X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=src%2Fcypherpunks.ru%2Fgovpn%2Fidentity.go;h=b7f9f9099f46f35100a1e1b8041ad4e9518b6e3d;hb=70e70dfded87dc2d737160444829c58ed8ed2fa0;hp=4dc74eed0e330f4a3ec73570e0c9d73b2503baee;hpb=b97d37d9494cf064a50d30b4936393eeab32b0e1;p=govpn.git

diff --git a/src/cypherpunks.ru/govpn/identity.go b/src/cypherpunks.ru/govpn/identity.go
index 4dc74ee..b7f9f90 100644
--- a/src/cypherpunks.ru/govpn/identity.go
+++ b/src/cypherpunks.ru/govpn/identity.go
@@ -1,6 +1,6 @@
 /*
 GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2018 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -27,20 +27,20 @@ import (
 	"sync"
 	"time"
 
-	"github.com/dchest/blake2b"
+	"golang.org/x/crypto/blake2b"
 )
 
 const (
 	IDSize = 128 / 8
 )
 
-type PeerId [IDSize]byte
+type PeerID [IDSize]byte
 
-func (id PeerId) String() string {
+func (id PeerID) String() string {
 	return base64.RawStdEncoding.EncodeToString(id[:])
 }
 
-func (id PeerId) MarshalJSON() ([]byte, error) {
+func (id PeerID) MarshalJSON() ([]byte, error) {
 	return []byte(`"` + id.String() + `"`), nil
 }
 
@@ -51,18 +51,18 @@ type MACAndTimeSync struct {
 }
 
 type MACCache struct {
-	cache map[PeerId]*MACAndTimeSync
+	cache map[PeerID]*MACAndTimeSync
 	l     sync.RWMutex
 }
 
 func NewMACCache() *MACCache {
-	return &MACCache{cache: make(map[PeerId]*MACAndTimeSync)}
+	return &MACCache{cache: make(map[PeerID]*MACAndTimeSync)}
 }
 
 // Remove disappeared keys, add missing ones with initialized MACs.
-func (mc *MACCache) Update(peers *map[PeerId]*PeerConf) {
+func (mc *MACCache) Update(peers *map[PeerID]*PeerConf) {
 	mc.l.Lock()
-	for pid, _ := range mc.cache {
+	for pid := range mc.cache {
 		if _, exists := (*peers)[pid]; !exists {
 			log.Println("Cleaning key:", pid)
 			delete(mc.cache, pid)
@@ -73,8 +73,12 @@ func (mc *MACCache) Update(peers *map[PeerId]*PeerConf) {
 			mc.cache[pid].ts = pc.TimeSync
 		} else {
 			log.Println("Adding key", pid)
+			mac, err := blake2b.New256(pid[:])
+			if err != nil {
+				panic(err)
+			}
 			mc.cache[pid] = &MACAndTimeSync{
-				mac: blake2b.NewMAC(8, pid[:]),
+				mac: mac,
 				ts:  pc.TimeSync,
 			}
 		}
@@ -97,11 +101,12 @@ func AddTimeSync(ts int, data []byte) {
 // Try to find peer's identity (that equals to MAC)
 // by taking first blocksize sized bytes from data at the beginning
 // as plaintext and last bytes as cyphertext.
-func (mc *MACCache) Find(data []byte) *PeerId {
+func (mc *MACCache) Find(data []byte) *PeerID {
 	if len(data) < 8*2 {
 		return nil
 	}
 	buf := make([]byte, 8)
+	sum := make([]byte, 32)
 	mc.l.RLock()
 	for pid, mt := range mc.cache {
 		copy(buf, data)
@@ -109,10 +114,10 @@ func (mc *MACCache) Find(data []byte) *PeerId {
 		mt.l.Lock()
 		mt.mac.Reset()
 		mt.mac.Write(buf)
-		mt.mac.Sum(buf[:0])
+		mt.mac.Sum(sum[:0])
 		mt.l.Unlock()
-		if subtle.ConstantTimeCompare(buf, data[len(data)-8:]) == 1 {
-			ppid := PeerId(pid)
+		if subtle.ConstantTimeCompare(sum[len(sum)-8:], data[len(data)-8:]) == 1 {
+			ppid := PeerID(pid)
 			mc.l.RUnlock()
 			return &ppid
 		}