.frameT = p.bufT[S20BS : S20BS+len(data)+1+NonceSize]
p.frameT = p.bufT[S20BS : S20BS+p.MTU]
} else {
p.frameT = p.bufT[S20BS : S20BS+len(data)+1+NonceSize]
p.frameT[len(p.frameT)-NonceSize:],
)
var out []byte
p.frameT[len(p.frameT)-NonceSize:],
)
var out []byte
- out, err = EncLessEncode(
+ out, err = EnclessEncode(
p.Key,
p.frameT[len(p.frameT)-NonceSize:],
p.frameT[:len(p.frameT)-NonceSize],
p.Key,
p.frameT[len(p.frameT)-NonceSize:],
p.frameT[:len(p.frameT)-NonceSize],
}
var out []byte
p.BusyR.Lock()
}
var out []byte
p.BusyR.Lock()
- out, err = EncLessDecode(
+ out, err = EnclessDecode(
p.Key,
data[len(data)-NonceSize:],
data[:len(data)-NonceSize],
p.Key,
data[len(data)-NonceSize:],
data[:len(data)-NonceSize],
peer.NoiseEnable = true
}
peer.NoiseEnable = true
}
-func TestTransportSymmetricEncLess(t *testing.T) {
+func TestTransportSymmetricEncless(t *testing.T) {
peerd := newPeer(true, "foo", Dummy{nil}, conf, new([SSize]byte))
peerd := newPeer(true, "foo", Dummy{nil}, conf, new([SSize]byte))
peerd.NoiseEnable = true
f := func(payload []byte) bool {
if len(payload) == 0 {
peerd.NoiseEnable = true
f := func(payload []byte) bool {
if len(payload) == 0 {
t.Error(err)
}
peer.NoiseEnable = false
t.Error(err)
}
peer.NoiseEnable = false
}
func BenchmarkEnc(b *testing.B) {
}
func BenchmarkEnc(b *testing.B) {