From 9f7abcad309afd709a1f16cdf961837bb9510036 Mon Sep 17 00:00:00 2001 From: Bruno Clermont Date: Wed, 8 Feb 2017 17:50:45 +0800 Subject: [PATCH] golint fixes --- src/cypherpunks.ru/govpn/aont/oaep.go | 4 +++- src/cypherpunks.ru/govpn/client/client.go | 8 ++++++++ .../govpn/cmd/govpn-server/common.go | 1 + src/cypherpunks.ru/govpn/cnw/cnw.go | 7 +++---- src/cypherpunks.ru/govpn/common.go | 9 ++++++--- src/cypherpunks.ru/govpn/conf.go | 1 + src/cypherpunks.ru/govpn/egd.go | 7 ++++--- src/cypherpunks.ru/govpn/encless.go | 9 ++++----- src/cypherpunks.ru/govpn/govpn.go | 7 +++---- src/cypherpunks.ru/govpn/handshake.go | 11 +++++++---- src/cypherpunks.ru/govpn/identity.go | 17 +++++++++++------ src/cypherpunks.ru/govpn/peer.go | 10 +++++++--- src/cypherpunks.ru/govpn/stats.go | 1 + src/cypherpunks.ru/govpn/tap.go | 3 +++ src/cypherpunks.ru/govpn/verifier.go | 16 ++++++++++------ 15 files changed, 72 insertions(+), 39 deletions(-) diff --git a/src/cypherpunks.ru/govpn/aont/oaep.go b/src/cypherpunks.ru/govpn/aont/oaep.go index b648ccb..00b9fce 100644 --- a/src/cypherpunks.ru/govpn/aont/oaep.go +++ b/src/cypherpunks.ru/govpn/aont/oaep.go @@ -16,7 +16,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ -// All-Or-Nothing-Transform, based on OAEP. +// Package aont stand for All-Or-Nothing-Transform, based on OAEP. // // This package implements OAEP (Optimal Asymmetric Encryption Padding) // (http://cseweb.ucsd.edu/~mihir/papers/oaep.html) @@ -43,7 +43,9 @@ import ( ) const ( + // HSize TODO HSize = 32 + // RSize TODO RSize = 16 ) diff --git a/src/cypherpunks.ru/govpn/client/client.go b/src/cypherpunks.ru/govpn/client/client.go index 8102cc6..60e115d 100644 --- a/src/cypherpunks.ru/govpn/client/client.go +++ b/src/cypherpunks.ru/govpn/client/client.go @@ -30,13 +30,17 @@ import ( "cypherpunks.ru/govpn" ) +// Protocol is a GoVPN supported protocol: UDP, TCP or both type Protocol int const ( + // ProtocolUDP GoVPN over UDP ProtocolUDP Protocol = iota + // ProtocolTCP GoVPN over TCP ProtocolTCP ) +// Configuration hold GoVPN client configuration type Configuration struct { PrivateKey *[ed25519.PrivateKeySize]byte Peer *govpn.PeerConf @@ -52,6 +56,7 @@ type Configuration struct { MTU int } +// Validate return an error if a configuration is invalid func (c *Configuration) Validate() error { if c.MTU > govpn.MTUMax { return fmt.Errorf("Invalid MTU %d, maximum allowable is %d", c.MTU, govpn.MTUMax) @@ -69,6 +74,7 @@ func (c *Configuration) isProxy() bool { return len(c.ProxyAddress) > 0 } +// Client is a GoVPN client type Client struct { idsCache *govpn.MACCache tap *govpn.TAP @@ -85,6 +91,7 @@ type Client struct { Error chan error } +// MainCycle main loop of a connecting/connected client func (c *Client) MainCycle() { var err error c.tap, err = govpn.TAPListen(c.config.InterfaceName, c.config.MTU) @@ -146,6 +153,7 @@ MainCycle: } } +// NewClient return a configured GoVPN client, to trigger connection MainCycle must be executed func NewClient(conf Configuration, verifier *govpn.Verifier, termSignal chan os.Signal) *Client { client := Client{ idsCache: govpn.NewMACCache(), diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-server/common.go b/src/cypherpunks.ru/govpn/cmd/govpn-server/common.go index f18d34b..e0171ed 100644 --- a/src/cypherpunks.ru/govpn/cmd/govpn-server/common.go +++ b/src/cypherpunks.ru/govpn/cmd/govpn-server/common.go @@ -25,6 +25,7 @@ import ( "cypherpunks.ru/govpn" ) +// PeerState hold server side state of a single connecting/connected peer type PeerState struct { peer *govpn.Peer terminator chan struct{} diff --git a/src/cypherpunks.ru/govpn/cnw/cnw.go b/src/cypherpunks.ru/govpn/cnw/cnw.go index eaf0958..f3ae03a 100644 --- a/src/cypherpunks.ru/govpn/cnw/cnw.go +++ b/src/cypherpunks.ru/govpn/cnw/cnw.go @@ -16,7 +16,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ -// Chaffing-and-Winnowing. +// Package cnw stand for Chaffing-and-Winnowing. // // This package implements Chaffing-and-Winnowing technology // (http://people.csail.mit.edu/rivest/chaffing-980701.txt). @@ -50,9 +50,8 @@ import ( "golang.org/x/crypto/poly1305" ) -const ( - EnlargeFactor = 16 * poly1305.TagSize -) +// EnlargeFactor TODO +const EnlargeFactor = 16 * poly1305.TagSize func zero(in []byte) { for i := 0; i < len(in); i++ { diff --git a/src/cypherpunks.ru/govpn/common.go b/src/cypherpunks.ru/govpn/common.go index 030794c..b2dab9e 100644 --- a/src/cypherpunks.ru/govpn/common.go +++ b/src/cypherpunks.ru/govpn/common.go @@ -28,18 +28,21 @@ import ( const ( TimeoutDefault = 60 EtherSize = 14 - MTUMax = 9000 + EtherSize + 1 - MTUDefault = 1500 + EtherSize + 1 + // MTUMax is maximum MTU size of ethernet packet + MTUMax = 9000 + EtherSize + 1 + // MTUDefault is default MTU size of ethernet packet + MTUDefault = 1500 + EtherSize + 1 ENV_IFACE = "GOVPN_IFACE" ENV_REMOTE = "GOVPN_REMOTE" ) var ( + // Version hold release string set at build time Version string ) -// Call external program/script. +// ScriptCall call external program/script. // You have to specify path to it and (inteface name as a rule) something // that will be the first argument when calling it. Function will return // it's output and possible error. diff --git a/src/cypherpunks.ru/govpn/conf.go b/src/cypherpunks.ru/govpn/conf.go index 7a9c4b8..daa00d1 100644 --- a/src/cypherpunks.ru/govpn/conf.go +++ b/src/cypherpunks.ru/govpn/conf.go @@ -24,6 +24,7 @@ import ( "github.com/agl/ed25519" ) +// PeerConf is configuration of a single GoVPN Peer (client) type PeerConf struct { ID *PeerID `yaml:"-"` Name string `yaml:"name"` diff --git a/src/cypherpunks.ru/govpn/egd.go b/src/cypherpunks.ru/govpn/egd.go index f54c116..f06411f 100644 --- a/src/cypherpunks.ru/govpn/egd.go +++ b/src/cypherpunks.ru/govpn/egd.go @@ -24,10 +24,10 @@ import ( "net" ) -var ( - Rand = rand.Reader -) +// Rand is a source of entropy +var Rand = rand.Reader +// EGDRand is a EGD source of entropy type EGDRand string // Read n bytes from EGD, blocking mode. @@ -41,6 +41,7 @@ func (egdPath EGDRand) Read(b []byte) (int, error) { return io.ReadFull(conn, b) } +// EGDInit set random source to a EGD socket func EGDInit(path string) { Rand = EGDRand(path) } diff --git a/src/cypherpunks.ru/govpn/encless.go b/src/cypherpunks.ru/govpn/encless.go index 966a2dd..86e59f4 100644 --- a/src/cypherpunks.ru/govpn/encless.go +++ b/src/cypherpunks.ru/govpn/encless.go @@ -25,11 +25,10 @@ import ( "cypherpunks.ru/govpn/cnw" ) -const ( - EnclessEnlargeSize = aont.HSize + aont.RSize*cnw.EnlargeFactor -) +// EnclessEnlargeSize TODO +const EnclessEnlargeSize = aont.HSize + aont.RSize*cnw.EnlargeFactor -// Confidentiality preserving (but encryptionless) encoding. +// EnclessEncode is a confidentiality preserving (but encryptionless) encoding. // // It uses Chaffing-and-Winnowing technology (it is neither // encryption nor steganography) over All-Or-Nothing-Transformed data. @@ -53,7 +52,7 @@ func EnclessEncode(authKey *[32]byte, nonce *[16]byte, in []byte) ([]byte, error return out, nil } -// Decode EnclessEncode-ed data. +// EnclessDecode decode EnclessEncode-ed data. func EnclessDecode(authKey *[32]byte, nonce *[16]byte, in []byte) ([]byte, error) { var err error winnowed, err := cnw.Winnow( diff --git a/src/cypherpunks.ru/govpn/govpn.go b/src/cypherpunks.ru/govpn/govpn.go index 49a11cc..cf48ded 100644 --- a/src/cypherpunks.ru/govpn/govpn.go +++ b/src/cypherpunks.ru/govpn/govpn.go @@ -1,8 +1,8 @@ -// Simple secure, DPI/censorship-resistant free software VPN daemon. +// Package govpn is a simple secure, DPI/censorship-resistant free software VPN client and server. package govpn -const ( - Warranty = `This program is free software: you can redistribute it and/or modify +// Warranty is GoVPN license +const Warranty = `This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -14,4 +14,3 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see .` -) diff --git a/src/cypherpunks.ru/govpn/handshake.go b/src/cypherpunks.ru/govpn/handshake.go index a824ace..77b9365 100644 --- a/src/cypherpunks.ru/govpn/handshake.go +++ b/src/cypherpunks.ru/govpn/handshake.go @@ -33,10 +33,13 @@ import ( ) const ( + // RSize TODO RSize = 8 + // SSize TODO SSize = 32 ) +// Handshake is state of a handshake/negotiation between client and server type Handshake struct { addr string conn io.Writer @@ -116,7 +119,7 @@ func dhKeyGen(priv, pub *[32]byte) *[32]byte { return &hashed } -// Create new handshake state. +// NewHandshake create new handshake state. func NewHandshake(addr string, conn io.Writer, conf *PeerConf) *Handshake { state := Handshake{ addr: addr, @@ -145,7 +148,7 @@ func idTag(id *PeerID, timeSync int, data []byte) []byte { return sum[len(sum)-8:] } -// Start handshake's procedure from the client. It is the entry point +// HandshakeStart start handshake's procedure from the client. It is the entry point // for starting the handshake procedure. // First handshake packet will be sent immediately. func HandshakeStart(addr string, conn io.Writer, conf *PeerConf) *Handshake { @@ -179,7 +182,7 @@ func HandshakeStart(addr string, conn io.Writer, conf *PeerConf) *Handshake { return state } -// Process handshake message on the server side. +// Server process handshake message on the server side. // This function is intended to be called on server's side. // If this is the final handshake message, then new Peer object // will be created and used as a transport. If no mutually @@ -333,7 +336,7 @@ func (h *Handshake) Server(data []byte) *Peer { return nil } -// Process handshake message on the client side. +// Client process handshake message on the client side. // This function is intended to be called on client's side. // If this is the final handshake message, then new Peer object // will be created and used as a transport. If no mutually diff --git a/src/cypherpunks.ru/govpn/identity.go b/src/cypherpunks.ru/govpn/identity.go index 262bca6..a308ba3 100644 --- a/src/cypherpunks.ru/govpn/identity.go +++ b/src/cypherpunks.ru/govpn/identity.go @@ -30,36 +30,41 @@ import ( "golang.org/x/crypto/blake2b" ) -const ( - IDSize = 128 / 8 -) +// IDSize is size a GoVPN peer ID must be +const IDSize = 128 / 8 +// PeerID is identifier of a single GoVPN peer (client) type PeerID [IDSize]byte +// String return a string from a peer ID func (id PeerID) String() string { return base64.RawStdEncoding.EncodeToString(id[:]) } +// MarshalJSON return a JSON string from a peer ID func (id PeerID) MarshalJSON() ([]byte, error) { return []byte(`"` + id.String() + `"`), nil } +// MACAndTimeSync is a single peer MAC and timesync type MACAndTimeSync struct { mac hash.Hash ts int l sync.Mutex } +// MACCache cache all MACAndTimeSync for peers allowed to connect type MACCache struct { cache map[PeerID]*MACAndTimeSync l sync.RWMutex } +// NewMACCache return a new MACCache instance func NewMACCache() *MACCache { return &MACCache{cache: make(map[PeerID]*MACAndTimeSync)} } -// Remove disappeared keys, add missing ones with initialized MACs. +// Update remove disappeared keys, add missing ones with initialized MACs. func (mc *MACCache) Update(peers *map[PeerID]*PeerConf) { mc.l.Lock() for pid := range mc.cache { @@ -86,7 +91,7 @@ func (mc *MACCache) Update(peers *map[PeerID]*PeerConf) { mc.l.Unlock() } -// If timeSync > 0, then XOR timestamp with the data. +// AddTimeSync XOR timestamp with data if timeSync > 0 func AddTimeSync(ts int, data []byte) { if ts == 0 { return @@ -98,7 +103,7 @@ func AddTimeSync(ts int, data []byte) { } } -// Try to find peer's identity (that equals to MAC) +// Find try to find peer's identity (that equals to MAC) // by taking first blocksize sized bytes from data at the beginning // as plaintext and last bytes as cyphertext. func (mc *MACCache) Find(data []byte) *PeerID { diff --git a/src/cypherpunks.ru/govpn/peer.go b/src/cypherpunks.ru/govpn/peer.go index 37bd840..46d8bc0 100644 --- a/src/cypherpunks.ru/govpn/peer.go +++ b/src/cypherpunks.ru/govpn/peer.go @@ -34,16 +34,17 @@ import ( ) const ( + // NonceSize is nounce size NonceSize = 8 NonceBucketSize = 256 TagSize = poly1305.TagSize // S20BS is ChaCha20's internal blocksize in bytes S20BS = 64 - // Maximal amount of bytes transfered with single key (4 GiB) + // MaxBytesPerKey maximal amount of bytes transfered with single key (4 GiB) MaxBytesPerKey uint64 = 1 << 32 // Heartbeat rate, relative to Timeout TimeoutHeartbeat = 4 - // Minimal valid packet length + // MinPktLength minimal valid packet length MinPktLength = 1 + 16 + 8 // Padding byte PadByte = byte(0x80) @@ -73,6 +74,7 @@ func newNonces(key *[32]byte, i uint64) chan *[NonceSize]byte { return nonces } +// Peer is a GoVPN peer (client) type Peer struct { // Statistics (they are at the beginning for correct int64 alignment) BytesIn uint64 @@ -244,7 +246,7 @@ func newPeer(isClient bool, addr string, conn io.Writer, conf *PeerConf, key *[S return &peer } -// Process incoming Ethernet packet. +// EthProcess process incoming Ethernet packet. // ready channel is TAPListen's synchronization channel used to tell him // that he is free to receive new packets. Encrypted and authenticated // packets will be sent to remote Peer side immediately. @@ -302,6 +304,7 @@ func (p *Peer) EthProcess(data []byte) { p.BusyT.Unlock() } +// PktProcess process data of a single packet func (p *Peer) PktProcess(data []byte, tap io.Writer, reorderable bool) bool { if len(data) < MinPktLength { return false @@ -409,6 +412,7 @@ func (p *Peer) PktProcess(data []byte, tap io.Writer, reorderable bool) bool { return true } +// PeerTapProcessor process a TUN/TAP peer func PeerTapProcessor(peer *Peer, tap *TAP, terminator chan struct{}) { var data []byte var now time.Time diff --git a/src/cypherpunks.ru/govpn/stats.go b/src/cypherpunks.ru/govpn/stats.go index c8ea622..d80c581 100644 --- a/src/cypherpunks.ru/govpn/stats.go +++ b/src/cypherpunks.ru/govpn/stats.go @@ -29,6 +29,7 @@ const ( RWTimeout = 10 * time.Second ) +// KnownPeers map of all connected GoVPN peers type KnownPeers map[string]**Peer // StatsProcessor is assumed to be run in background. It accepts diff --git a/src/cypherpunks.ru/govpn/tap.go b/src/cypherpunks.ru/govpn/tap.go index faf88ba..5a71f1f 100644 --- a/src/cypherpunks.ru/govpn/tap.go +++ b/src/cypherpunks.ru/govpn/tap.go @@ -22,6 +22,7 @@ import ( "io" ) +// TAP is a TUN or a TAP interface. type TAP struct { Name string Sink chan []byte @@ -32,6 +33,7 @@ var ( taps = make(map[string]*TAP) ) +// NewTAP create a new TUN/TAP virtual interface func NewTAP(ifaceName string, mtu int) (*TAP, error) { tapRaw, err := newTAPer(ifaceName) if err != nil { @@ -70,6 +72,7 @@ func (t *TAP) Write(data []byte) (n int, err error) { return t.dev.Write(data) } +// TAPListen open an existing TAP, if none exists, open one func TAPListen(ifaceName string, mtu int) (*TAP, error) { tap, exists := taps[ifaceName] if exists { diff --git a/src/cypherpunks.ru/govpn/verifier.go b/src/cypherpunks.ru/govpn/verifier.go index 8be6ea7..1e3fc61 100644 --- a/src/cypherpunks.ru/govpn/verifier.go +++ b/src/cypherpunks.ru/govpn/verifier.go @@ -36,11 +36,15 @@ import ( ) const ( + // DefaultS default Balloon space cost DefaultS = 1 << 20 / 32 + // DefaultT default Balloon time cost DefaultT = 1 << 4 + // DefaultP default Balloon number of job DefaultP = 2 ) +// Verifier is used to verify a peer type Verifier struct { S int T int @@ -49,7 +53,7 @@ type Verifier struct { Pub *[ed25519.PublicKeySize]byte } -// Generate new verifier for given peer, with specified password and +// VerifierNew generate new verifier for given peer, with specified password and // hashing parameters. func VerifierNew(s, t, p int, id *PeerID) *Verifier { return &Verifier{S: s, T: t, P: p, ID: id} @@ -63,7 +67,7 @@ func blake2bKeyless() hash.Hash { return h } -// Apply the password: create Ed25519 keypair based on it, save public +// PasswordApply apply the password: create Ed25519 keypair based on it, save public // key in verifier. func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte { r := balloon.H(blake2bKeyless, []byte(password), v.ID[:], v.S, v.T, v.P) @@ -77,7 +81,7 @@ func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte return prv } -// Parse either short or long verifier form. +// VerifierFromString parse either short or long verifier form. func VerifierFromString(input string) (*Verifier, error) { ss := strings.Split(input, "$") if len(ss) < 4 || ss[1] != "balloon" { @@ -108,7 +112,7 @@ func VerifierFromString(input string) (*Verifier, error) { return &v, nil } -// Short verifier string form -- it is useful for the client. +// ShortForm short verifier string form -- it is useful for the client. // Does not include public key. func (v *Verifier) ShortForm() string { return fmt.Sprintf( @@ -117,7 +121,7 @@ func (v *Verifier) ShortForm() string { ) } -// Long verifier string form -- it is useful for the server. +// LongForm long verifier string form -- it is useful for the server. // Includes public key. func (v *Verifier) LongForm() string { return fmt.Sprintf( @@ -126,7 +130,7 @@ func (v *Verifier) LongForm() string { ) } -// Read the key either from text file (if path is specified), or +// KeyRead read the key either from text file (if path is specified), or // from the terminal. func KeyRead(path string) (string, error) { var p []byte -- 2.44.0