)
var (
- testKey *[16]byte = new([16]byte)
+ testKey = new([16]byte)
)
func init() {
)
var (
- dummyNonce *[16]byte = new([16]byte)
+ dummyNonce = new([16]byte)
)
// Encode the data, produce AONT package. Data size will be larger than
termSignal: termSignal,
Error: make(chan error, 1),
}
- confs := map[govpn.PeerId]*govpn.PeerConf{*verifier.Id: conf.Peer}
+ confs := map[govpn.PeerID]*govpn.PeerConf{*verifier.ID: conf.Peer}
client.idsCache.Update(&confs)
return &client
}
}
prev += n
- peerId := c.idsCache.Find(buf[:prev])
- if peerId == nil {
+ peerID := c.idsCache.Find(buf[:prev])
+ if peerID == nil {
continue
}
peer = hs.Client(buf[:prev])
conf := client.Configuration{
PrivateKey: priv,
Peer: &govpn.PeerConf{
- Id: verifier.Id,
+ ID: verifier.ID,
Iface: *ifaceName,
MTU: *mtu,
Timeout: time.Second * time.Duration(*timeoutP),
handshakes map[string]*govpn.Handshake = make(map[string]*govpn.Handshake)
hsLock sync.RWMutex
- peers map[string]*PeerState = make(map[string]*PeerState)
+ peers = make(map[string]*PeerState)
peersLock sync.RWMutex
- peersById map[govpn.PeerId]string = make(map[govpn.PeerId]string)
- peersByIdLock sync.RWMutex
+ peersByID = make(map[govpn.PeerID]string)
+ peersByIDLock sync.RWMutex
knownPeers govpn.KnownPeers
kpLock sync.RWMutex
)
-func callUp(peerId *govpn.PeerId, remoteAddr string) (string, error) {
- ifaceName := confs[*peerId].Iface
- if confs[*peerId].Up != "" {
- result, err := govpn.ScriptCall(confs[*peerId].Up, ifaceName, remoteAddr)
+func callUp(peerID *govpn.PeerID, remoteAddr string) (string, error) {
+ ifaceName := confs[*peerID].Iface
+ if confs[*peerID].Up != "" {
+ result, err := govpn.ScriptCall(confs[*peerID].Up, ifaceName, remoteAddr)
if err != nil {
- govpn.Printf(`[script-failed bind="%s" path="%s" err="%s"]`, *bindAddr, confs[*peerId].Up, err)
+ govpn.Printf(
+ `[script-failed bind="%s" path="%s" err="%s"]`,
+ *bindAddr,
+ confs[*peerID].Up,
+ err,
+ )
return "", err
}
if ifaceName == "" {
}
}
if ifaceName == "" {
- govpn.Printf(`[tap-failed bind="%s" peer="%s"]`, *bindAddr, *peerId)
+ govpn.Printf(`[tap-failed bind="%s" peer="%s"]`, *bindAddr, *peerID)
}
return ifaceName, nil
}
)
var (
- confs map[govpn.PeerId]*govpn.PeerConf
+ confs map[govpn.PeerID]*govpn.PeerConf
idsCache *govpn.MACCache
)
-func confRead() (*map[govpn.PeerId]*govpn.PeerConf, error) {
+func confRead() (*map[govpn.PeerID]*govpn.PeerConf, error) {
data, err := ioutil.ReadFile(*confPath)
if err != nil {
return nil, err
return nil, err
}
- confs := make(map[govpn.PeerId]*govpn.PeerConf, len(*confsRaw))
+ confs := make(map[govpn.PeerID]*govpn.PeerConf, len(*confsRaw))
for name, pc := range *confsRaw {
verifier, err := govpn.VerifierFromString(pc.VerifierRaw)
if err != nil {
}
conf := govpn.PeerConf{
Verifier: verifier,
- Id: verifier.Id,
+ ID: verifier.ID,
Name: name,
Iface: pc.Iface,
MTU: pc.MTU,
pc.TimeoutInt = govpn.TimeoutDefault
}
conf.Timeout = time.Second * time.Duration(pc.TimeoutInt)
- confs[*verifier.Id] = &conf
+ confs[*verifier.ID] = &conf
}
return &confs, nil
}
govpn.BothPrintf(`[terminating bind="%s"]`, *bindAddr)
for _, ps := range peers {
govpn.ScriptCall(
- confs[*ps.peer.Id].Down,
+ confs[*ps.peer.ID].Down,
ps.tap.Name,
ps.peer.Addr,
)
}
}
peersLock.Lock()
- peersByIdLock.Lock()
+ peersByIDLock.Lock()
kpLock.Lock()
for addr, ps := range peers {
ps.peer.BusyR.Lock()
govpn.Printf(`[peer-delete bind="%s" peer="%s"]`, *bindAddr, ps.peer)
delete(peers, addr)
delete(knownPeers, addr)
- delete(peersById, *ps.peer.Id)
+ delete(peersByID, *ps.peer.ID)
go govpn.ScriptCall(
- confs[*ps.peer.Id].Down,
+ confs[*ps.peer.ID].Down,
ps.tap.Name,
ps.peer.Addr,
)
}
hsLock.Unlock()
peersLock.Unlock()
- peersByIdLock.Unlock()
+ peersByIDLock.Unlock()
kpLock.Unlock()
}
}
break
}
prev += n
- peerId := idsCache.Find(buf[:prev])
- if peerId == nil {
+ peerID := idsCache.Find(buf[:prev])
+ if peerID == nil {
continue
}
if hs == nil {
- conf = confs[*peerId]
+ conf = confs[*peerID]
if conf == nil {
govpn.Printf(
`[conf-get-failed bind="%s" peer="%s"]`,
- *bindAddr, peerId.String(),
+ *bindAddr, peerID.String(),
)
break
}
hs.Zero()
govpn.Printf(
`[handshake-completed bind="%s" addr="%s" peer="%s"]`,
- *bindAddr, addr, peerId.String(),
+ *bindAddr, addr, peerID.String(),
)
- peersByIdLock.RLock()
- addrPrev, exists := peersById[*peer.Id]
- peersByIdLock.RUnlock()
+ peersByIDLock.RLock()
+ addrPrev, exists := peersByID[*peer.ID]
+ peersByIDLock.RUnlock()
if exists {
peersLock.Lock()
peers[addrPrev].terminator <- struct{}{}
terminator: make(chan struct{}),
}
go govpn.PeerTapProcessor(ps.peer, ps.tap, ps.terminator)
- peersByIdLock.Lock()
+ peersByIDLock.Lock()
kpLock.Lock()
delete(peers, addrPrev)
delete(knownPeers, addrPrev)
peers[addr] = ps
knownPeers[addr] = &peer
- peersById[*peer.Id] = addr
+ peersByID[*peer.ID] = addr
peersLock.Unlock()
- peersByIdLock.Unlock()
+ peersByIDLock.Unlock()
kpLock.Unlock()
govpn.Printf(
`[rehandshake-completed bind="%s" peer="%s"]`,
- *bindAddr, peerId.String(),
+ *bindAddr, peerID.String(),
)
} else {
- ifaceName, err := callUp(peer.Id, peer.Addr)
+ ifaceName, err := callUp(peer.ID, peer.Addr)
if err != nil {
peer = nil
break
if err != nil {
govpn.Printf(
`[tap-failed bind="%s" peer="%s" err="%s"]`,
- *bindAddr, peerId.String(), err,
+ *bindAddr, peerID.String(), err,
)
peer = nil
break
}
go govpn.PeerTapProcessor(ps.peer, ps.tap, ps.terminator)
peersLock.Lock()
- peersByIdLock.Lock()
+ peersByIDLock.Lock()
kpLock.Lock()
peers[addr] = ps
- peersById[*peer.Id] = addr
+ peersByID[*peer.ID] = addr
knownPeers[addr] = &peer
peersLock.Unlock()
- peersByIdLock.Unlock()
+ peersByIDLock.Unlock()
kpLock.Unlock()
- govpn.Printf(`[peer-created bind="%s" peer="%s"]`, *bindAddr, peerId.String())
+ govpn.Printf(`[peer-created bind="%s" peer="%s"]`, *bindAddr, peerID.String())
}
break
}
if !peer.PktProcess(buf[:i+govpn.NonceSize], tap, false) {
govpn.Printf(
`[packet-unauthenticated bind="%s" addr="%s" peer="%s"]`,
- *bindAddr, addr, peer.Id.String(),
+ *bindAddr, addr, peer.ID.String(),
)
break
}
var (
// Buffers for UDP parallel processing
- udpBufs chan []byte = make(chan []byte, 1<<8)
+ udpBufs = make(chan []byte, 1<<8)
)
func startUDP() {
var hs *govpn.Handshake
var addrPrev string
var exists bool
- var peerId *govpn.PeerId
+ var peerID *govpn.PeerID
var conf *govpn.PeerConf
for {
buf = <-udpBufs
hs, exists = handshakes[addr]
hsLock.RUnlock()
if !exists {
- peerId = idsCache.Find(buf[:n])
- if peerId == nil {
+ peerID = idsCache.Find(buf[:n])
+ if peerID == nil {
govpn.Printf(`[identity-unknown bind="%s" addr="%s"]`, *bindAddr, addr)
udpBufs <- buf
continue
}
- conf = confs[*peerId]
+ conf = confs[*peerID]
if conf == nil {
govpn.Printf(
`[conf-get-failed bind="%s" peer="%s"]`,
- *bindAddr, peerId.String(),
+ *bindAddr, peerID.String(),
)
udpBufs <- buf
continue
}
govpn.Printf(
`[handshake-completed bind="%s" addr="%s" peer="%s"]`,
- *bindAddr, addr, peerId.String(),
+ *bindAddr, addr, peerID.String(),
)
hs.Zero()
hsLock.Lock()
udpBufs <- make([]byte, govpn.MTUMax)
udpBufs <- make([]byte, govpn.MTUMax)
}()
- peersByIdLock.RLock()
- addrPrev, exists = peersById[*peer.Id]
- peersByIdLock.RUnlock()
+ peersByIDLock.RLock()
+ addrPrev, exists = peersByID[*peer.ID]
+ peersByIDLock.RUnlock()
if exists {
peersLock.Lock()
peers[addrPrev].terminator <- struct{}{}
- ps := &PeerState{
+ psNew := &PeerState{
peer: peer,
tap: peers[addrPrev].tap,
terminator: make(chan struct{}),
govpn.PeerTapProcessor(peer, tap, terminator)
<-udpBufs
<-udpBufs
- }(ps.peer, ps.tap, ps.terminator)
- peersByIdLock.Lock()
+ }(psNew.peer, psNew.tap, psNew.terminator)
+ peersByIDLock.Lock()
kpLock.Lock()
delete(peers, addrPrev)
delete(knownPeers, addrPrev)
- peers[addr] = ps
+ peers[addr] = psNew
knownPeers[addr] = &peer
- peersById[*peer.Id] = addr
+ peersByID[*peer.ID] = addr
peersLock.Unlock()
- peersByIdLock.Unlock()
+ peersByIDLock.Unlock()
kpLock.Unlock()
govpn.Printf(
`[rehandshake-completed bind="%s" peer="%s"]`,
- *bindAddr, peer.Id.String(),
+ *bindAddr, peer.ID.String(),
)
} else {
go func(addr string, peer *govpn.Peer) {
- ifaceName, err := callUp(peer.Id, peer.Addr)
+ ifaceName, err := callUp(peer.ID, peer.Addr)
if err != nil {
return
}
if err != nil {
govpn.Printf(
`[tap-failed bind="%s" peer="%s" err="%s"]`,
- *bindAddr, peer.Id.String(), err,
+ *bindAddr, peer.ID.String(), err,
)
return
}
- ps := &PeerState{
+ psNew := &PeerState{
peer: peer,
tap: tap,
terminator: make(chan struct{}),
govpn.PeerTapProcessor(peer, tap, terminator)
<-udpBufs
<-udpBufs
- }(ps.peer, ps.tap, ps.terminator)
+ }(psNew.peer, psNew.tap, psNew.terminator)
peersLock.Lock()
- peersByIdLock.Lock()
+ peersByIDLock.Lock()
kpLock.Lock()
- peers[addr] = ps
+ peers[addr] = psNew
knownPeers[addr] = &peer
- peersById[*peer.Id] = addr
+ peersByID[*peer.ID] = addr
peersLock.Unlock()
- peersByIdLock.Unlock()
+ peersByIDLock.Unlock()
kpLock.Unlock()
- govpn.Printf(`[peer-created bind="%s" peer="%s"]`, *bindAddr, peer.Id.String())
+ govpn.Printf(`[peer-created bind="%s" peer="%s"]`, *bindAddr, peer.ID.String())
}(addr, peer)
}
udpBufs <- buf
if _, err = io.ReadFull(govpn.Rand, id[:]); err != nil {
log.Fatalln(err)
}
- pid := govpn.PeerId(*id)
+ pid := govpn.PeerID(*id)
v := govpn.VerifierNew(*sOpt, *tOpt, *pOpt, &pid)
v.PasswordApply(key)
fmt.Println(v.LongForm())
)
var (
- testKey *[32]byte = new([32]byte)
+ testKey = new([32]byte)
)
func init() {
)
type PeerConf struct {
- Id *PeerId `yaml:"-"`
+ ID *PeerID `yaml:"-"`
Name string `yaml:"name"`
Iface string `yaml:"iface"`
MTU int `yaml:"mtu"`
)
var (
- Rand io.Reader = rand.Reader
+ Rand = rand.Reader
)
type EGDRand string
)
var (
- testKey *[32]byte = new([32]byte)
+ testKey = new([32]byte)
)
func init() {
}
// Generate ID tag from client identification and data.
-func idTag(id *PeerId, timeSync int, data []byte) []byte {
+func idTag(id *PeerID, timeSync int, data []byte) []byte {
enc := make([]byte, 8)
copy(enc, data)
AddTimeSync(timeSync, enc)
chacha20.XORKeyStream(enc, enc, state.rNonce, state.dsaPubH)
}
data := append(state.rNonce[8:], enc...)
- data = append(data, idTag(state.Conf.Id, state.Conf.TimeSync, state.rNonce[8:])...)
+ data = append(data, idTag(state.Conf.ID, state.Conf.TimeSync, state.rNonce[8:])...)
state.conn.Write(data)
return state
}
// Send that to client
h.conn.Write(append(encPub, append(
- encRs, idTag(h.Conf.Id, h.Conf.TimeSync, encPub)...,
+ encRs, idTag(h.Conf.ID, h.Conf.TimeSync, encPub)...,
)...))
h.LastPing = time.Now()
} else
} else {
chacha20.XORKeyStream(enc, enc, h.rNonceNext(2), h.key)
}
- h.conn.Write(append(enc, idTag(h.Conf.Id, h.Conf.TimeSync, enc)...))
+ h.conn.Write(append(enc, idTag(h.Conf.ID, h.Conf.TimeSync, enc)...))
// Switch peer
peer := newPeer(
}
// Send that to server
- h.conn.Write(append(enc, idTag(h.Conf.Id, h.Conf.TimeSync, enc)...))
+ h.conn.Write(append(enc, idTag(h.Conf.ID, h.Conf.TimeSync, enc)...))
h.LastPing = time.Now()
} else
// ENC(K, R+2, RC) + IDtag
func TestHandshakeSymmetric(t *testing.T) {
// initial values are taken from peer_test.go's init()
- v := VerifierNew(1<<10, 1<<4, 1, &testPeerId)
+ v := VerifierNew(1<<10, 1<<4, 1, &testPeerID)
testConf.Verifier = v
testConf.DSAPriv = v.PasswordApply("does not matter")
hsS := NewHandshake("server", Dummy{&testCt}, testConf)
func TestHandshakeNoiseSymmetric(t *testing.T) {
// initial values are taken from peer_test.go's init()
- v := VerifierNew(1<<10, 1<<4, 1, &testPeerId)
+ v := VerifierNew(1<<10, 1<<4, 1, &testPeerID)
testConf.Verifier = v
testConf.DSAPriv = v.PasswordApply("does not matter")
testConf.Noise = true
}
func TestHandshakeEnclessSymmetric(t *testing.T) {
// initial values are taken from peer_test.go's init()
- v := VerifierNew(1<<10, 1<<4, 1, &testPeerId)
+ v := VerifierNew(1<<10, 1<<4, 1, &testPeerID)
testConf.Verifier = v
testConf.DSAPriv = v.PasswordApply("does not matter")
testConf.Encless = true
IDSize = 128 / 8
)
-type PeerId [IDSize]byte
+type PeerID [IDSize]byte
-func (id PeerId) String() string {
+func (id PeerID) String() string {
return base64.RawStdEncoding.EncodeToString(id[:])
}
-func (id PeerId) MarshalJSON() ([]byte, error) {
+func (id PeerID) MarshalJSON() ([]byte, error) {
return []byte(`"` + id.String() + `"`), nil
}
}
type MACCache struct {
- cache map[PeerId]*MACAndTimeSync
+ cache map[PeerID]*MACAndTimeSync
l sync.RWMutex
}
func NewMACCache() *MACCache {
- return &MACCache{cache: make(map[PeerId]*MACAndTimeSync)}
+ return &MACCache{cache: make(map[PeerID]*MACAndTimeSync)}
}
// Remove disappeared keys, add missing ones with initialized MACs.
-func (mc *MACCache) Update(peers *map[PeerId]*PeerConf) {
+func (mc *MACCache) Update(peers *map[PeerID]*PeerConf) {
mc.l.Lock()
- for pid, _ := range mc.cache {
+ for pid := range mc.cache {
if _, exists := (*peers)[pid]; !exists {
log.Println("Cleaning key:", pid)
delete(mc.cache, pid)
// Try to find peer's identity (that equals to MAC)
// by taking first blocksize sized bytes from data at the beginning
// as plaintext and last bytes as cyphertext.
-func (mc *MACCache) Find(data []byte) *PeerId {
+func (mc *MACCache) Find(data []byte) *PeerID {
if len(data) < 8*2 {
return nil
}
mt.mac.Sum(sum[:0])
mt.l.Unlock()
if subtle.ConstantTimeCompare(sum[len(sum)-8:], data[len(data)-8:]) == 1 {
- ppid := PeerId(pid)
+ ppid := PeerID(pid)
mc.l.RUnlock()
return &ppid
}
// Basic
Addr string
- Id *PeerId
+ ID *PeerID
Conn io.Writer `json:"-"`
// Traffic behaviour
Encless bool
MTU int
- key *[SSize]byte `json:"-"`
+ key *[SSize]byte
// Timers
Timeout time.Duration `json:"-"`
}
func (p *Peer) String() string {
- return p.Id.String() + ":" + p.Addr
+ return p.ID.String() + ":" + p.Addr
}
// Zero peer's memory state.
peer := Peer{
Addr: addr,
- Id: conf.Id,
+ ID: conf.ID,
Conn: conn,
NoiseEnable: noiseEnable,
testPeer *Peer
testPt []byte
testCt []byte
- testPeerId PeerId
+ testPeerID PeerID
testConf *PeerConf
)
func init() {
id := new([IDSize]byte)
- testPeerId = PeerId(*id)
+ testPeerID = PeerID(*id)
testConf = &PeerConf{
- Id: &testPeerId,
+ ID: &testPeerID,
MTU: MTUDefault,
Timeout: time.Second * time.Duration(TimeoutDefault),
}
S int
T int
P int
- Id *PeerId
+ ID *PeerID
Pub *[ed25519.PublicKeySize]byte
}
// Generate new verifier for given peer, with specified password and
// hashing parameters.
-func VerifierNew(s, t, p int, id *PeerId) *Verifier {
- return &Verifier{S: s, T: t, P: p, Id: id}
+func VerifierNew(s, t, p int, id *PeerID) *Verifier {
+ return &Verifier{S: s, T: t, P: p, ID: id}
}
func blake2bKeyless() hash.Hash {
// Apply the password: create Ed25519 keypair based on it, save public
// key in verifier.
func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte {
- r := balloon.H(blake2bKeyless, []byte(password), v.Id[:], v.S, v.T, v.P)
+ r := balloon.H(blake2bKeyless, []byte(password), v.ID[:], v.S, v.T, v.P)
defer SliceZero(r)
src := bytes.NewBuffer(r)
pub, prv, err := ed25519.GenerateKey(src)
v := Verifier{S: s, T: t, P: p}
id := new([IDSize]byte)
copy(id[:], salt)
- pid := PeerId(*id)
- v.Id = &pid
+ pid := PeerID(*id)
+ v.ID = &pid
if len(ss) == 5 {
pub, err := base64.RawStdEncoding.DecodeString(ss[4])
if err != nil {
func (v *Verifier) ShortForm() string {
return fmt.Sprintf(
"$balloon$s=%d,t=%d,p=%d$%s",
- v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]),
+ v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.ID[:]),
)
}