mirror of https://gogs.blitter.com/RLabs/xs
Added hkexchan.go w/o testing for StreamReader/StreamWriter
This commit is contained in:
Russ Magee
parent
4bccb2512d
commit
9885067a48
BIN
demo/client
BIN
demo/client
Binary file not shown.
BIN
demo/server
BIN
demo/server
Binary file not shown.
|
|
@ -17,6 +17,9 @@
|
|||
golang implementation by Russ Magee (rmagee_at_gmail.com) */
|
||||
package herradurakex
|
||||
|
||||
/* Support functions to set up encryption once an HKEx Conn has been
|
||||
established with FA exchange */
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
|
|
@ -35,37 +38,75 @@ const (
|
|||
)
|
||||
|
||||
/*TODO: HMAC derived from HKEx FA.*/
|
||||
/* Auxilliary functionality to set up encryption after a channel has
|
||||
been negotiated via hkexnet.go -- set up encryption algs with key, IV,
|
||||
/* Support functionality to set up encryption after a channel has
|
||||
been negotiated via hkexnet.go
|
||||
*/
|
||||
func (hd Conn) cryptoSetup(keymat *big.Int, flags uint32, r io.Reader) (ret io.Reader) {
|
||||
// 256 algs should be enough for everybody.(tm)
|
||||
func (hd Conn) getReadStream(keymat *big.Int, flags uint32, r io.Reader) (ret io.Reader) {
|
||||
var key []byte
|
||||
var block cipher.Block
|
||||
var err error
|
||||
|
||||
// 256 algs should be enough for everybody.(tm)
|
||||
cipherAlg := (flags & 8)
|
||||
//TODO: flags for HMAC from keymat
|
||||
switch cipherAlg {
|
||||
case C_AES_256:
|
||||
key = keymat.Bytes()[0:aes.BlockSize]
|
||||
block, err := aes.NewCipher(key)
|
||||
block, err = aes.NewCipher(key)
|
||||
break
|
||||
default:
|
||||
fmt.Println("DOOFUS SET A VALID CIPHER ALG")
|
||||
block, err := aes.NewCipher(key)
|
||||
block, err = aes.NewCipher(key)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// If the key is unique for each ciphertext, then it's ok to use a zero
|
||||
// IV.
|
||||
var iv [aes.BlockSize]byte
|
||||
stream := cipher.NewOFB(block, iv[:])
|
||||
|
||||
ret = &cipher.StreamReader{S: stream, R: inFile}
|
||||
// Copy the input file to the output file, decrypting as we go.
|
||||
if _, err := io.Copy(outFile, reader); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
ret = &cipher.StreamReader{S: stream, R: r}
|
||||
|
||||
// Note that this example is simplistic in that it omits any
|
||||
// authentication of the encrypted data. If you were actually to use
|
||||
// StreamReader in this manner, an attacker could flip arbitrary bits in
|
||||
// the output.
|
||||
return
|
||||
}
|
||||
|
||||
func (hd Conn) getWriteStream(keymat *big.Int, flags uint32, w io.Writer) (ret io.Writer) {
|
||||
var key []byte
|
||||
var block cipher.Block
|
||||
var err error
|
||||
|
||||
// 256 algs should be enough for everybody.(tm)
|
||||
cipherAlg := (flags & 8)
|
||||
//TODO: flags for HMAC from keymat
|
||||
switch cipherAlg {
|
||||
case C_AES_256:
|
||||
key = keymat.Bytes()[0:aes.BlockSize]
|
||||
block, err = aes.NewCipher(key)
|
||||
break
|
||||
default:
|
||||
fmt.Println("DOOFUS SET A VALID CIPHER ALG")
|
||||
block, err = aes.NewCipher(key)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// If the key is unique for each ciphertext, then it's ok to use a zero
|
||||
// IV.
|
||||
var iv [aes.BlockSize]byte
|
||||
stream := cipher.NewOFB(block, iv[:])
|
||||
|
||||
ret = &cipher.StreamWriter{S: stream, W: w}
|
||||
|
||||
// Note that this example is simplistic in that it omits any
|
||||
// authentication of the encrypted data. If you were actually to use
|
||||
36
hkexnet.go
36
hkexnet.go
|
|
@ -1,20 +1,26 @@
|
|||
/* -*- go -*-
|
||||
* $RCSfile$ $Revision$ : $Date$ : $Author$
|
||||
*
|
||||
* Description
|
||||
*
|
||||
* Notes
|
||||
*
|
||||
**************
|
||||
*
|
||||
* Copyright (c) 2018 Russtopia Labs. All Rights Reserved.
|
||||
*
|
||||
* This document may not, in whole or in part, be copied, photocopied,
|
||||
* reproduced, translated, or reduced to any electronic medium or machine
|
||||
* readable form without prior written consent from Russtopia Labs.
|
||||
*/
|
||||
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
|
||||
Copyright (C) 2017 Omar Alejandro Herrera Reyna
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
golang implementation by Russ Magee (rmagee_at_gmail.com) */
|
||||
package herradurakex
|
||||
|
||||
// Implementation of HKEx-wrapped versions of the golang standard
|
||||
// net package interfaces, allowing clients and servers to simply replace
|
||||
// 'net.Dial', 'net.Listen' etc. with 'hkex.Dial', 'hkex.Listen' and so
|
||||
// forth.
|
||||
import (
|
||||
"fmt"
|
||||
"math/big"
|
||||
|
|
|
|||
Loading…
Reference in New Issue