2 GoVPN -- simple secure free software virtual private network daemon
3 Copyright (C) 2014-2017 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
31 "github.com/agl/ed25519"
32 "github.com/pkg/errors"
33 "golang.org/x/crypto/blake2b"
34 "golang.org/x/crypto/ssh/terminal"
36 "cypherpunks.ru/balloon"
40 // DefaultS default Balloon space cost
41 DefaultS = 1 << 20 / 32
42 // DefaultT default Balloon time cost
44 // DefaultP default Balloon number of job
47 wrapDecodeString = "base64.RawStdEncoding.DecodeString"
50 // Verifier is used to authenticate a peer
51 type Verifier struct {
56 Pub *[ed25519.PublicKeySize]byte
59 // VerifierNew generates new verifier for given peer,
60 // with specified password and hashing parameters.
61 func VerifierNew(s, t, p int, id *PeerID) *Verifier {
62 return &Verifier{S: s, T: t, P: p, ID: id}
65 // PasswordApply applies the password: create Ed25519 keypair based on it,
66 // saves public key in verifier.
67 func (v *Verifier) PasswordApply(password string) (*[ed25519.PrivateKeySize]byte, error) {
68 // TODO: there is an extremely weird bug, `balloon.H` panic if I the `hash.Hash`
69 // outside the `hasher` function.
71 hasher := func() hash.Hash {
73 nilHash, err = blake2b.New256(nil)
76 r := balloon.H(hasher, []byte(password), v.ID[:], v.S, v.T, v.P)
78 return nil, errors.Wrap(err, wrapBlake2bNew256)
82 src := bytes.NewBuffer(r)
83 pub, prv, err := ed25519.GenerateKey(src)
85 return nil, errors.Wrap(err, "ed25519.GenerateKey")
91 // VerifierFromString parses either short or long verifier form.
92 func VerifierFromString(input string) (*Verifier, error) {
93 ss := strings.Split(input, "$")
94 if len(ss) < 4 || ss[1] != "balloon" {
95 return nil, errors.New("Invalid verifier structure")
98 n, err := fmt.Sscanf(ss[2], "s=%d,t=%d,p=%d", &s, &t, &p)
100 return nil, errors.Wrap(err, "fmt.Sscanf")
103 return nil, errors.New("Invalid verifier parameters")
105 salt, err := base64.RawStdEncoding.DecodeString(ss[3])
107 return nil, errors.Wrap(err, wrapDecodeString)
109 v := Verifier{S: s, T: t, P: p}
110 id := new([IDSize]byte)
115 pub, err := base64.RawStdEncoding.DecodeString(ss[4])
117 return nil, errors.Wrap(err, wrapDecodeString)
119 v.Pub = new([ed25519.PublicKeySize]byte)
125 // ShortForm outputs the short verifier string form -- it is useful
126 // for the client. It does not include public key.
127 func (v *Verifier) ShortForm() string {
129 "$balloon$s=%d,t=%d,p=%d$%s",
130 v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.ID[:]),
134 // LongForm outputs long verifier string form -- it is useful for the server.
135 // It includes public key.
136 func (v *Verifier) LongForm() string {
138 "%s$%s", v.ShortForm(),
139 base64.RawStdEncoding.EncodeToString(v.Pub[:]),
143 // KeyRead reads the key either from text file (if path is specified), or
144 // from the terminal.
145 func KeyRead(path string) (string, error) {
148 wrapOsStderrWrite = "os.Stderr.Write"
153 if path == emptyString {
154 if _, err = os.Stderr.Write([]byte("Passphrase:")); err != nil {
155 return emptyString, errors.Wrap(err, wrapOsStderrWrite)
157 p, err = terminal.ReadPassword(int(uintptr(syscall.Stdin)))
159 return emptyString, errors.Wrap(err, "terminal.ReadPassword")
161 if _, err = os.Stderr.Write([]byte("\n")); err != nil {
162 return emptyString, errors.Wrap(err, wrapOsStderrWrite)
166 if p, err = ioutil.ReadFile(path); err != nil {
167 return emptyString, errors.Wrap(err, "ioutil.ReadFile")
169 pass = strings.TrimRight(string(p), "\n")
172 return emptyString, errors.New("Empty passphrase submitted")