]> Cypherpunks.ru repositories - govpn.git/blobdiff - handshake.go
projects / govpn.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Obfuscate/randomize message nonces
[govpn.git] / handshake.go
diff --git a/handshake.go b/handshake.go
index 59afb5dd75c24c6be51f83df5defb5e63b87a07c..9faf9ec9d3abfc91f6c5cfb5a4bf4c282c87c483 100644 (file)
--- a/handshake.go
+++ b/handshake.go
@@ -30,6 +30,7 @@ import (
        "golang.org/x/crypto/poly1305"
        "golang.org/x/crypto/salsa20"
        "golang.org/x/crypto/salsa20/salsa"
+       "golang.org/x/crypto/xtea"
 )
 
 type Handshake struct {
@@ -52,6 +53,16 @@ func KeyFromSecrets(server, client []byte) *[32]byte {
        return k
 }
 
+func NewNonceCipher(key *[32]byte) *xtea.Cipher {
+       nonceKey := make([]byte, 16)
+       salsa20.XORKeyStream(nonceKey, make([]byte, 32), make([]byte, 8), key)
+       ciph, err := xtea.NewCipher(nonceKey)
+       if err != nil {
+               panic(err)
+       }
+       return ciph
+}
+
 // Check if it is valid handshake-related message
 // Minimal size and last 16 zero bytes
 func isValidHandshakePkt(pkt []byte) bool {
@@ -181,11 +192,12 @@ func (h *Handshake) Server(noncediff uint64, conn *net.UDPConn, key *[32]byte, d
 
                // Switch peer
                peer := Peer{
-                       addr: h.addr,
-                       nonceOur: noncediff + 0,
+                       addr:      h.addr,
+                       nonceOur:  noncediff + 0,
                        nonceRecv: noncediff + 0,
+                       key:       KeyFromSecrets(h.sServer[:], decRs[8+8:]),
                }
-               peer.key = KeyFromSecrets(h.sServer[:], decRs[8+8:])
+               peer.nonceCipher = NewNonceCipher(peer.key)
                fmt.Print("[OK]")
                return &peer
        default:
@@ -252,11 +264,12 @@ func (h *Handshake) Client(noncediff uint64, conn *net.UDPConn, key *[32]byte, d
 
                // Switch peer
                peer := Peer{
-                       addr: h.addr,
-                       nonceOur: noncediff + 1,
+                       addr:      h.addr,
+                       nonceOur:  noncediff + 1,
                        nonceRecv: noncediff + 0,
+                       key:       KeyFromSecrets(h.sServer[:], h.sClient[:]),
                }
-               peer.key = KeyFromSecrets(h.sServer[:], h.sClient[:])
+               peer.nonceCipher = NewNonceCipher(peer.key)
                fmt.Print("[OK]")
                return &peer
        default:
Simple secure free software VPN daemon