From ce80eac5e6d2b8e750167ea9a972662dc6db78d5 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sun, 3 Jan 2016 14:51:51 +0300
Subject: [PATCH] govpn-verifier can also use EGD

Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
---
 src/govpn/cmd/govpn-verifier/main.go |  7 ++++--
 src/govpn/egd.go                     | 34 ++++++++++++++++------------
 src/govpn/handshake.go               | 25 +++++++-------------
 3 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/src/govpn/cmd/govpn-verifier/main.go b/src/govpn/cmd/govpn-verifier/main.go
index 5a62b22..a7c16f0 100644
--- a/src/govpn/cmd/govpn-verifier/main.go
+++ b/src/govpn/cmd/govpn-verifier/main.go
@@ -20,7 +20,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package main
 
 import (
-	"crypto/rand"
 	"crypto/subtle"
 	"flag"
 	"fmt"
@@ -35,13 +34,17 @@ var (
 	mOpt     = flag.Int("m", govpn.DefaultM, "Argon2d memory parameter (KiBs)")
 	tOpt     = flag.Int("t", govpn.DefaultT, "Argon2d iteration parameter")
 	pOpt     = flag.Int("p", govpn.DefaultP, "Argon2d parallelizm parameter")
+	egdPath  = flag.String("egd", "", "Optional path to EGD socket")
 )
 
 func main() {
 	flag.Parse()
+	if *egdPath != "" {
+		govpn.EGDInit(*egdPath)
+	}
 	if *verifier == "" {
 		id := new([govpn.IDSize]byte)
-		if _, err := rand.Read(id[:]); err != nil {
+		if _, err := govpn.Rand.Read(id[:]); err != nil {
 			log.Fatalln(err)
 		}
 		pid := govpn.PeerId(*id)
diff --git a/src/govpn/egd.go b/src/govpn/egd.go
index f189302..04ec87b 100644
--- a/src/govpn/egd.go
+++ b/src/govpn/egd.go
@@ -19,32 +19,38 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package govpn
 
 import (
+	"crypto/rand"
 	"errors"
+	"io"
 	"net"
 )
 
 var (
-	egdPath string
+	Rand io.Reader = rand.Reader
 )
 
-func EGDInit(path string) {
-	egdPath = path
-}
+type EGDRand string
 
 // Read n bytes from EGD, blocking mode.
-func EGDRead(b []byte) error {
-	c, err := net.Dial("unix", egdPath)
+func (egdPath EGDRand) Read(b []byte) (int, error) {
+	conn, err := net.Dial("unix", string(egdPath))
 	if err != nil {
-		return err
+		return 0, err
 	}
-	defer c.Close()
-	c.Write([]byte{0x02, byte(len(b))})
-	r, err := c.Read(b)
+	conn.Write([]byte{0x02, byte(len(b))})
+	read, err := conn.Read(b)
 	if err != nil {
-		return err
+		conn.Close()
+		return read, err
 	}
-	if r != len(b) {
-		return errors.New("Got less bytes than expected from EGD")
+	if read != len(b) {
+		conn.Close()
+		return read, errors.New("Got less bytes than expected from EGD")
 	}
-	return nil
+	conn.Close()
+	return read, nil
+}
+
+func EGDInit(path string) {
+	Rand = EGDRand(path)
 }
diff --git a/src/govpn/handshake.go b/src/govpn/handshake.go
index 606e7d0..c67256f 100644
--- a/src/govpn/handshake.go
+++ b/src/govpn/handshake.go
@@ -19,7 +19,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package govpn
 
 import (
-	"crypto/rand"
 	"crypto/subtle"
 	"encoding/binary"
 	"io"
@@ -102,23 +101,13 @@ func (h *Handshake) rNonceNext(count uint64) []byte {
 	return nonce
 }
 
-func randRead(b []byte) error {
-	var err error
-	if egdPath == "" {
-		_, err = rand.Read(b)
-	} else {
-		err = EGDRead(b)
-	}
-	return err
-}
-
 func dhKeypairGen() (*[32]byte, *[32]byte) {
 	priv := new([32]byte)
 	pub := new([32]byte)
 	repr := new([32]byte)
 	reprFound := false
 	for !reprFound {
-		if err := randRead(priv[:]); err != nil {
+		if _, err := Rand.Read(priv[:]); err != nil {
 			log.Fatalln("Error reading random for DH private key:", err)
 		}
 		reprFound = extra25519.ScalarBaseMult(pub, repr, priv)
@@ -167,7 +156,7 @@ func HandshakeStart(addr string, conn io.Writer, conf *PeerConf) *Handshake {
 	state.dhPriv, dhPubRepr = dhKeypairGen()
 
 	state.rNonce = new([RSize]byte)
-	if err := randRead(state.rNonce[:]); err != nil {
+	if _, err := Rand.Read(state.rNonce[:]); err != nil {
 		log.Fatalln("Error reading random for nonce:", err)
 	}
 	var enc []byte
@@ -216,11 +205,12 @@ func (h *Handshake) Server(data []byte) *Peer {
 
 		// Generate R* and encrypt them
 		h.rServer = new([RSize]byte)
-		if err := randRead(h.rServer[:]); err != nil {
+		var err error
+		if _, err = Rand.Read(h.rServer[:]); err != nil {
 			log.Fatalln("Error reading random for R:", err)
 		}
 		h.sServer = new([SSize]byte)
-		if err := randRead(h.sServer[:]); err != nil {
+		if _, err = Rand.Read(h.sServer[:]); err != nil {
 			log.Fatalln("Error reading random for S:", err)
 		}
 		var encRs []byte
@@ -308,11 +298,12 @@ func (h *Handshake) Client(data []byte) *Peer {
 
 		// Generate R* and signature and encrypt them
 		h.rClient = new([RSize]byte)
-		if err := randRead(h.rClient[:]); err != nil {
+		var err error
+		if _, err = Rand.Read(h.rClient[:]); err != nil {
 			log.Fatalln("Error reading random for R:", err)
 		}
 		h.sClient = new([SSize]byte)
-		if err := randRead(h.sClient[:]); err != nil {
+		if _, err = Rand.Read(h.sClient[:]); err != nil {
 			log.Fatalln("Error reading random for S:", err)
 		}
 		sign := ed25519.Sign(h.Conf.DSAPriv, h.key[:])
-- 
2.44.0