mirror of https://gogs.blitter.com/RLabs/xs
Merge branch 'kex-spurious-failures'
This commit is contained in:
Russ Magee
commit
a6950408f2
|
|
@ -29,6 +29,27 @@ import (
|
||||||
_ "crypto/sha512"
|
_ "crypto/sha512"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Expand keymat, if necessary, to a minimum of 2x(blocksize).
|
||||||
|
// Keymat is used for initial key and the IV, hence the 2x.
|
||||||
|
// This is occasionally necessary for smaller modes of KEX algorithms
|
||||||
|
// (eg., KEX_HERRADURA256); perhaps an indication these should be
|
||||||
|
// avoided in favour of larger modes.
|
||||||
|
func expandKeyMat(keymat []byte, blocksize int) []byte {
|
||||||
|
if len(keymat) < 2*blocksize {
|
||||||
|
halg := crypto.SHA256
|
||||||
|
mc := halg.New()
|
||||||
|
if !halg.Available() {
|
||||||
|
log.Fatal("hash not available!")
|
||||||
|
}
|
||||||
|
_, _ = mc.Write(keymat)
|
||||||
|
var xpand []byte
|
||||||
|
xpand = mc.Sum(xpand)
|
||||||
|
keymat = append(keymat, xpand...)
|
||||||
|
log.Println("[NOTE: keymat short - applying key expansion using SHA256]")
|
||||||
|
}
|
||||||
|
return keymat
|
||||||
|
}
|
||||||
|
|
||||||
/* Support functionality to set up encryption after a channel has
|
/* Support functionality to set up encryption after a channel has
|
||||||
been negotiated via hkexnet.go
|
been negotiated via hkexnet.go
|
||||||
*/
|
*/
|
||||||
|
|
@ -43,6 +64,7 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
|
||||||
// is >= 2*cipher.BlockSize (enough for both key and iv)
|
// is >= 2*cipher.BlockSize (enough for both key and iv)
|
||||||
switch copts {
|
switch copts {
|
||||||
case CAlgAES256:
|
case CAlgAES256:
|
||||||
|
keymat = expandKeyMat(keymat, aes.BlockSize)
|
||||||
key = keymat[0:aes.BlockSize]
|
key = keymat[0:aes.BlockSize]
|
||||||
block, err = aes.NewCipher(key)
|
block, err = aes.NewCipher(key)
|
||||||
ivlen = aes.BlockSize
|
ivlen = aes.BlockSize
|
||||||
|
|
@ -51,6 +73,7 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
|
||||||
log.Printf("[cipher AES_256 (%d)]\n", copts)
|
log.Printf("[cipher AES_256 (%d)]\n", copts)
|
||||||
break
|
break
|
||||||
case CAlgTwofish128:
|
case CAlgTwofish128:
|
||||||
|
keymat = expandKeyMat(keymat, twofish.BlockSize)
|
||||||
key = keymat[0:twofish.BlockSize]
|
key = keymat[0:twofish.BlockSize]
|
||||||
block, err = twofish.NewCipher(key)
|
block, err = twofish.NewCipher(key)
|
||||||
ivlen = twofish.BlockSize
|
ivlen = twofish.BlockSize
|
||||||
|
|
@ -59,6 +82,7 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
|
||||||
log.Printf("[cipher TWOFISH_128 (%d)]\n", copts)
|
log.Printf("[cipher TWOFISH_128 (%d)]\n", copts)
|
||||||
break
|
break
|
||||||
case CAlgBlowfish64:
|
case CAlgBlowfish64:
|
||||||
|
keymat = expandKeyMat(keymat, blowfish.BlockSize)
|
||||||
key = keymat[0:blowfish.BlockSize]
|
key = keymat[0:blowfish.BlockSize]
|
||||||
block, err = blowfish.NewCipher(key)
|
block, err = blowfish.NewCipher(key)
|
||||||
ivlen = blowfish.BlockSize
|
ivlen = blowfish.BlockSize
|
||||||
|
|
|
||||||
|
|
@ -277,26 +277,26 @@ func KyberDialSetup(c net.Conn, hc *Conn) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Alice, step 2: Send the public key to Bob
|
// Alice, step 2: Send the public key to Bob
|
||||||
fmt.Fprintf(c, "0x%x\n%08x:%08x\n", alicePublicKey.Bytes(),
|
fmt.Fprintf(c, "0x%x\n0x%x:0x%x\n", alicePublicKey.Bytes(),
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
// [Bob, step 1-3], from which we read cipher text
|
// [Bob, step 1-3], from which we read cipher text
|
||||||
b := big.NewInt(0)
|
cipherB := make([]byte, 4096)
|
||||||
_, err = fmt.Fscanln(c, b)
|
fmt.Fscanf(c, "0x%x\n", &cipherB)
|
||||||
if err != nil {
|
//if err != nil {
|
||||||
return err
|
// return err
|
||||||
}
|
//}
|
||||||
log.Printf("[Got server ciphertext:0x%x]\n", b.Bytes())
|
log.Printf("[Got server ciphertext[]:%v]\n", cipherB)
|
||||||
|
|
||||||
// Read cipheropts, session opts
|
// Read cipheropts, session opts
|
||||||
_, err = fmt.Fscanf(c, "%08x:%08x\n",
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||||
&hc.cipheropts, &hc.opts)
|
&hc.cipheropts, &hc.opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Alice, step 3: Decrypt the KEM cipher text.
|
// Alice, step 3: Decrypt the KEM cipher text.
|
||||||
aliceSharedSecret := alicePrivateKey.KEMDecrypt(b.Bytes())
|
aliceSharedSecret := alicePrivateKey.KEMDecrypt(cipherB)
|
||||||
|
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||||
|
|
@ -321,16 +321,16 @@ func HKExDialSetup(c net.Conn, hc *Conn) (err error) {
|
||||||
|
|
||||||
// Send hkexnet.Conn parameters to remote side
|
// Send hkexnet.Conn parameters to remote side
|
||||||
// d is value for Herradura key exchange
|
// d is value for Herradura key exchange
|
||||||
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", h.D().Text(16),
|
fmt.Fprintf(c, "0x%s\n0x%x:0x%x\n", h.D().Text(16),
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
|
// Read peer D over net.Conn (c)
|
||||||
d := big.NewInt(0)
|
d := big.NewInt(0)
|
||||||
_, err = fmt.Fscanln(c, d)
|
_, err = fmt.Fscanln(c, d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// Read peer D over net.Conn (c)
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||||
_, err = fmt.Fscanf(c, "%08x:%08x\n",
|
|
||||||
&hc.cipheropts, &hc.opts)
|
&hc.cipheropts, &hc.opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -355,7 +355,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
_, err = fmt.Fscanf(*c, "%08x:%08x\n",
|
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
|
||||||
&hc.cipheropts, &hc.opts)
|
&hc.cipheropts, &hc.opts)
|
||||||
log.Printf("[Got cipheropts, opts:%v, %v]", hc.cipheropts, hc.opts)
|
log.Printf("[Got cipheropts, opts:%v, %v]", hc.cipheropts, hc.opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -385,8 +385,9 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Bob, step 3: Send the cipher text to Alice (Not shown).
|
// Bob, step 3: Send the cipher text to Alice.
|
||||||
fmt.Fprintf(*c, "0x%x\n%08x:%08x\n", cipherText,
|
//fmt.Println("cipherText:",cipherText)
|
||||||
|
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||||
|
|
@ -418,7 +419,7 @@ func HKExAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
_, err = fmt.Fscanf(*c, "%08x:%08x\n",
|
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
|
||||||
&hc.cipheropts, &hc.opts)
|
&hc.cipheropts, &hc.opts)
|
||||||
log.Printf("[Got cipheropts, opts:%v, %v]", hc.cipheropts, hc.opts)
|
log.Printf("[Got cipheropts, opts:%v, %v]", hc.cipheropts, hc.opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -431,7 +432,7 @@ func HKExAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
log.Printf("**(s)** FA:%s\n", h.FA())
|
log.Printf("**(s)** FA:%s\n", h.FA())
|
||||||
|
|
||||||
// Send D and cipheropts/conn_opts to peer
|
// Send D and cipheropts/conn_opts to peer
|
||||||
fmt.Fprintf(*c, "0x%s\n%08x:%08x\n", h.D().Text(16),
|
fmt.Fprintf(*c, "0x%s\n0x%x:0x%x\n", h.D().Text(16),
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
hc.r, hc.rm, err = hc.getStream(h.FA().Bytes())
|
hc.r, hc.rm, err = hc.getStream(h.FA().Bytes())
|
||||||
|
|
@ -490,7 +491,7 @@ func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err er
|
||||||
return Conn{}, nil
|
return Conn{}, nil
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
return Conn{}, nil
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -628,7 +629,7 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
|
||||||
case KEX_HERRADURA2048:
|
case KEX_HERRADURA2048:
|
||||||
log.Printf("[Setting up for KEX_HERRADURA %d]\n", hc.kex)
|
log.Printf("[Setting up for KEX_HERRADURA %d]\n", hc.kex)
|
||||||
if HKExAcceptSetup(&c, &hc) != nil {
|
if HKExAcceptSetup(&c, &hc) != nil {
|
||||||
return Conn{}, nil
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
case KEX_KYBER512:
|
case KEX_KYBER512:
|
||||||
fallthrough
|
fallthrough
|
||||||
|
|
@ -637,10 +638,10 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
|
||||||
case KEX_KYBER1024:
|
case KEX_KYBER1024:
|
||||||
log.Printf("[Setting up for KEX_KYBER %d]\n", hc.kex)
|
log.Printf("[Setting up for KEX_KYBER %d]\n", hc.kex)
|
||||||
if KyberAcceptSetup(&c, &hc) != nil {
|
if KyberAcceptSetup(&c, &hc) != nil {
|
||||||
return Conn{}, nil
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
return Conn{}, nil
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
log.Println("[hc.Accept successful]")
|
log.Println("[hc.Accept successful]")
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -484,7 +484,7 @@ func main() {
|
||||||
idx := strings.Index(string(ab), remoteHost)
|
idx := strings.Index(string(ab), remoteHost)
|
||||||
//fmt.Printf("auth entry idx:%d\n", idx)
|
//fmt.Printf("auth entry idx:%d\n", idx)
|
||||||
if idx >= 0 {
|
if idx >= 0 {
|
||||||
fmt.Fprintln(os.Stderr, "[authtoken]")
|
//fmt.Fprintln(os.Stderr, "[authtoken]")
|
||||||
ab = ab[idx:]
|
ab = ab[idx:]
|
||||||
entries := strings.SplitN(string(ab), "\n", -1)
|
entries := strings.SplitN(string(ab), "\n", -1)
|
||||||
//if len(entries) > 0 {
|
//if len(entries) > 0 {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue