From 933703051138e099c2fde03861278477058c3517 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Tue, 5 Jan 2016 12:41:31 +0300 Subject: [PATCH] Initial encryptionless mode support Signed-off-by: Sergey Matveev --- src/govpn/cmd/govpn-client/main.go | 8 ++ src/govpn/cmd/govpn-client/tcp.go | 6 +- src/govpn/cmd/govpn-server/conf.go | 4 + src/govpn/cmd/govpn-server/tcp.go | 6 +- src/govpn/conf.go | 1 + src/govpn/handshake.go | 218 +++++++++++++++++++++++------ src/govpn/peer.go | 113 ++++++++++----- src/govpn/peer_test.go | 35 +++++ 8 files changed, 303 insertions(+), 88 deletions(-) diff --git a/src/govpn/cmd/govpn-client/main.go b/src/govpn/cmd/govpn-client/main.go index 639ea9a..da7ac2b 100644 --- a/src/govpn/cmd/govpn-client/main.go +++ b/src/govpn/cmd/govpn-client/main.go @@ -44,6 +44,7 @@ var ( mtu = flag.Int("mtu", 1452, "MTU for outgoing packets") timeoutP = flag.Int("timeout", 60, "Timeout seconds") noisy = flag.Bool("noise", false, "Enable noise appending") + encless = flag.Bool("encless", false, "Encryptionless mode") cpr = flag.Int("cpr", 0, "Enable constant KiB/sec out traffic rate") egdPath = flag.String("egd", "", "Optional path to EGD socket") @@ -73,11 +74,18 @@ func main() { log.Fatalln(err) } priv := verifier.PasswordApply(govpn.StringFromFile(*keyPath)) + if *encless { + if *proto != "tcp" { + log.Fatalln("Currently encryptionless mode works only with TCP") + } + *noisy = true + } conf = &govpn.PeerConf{ Id: verifier.Id, Timeout: time.Second * time.Duration(timeout), Noise: *noisy, CPR: *cpr, + EncLess: *encless, Verifier: verifier, DSAPriv: priv, } diff --git a/src/govpn/cmd/govpn-client/tcp.go b/src/govpn/cmd/govpn-client/tcp.go index e96d5bf..7f3c172 100644 --- a/src/govpn/cmd/govpn-client/tcp.go +++ b/src/govpn/cmd/govpn-client/tcp.go @@ -43,7 +43,7 @@ func startTCP(timeouted, rehandshaking, termination chan struct{}) { func handleTCP(conn *net.TCPConn, timeouted, rehandshaking, termination chan struct{}) { hs := govpn.HandshakeStart(*remoteAddr, conn, conf) - buf := make([]byte, govpn.MTU) + buf := make([]byte, 2*(govpn.EncLessEnlargeSize+govpn.MTU)+govpn.MTU) var n int var err error var prev int @@ -56,7 +56,7 @@ HandshakeCycle: break HandshakeCycle default: } - if prev == govpn.MTU { + if prev == len(buf) { log.Println("Timeouted waiting for the packet") timeouted <- struct{}{} break HandshakeCycle @@ -125,7 +125,7 @@ TransportCycle: break TransportCycle default: } - if prev == govpn.MTU { + if prev == len(buf) { log.Println("Timeouted waiting for the packet") timeouted <- struct{}{} break TransportCycle diff --git a/src/govpn/cmd/govpn-server/conf.go b/src/govpn/cmd/govpn-server/conf.go index fadc64f..67ee695 100644 --- a/src/govpn/cmd/govpn-server/conf.go +++ b/src/govpn/cmd/govpn-server/conf.go @@ -53,6 +53,9 @@ func confRead() map[govpn.PeerId]*govpn.PeerConf { if err != nil { log.Fatalln("Unable to decode the key:", err.Error(), pc.VerifierRaw) } + if pc.EncLess { + pc.Noise = true + } conf := govpn.PeerConf{ Verifier: verifier, Id: verifier.Id, @@ -61,6 +64,7 @@ func confRead() map[govpn.PeerId]*govpn.PeerConf { Down: pc.Down, Noise: pc.Noise, CPR: pc.CPR, + EncLess: pc.EncLess, } if pc.TimeoutInt <= 0 { pc.TimeoutInt = govpn.TimeoutDefault diff --git a/src/govpn/cmd/govpn-server/tcp.go b/src/govpn/cmd/govpn-server/tcp.go index 871c42c..1739a87 100644 --- a/src/govpn/cmd/govpn-server/tcp.go +++ b/src/govpn/cmd/govpn-server/tcp.go @@ -51,7 +51,7 @@ func startTCP() { func handleTCP(conn net.Conn) { addr := conn.RemoteAddr().String() - buf := make([]byte, govpn.MTU) + buf := make([]byte, govpn.EncLessEnlargeSize+2*govpn.MTU) var n int var err error var prev int @@ -61,7 +61,7 @@ func handleTCP(conn net.Conn) { var tap *govpn.TAP var conf *govpn.PeerConf for { - if prev == govpn.MTU { + if prev == len(buf) { break } conn.SetReadDeadline(time.Now().Add(time.Duration(govpn.TimeoutDefault) * time.Second)) @@ -157,7 +157,7 @@ func handleTCP(conn net.Conn) { prev = 0 var i int for { - if prev == govpn.MTU { + if prev == len(buf) { break } conn.SetReadDeadline(time.Now().Add(conf.Timeout)) diff --git a/src/govpn/conf.go b/src/govpn/conf.go index ae968eb..600c83b 100644 --- a/src/govpn/conf.go +++ b/src/govpn/conf.go @@ -33,6 +33,7 @@ type PeerConf struct { Timeout time.Duration `json:"-"` Noise bool `json:"noise"` CPR int `json:"cpr"` + EncLess bool `json:"encless"` VerifierRaw string `json:"verifier"` // This is passphrase verifier diff --git a/src/govpn/handshake.go b/src/govpn/handshake.go index 13f1a6c..6c5633c 100644 --- a/src/govpn/handshake.go +++ b/src/govpn/handshake.go @@ -166,7 +166,15 @@ func HandshakeStart(addr string, conn io.Writer, conf *PeerConf) *Handshake { enc = make([]byte, 32) } copy(enc, dhPubRepr[:]) - salsa20.XORKeyStream(enc, enc, state.rNonce[:], state.dsaPubH) + if conf.EncLess { + var err error + enc, err = EncLessEncode(state.dsaPubH, state.rNonce[:], enc) + if err != err { + panic(err) + } + } else { + salsa20.XORKeyStream(enc, enc, state.rNonce[:], state.dsaPubH) + } data := append(state.rNonce[:], enc...) data = append(data, idTag(state.Conf.Id, state.rNonce[:])...) state.conn.Write(data) @@ -180,32 +188,58 @@ func HandshakeStart(addr string, conn io.Writer, conf *PeerConf) *Handshake { // authenticated Peer is ready, then return nil. func (h *Handshake) Server(data []byte) *Peer { // R + ENC(H(DSAPub), R, El(CDHPub)) + IDtag - if h.rNonce == nil && len(data) >= 48 { - // Generate DH keypair - var dhPubRepr *[32]byte - h.dhPriv, dhPubRepr = dhKeypairGen() - + if h.rNonce == nil && ((!h.Conf.EncLess && len(data) >= 48) || + (h.Conf.EncLess && len(data) == EncLessEnlargeSize+MTU)) { h.rNonce = new([RSize]byte) copy(h.rNonce[:], data[:RSize]) - // Decrypt remote public key and compute shared key + // Decrypt remote public key cDHRepr := new([32]byte) - salsa20.XORKeyStream( - cDHRepr[:], - data[RSize:RSize+32], - h.rNonce[:], - h.dsaPubH, - ) + if h.Conf.EncLess { + out, err := EncLessDecode( + h.dsaPubH, + h.rNonce[:], + data[RSize:len(data)-xtea.BlockSize], + ) + if err != nil { + log.Println("Unable to decode packet from", h.addr, err) + return nil + } + copy(cDHRepr[:], out) + } else { + salsa20.XORKeyStream( + cDHRepr[:], + data[RSize:RSize+32], + h.rNonce[:], + h.dsaPubH, + ) + } + + // Generate DH keypair + var dhPubRepr *[32]byte + h.dhPriv, dhPubRepr = dhKeypairGen() + + // Compute shared key cDH := new([32]byte) extra25519.RepresentativeToPublicKey(cDH, cDHRepr) h.key = dhKeyGen(h.dhPriv, cDH) - encPub := make([]byte, 32) - salsa20.XORKeyStream(encPub, dhPubRepr[:], h.rNonceNext(1), h.dsaPubH) + var encPub []byte + var err error + if h.Conf.EncLess { + encPub = make([]byte, MTU) + copy(encPub, dhPubRepr[:]) + encPub, err = EncLessEncode(h.dsaPubH, h.rNonceNext(1), encPub) + if err != nil { + panic(err) + } + } else { + encPub = make([]byte, 32) + salsa20.XORKeyStream(encPub, dhPubRepr[:], h.rNonceNext(1), h.dsaPubH) + } // Generate R* and encrypt them h.rServer = new([RSize]byte) - var err error if _, err = Rand.Read(h.rServer[:]); err != nil { log.Fatalln("Error reading random for R:", err) } @@ -214,28 +248,52 @@ func (h *Handshake) Server(data []byte) *Peer { log.Fatalln("Error reading random for S:", err) } var encRs []byte - if h.Conf.Noise { + if h.Conf.Noise && !h.Conf.EncLess { encRs = make([]byte, MTU-len(encPub)-xtea.BlockSize) + } else if h.Conf.EncLess { + encRs = make([]byte, MTU-xtea.BlockSize) } else { encRs = make([]byte, RSize+SSize) } copy(encRs, append(h.rServer[:], h.sServer[:]...)) - salsa20.XORKeyStream(encRs, encRs, h.rNonce[:], h.key) + if h.Conf.EncLess { + encRs, err = EncLessEncode(h.key, h.rNonce[:], encRs) + if err != nil { + panic(err) + } + } else { + salsa20.XORKeyStream(encRs, encRs, h.rNonce[:], h.key) + } // Send that to client h.conn.Write(append(encPub, append(encRs, idTag(h.Conf.Id, encPub)...)...)) h.LastPing = time.Now() } else // ENC(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag - if h.rClient == nil && len(data) >= 120 { - // Decrypted Rs compare rServer - dec := make([]byte, RSize+RSize+SSize+ed25519.SignatureSize) - salsa20.XORKeyStream( - dec, - data[:RSize+RSize+SSize+ed25519.SignatureSize], - h.rNonceNext(1), - h.key, - ) + if h.rClient == nil && ((!h.Conf.EncLess && len(data) >= 120) || + (h.Conf.EncLess && len(data) == EncLessEnlargeSize+MTU)) { + var dec []byte + var err error + if h.Conf.EncLess { + dec, err = EncLessDecode( + h.key, + h.rNonceNext(1), + data[:len(data)-xtea.BlockSize], + ) + if err != nil { + log.Println("Unable to decode packet from", h.addr, err) + return nil + } + dec = dec[:RSize+RSize+SSize+ed25519.SignatureSize] + } else { + dec = make([]byte, RSize+RSize+SSize+ed25519.SignatureSize) + salsa20.XORKeyStream( + dec, + data[:RSize+RSize+SSize+ed25519.SignatureSize], + h.rNonceNext(1), + h.key, + ) + } if subtle.ConstantTimeCompare(dec[:RSize], h.rServer[:]) != 1 { log.Println("Invalid server's random number with", h.addr) return nil @@ -255,7 +313,14 @@ func (h *Handshake) Server(data []byte) *Peer { enc = make([]byte, RSize) } copy(enc, dec[RSize:RSize+RSize]) - salsa20.XORKeyStream(enc, enc, h.rNonceNext(2), h.key) + if h.Conf.EncLess { + enc, err = EncLessEncode(h.key, h.rNonceNext(2), enc) + if err != nil { + panic(err) + } + } else { + salsa20.XORKeyStream(enc, enc, h.rNonceNext(2), h.key) + } h.conn.Write(append(enc, idTag(h.Conf.Id, enc)...)) // Switch peer @@ -280,25 +345,67 @@ func (h *Handshake) Server(data []byte) *Peer { // authenticated Peer is ready, then return nil. func (h *Handshake) Client(data []byte) *Peer { // ENC(H(DSAPub), R+1, El(SDHPub)) + ENC(K, R, RS + SS) + IDtag - if h.rServer == nil && h.key == nil && len(data) >= 80 { - // Decrypt remote public key and compute shared key + if h.rServer == nil && h.key == nil && + ((!h.Conf.EncLess && len(data) >= 80) || + (h.Conf.EncLess && len(data) == 2*(EncLessEnlargeSize+MTU))) { + // Decrypt remote public key sDHRepr := new([32]byte) - salsa20.XORKeyStream(sDHRepr[:], data[:32], h.rNonceNext(1), h.dsaPubH) + var tmp []byte + var err error + if h.Conf.EncLess { + tmp, err = EncLessDecode( + h.dsaPubH, + h.rNonceNext(1), + data[:len(data)/2], + ) + if err != nil { + log.Println("Unable to decode packet from", h.addr, err) + return nil + } + copy(sDHRepr[:], tmp[:32]) + } else { + salsa20.XORKeyStream( + sDHRepr[:], + data[:32], + h.rNonceNext(1), + h.dsaPubH, + ) + } + + // Compute shared key sDH := new([32]byte) extra25519.RepresentativeToPublicKey(sDH, sDHRepr) h.key = dhKeyGen(h.dhPriv, sDH) // Decrypt Rs - decRs := make([]byte, RSize+SSize) - salsa20.XORKeyStream(decRs, data[SSize:32+RSize+SSize], h.rNonce[:], h.key) h.rServer = new([RSize]byte) - copy(h.rServer[:], decRs[:RSize]) h.sServer = new([SSize]byte) - copy(h.sServer[:], decRs[RSize:]) + if h.Conf.EncLess { + tmp, err = EncLessDecode( + h.key, + h.rNonce[:], + data[len(data)/2:len(data)-xtea.BlockSize], + ) + if err != nil { + log.Println("Unable to decode packet from", h.addr, err) + return nil + } + copy(h.rServer[:], tmp[:RSize]) + copy(h.sServer[:], tmp[RSize:RSize+SSize]) + } else { + decRs := make([]byte, RSize+SSize) + salsa20.XORKeyStream( + decRs, + data[SSize:SSize+RSize+SSize], + h.rNonce[:], + h.key, + ) + copy(h.rServer[:], decRs[:RSize]) + copy(h.sServer[:], decRs[RSize:]) + } // Generate R* and signature and encrypt them h.rClient = new([RSize]byte) - var err error if _, err = Rand.Read(h.rClient[:]); err != nil { log.Fatalln("Error reading random for R:", err) } @@ -314,21 +421,44 @@ func (h *Handshake) Client(data []byte) *Peer { } else { enc = make([]byte, RSize+RSize+SSize+ed25519.SignatureSize) } - copy(enc, - append(h.rServer[:], - append(h.rClient[:], - append(h.sClient[:], sign[:]...)...)...)) - salsa20.XORKeyStream(enc, enc, h.rNonceNext(1), h.key) + copy(enc, h.rServer[:]) + copy(enc[RSize:], h.rClient[:]) + copy(enc[RSize+RSize:], h.sClient[:]) + copy(enc[RSize+RSize+SSize:], sign[:]) + if h.Conf.EncLess { + enc, err = EncLessEncode(h.key, h.rNonceNext(1), enc) + if err != nil { + panic(err) + } + } else { + salsa20.XORKeyStream(enc, enc, h.rNonceNext(1), h.key) + } // Send that to server h.conn.Write(append(enc, idTag(h.Conf.Id, enc)...)) h.LastPing = time.Now() } else // ENC(K, R+2, RC) + IDtag - if h.key != nil && len(data) >= 16 { + if h.key != nil && ((!h.Conf.EncLess && len(data) >= 16) || + (h.Conf.EncLess && len(data) == EncLessEnlargeSize+MTU)) { + var err error // Decrypt rClient - dec := make([]byte, RSize) - salsa20.XORKeyStream(dec, data[:RSize], h.rNonceNext(2), h.key) + var dec []byte + if h.Conf.EncLess { + dec, err = EncLessDecode( + h.key, + h.rNonceNext(2), + data[:len(data)-xtea.BlockSize], + ) + if err != nil { + log.Println("Unable to decode packet from", h.addr, err) + return nil + } + dec = dec[:RSize] + } else { + dec = make([]byte, RSize) + salsa20.XORKeyStream(dec, data[:RSize], h.rNonceNext(2), h.key) + } if subtle.ConstantTimeCompare(dec, h.rClient[:]) != 1 { log.Println("Invalid client's random number with", h.addr) return nil diff --git a/src/govpn/peer.go b/src/govpn/peer.go index 5864444..026ab66 100644 --- a/src/govpn/peer.go +++ b/src/govpn/peer.go @@ -70,6 +70,7 @@ type Peer struct { NoiseEnable bool CPR int CPRCycle time.Duration `json:"-"` + EncLess bool // Cryptography related Key *[SSize]byte `json:"-"` @@ -154,6 +155,11 @@ func newPeer(isClient bool, addr string, conn io.Writer, conf *PeerConf, key *[S timeout = timeout / TimeoutHeartbeat } + bufSize := S20BS + MTU + NonceSize + if conf.EncLess { + bufSize += EncLessEnlargeSize + noiseEnable = true + } peer := Peer{ Addr: addr, Id: conf.Id, @@ -162,6 +168,7 @@ func newPeer(isClient bool, addr string, conn io.Writer, conf *PeerConf, key *[S NoiseEnable: noiseEnable, CPR: conf.CPR, CPRCycle: cprCycle, + EncLess: conf.EncLess, Key: key, NonceCipher: newNonceCipher(key), @@ -172,8 +179,8 @@ func newPeer(isClient bool, addr string, conn io.Writer, conf *PeerConf, key *[S Established: now, LastPing: now, - bufR: make([]byte, S20BS+MTU+NonceSize), - bufT: make([]byte, S20BS+MTU+NonceSize), + bufR: make([]byte, bufSize), + bufT: make([]byte, bufSize), tagR: new([TagSize]byte), tagT: new([TagSize]byte), keyAuthR: new([SSize]byte), @@ -205,8 +212,8 @@ func (p *Peer) EthProcess(data []byte) { p.BusyT.Unlock() return } - p.bufT[S20BS+0] = byte(0) - p.bufT[S20BS+1] = byte(0) + p.bufT[S20BS+0] = 0 + p.bufT[S20BS+1] = 0 p.HeartbeatSent++ } else { // Copy payload to our internal buffer and we are ready to @@ -219,8 +226,10 @@ func (p *Peer) EthProcess(data []byte) { p.BytesPayloadOut += int64(len(data)) } - if p.NoiseEnable { + if p.NoiseEnable && !p.EncLess { p.frameT = p.bufT[S20BS : S20BS+MTU-TagSize] + } else if p.EncLess { + p.frameT = p.bufT[S20BS : S20BS+MTU] } else { p.frameT = p.bufT[S20BS : S20BS+PktSizeSize+len(data)+NonceSize] } @@ -230,20 +239,33 @@ func (p *Peer) EthProcess(data []byte) { p.frameT[len(p.frameT)-NonceSize:], p.frameT[len(p.frameT)-NonceSize:], ) - for i := 0; i < SSize; i++ { - p.bufT[i] = byte(0) + var out []byte + if p.EncLess { + var err error + out, err = EncLessEncode( + p.Key, + p.frameT[len(p.frameT)-NonceSize:], + p.frameT[:len(p.frameT)-NonceSize], + ) + if err != nil { + panic(err) + } + out = append(out, p.frameT[len(p.frameT)-NonceSize:]...) + } else { + for i := 0; i < SSize; i++ { + p.bufT[i] = 0 + } + salsa20.XORKeyStream( + p.bufT[:S20BS+len(p.frameT)-NonceSize], + p.bufT[:S20BS+len(p.frameT)-NonceSize], + p.frameT[len(p.frameT)-NonceSize:], + p.Key, + ) + copy(p.keyAuthT[:], p.bufT[:SSize]) + poly1305.Sum(p.tagT, p.frameT, p.keyAuthT) + atomic.AddInt64(&p.BytesOut, int64(len(p.frameT)+TagSize)) + out = append(p.tagT[:], p.frameT...) } - salsa20.XORKeyStream( - p.bufT[:S20BS+len(p.frameT)-NonceSize], - p.bufT[:S20BS+len(p.frameT)-NonceSize], - p.frameT[len(p.frameT)-NonceSize:], - p.Key, - ) - - copy(p.keyAuthT[:], p.bufT[:SSize]) - poly1305.Sum(p.tagT, p.frameT, p.keyAuthT) - - atomic.AddInt64(&p.BytesOut, int64(len(p.frameT)+TagSize)) p.FramesOut++ if p.CPRCycle != time.Duration(0) { @@ -255,7 +277,7 @@ func (p *Peer) EthProcess(data []byte) { } p.LastSent = p.now - p.Conn.Write(append(p.tagT[:], p.frameT...)) + p.Conn.Write(out) p.BusyT.Unlock() } @@ -263,24 +285,39 @@ func (p *Peer) PktProcess(data []byte, tap io.Writer, reorderable bool) bool { if len(data) < MinPktLength { return false } + var out []byte p.BusyR.Lock() - for i := 0; i < SSize; i++ { - p.bufR[i] = byte(0) - } - copy(p.bufR[S20BS:], data[TagSize:]) - salsa20.XORKeyStream( - p.bufR[:S20BS+len(data)-TagSize-NonceSize], - p.bufR[:S20BS+len(data)-TagSize-NonceSize], - data[len(data)-NonceSize:], - p.Key, - ) - - copy(p.keyAuthR[:], p.bufR[:SSize]) - copy(p.tagR[:], data[:TagSize]) - if !poly1305.Verify(p.tagR, data[TagSize:], p.keyAuthR) { - p.FramesUnauth++ - p.BusyR.Unlock() - return false + if p.EncLess { + var err error + out, err = EncLessDecode( + p.Key, + data[len(data)-NonceSize:], + data[:len(data)-NonceSize], + ) + if err != nil { + p.FramesUnauth++ + p.BusyR.Unlock() + return false + } + } else { + for i := 0; i < SSize; i++ { + p.bufR[i] = 0 + } + copy(p.bufR[S20BS:], data[TagSize:]) + salsa20.XORKeyStream( + p.bufR[:S20BS+len(data)-TagSize-NonceSize], + p.bufR[:S20BS+len(data)-TagSize-NonceSize], + data[len(data)-NonceSize:], + p.Key, + ) + copy(p.keyAuthR[:], p.bufR[:SSize]) + copy(p.tagR[:], data[:TagSize]) + if !poly1305.Verify(p.tagR, data[TagSize:], p.keyAuthR) { + p.FramesUnauth++ + p.BusyR.Unlock() + return false + } + out = p.bufR[S20BS:] } // Check if received nonce is known to us in either of two buckets. @@ -323,7 +360,7 @@ func (p *Peer) PktProcess(data []byte, tap io.Writer, reorderable bool) bool { p.FramesIn++ atomic.AddInt64(&p.BytesIn, int64(len(data))) p.LastPing = time.Now() - p.pktSizeR = binary.BigEndian.Uint16(p.bufR[S20BS : S20BS+PktSizeSize]) + p.pktSizeR = binary.BigEndian.Uint16(out[:PktSizeSize]) if p.pktSizeR == 0 { p.HeartbeatRecv++ @@ -334,7 +371,7 @@ func (p *Peer) PktProcess(data []byte, tap io.Writer, reorderable bool) bool { return false } p.BytesPayloadIn += int64(p.pktSizeR) - tap.Write(p.bufR[S20BS+PktSizeSize : S20BS+PktSizeSize+p.pktSizeR]) + tap.Write(out[PktSizeSize : PktSizeSize+p.pktSizeR]) p.BusyR.Unlock() return true } diff --git a/src/govpn/peer_test.go b/src/govpn/peer_test.go index dfdb941..4e6f587 100644 --- a/src/govpn/peer_test.go +++ b/src/govpn/peer_test.go @@ -20,6 +20,7 @@ package govpn import ( "testing" + "testing/quick" "time" ) @@ -56,6 +57,40 @@ func init() { plaintext = make([]byte, 789) } +func TestSymmetric(t *testing.T) { + peerd := newPeer(true, "foo", Dummy{nil}, conf, new([SSize]byte)) + f := func(payload []byte) bool { + if len(payload) == 0 { + return true + } + peer.EthProcess(payload) + return peerd.PktProcess(ciphertext, Dummy{nil}, true) + } + if err := quick.Check(f, nil); err != nil { + t.Error(err) + } +} + +func TestSymmetricEncLess(t *testing.T) { + peerd := newPeer(true, "foo", Dummy{nil}, conf, new([SSize]byte)) + peer.NoiseEnable = true + peer.EncLess = true + peerd.EncLess = true + peerd.NoiseEnable = true + f := func(payload []byte) bool { + if len(payload) == 0 { + return true + } + peer.EthProcess(payload) + return peerd.PktProcess(ciphertext, Dummy{nil}, true) + } + if err := quick.Check(f, nil); err != nil { + t.Error(err) + } + peer.NoiseEnable = false + peer.EncLess = false +} + func BenchmarkEnc(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { -- 2.44.0