From: Sergey Matveev <stargrave@stargrave.org>
Date: Sun, 10 Jan 2016 13:57:47 +0000 (+0300)
Subject: Replace HSalsa20 with already got BLAKE2b well-known hash
X-Git-Tag: 5.1^2
X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=commitdiff_plain;h=cb53249d78d1a4c175312fbe83bd3127e0067e4c

Replace HSalsa20 with already got BLAKE2b well-known hash

Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
---

diff --git a/doc/handshake.texi b/doc/handshake.texi
index c469021..f19fde0 100644
--- a/doc/handshake.texi
+++ b/doc/handshake.texi
@@ -20,7 +20,7 @@ human readable form. Server knows his identity and
 @ref{Verifier structure, verifier}: @code{DSAPub}.
 @item
 Client computes verifier which produces @code{DSAPriv} and
-@code{DSAPub}. @code{H()} is @emph{HSalsa20} hash function.
+@code{DSAPub}. @code{H()} is @emph{BLAKE2b-256} hash function.
 @item
 Client generates DH keypair: @code{CDHPub} and @code{CDHPriv}.
 Also it generates random 64-bit @code{R} that is used as a nonce for
diff --git a/doc/news.texi b/doc/news.texi
index b1781ce..d704715 100644
--- a/doc/news.texi
+++ b/doc/news.texi
@@ -7,6 +7,8 @@
 @itemize
 @item Server is configured using @url{http://yaml.org/, YAML} file. It
 is very convenient to have comments and templates, comparing to JSON.
+@item Incompatible with previous versions replacement of @emph{HSalsa20}
+with @emph{BLAKE2b} in handshake code.
 @end itemize
 
 @item Release 5.0
diff --git a/src/govpn/handshake.go b/src/govpn/handshake.go
index 8c76967..d9e8635 100644
--- a/src/govpn/handshake.go
+++ b/src/govpn/handshake.go
@@ -27,9 +27,9 @@ import (
 
 	"github.com/agl/ed25519"
 	"github.com/agl/ed25519/extra25519"
+	"github.com/dchest/blake2b"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/salsa20"
-	"golang.org/x/crypto/salsa20/salsa"
 	"golang.org/x/crypto/xtea"
 )
 
@@ -61,11 +61,6 @@ func keyFromSecrets(server, client []byte) *[SSize]byte {
 	return k
 }
 
-// Apply HSalsa20 function for data. Used to hash public keys.
-func HApply(data *[32]byte) {
-	salsa.HSalsa20(data, new([16]byte), data, &salsa.Sigma)
-}
-
 // Zero handshake's memory state
 func (h *Handshake) Zero() {
 	if h.rNonce != nil {
@@ -118,8 +113,8 @@ func dhKeypairGen() (*[32]byte, *[32]byte) {
 func dhKeyGen(priv, pub *[32]byte) *[32]byte {
 	key := new([32]byte)
 	curve25519.ScalarMult(key, priv, pub)
-	HApply(key)
-	return key
+	hashed := blake2b.Sum256(key[:])
+	return &hashed
 }
 
 // Create new handshake state.
@@ -132,7 +127,8 @@ func NewHandshake(addr string, conn io.Writer, conf *PeerConf) *Handshake {
 	}
 	state.dsaPubH = new([ed25519.PublicKeySize]byte)
 	copy(state.dsaPubH[:], state.Conf.Verifier.Pub[:])
-	HApply(state.dsaPubH)
+	hashed := blake2b.Sum256(state.dsaPubH[:])
+	state.dsaPubH = &hashed
 	return &state
 }