package main
import (
- "crypto/rand"
"crypto/subtle"
"flag"
"fmt"
mOpt = flag.Int("m", govpn.DefaultM, "Argon2d memory parameter (KiBs)")
tOpt = flag.Int("t", govpn.DefaultT, "Argon2d iteration parameter")
pOpt = flag.Int("p", govpn.DefaultP, "Argon2d parallelizm parameter")
+ egdPath = flag.String("egd", "", "Optional path to EGD socket")
)
func main() {
flag.Parse()
+ if *egdPath != "" {
+ govpn.EGDInit(*egdPath)
+ }
if *verifier == "" {
id := new([govpn.IDSize]byte)
- if _, err := rand.Read(id[:]); err != nil {
+ if _, err := govpn.Rand.Read(id[:]); err != nil {
log.Fatalln(err)
}
pid := govpn.PeerId(*id)
package govpn
import (
+ "crypto/rand"
"errors"
+ "io"
"net"
)
var (
- egdPath string
+ Rand io.Reader = rand.Reader
)
-func EGDInit(path string) {
- egdPath = path
-}
+type EGDRand string
// Read n bytes from EGD, blocking mode.
-func EGDRead(b []byte) error {
- c, err := net.Dial("unix", egdPath)
+func (egdPath EGDRand) Read(b []byte) (int, error) {
+ conn, err := net.Dial("unix", string(egdPath))
if err != nil {
- return err
+ return 0, err
}
- defer c.Close()
- c.Write([]byte{0x02, byte(len(b))})
- r, err := c.Read(b)
+ conn.Write([]byte{0x02, byte(len(b))})
+ read, err := conn.Read(b)
if err != nil {
- return err
+ conn.Close()
+ return read, err
}
- if r != len(b) {
- return errors.New("Got less bytes than expected from EGD")
+ if read != len(b) {
+ conn.Close()
+ return read, errors.New("Got less bytes than expected from EGD")
}
- return nil
+ conn.Close()
+ return read, nil
+}
+
+func EGDInit(path string) {
+ Rand = EGDRand(path)
}
package govpn
import (
- "crypto/rand"
"crypto/subtle"
"encoding/binary"
"io"
return nonce
}
-func randRead(b []byte) error {
- var err error
- if egdPath == "" {
- _, err = rand.Read(b)
- } else {
- err = EGDRead(b)
- }
- return err
-}
-
func dhKeypairGen() (*[32]byte, *[32]byte) {
priv := new([32]byte)
pub := new([32]byte)
repr := new([32]byte)
reprFound := false
for !reprFound {
- if err := randRead(priv[:]); err != nil {
+ if _, err := Rand.Read(priv[:]); err != nil {
log.Fatalln("Error reading random for DH private key:", err)
}
reprFound = extra25519.ScalarBaseMult(pub, repr, priv)
state.dhPriv, dhPubRepr = dhKeypairGen()
state.rNonce = new([RSize]byte)
- if err := randRead(state.rNonce[:]); err != nil {
+ if _, err := Rand.Read(state.rNonce[:]); err != nil {
log.Fatalln("Error reading random for nonce:", err)
}
var enc []byte
// Generate R* and encrypt them
h.rServer = new([RSize]byte)
- if err := randRead(h.rServer[:]); err != nil {
+ var err error
+ if _, err = Rand.Read(h.rServer[:]); err != nil {
log.Fatalln("Error reading random for R:", err)
}
h.sServer = new([SSize]byte)
- if err := randRead(h.sServer[:]); err != nil {
+ if _, err = Rand.Read(h.sServer[:]); err != nil {
log.Fatalln("Error reading random for S:", err)
}
var encRs []byte
// Generate R* and signature and encrypt them
h.rClient = new([RSize]byte)
- if err := randRead(h.rClient[:]); err != nil {
+ var err error
+ if _, err = Rand.Read(h.rClient[:]); err != nil {
log.Fatalln("Error reading random for R:", err)
}
h.sClient = new([SSize]byte)
- if err := randRead(h.sClient[:]); err != nil {
+ if _, err = Rand.Read(h.sClient[:]); err != nil {
log.Fatalln("Error reading random for S:", err)
}
sign := ed25519.Sign(h.Conf.DSAPriv, h.key[:])