From: Sergey Matveev Date: Sun, 11 Sep 2016 13:50:42 +0000 (+0300) Subject: Merge branch 'develop' X-Git-Tag: 6.0^0 X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=commitdiff_plain;h=21dee974626eb44b6c3904621dea946fef7e17fc;hp=d2cb9a013216116f80aad1f4bc2506d51ddbf721 Merge branch 'develop' --- diff --git a/.gitmodules b/.gitmodules index 27bf6b5..bb2b1f8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,12 +7,12 @@ [submodule "src/golang.org/x/crypto"] path = src/golang.org/x/crypto url = https://go.googlesource.com/crypto -[submodule "src/github.com/magical/argon2"] - path = src/github.com/magical/argon2 - url = https://github.com/magical/argon2.git [submodule "src/github.com/dchest/blake2b"] path = src/github.com/dchest/blake2b url = https://github.com/dchest/blake2b.git [submodule "src/github.com/go-yaml/yaml"] path = src/github.com/go-yaml/yaml url = https://github.com/go-yaml/yaml.git +[submodule "src/cypherpunks.ru/balloon"] + path = src/cypherpunks.ru/balloon + url = git://git.cypherpunks.ru/balloon.git diff --git a/README b/README index b95b958..51ee94e 100644 --- a/README +++ b/README @@ -14,8 +14,8 @@ GNU/Linux and FreeBSD support. GoVPN is free software: see the file COPYING for copying conditions. -Home page: http://govpn.info/ -> http://www.cypherpunks.ru/govpn/ -also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/ +Home page: http://www.govpn.info/ +also available as Tor hidden service: http://2wir2p7ibeu72jk3.onion/ Please send questions regarding the use of GoVPN, bug reports and patches to govpn-devel mailing list: diff --git a/README.RU b/README.RU index a14edb0..63b7024 100644 --- a/README.RU +++ b/README.RU @@ -18,8 +18,8 @@ GoVPN это простой демон виртуальных частных с GoVPN это свободное программное обеспечением: условия распространения находятся в файле COPYING. -Домашняя страница: http://www.cypherpunks.ru/govpn/ (http://govpn.info/) -также доступна как скрытый сервис Tor: http://vabu56j2ep2rwv3b.onion/govpn/ +Домашняя страница: http://www.govpn.info/ +также доступна как скрытый сервис Tor: http://2wir2p7ibeu72jk3.onion/ Пожалуйста все вопросы касающиеся использования GoVPN, отчёты об ошибках и патчи отправляйте в govpn-devel почтовую рассылку: diff --git a/VERSION b/VERSION index f9ce5a9..e0ea36f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.10 +6.0 diff --git a/doc/.well-known/openpgpkey/hu/.gitignore b/doc/.well-known/openpgpkey/hu/.gitignore new file mode 100644 index 0000000..3a1ab10 --- /dev/null +++ b/doc/.well-known/openpgpkey/hu/.gitignore @@ -0,0 +1 @@ +i4cdqgcarfjdjnba6y4jnf498asg8c6p diff --git a/doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc b/doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc new file mode 100644 index 0000000..764cde0 --- /dev/null +++ b/doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFT/H6cBCADTf/oqoTTBAA/CCQuYtzg8vrXxyjXj9yy4lTWqMSwgLXMm8br/ +kG0Jnk63oP3hggI3hm2mpuiNwpwrJiORLBZCe8JgZW71zG4LfhVpQeWd7fu8WxDx +0uUZWByz5KcK8c/kNWNDpSkMmmqdE/8v0YDFbsz5U+ytp/Kki/gj3BCeIX3jYOL1 +fxczkv2okoU+aGYXt9z50VzheLUSRLzkkX8yNSpszqfB0LEEmUk8HO2fSS/bXwaY +ZXX5//suH8V5hwq8vB8dHHCquZW6blyzcTa2KGIh6g2CmpypIQp/i5QAbzOCHKTM +A1F7A1r0kYF2WfZOrycCfjUx3GA5B7sytuA3ABEBAAG0JEdvVlBOIHJlbGVhc2Vz +IDxyZWxlYXNlc0Bnb3Zwbi5pbmZvPokBQAQTAQgAKgUCV8sB0wIbAwwLCgkNCAwH +CwMEAQIHFQoJCAsDAgUWAgEDAAIeAQIXgAAKCRDy9ZBF/+L0oTYyCADJJl4+7Px1 +baF9s1n9EoNsSLTd0QiModJ2bRdX8TBpCeOHIPIOZAKre3Ys3ox6MOcnZyApO141 +7NS557WNcmLyk+f274HqZurveZr/sc3MMdFvkPJ78LOueI6ttx9WlhXAingGR3ax ++m1ZY7vSfkrGJ7gwUE6ZVZKE1MbM1UIKqazRzTeu7wiiyXEpLYDWgNXSmg9Gl6oF +EecChlcDp5VDQIaDzHyibUgBdwt32BX07AZcGHB7vIyPUavQJBqhg68hHjGoyFYA +N+OHCAoqaIfHJUW2xYmvfa0cy3wd02NJWsiw4htxdI+JzcbRnE/XKPIeOr6L0oFB +LoTku6Vg75g8iF4EEBEIAAYFAlfLAzQACgkQrhqBCeSYV+82HAD9HSVRIV8Li0MD +pNNLMK6G9SLkvsBVOIBau5Oj1LEWeXcA/3vMiAtypumglnfEhBsa5OLFHgznsBJ2 +JJjYFGQMjWTG +=RI3T +-----END PGP PUBLIC KEY BLOCK----- diff --git a/doc/Makefile b/doc/Makefile index 1d1032d..6e2b0db 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -15,3 +15,4 @@ govpn.html: *.texi handshake.utxt --set-customization-variable SHOW_TITLE=0 \ --set-customization-variable DATE_IN_HEADER=1 \ -o govpn.html index.texi + cp -r .well-known govpn.html/ diff --git a/doc/about.ru.texi b/doc/about.ru.texi index aa89817..b911083 100644 --- a/doc/about.ru.texi +++ b/doc/about.ru.texi @@ -28,7 +28,7 @@ A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)). @item Зашифрованный и аутентифицируемый @ref{Transport, транспортный протокол} передачи данных с 128-бит @ref{Developer, порогом безопасности} и -современной криптографией. +современной не-NIST криптографией. @item Опциональный @ref{Encless, нешифрованный режим}: функции шифрования не diff --git a/doc/about.texi b/doc/about.texi index 833c516..59359c8 100644 --- a/doc/about.texi +++ b/doc/about.texi @@ -25,7 +25,7 @@ passphrase verifiers compromising. @item Encrypted and authenticated @ref{Transport, payload transport} -with 128-bit @ref{Developer, security margin} state-of-the-art +with 128-bit @ref{Developer, security margin} state-of-the-art non-NIST cryptography. @item diff --git a/doc/contacts.texi b/doc/contacts.texi index 3f96135..15e5235 100644 --- a/doc/contacts.texi +++ b/doc/contacts.texi @@ -5,7 +5,7 @@ Please send questions regarding the use of GoVPN, bug reports and patches to @url{https://lists.cypherpunks.ru/pipermail/govpn-devel/, govpn-devel} mailing list. Announcements also go to this mailing list. -Official website is @url{http://www.cypherpunks.ru/govpn/} -(with @url{http://govpn.info/} alias), also available as +Official website is @url{http://www.govpn.info/}, also available via +@url{https://www.govpn.info/, HTTPS} and as @url{https://www.torproject.org/, Tor} hidden service: -@url{http://vabu56j2ep2rwv3b.onion/govpn/}. +@url{http://2wir2p7ibeu72jk3.onion/}. diff --git a/doc/developer.texi b/doc/developer.texi index f2fe00e..e147f7e 100644 --- a/doc/developer.texi +++ b/doc/developer.texi @@ -16,7 +16,8 @@ Pay attention how to get @ref{Sources, development source code}. @item DH elliptic-curve point encoding for public keys @url{http://elligator.cr.yp.to/, Elligator}. @item Verifier password hashing algorithm - @url{https://password-hashing.net/#argon2, Argon2d}. + @url{https://crypto.stanford.edu/balloon/, Balloon hashing} based + on BLAKE2b-256. @item Encryptionless confidentiality preserving encoding @url{http://people.csail.mit.edu/rivest/chaffing-980701.txt, Chaffing-and-Winnowing} (two Poly1305 MACs for each bit of message) diff --git a/doc/download.texi b/doc/download.texi index 2714223..6fe34f2 100644 --- a/doc/download.texi +++ b/doc/download.texi @@ -2,106 +2,111 @@ @section Prepared tarballs You can obtain releases source code prepared tarballs from the links below -(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}): +(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}). +Do not forget to check tarball @ref{Integrity, integrity}. @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} @headitem Version @tab Size @tab Tarball @tab SHA256 checksum +@item @ref{Release 5.10, 5.10} @tab 316 KiB +@tab @url{download/govpn-5.10.tar.xz, link} @url{download/govpn-5.10.tar.xz.sig, sign} +@tab @code{BC624265 CFCDA8CE 1C1BBF9D 016683C5 0EC6CBA5 AECCF33D 93FCA4E5 D52098BD} + @item @ref{Release 5.9, 5.9} @tab 315 KiB @tab @url{download/govpn-5.9.tar.xz, link} @url{download/govpn-5.9.tar.xz.sig, sign} -@tab @code{ff6afd2a9ef51a3c6640a33c63b060490f7d9460220307c4cb7e2f6226497945} +@tab @code{FF6AFD2A 9EF51A3C 6640A33C 63B06049 0F7D9460 220307C4 CB7E2F62 26497945} @item @ref{Release 5.8, 5.8} @tab 312 KiB @tab @url{download/govpn-5.8.tar.xz, link} @url{download/govpn-5.8.tar.xz.sig, sign} -@tab @code{a730dc3bbb97bc412a80f529b0f3043e70d011387f5d579cbd2e29964ddf94f4} +@tab @code{A730DC3B BB97BC41 2A80F529 B0F3043E 70D01138 7F5D579C BD2E2996 4DDF94F4} @item @ref{Release 5.7, 5.7} @tab 312 KiB @tab @url{download/govpn-5.7.tar.xz, link} @url{download/govpn-5.7.tar.xz.sig, sign} -@tab @code{17a8a223e2d9d4fd537f8de802bc6c72f16ebf8a8c5430e3fbf045c304f9dfec} +@tab @code{17A8A223 E2D9D4FD 537F8DE8 02BC6C72 F16EBF8A 8C5430E3 FBF045C3 04F9DFEC} @item @ref{Release 5.6, 5.6} @tab 311 KiB @tab @url{download/govpn-5.6.tar.xz, link} @url{download/govpn-5.6.tar.xz.sig, sign} -@tab @code{d46b8f742f1e2bf17236868512f1ea5ad80f59c3bac753a56ce41a1f465282a8} +@tab @code{D46B8F74 2F1E2BF1 72368685 12F1EA5A D80F59C3 BAC753A5 6CE41A1F 465282A8} @item @ref{Release 5.5, 5.5} @tab 310 KiB @tab @url{download/govpn-5.5.tar.xz, link} @url{download/govpn-5.5.tar.xz.sig, sign} -@tab @code{2f32e02c34a13eae538be7b44c11e16a8e68c43afc8e4a3071172f9c52b861d8} +@tab @code{2F32E02C 34A13EAE 538BE7B4 4C11E16A 8E68C43A FC8E4A30 71172F9C 52B861D8} @item @ref{Release 5.4, 5.4} @tab 310 KiB @tab @url{download/govpn-5.4.tar.xz, link} @url{download/govpn-5.4.tar.xz.sig, sign} -@tab @code{a1a001d9ef899ff6b61872eb7d2425a09eb0161574f50c8da6e4b14beb9b0ff6} +@tab @code{A1A001D9 EF899FF6 B61872EB 7D2425A0 9EB01615 74F50C8D A6E4B14B EB9B0FF6} @item @ref{Release 5.3, 5.3} @tab 301 KiB @tab @url{download/govpn-5.3.tar.xz, link} @url{download/govpn-5.3.tar.xz.sig, sign} -@tab @code{50955d0a2ea41236682cb5ac245210691fb6ecbe88d138c5873e2362e547da48} +@tab @code{50955D0A 2EA41236 682CB5AC 24521069 1FB6ECBE 88D138C5 873E2362 E547DA48} @item @ref{Release 5.2, 5.2} @tab 300 KiB @tab @url{download/govpn-5.2.tar.xz, link} @url{download/govpn-5.2.tar.xz.sig, sign} -@tab @code{44e3a3265b30305a4436e172565585c327fb28d26197e61b7496c437d032c0db} +@tab @code{44E3A326 5B30305A 4436E172 565585C3 27FB28D2 6197E61B 7496C437 D032C0DB} @item @ref{Release 5.1, 5.1} @tab 287 KiB @tab @url{download/govpn-5.1.tar.xz, link} @url{download/govpn-5.1.tar.xz.sig, sign} -@tab @code{0d456c5683287dca31f8c3302eb9a9329feab82bc1fbdb0098fca991513536d1} +@tab @code{0D456C56 83287DCA 31F8C330 2EB9A932 9FEAB82B C1FBDB00 98FCA991 513536D1} @item @ref{Release 5.0, 5.0} @tab 237 KiB @tab @url{download/govpn-5.0.tar.xz, link} @url{download/govpn-5.0.tar.xz.sig, sign} -@tab @code{cc186a3b800279b6f5a7c86d61b250c24cf97235f6c3e1bb05a6cb60251085c6} +@tab @code{CC186A3B 800279B6 F5A7C86D 61B250C2 4CF97235 F6C3E1BB 05A6CB60 251085C6} @item @ref{Release 4.2, 4.2} @tab 233 KiB @tab @url{download/govpn-4.2.tar.xz, link} @url{download/govpn-4.2.tar.xz.sig, sign} -@tab @code{dc2d390b9dcfb30a3612018d410b61ddf8edd82f4d9aa5ed2691b027be10ba0a} +@tab @code{DC2D390B 9DCFB30A 3612018D 410B61DD F8EDD82F 4D9AA5ED 2691B027 BE10BA0A} @item @ref{Release 4.1, 4.1} @tab 227 KiB @tab @url{download/govpn-4.1.tar.xz, link} @url{download/govpn-4.1.tar.xz.sig, sign} -@tab @code{fbc7a730afe96384827dc1e1402c53165710ade5113d90531427c39172e40aca} +@tab @code{FBC7A730 AFE96384 827DC1E1 402C5316 5710ADE5 113D9053 1427C391 72E40ACA} @item @ref{Release 4.0, 4.0} @tab 183 KiB @tab @url{download/govpn-4.0.tar.xz, link} @url{download/govpn-4.0.tar.xz.sig, sign} -@tab @code{a791c3569c01dea8b18aa2f21d27b797ded76f2c33a8d96c2db864a9abf2615b} +@tab @code{A791C356 9C01DEA8 B18AA2F2 1D27B797 DED76F2C 33A8D96C 2DB864A9 ABF2615B} @item @ref{Release 3.5, 3.5} @tab 179 KiB @tab @url{download/govpn-3.5.tar.xz, link} @url{download/govpn-3.5.tar.xz.sig, sign} -@tab @code{6b60c2cd4a8b4b2c893e52d3366510678704fd68a02a0ea24cb112bd753ea54b} +@tab @code{6B60C2CD 4A8B4B2C 893E52D3 36651067 8704FD68 A02A0EA2 4CB112BD 753EA54B} @item @ref{Release 3.4, 3.4} @tab 175 KiB @tab @url{download/govpn-3.4.tar.xz, link} @url{download/govpn-3.4.tar.xz.sig, sign} -@tab @code{266612a7f8faa6ceb2955ed611c0c21872776306f4eaad5b785145bbb0390c82} +@tab @code{266612A7 F8FAA6CE B2955ED6 11C0C218 72776306 F4EAAD5B 785145BB B0390C82} @item @ref{Release 3.3, 3.3} @tab 175 KiB @tab @url{download/govpn-3.3.tar.xz, link} @url{download/govpn-3.3.tar.xz.sig, sign} -@tab @code{1834a057215324f49d6272b2beb89f1532105156f7e853eae855659992ac0c84} +@tab @code{1834A057 215324F4 9D6272B2 BEB89F15 32105156 F7E853EA E8556599 92AC0C84} @item @ref{Release 3.2, 3.2} @tab 174 KiB @tab @url{download/govpn-3.2.tar.xz, link} @url{download/govpn-3.2.tar.xz.sig, sign} -@tab @code{388e98d6adef5ebf3431b0d48419f54d2e2064c657de67e23c669ebcf273126d} +@tab @code{388E98D6 ADEF5EBF 3431B0D4 8419F54D 2E2064C6 57DE67E2 3C669EBC F273126D} @item @ref{Release 3.1, 3.1} @tab 54 KiB @tab @url{download/govpn-3.1.tar.xz, link} @url{download/govpn-3.1.tar.xz.sig, sign} -@tab @code{4034a67eb472e33760ed1783ca871f531c3a6be99b9bd6213f4f83c1147c344b} +@tab @code{4034A67E B472E337 60ED1783 CA871F53 1C3A6BE9 9B9BD621 3F4F83C1 147C344B} @item @ref{Release 3.0, 3.0} @tab 53 KiB @tab @url{download/govpn-3.0.tar.xz, link} @url{download/govpn-3.0.tar.xz.sig, sign} -@tab @code{12579c5c3cccfe73c66b5893335bc70c42d7b13b8e94c7751ec65d421eaff9a5} +@tab @code{12579C5C 3CCCFE73 C66B5893 335BC70C 42D7B13B 8E94C775 1EC65D42 1EAFF9A5} @item @ref{Release 2.4, 2.4} @tab 42 KiB @tab @url{download/govpn-2.4.tar.xz, link} @url{download/govpn-2.4.tar.xz.sig, sign} -@tab @code{df45225bac2384c5eed73c5cdb05dc3581495e08d365317beb03a2487d46b98c} +@tab @code{DF45225B AC2384C5 EED73C5C DB05DC35 81495E08 D365317B EB03A248 7D46B98C} @item @ref{Release 2.3, 2.3} @tab 34 KiB @tab @url{download/govpn-2.3.tar.xz, link} @url{download/govpn-2.3.tar.xz.sig, sign} -@tab @code{92986ec6d6da107c6cc1143659e5a154cd19b8f2ede5fa7f5ccc4525ae468e97} +@tab @code{92986EC6 D6DA107C 6CC11436 59E5A154 CD19B8F2 EDE5FA7F 5CCC4525 AE468E97} @item @ref{Release 2.2, 2.2} @tab 32 KiB @tab @url{download/govpn-2.2.tar.xz, link} @url{download/govpn-2.2.tar.xz.sig, sign} -@tab @code{5745278bce8b9a3bd7ec1636507bbce8c17ba1d79f1568e2f3681b7a90bbe6e1} +@tab @code{5745278B CE8B9A3B D7EC1636 507BBCE8 C17BA1D7 9F1568E2 F3681B7A 90BBE6E1} @item @ref{Release 2.0, 2.0} @tab 31 KiB @tab @url{download/govpn-2.0.tar.xz, link} @url{download/govpn-2.0.tar.xz.sig, sign} -@tab @code{d43be1248d6a46ba8ca75be2fdab5e3d8b0660fb9df9b6d87cfa3973722b42be} +@tab @code{D43BE124 8D6A46BA 8CA75BE2 FDAB5E3D 8B0660FB 9DF9B6D8 7CFA3973 722B42BE} @item @ref{Release 1.5, 1.5} @tab 19 KiB @tab @url{download/govpn-1.5.tar.xz, link} @url{download/govpn-1.5.tar.xz.sig, sign} -@tab @code{715b07d4d1ea4396c3e37014ca65ec3768818423521f3c12e7200b6edca48c31} +@tab @code{715B07D4 D1EA4396 C3E37014 CA65EC37 68818423 521F3C12 E7200B6E DCA48C31} @end multitable diff --git a/doc/example.texi b/doc/example.texi index 5f28a7f..4831772 100644 --- a/doc/example.texi +++ b/doc/example.texi @@ -23,14 +23,14 @@ example: @verbatim client% ./utils/newclient.sh Alice Passphrase: -Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg +Your client verifier is: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg Place the following YAML configuration entry on the server's side: Alice: up: /path/to/up.sh iface: or TAP interface name - verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 + verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 @end verbatim @strong{Prepare the server}. Add this entry to @file{peers.yaml} @@ -39,7 +39,7 @@ configuration file: @verbatim Alice: iface: tap10 - verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 + verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 @end verbatim @strong{Prepare network on GNU/Linux IPv4 server}: @@ -71,7 +71,7 @@ client% ip route add 128/1 via 172.16.0.1 @strong{Run client daemon itself}: @verbatim client% govpn-client \ - -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \ + -verifier '$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg' \ -iface tap10 \ -remote 192.168.0.1:1194 @end verbatim @@ -89,7 +89,7 @@ client% ifconfig tap10 client% ifconfig tap10 inet6 fc00::2/96 up client% route -6 add default fc00::1 client% govpn-client \ - -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \ + -verifier '$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg' \ -iface tap10 \ -remote "[fe80::1%me0]":1194 @end verbatim diff --git a/doc/faq.ru.texi b/doc/faq.ru.texi index b4eda3a..18e5db7 100644 --- a/doc/faq.ru.texi +++ b/doc/faq.ru.texi @@ -59,7 +59,7 @@ Go очень легко читается, поддаётся ревью и по @node Почему парольные фразы @subsection Почему вы аутентифицируете по парольной фразе? -Человек способ запоминать достаточно длинные парольные фразы (не +Человек способен запоминать достаточно длинные парольные фразы (не пароли): 100-200 символов, что даёт возможность использовать её как высокоэнтропийный ключ. Вам нужно доверять только себе, не аппаратному токену или другому устройству хранения. Это удобно. @@ -68,7 +68,7 @@ Go очень легко читается, поддаётся ревью и по @subsection Почему вся настройка сети делается вручную? Потому-что существует так много вариантов использования, конфигураций и -установок, что или я поддерживаю их всех, или использую громоздкие +установок, что или я поддерживаю их все, или использую громоздкие протоколы типы PPP, или просто даю право выбора администратору. VPN это всего-лишь прослойка. diff --git a/doc/installation.texi b/doc/installation.texi index dd121db..01ac54b 100644 --- a/doc/installation.texi +++ b/doc/installation.texi @@ -4,8 +4,10 @@ Possibly GoVPN already exists in your distribution: @itemize -@item @url{https://aur.archlinux.org/packages/govpn/, AUR} +@item @url{https://aur.archlinux.org/packages/govpn/, Arch Linux AUR} @item @url{http://www.freshports.org/security/govpn/, FreeBSD ports} +@item @url{https://gpo.zugaina.org/net-misc/govpn, Gentoo Portage Overlay} +@item @url{https://pkgs.org/download/govpn, openSUSE OSS} @end itemize GoVPN is written on @url{https://golang.org/, Go} programming language @@ -26,7 +28,6 @@ Included required libraries: @item @code{github.com/bigeagle/water} @tab GNU/Linux @tab BSD 3-Clause @item @code{github.com/dchest/blake2b} @tab All @tab CC0 1.0 @item @code{github.com/go-yaml/yaml} @tab All @tab LGPLv3 and MIT -@item @code{github.com/magical/argon2} @tab All @tab BSD 2-Clause @item @code{golang.org/x/crypto} @tab All @tab BSD 3-Clause @end multitable @@ -36,8 +37,8 @@ Get @ref{Tarballs, the tarball}, check its binaries will be built in the current directory: @verbatim -% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz -% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz.sig +% wget http://www.govpn.info/download/govpn-2.3.tar.xz +% wget http://www.govpn.info/download/govpn-2.3.tar.xz.sig % gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz % tar xf govpn-2.3.tar.xz % make -C govpn-2.3 all diff --git a/doc/integrity.texi b/doc/integrity.texi index ea5e59e..ff692ff 100644 --- a/doc/integrity.texi +++ b/doc/integrity.texi @@ -7,9 +7,33 @@ software. For integrity and authentication of downloaded binaries @url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must download signature (@file{.sig}) provided with the tarball. -For the very first time you need to import signing public keys. They -are provided below, but be sure that you are reading them from the -trusted source. Alternatively check this page from -@ref{Contacts, other sources} and look for the mailing list announcements. +For the very first time you need to import signing public key. It is +provided below, but it is better to check alternative resources with it. -@verbatiminclude pubkey.txt +@verbatim +pub rsa2048/0xF2F59045FFE2F4A1 2015-03-10 + D269 9B73 3C41 2068 D8DA 656E F2F5 9045 FFE2 F4A1 +uid GoVPN releases +@end verbatim + +@itemize + +@item This website @ref{Contacts, alternates} and maillist containing +public key fingerprint. + +@item +@verbatim +% gpg --auto-key-locate pka --locate-keys releases at govpn dot info +% gpg --auto-key-locate dane --locate-keys releases at govpn dot info +% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info +@end verbatim + +@item +@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc + +@end itemize + +Then you could verify tarballs signature: +@verbatim +% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz +@end verbatim diff --git a/doc/media.texi b/doc/media.texi index 5c30def..578efc8 100644 --- a/doc/media.texi +++ b/doc/media.texi @@ -6,4 +6,6 @@ @item @url{http://habrahabr.ru/company/ivi/blog/256365/, Реализуем безопасный VPN-протокол} (on russian) @item @url{http://habrahabr.ru/company/ivi/blog/257431/, Реализуем ещё более безопасный VPN-протокол} (on russian) @item @url{http://www.linuxspace.org/archives/9449, Установка и настройка безопасного VPN-демона GoVPN 3.2} (on russian) +@item @url{http://www.linuxspace.org/archives/14123, Установка и настройка безопасного VPN-демона GoVPN 5.10} (on russian) +@item @url{https://www.youtube.com/watch?v=Civ3CKW71pA, Презентация GoVPN на CryptoInstallFest 3} (on russian) @end itemize diff --git a/doc/mtu.texi b/doc/mtu.texi index 29930b6..c11cef9 100644 --- a/doc/mtu.texi +++ b/doc/mtu.texi @@ -7,5 +7,5 @@ sizes (including the padding byte) will be ignored. If either @ref{Noise, noise}, @ref{Encless, encryptionless mode} or @ref{CPR} are enabled, then all outgoing packets are filled up to that MTU value. -Default MTU equals to 1514 bytes (1500 bytes of Ethernet payload, 14 +Default MTU equals to 1515 bytes (1500 bytes of Ethernet payload, 15 bytes of Ethernet header). diff --git a/doc/news.ru.texi b/doc/news.ru.texi index 38d0336..47ba43b 100644 --- a/doc/news.ru.texi +++ b/doc/news.ru.texi @@ -1,6 +1,18 @@ @node Новости @section Новости +@node Релиз 6.0 +@subsection Релиз 6.0 +@itemize +@item Argon2d заменён на Balloon хэширование. Найденные Argon2 +библиотеки, написанные полностью на Go, имеют различные проблемы. Более +того, Argon2i должен был быть использован вместо Argon2d, но у него есть +возможные @url{http://eprint.iacr.org/2016/027, криптографические +недостатки}. Поэтому он заменён на гораздо более простое (и, похоже, +даже криптографически лучшее) +@url{https://crypto.stanford.edu/balloon/, Balloon хэширование}. +@end itemize + @node Релиз 5.10 @subsection Релиз 5.10 @itemize diff --git a/doc/news.texi b/doc/news.texi index 58b6d12..631c594 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -3,6 +3,17 @@ See also this page @ref{Новости, on russian}. +@node Release 6.0 +@section Release 6.0 +@itemize +@item Argon2d is replaced with Balloon hashing. Found Argon2 libraries +written on pure Go have various problems. Moreover Argon2i should be +used instead, but it has some possible +@url{http://eprint.iacr.org/2016/027, cryptographic defects}. So it is +replaced with much more simpler (and seems even cryptographically +better) @url{https://crypto.stanford.edu/balloon/, Balloon hashing}. +@end itemize + @node Release 5.10 @section Release 5.10 @itemize diff --git a/doc/pubkey.txt b/doc/pubkey.txt deleted file mode 100644 index 34183c9..0000000 --- a/doc/pubkey.txt +++ /dev/null @@ -1,36 +0,0 @@ -pub rsa2048/0xF2F59045FFE2F4A1 2015-03-10 -uid Sergey Matveev (GoVPN release signing key) -sub rsa2048/0x3128EE3F8A6C750A 2015-03-10 - ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQENBFT/H6cBCADTf/oqoTTBAA/CCQuYtzg8vrXxyjXj9yy4lTWqMSwgLXMm8br/ -kG0Jnk63oP3hggI3hm2mpuiNwpwrJiORLBZCe8JgZW71zG4LfhVpQeWd7fu8WxDx -0uUZWByz5KcK8c/kNWNDpSkMmmqdE/8v0YDFbsz5U+ytp/Kki/gj3BCeIX3jYOL1 -fxczkv2okoU+aGYXt9z50VzheLUSRLzkkX8yNSpszqfB0LEEmUk8HO2fSS/bXwaY -ZXX5//suH8V5hwq8vB8dHHCquZW6blyzcTa2KGIh6g2CmpypIQp/i5QAbzOCHKTM -A1F7A1r0kYF2WfZOrycCfjUx3GA5B7sytuA3ABEBAAG0RFNlcmdleSBNYXR2ZWV2 -IChHb1ZQTiByZWxlYXNlIHNpZ25pbmcga2V5KSA8c3RhcmdyYXZlQHN0YXJncmF2 -ZS5vcmc+iQE8BBMBCAAmBQJU/x+nAhsDCAsKCQgHBAMCBxUKCQgLAwIFFgIBAwAC -HgECF4AACgkQ8vWQRf/i9KEZ/AgAqYF/RRNwwhgLgFqTLfw3ha0FeiSso7H9ITDo -cdJ/domLHaFvmwFIDQQKV8Zd1Rnj6xTCs2bq2O5hYMLrFZg85A9i5tLwkgFc9J5G -+8K3K/dh9Y4pArbM+craO+xydrwLyg1zlXCezthWbL0iXO/CuGiuBBCZJqRJ9HV4 -cZr4TRA3Znm5nt96rRsR86XqOgr0iOEDtYKfKW/IzDqOEgXUN5o2bUwuQawe9Y8d -CngXzJcfb2eJ/TqSP9CxVWscjz4sAmD3/ECrHSjX7xsusIs46F2+VMlEXFuST52r -zamfiGKlol8XvimUjKhlMWjqfdcJ0+jvFftsa7HXQUwRoQ1vJYheBBARCAAGBQJU -/x/VAAoJEK4agQnkmFfvqn8A/ReK2ZZrnI9s0rzTsF1jrTZ1o5YowuINOzVMmLbE -aYuGAP4iGwPgwVbANu4dWaP2N03oL4xFtmdaeNn3sB9ZqJOOyrkBDQRU/x+nAQgA -uYBRyJVwhlE2SRIEmMggwr4gq1JBM2Ge5O46usf+YPUjCJKWoAj+MpQoq7r+oA/s -E/6kGvWgngwV9prCdNkvcdwEWbb+n9PcMc2ZuIGRV3iOKYlYEBFV0bfM9zEV2jar -1YQ+J/48UX7R00cYJuXel7Dy77V9eNd+Ukyowm93fggFlBDBGBjVbNtfIorHNYjB -01CCu3i/8yxrMyFRvMKyAVEGp3obgmlam4DNkNIhFMv3du0tFnDFBsZf7N0kbLWI -xEEJoc/jxaezDytQpUr3RhlMsLV6N/jjIZuy36QO1sbFeOe2to0E7ixaFzNCWsqY -cxUfnJ3wi7hOiOwE2PF3tQARAQABiQEfBBgBCAAJBQJU/x+nAhsMAAoJEPL1kEX/ -4vShrVcIAKLUwMn7WgK6thmwPjdwP5V/jTlsWLWk2O/LEN4W/R0mw2hRsgRG/8Sz -qlAP6vfl7ERaWuyL+fp72rKnGTGU9CEvn6PKmaG7bi4tGEvWXscNc10r0leIAP63 -pkQOa6Nyx2axJlJdSuTsYetd1ZgNpHNng+lxSUBlkPMOhPd/P/Ok7DShZjd2jhQ1 -jUbjWn+P7ARGEvgdd5utNjy/RaSwrLG8NXj3I+XuksG0/TPeG0zu9NOPzWZq9sCc -5VbDNJTYtsMFs1etHE95Efmx6yUquQyB+g/HgvkH/LzthBawVVHxZNzzHgc6KN5w -E0itJPXMaQL+juUfiNM0i2R1O8nJo14= -=LJzj ------END PGP PUBLIC KEY BLOCK----- diff --git a/doc/server.texi b/doc/server.texi index 63f3239..325d317 100644 --- a/doc/server.texi +++ b/doc/server.texi @@ -24,9 +24,9 @@ Start trivial HTTP @ref{Proxy} server on specified @emph{host:port}. Configuration file is YAML file with following example structure: @verbatim -stargrave: { <-- Peer human readable name +stargrave: <-- Peer human readable name iface: tap10 <-- OPTIONAL TAP interface name - mtu: 1514 <-- OPTIONAL overriden MTU + mtu: 1515 <-- OPTIONAL overriden MTU up: ./stargrave-up.sh <-- OPTIONAL up-script down: ./stargrave-down.sh <-- OPTIONAL down-script timeout: 60 <-- OPTIONAL overriden timeout @@ -34,7 +34,7 @@ stargrave: { <-- Peer human readable name noise: No <-- OPTIONAL noise enabler cpr: 64 <-- OPTIONAL constant packet rate, KiB/sec encless: No <-- OPTIONAL Encryptionless mode - verifier: $argon2d... <-- verifier received from client + verifier: $baloon... <-- verifier received from client [...] @end verbatim @@ -63,25 +63,25 @@ creation: @verbatim % ./utils/newclient.sh Alice [...] -Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg +Your client verifier is: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg Place the following YAML configuration entry on the server's side: Alice: up: /path/to/up.sh iface: or TAP interface name - verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 + verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 @end verbatim Example configuration file: @verbatim stargrave: iface: tap0 - verifier: $argon2d$m=4096,t=128,p=1$VMirzcshcHuG2V4jhUsEjw$X5fC07L8k61h3S1Oro/rC76+m0oGDTA9Bq+aWJ1uOgY + verifier: $balloon$s=32768,t=16,p=2$VMirzcshcHuG2V4jhUsEjw$X5fC07L8k61h3S1Oro/rC76+m0oGDTA9Bq+aWJ1uOgY slow: iface: tap1 encless: Yes mtu: 9000 cpr: 384 - verifier: $argon2d$m=4096,t=128,p=1$YbIA5garDqCOhtI/2EZVNg$gOo5vcEGynmpeepNscwclicfZsWxzgYFRLbgG21EZ1U + verifier: $balloon$s=32768,t=16,p=2$YbIA5garDqCOhtI/2EZVNg$gOo5vcEGynmpeepNscwclicfZsWxzgYFRLbgG21EZ1U @end verbatim diff --git a/doc/sources.texi b/doc/sources.texi index 4f4b438..778a786 100644 --- a/doc/sources.texi +++ b/doc/sources.texi @@ -27,6 +27,5 @@ repositories will be unavailable (they are seldom updated): @item @code{github.com/bigeagle/water} @tab @url{git://git.cypherpunks.ru/water.git} @item @code{github.com/dchest/blake2b} @tab @url{git://git.cypherpunks.ru/blake2b.git} @item @code{github.com/go-yaml/yaml} @tab @url{git://git.cypherpunks.ru/yaml.git} -@item @code{github.com/magical/argon2} @tab @url{git://git.cypherpunks.ru/argon2.git} @item @code{golang.org/x/crypto} @tab @url{git://git.cypherpunks.ru/crypto.git} @end multitable diff --git a/doc/thanks.texi b/doc/thanks.texi index eebdedd..0a6757c 100644 --- a/doc/thanks.texi +++ b/doc/thanks.texi @@ -9,6 +9,7 @@ Thanks for contributions and suggestions to: @item @url{https://www.cs.columbia.edu/~smb/papers/aeke.pdf, Augmented Encrypted Key Exchange}: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise @copyright{} Steven M. Belloving, Michael Merrit. @item @email{watsonbladd@@gmail.com, Watson Ladd} for suggestion of @url{http://elligator.cr.yp.to/, Elligator} encoding. @item @url{https://password-hashing.net/#argon2, Password Hashing Competition for Argon2}. +@item @url{https://crypto.stanford.edu/balloon/, Balloon hashing}. @item @url{http://people.csail.mit.edu/rivest/chaffing-980701.txt, Chaffing and Winnowing: Confidentiality without Encryption} @copyright{} Ronald L. Rivest @item @email{wzyboy@@wzyboy.org, Zhuoyun Wei} for @url{https://aur.archlinux.org/packages/govpn/, AUR} port maintaining and his documentation related fixes. @end itemize diff --git a/doc/transport.texi b/doc/transport.texi index 1518d6f..8123225 100644 --- a/doc/transport.texi +++ b/doc/transport.texi @@ -25,8 +25,9 @@ MAC_KEY = 256bit(ENCRYPT(KEY, 0)) Salsa20's output is ignored and only remaining is XORed with ther data, encrypting it. -@code{DATA} is padded with @code{PAD} (0x80 byte). Optional @code{ZEROS} -may follow, to fill up packet to conceal payload packet length. +@code{DATA} is padded using ISO/IEC 7816-4 format (@code{PAD} (0x80 +byte) with optional @code{ZEROS} following), to fill up packet to +conceal payload packet length. @code{AUTH} is Poly1305 authentication function. First 256 bits of Salsa20's output are used as a one-time key for @code{AUTH}. diff --git a/doc/verifier.texi b/doc/verifier.texi index 7efdf07..ecf98ad 100644 --- a/doc/verifier.texi +++ b/doc/verifier.texi @@ -6,8 +6,8 @@ Verifier is created using @command{govpn-verifier} utility. @verbatim % govpn-verifier Passphrase:[hello world] -$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 -$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg +$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 +$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg @end verbatim First line is the verifier for the server side. Second line is for the @@ -18,7 +18,7 @@ You can check passphrase against verifier by specifying @option{-verifier} option with the path to verifier file: @verbatim -% govpn-verifier -verifier '$argon2d...' +% govpn-verifier -verifier '$balloon...' Passphrase:[hello world] true @end verbatim diff --git a/doc/verifierstruct.texi b/doc/verifierstruct.texi index 792506d..b199d72 100644 --- a/doc/verifierstruct.texi +++ b/doc/verifierstruct.texi @@ -6,17 +6,18 @@ dictionary attacks and can not be used for authentication (only its verifying). @verbatim -SOURCE = Argon2d(m, t, p, SALT=PeerId, PASSWORD) +SOURCE = Balloon(PASSWORD, SALT=PeerId, sCost, tCost, pJobs) PUB, PRIV = Ed25519.Generate(SOURCE) @end verbatim +Balloon hashing uses BLAKE2b-256 hash. Space cost (sCost), time cost +(tCost) and number of parallel jobs (pJobs) are specific to Balloon +implementation. + Verifier is serialized representation of public data above: @verbatim -$argon2d$m=m,t=t,p=p$Base64(SALT)$Base64(PUB) +$balloon$s=s,t=t,p=p$Base64(SALT)$Base64(PUB) @end verbatim -m, t and p parameters are Argon2d-specific: memory, iterations and -parallelizm parameters. - Server stores and knows only verifier. Client can compute the whole keypair every time he makes handshake. diff --git a/src/cypherpunks.ru/balloon b/src/cypherpunks.ru/balloon new file mode 160000 index 0000000..9e7f630 --- /dev/null +++ b/src/cypherpunks.ru/balloon @@ -0,0 +1 @@ +Subproject commit 9e7f63092012aa91a6690d93f00f5bc476e4d3b5 diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-verifier/main.go b/src/cypherpunks.ru/govpn/cmd/govpn-verifier/main.go index 16f7847..a83f9d1 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-verifier/main.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-verifier/main.go @@ -32,9 +32,9 @@ import ( var ( keyPath = flag.String("key", "", "Path to passphrase file") verifier = flag.String("verifier", "", "Optional verifier") - mOpt = flag.Int("m", govpn.DefaultM, "Argon2d memory parameter (KiBs)") - tOpt = flag.Int("t", govpn.DefaultT, "Argon2d iteration parameter") - pOpt = flag.Int("p", govpn.DefaultP, "Argon2d parallelizm parameter") + sOpt = flag.Int("s", govpn.DefaultS, "Balloon space cost") + tOpt = flag.Int("t", govpn.DefaultT, "Balloon time cost") + pOpt = flag.Int("p", govpn.DefaultP, "Balloon parallel jobs") egdPath = flag.String("egd", "", "Optional path to EGD socket") version = flag.Bool("version", false, "Print version information") warranty = flag.Bool("warranty", false, "Print warranty information") @@ -63,7 +63,7 @@ func main() { log.Fatalln(err) } pid := govpn.PeerId(*id) - v := govpn.VerifierNew(*mOpt, *tOpt, *pOpt, &pid) + v := govpn.VerifierNew(*sOpt, *tOpt, *pOpt, &pid) v.PasswordApply(key) fmt.Println(v.LongForm()) fmt.Println(v.ShortForm()) diff --git a/src/cypherpunks.ru/govpn/peer.go b/src/cypherpunks.ru/govpn/peer.go index fc36179..5a620a9 100644 --- a/src/cypherpunks.ru/govpn/peer.go +++ b/src/cypherpunks.ru/govpn/peer.go @@ -202,13 +202,13 @@ func newPeer(isClient bool, addr string, conn io.Writer, conf *PeerConf, key *[S } if isClient { - peer.noncesT = newNonces(peer.key, 1 + 2) - peer.noncesR = newNonces(peer.key, 0 + 2) - peer.noncesExpect = newNonces(peer.key, 0 + 2) + peer.noncesT = newNonces(peer.key, 1+2) + peer.noncesR = newNonces(peer.key, 0+2) + peer.noncesExpect = newNonces(peer.key, 0+2) } else { - peer.noncesT = newNonces(peer.key, 0 + 2) - peer.noncesR = newNonces(peer.key, 1 + 2) - peer.noncesExpect = newNonces(peer.key, 1 + 2) + peer.noncesT = newNonces(peer.key, 0+2) + peer.noncesR = newNonces(peer.key, 1+2) + peer.noncesExpect = newNonces(peer.key, 1+2) } peer.NonceExpect = make([]byte, NonceSize) diff --git a/src/cypherpunks.ru/govpn/peer_test.go b/src/cypherpunks.ru/govpn/peer_test.go index 4a0c752..18bd5fe 100644 --- a/src/cypherpunks.ru/govpn/peer_test.go +++ b/src/cypherpunks.ru/govpn/peer_test.go @@ -113,7 +113,6 @@ func TestTransportSymmetricEncless(t *testing.T) { } func BenchmarkEnc(b *testing.B) { - b.ResetTimer() for i := 0; i < b.N; i++ { testPeer.EthProcess(testPt) } diff --git a/src/cypherpunks.ru/govpn/verifier.go b/src/cypherpunks.ru/govpn/verifier.go index 15955e7..b68063b 100644 --- a/src/cypherpunks.ru/govpn/verifier.go +++ b/src/cypherpunks.ru/govpn/verifier.go @@ -28,19 +28,20 @@ import ( "os" "strings" + "cypherpunks.ru/balloon" "github.com/agl/ed25519" - "github.com/magical/argon2" + "github.com/dchest/blake2b" "golang.org/x/crypto/ssh/terminal" ) const ( - DefaultM = 1 << 12 - DefaultT = 1 << 7 - DefaultP = 1 + DefaultS = 1 << 20 / 32 + DefaultT = 1 << 4 + DefaultP = 2 ) type Verifier struct { - M int + S int T int P int Id *PeerId @@ -49,17 +50,14 @@ type Verifier struct { // Generate new verifier for given peer, with specified password and // hashing parameters. -func VerifierNew(m, t, p int, id *PeerId) *Verifier { - return &Verifier{M: m, T: t, P: p, Id: id} +func VerifierNew(s, t, p int, id *PeerId) *Verifier { + return &Verifier{S: s, T: t, P: p, Id: id} } // Apply the password: create Ed25519 keypair based on it, save public // key in verifier. func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte { - r, err := argon2.Key([]byte(password), v.Id[:], v.T, v.P, int64(v.M), 32) - if err != nil { - log.Fatalln("Unable to apply Argon2d", err) - } + r := balloon.H(blake2b.New256, []byte(password), v.Id[:], v.S, v.T, v.P) defer SliceZero(r) src := bytes.NewBuffer(r) pub, prv, err := ed25519.GenerateKey(src) @@ -72,26 +70,26 @@ func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte // Parse either short or long verifier form. func VerifierFromString(input string) (*Verifier, error) { - s := strings.Split(input, "$") - if len(s) < 4 || s[1] != "argon2d" { + ss := strings.Split(input, "$") + if len(ss) < 4 || ss[1] != "balloon" { return nil, errors.New("Invalid verifier structure") } - var m, t, p int - n, err := fmt.Sscanf(s[2], "m=%d,t=%d,p=%d", &m, &t, &p) + var s, t, p int + n, err := fmt.Sscanf(ss[2], "s=%d,t=%d,p=%d", &s, &t, &p) if n != 3 || err != nil { return nil, errors.New("Invalid verifier parameters") } - salt, err := base64.RawStdEncoding.DecodeString(s[3]) + salt, err := base64.RawStdEncoding.DecodeString(ss[3]) if err != nil { return nil, err } - v := Verifier{M: m, T: t, P: p} + v := Verifier{S: s, T: t, P: p} id := new([IDSize]byte) copy(id[:], salt) pid := PeerId(*id) v.Id = &pid - if len(s) == 5 { - pub, err := base64.RawStdEncoding.DecodeString(s[4]) + if len(ss) == 5 { + pub, err := base64.RawStdEncoding.DecodeString(ss[4]) if err != nil { return nil, err } @@ -105,8 +103,8 @@ func VerifierFromString(input string) (*Verifier, error) { // Does not include public key. func (v *Verifier) ShortForm() string { return fmt.Sprintf( - "$argon2d$m=%d,t=%d,p=%d$%s", - v.M, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]), + "$balloon$s=%d,t=%d,p=%d$%s", + v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]), ) } diff --git a/src/github.com/go-yaml/yaml b/src/github.com/go-yaml/yaml index a83829b..e4d366f 160000 --- a/src/github.com/go-yaml/yaml +++ b/src/github.com/go-yaml/yaml @@ -1 +1 @@ -Subproject commit a83829b6f1293c91addabc89d0571c246397bbf4 +Subproject commit e4d366fc3c7938e2958e662b4258c7a89e1f0e3e diff --git a/src/github.com/magical/argon2 b/src/github.com/magical/argon2 deleted file mode 160000 index 190e3cf..0000000 --- a/src/github.com/magical/argon2 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 190e3cf208e185668db6aa048e4985b7b7b4d890 diff --git a/src/golang.org/x/crypto b/src/golang.org/x/crypto index 81bf771..0e31b18 160000 --- a/src/golang.org/x/crypto +++ b/src/golang.org/x/crypto @@ -1 +1 @@ -Subproject commit 81bf7719a6b7ce9b665598222362b50122dfc13b +Subproject commit 0e31b188fd38db611d4fbab7de9373a95f36aae5 diff --git a/utils/makedist.sh b/utils/makedist.sh index a024620..96dfb60 100755 --- a/utils/makedist.sh +++ b/utils/makedist.sh @@ -1,7 +1,5 @@ #!/bin/sh -ex -[ -n "$SHA256" ] || SHA256=sha256 - cur=$(pwd) tmp=$(mktemp -d) release=$1 @@ -13,7 +11,6 @@ repos=" src/github.com/bigeagle/water src/github.com/dchest/blake2b src/github.com/go-yaml/yaml - src/github.com/magical/argon2 src/golang.org/x/crypto " for repo in $repos; do @@ -44,9 +41,10 @@ cat > doc/download.texi <