mirror of https://gogs.blitter.com/RLabs/xs
Fixed FrodoKEM neg bug (sending cipheropts,opts order)
Also tweaked pad size random to use full range; removed some junk logging
This commit is contained in:
parent
3193ede825
commit
c23edc6874
6
Makefile
6
Makefile
|
@ -42,7 +42,7 @@ endif
|
|||
|
||||
INSTPREFIX = /usr/local
|
||||
|
||||
all: common client server
|
||||
all: common client server #seccheck
|
||||
|
||||
clean:
|
||||
@echo "Make: $(MAKE)"
|
||||
|
@ -78,6 +78,10 @@ else
|
|||
$(MAKE) BUILDOPTS=$(BUILDOPTS) -C xsd
|
||||
endif
|
||||
|
||||
#seccheck:
|
||||
# grep -r "logPlainText.*true" .
|
||||
# if [ $$? -eq 0 ]; then echo "WARNING plaintext debug is enabled"; exit 1; fi
|
||||
|
||||
vis:
|
||||
@which go-callvis >/dev/null 2>&1; \
|
||||
stat=$$?; if [ $$stat -ne "0" ]; then \
|
||||
|
|
3
go.mod
3
go.mod
|
@ -10,9 +10,9 @@ require (
|
|||
blitter.com/go/mtwist v1.0.1 // indirect
|
||||
blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae
|
||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
|
||||
github.com/creack/pty v1.1.11
|
||||
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
|
||||
github.com/klauspost/reedsolomon v1.9.9 // indirect
|
||||
github.com/kr/pty v1.1.8
|
||||
github.com/kuking/go-frodokem v1.0.1
|
||||
github.com/mattn/go-isatty v0.0.12
|
||||
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect
|
||||
|
@ -21,6 +21,7 @@ require (
|
|||
github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect
|
||||
github.com/tjfoc/gmsm v1.3.1 // indirect
|
||||
github.com/xtaci/kcp-go v5.4.20+incompatible
|
||||
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 // indirect
|
||||
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
|
||||
golang.org/x/sys v0.0.0-20200523222454-059865788121
|
||||
gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect
|
||||
|
|
30
go.sum
30
go.sum
|
@ -2,10 +2,6 @@ blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7e
|
|||
blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo=
|
||||
blitter.com/go/cryptmt v1.0.2 h1:ZcLhQk7onUssXyQwG3GdXDXctCVnNL+b7aFuvwOdKXc=
|
||||
blitter.com/go/cryptmt v1.0.2/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84=
|
||||
blitter.com/go/goutmp v1.0.3 h1:4VPU9COXG36W5454pcV65FieVaaw64mdhvjuTVOuWTM=
|
||||
blitter.com/go/goutmp v1.0.3/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
|
||||
blitter.com/go/goutmp v1.0.4 h1:19Y4xgvdEbGESS0vuyWlPyZgjYNYxHkDfmbObKU5J6A=
|
||||
blitter.com/go/goutmp v1.0.4/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
|
||||
blitter.com/go/goutmp v1.0.5 h1:isP6bxSs1O06Oy7wB8u4y5SgLr22txfjg/gjG4qn0Og=
|
||||
blitter.com/go/goutmp v1.0.5/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
|
||||
blitter.com/go/herradurakex v1.0.0 h1:6XaxY+JLT1HUWPF0gYJnjX3pVjrw4YhYZEzZ1U0wkyc=
|
||||
|
@ -18,21 +14,16 @@ blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMT
|
|||
blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0=
|
||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
|
||||
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
|
||||
github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
|
||||
github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f h1:UWGE8Vi+1Agt0lrvnd7UsmvwqWKRzb9byK9iQmsbY0Y=
|
||||
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f/go.mod h1:u+9Snq0w+ZdYKi8BBoaxnEwWu0fY4Kvu9ByFpM51t1s=
|
||||
github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs=
|
||||
github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
github.com/klauspost/cpuid v1.2.4 h1:EBfaK0SWSwk+fgk6efYFWdzl8MwRWoOO1gkmiaTXPW4=
|
||||
github.com/klauspost/cpuid v1.2.4/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
github.com/klauspost/reedsolomon v1.9.4 h1:FB9jDBGqUNyhUg4Gszz384ulFqVSc61Pdap+HRPgnSo=
|
||||
github.com/klauspost/reedsolomon v1.9.4/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
|
||||
github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2GHND54=
|
||||
github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo=
|
||||
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
|
||||
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
|
||||
github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o=
|
||||
github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI=
|
||||
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
|
||||
|
@ -41,21 +32,23 @@ github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0s
|
|||
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061/go.mod h1:wqKykBG2QzQDJEzvRkcS8x6MiSJkF52hXZsXcjaB3ls=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 h1:89CEmDvlq/F7SJEOqkIdNDGJXrQIhuIx9D2DBXjavSU=
|
||||
github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161/go.mod h1:wM7WEvslTq+iOEAMDLSzhVuOt5BRZ05WirO+b09GHQU=
|
||||
github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b h1:fj5tQ8acgNUr6O8LEplsxDhUIe2573iLkJc+PqnzZTI=
|
||||
github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4=
|
||||
github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA=
|
||||
github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
|
||||
github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
|
||||
github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
|
||||
github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4=
|
||||
github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
|
||||
github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ=
|
||||
github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg=
|
||||
github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE=
|
||||
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
|
||||
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
|
||||
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
golang.org/x/arch v0.0.0-20190909030613-46d78d1859ac/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
|
@ -63,10 +56,9 @@ golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8U
|
|||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
|
||||
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=
|
||||
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
|
||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
|
@ -79,8 +71,6 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
|
|||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
|
||||
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o=
|
||||
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
|
@ -91,6 +81,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
|
|||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/hlandau/easymetric.v1 v1.0.0 h1:ZbfbH7W3giuVDjWUoFhDOjjv20hiPr5HZ2yMV5f9IeE=
|
||||
gopkg.in/hlandau/easymetric.v1 v1.0.0/go.mod h1:yh75hypuFzAxmvECh3ZKGCvFnIfapYJh2wv7ASaX2RE=
|
||||
|
@ -98,5 +89,6 @@ gopkg.in/hlandau/measurable.v1 v1.0.1 h1:wH5UZKCRUnRr1iD+xIZfwhtxhmr+bprRJttqA1R
|
|||
gopkg.in/hlandau/measurable.v1 v1.0.1/go.mod h1:6N+SYJGMTmetsx7wskULP+juuO+++tsHJkAgzvzsbuM=
|
||||
gopkg.in/hlandau/passlib.v1 v1.0.10 h1:q5xh9ZHp907XTjVw8/EqG03//fnlITnIYQmv4Gn7TpE=
|
||||
gopkg.in/hlandau/passlib.v1 v1.0.10/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
|
||||
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
|
||||
|
|
|
@ -33,7 +33,7 @@ import (
|
|||
xs "blitter.com/go/xs"
|
||||
"blitter.com/go/xs/logger"
|
||||
"blitter.com/go/xs/xsnet"
|
||||
"github.com/kr/pty"
|
||||
"github.com/creack/pty"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -82,7 +82,7 @@ func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string,
|
|||
os.Clearenv()
|
||||
os.Setenv("HOME", u.HomeDir) // nolint: gosec,errcheck
|
||||
os.Setenv("TERM", ttype) // nolint: gosec,errcheck
|
||||
os.Setenv("HKEXSH", "1") // nolint: gosec,errcheck
|
||||
os.Setenv("XS_SESSION", "1") // nolint: gosec,errcheck
|
||||
|
||||
var c *exec.Cmd
|
||||
cmdName := xs.GetTool("tar")
|
||||
|
@ -187,7 +187,7 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string
|
|||
os.Clearenv()
|
||||
_ = os.Setenv("HOME", u.HomeDir) // nolint: gosec
|
||||
_ = os.Setenv("TERM", ttype) // nolint: gosec
|
||||
_ = os.Setenv("HKEXSH", "1") // nolint: gosec
|
||||
_ = os.Setenv("XS_SESSION", "1") // nolint: gosec
|
||||
|
||||
var c *exec.Cmd
|
||||
cmdName := xs.GetTool("tar")
|
||||
|
@ -278,7 +278,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
|||
os.Clearenv()
|
||||
_ = os.Setenv("HOME", u.HomeDir) // nolint: gosec
|
||||
_ = os.Setenv("TERM", ttype) // nolint: gosec
|
||||
_ = os.Setenv("HKEXSH", "1") // nolint: gosec
|
||||
_ = os.Setenv("XS_SESSION", "1") // nolint: gosec
|
||||
|
||||
var c *exec.Cmd
|
||||
if interactive {
|
||||
|
|
|
@ -110,7 +110,7 @@ func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err er
|
|||
key = keymat[0:chacha.KeySize]
|
||||
ivlen = chacha.INonceSize
|
||||
iv = keymat[chacha.KeySize : chacha.KeySize+ivlen]
|
||||
rc, err = chacha.NewCipher(iv, key, 20)
|
||||
rc, err = chacha.NewCipher(iv, key, chacha.INonceSize)
|
||||
if err != nil {
|
||||
log.Printf("[ChaCha20 config error]\n")
|
||||
fmt.Printf("[ChaCha20 config error]\n")
|
||||
|
|
|
@ -98,7 +98,7 @@ const (
|
|||
type CSOType uint32
|
||||
|
||||
//TODO: this should be small (max unfragmented packet size?)
|
||||
const MAX_PAYLOAD_LEN = 4*1024*1024*1024 - 1
|
||||
const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1
|
||||
|
||||
// Session symmetric crypto algs
|
||||
const (
|
||||
|
|
91
xsnet/net.go
91
xsnet/net.go
|
@ -49,7 +49,7 @@ import (
|
|||
|
||||
/*---------------------------------------------------------------------*/
|
||||
const PAD_SZ = 32 // max size of padding applied to each packet
|
||||
const HMAC_CHK_SZ = 4 // leading bytes of HMAC to xmit for verification
|
||||
const HMAC_CHK_SZ = 8 // leading bytes of HMAC to xmit for verification
|
||||
|
||||
type (
|
||||
WinSize struct {
|
||||
|
@ -426,21 +426,25 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
|||
kem = frodo.Frodo976SHAKE()
|
||||
}
|
||||
pubA, secA := kem.Keygen() // pA
|
||||
//log.Printf("[pubKeyAlice: %v]\n", pubA)
|
||||
|
||||
// Alice, step 2: Send the public key (na,ea) to Bob
|
||||
fmt.Fprintf(c, "0x%x\n", pubA)
|
||||
n, err := fmt.Fprintf(c, "0x%x\n", pubA)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if n < len(pubA) {
|
||||
panic(errors.New("incomplete Fprintf() of pubA"))
|
||||
}
|
||||
|
||||
// (... and cipher, connection opts)
|
||||
// (... and send cipher, connection opts)
|
||||
fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
|
||||
|
||||
// [Bob does the same and sends use a public key (nb, eb)
|
||||
pubB_bigint := big.NewInt(0)
|
||||
_, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint)
|
||||
pubB := pubB_bigint.Bytes()
|
||||
//log.Printf("[Got pubKeyBob[]:%v]\n", pubB)
|
||||
|
||||
// (... and cipher, connection opts)
|
||||
// (... and sends us cipher, connection opts)
|
||||
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||
&hc.cipheropts, &hc.opts)
|
||||
if err != nil {
|
||||
|
@ -460,12 +464,10 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
|||
ctBtoA_bigint := big.NewInt(0)
|
||||
_, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint)
|
||||
ctBtoA := ctBtoA_bigint.Bytes()
|
||||
log.Printf("[Got ctBob[]:%v]\n", ctBtoA)
|
||||
|
||||
// Alice, step 6: compute Bob's share
|
||||
shareB, err := kem.Dencapsulate(secA, ctBtoA)
|
||||
sessionKey := append(shareA, shareB...)
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
|
||||
|
||||
hc.r, hc.rm, err = hc.getStream(sessionKey)
|
||||
hc.w, hc.wm, err = hc.getStream(sessionKey)
|
||||
|
@ -521,7 +523,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
|||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||
|
||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
||||
return
|
||||
|
@ -565,7 +567,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
|||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||
|
||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
||||
return
|
||||
|
@ -616,7 +618,6 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
|
|||
// Alice, step 3: Decrypt the KEM cipher text.
|
||||
aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB)
|
||||
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
||||
return
|
||||
|
@ -680,27 +681,32 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
|||
kem = frodo.Frodo976SHAKE()
|
||||
}
|
||||
pubB, secB := kem.Keygen()
|
||||
//log.Printf("[pubKeyBob: %v]\n", pubB)
|
||||
|
||||
// Bob, step 2: Send the public key (nb,eb) to Alice
|
||||
fmt.Fprintf(*c, "0x%x\n", pubB)
|
||||
|
||||
// (... and cipher, connection opts)
|
||||
fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
|
||||
|
||||
// [Alice does the same and sends use a public key (na, ea)
|
||||
|
||||
// [Alice sends use a public key (na, ea)
|
||||
pubA_bigint := big.NewInt(0)
|
||||
_, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint)
|
||||
pubA := pubA_bigint.Bytes()
|
||||
//log.Printf("[Got pubKeyAlice[]:%v]\n", pubA)
|
||||
|
||||
// (... and cipher, connection opts)
|
||||
// (... and sends us cipher, connection opts)
|
||||
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
|
||||
&hc.cipheropts, &hc.opts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Bob, step 2: Send the public key (nb,eb) to Alice
|
||||
n, err := fmt.Fprintf(*c, "0x%x\n", pubB)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if n < len(pubB) {
|
||||
panic(errors.New("incomplete Fprintf() of pubB"))
|
||||
}
|
||||
|
||||
// (... and send cipher, connection opts)
|
||||
fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
|
||||
|
||||
// Bob, step 3: Create ctBtoA, shareB
|
||||
ctBtoA, shareB, err := kem.Encapsulate(pubA)
|
||||
if err != nil {
|
||||
|
@ -714,12 +720,10 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
|||
ctAtoB_bigint := big.NewInt(0)
|
||||
_, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint)
|
||||
ctAtoB := ctAtoB_bigint.Bytes()
|
||||
log.Printf("[Got ctAlice[]:%v]\n", ctAtoB)
|
||||
|
||||
// Alice, step 6: compute Bob's share
|
||||
shareA, err := kem.Dencapsulate(secB, ctAtoB)
|
||||
sessionKey := append(shareA, shareB...)
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
|
||||
|
||||
hc.r, hc.rm, err = hc.getStream(sessionKey)
|
||||
hc.w, hc.wm, err = hc.getStream(sessionKey)
|
||||
|
@ -759,7 +763,6 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
|||
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
|
||||
hc.cipheropts, hc.opts)
|
||||
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
||||
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
||||
return
|
||||
|
@ -798,7 +801,6 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
|||
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
|
||||
hc.cipheropts, hc.opts)
|
||||
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
||||
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
||||
return
|
||||
|
@ -847,7 +849,6 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
|||
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
|
||||
hc.cipheropts, hc.opts)
|
||||
|
||||
//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
||||
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
||||
return
|
||||
|
@ -1287,6 +1288,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
|||
if hc.logCipherText {
|
||||
log.Printf(" <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
|
||||
}
|
||||
//fmt.Printf(" <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
|
||||
|
||||
hc.rm.Write(payloadBytes) // Calc hmac on received data
|
||||
hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
|
||||
|
@ -1306,8 +1308,9 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
|||
// The caller isn't necessarily reading the full payload so we need
|
||||
// to decrypt to an intermediate buffer, draining it on demand of caller
|
||||
decryptN, err := rs.Read(payloadBytes)
|
||||
|
||||
if hc.logPlainText {
|
||||
log.Printf(" <-ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
|
||||
log.Printf(" <:ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
|
||||
}
|
||||
if err != nil {
|
||||
log.Println("xsnet.Read():", err)
|
||||
|
@ -1324,9 +1327,6 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
|||
payloadBytes = payloadBytes[0 : len(payloadBytes)-int(padLen)]
|
||||
}
|
||||
|
||||
//fmt.Printf("padSide:%d padLen:%d payloadBytes:%s\n",
|
||||
// padSide, padLen, hex.Dump(payloadBytes))
|
||||
|
||||
// Throw away pkt if it's chaff (ie., caller to Read() won't see this data)
|
||||
if ctrlStatOp == CSOChaff {
|
||||
log.Printf("[Chaff pkt, discarded (len %d)]\n", decryptN)
|
||||
|
@ -1435,6 +1435,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
|||
}
|
||||
|
||||
log.Printf("Read() got %d bytes\n", retN)
|
||||
|
||||
copy(b, hc.dBuf.Next(retN))
|
||||
return retN, nil
|
||||
}
|
||||
|
@ -1443,9 +1444,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
|||
//
|
||||
// See go doc io.Writer
|
||||
func (hc Conn) Write(b []byte) (n int, err error) {
|
||||
//fmt.Printf("WRITE(%d)\n", len(b))
|
||||
n, err = hc.WritePacket(b, CSONone)
|
||||
//fmt.Printf("WROTE(%d)\n", n)
|
||||
return n, err
|
||||
}
|
||||
|
||||
|
@ -1460,27 +1459,23 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
|
|||
}
|
||||
|
||||
//Padding prior to encryption
|
||||
padSz := (rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2)
|
||||
padSz := rand.Intn(PAD_SZ-1) + 1 /*(rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2)*/
|
||||
padLen := padSz - ((len(b) + padSz) % padSz)
|
||||
if padLen == padSz {
|
||||
// No padding required
|
||||
padLen = 0
|
||||
}
|
||||
|
||||
padBytes := make([]byte, padLen)
|
||||
rand.Read(padBytes)
|
||||
// For a little more confusion let's support padding either before
|
||||
// or after the payload.
|
||||
padSide := rand.Intn(2)
|
||||
//fmt.Printf("--\n")
|
||||
//fmt.Printf("PRE_PADDING:%s\r\n", hex.Dump(b))
|
||||
//fmt.Printf("padSide:%d padLen:%d\r\n", padSide, padLen)
|
||||
if padSide == 0 {
|
||||
b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(padBytes, b...)...)...)
|
||||
} else {
|
||||
b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(b, padBytes...)...)...)
|
||||
}
|
||||
//fmt.Printf("POST_PADDING:%s\r\n", hex.Dump(b))
|
||||
//fmt.Printf("--\r\n")
|
||||
|
||||
// N.B. Originally this Lock() surrounded only the
|
||||
// calls to binary.Write(hc.c ..) however there appears
|
||||
|
@ -1492,9 +1487,8 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
|
|||
// could be tightened.
|
||||
hc.Lock()
|
||||
payloadLen = uint32(len(b))
|
||||
//!fmt.Printf(" --== payloadLen:%d\n", payloadLen)
|
||||
if hc.logPlainText {
|
||||
log.Printf(" :>ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen]))
|
||||
log.Printf(" >:ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen]))
|
||||
}
|
||||
|
||||
// NOTE releases prior to v0.9 used Authenticate-then-Encrypt,
|
||||
|
@ -1514,14 +1508,19 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
|
|||
// The StreamWriter acts like a pipe, forwarding whatever is
|
||||
// written to it through the cipher, encrypting as it goes
|
||||
ws := &cipher.StreamWriter{S: hc.w, W: &wb}
|
||||
_, err = ws.Write(b[0:payloadLen])
|
||||
wN, err := ws.Write(b[0:payloadLen])
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if hc.logCipherText {
|
||||
log.Printf(" ->ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
|
||||
if wN < int(payloadLen) {
|
||||
panic("truncated Write to cipher *****")
|
||||
}
|
||||
|
||||
if hc.logCipherText {
|
||||
log.Printf(" >:ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
|
||||
}
|
||||
//fmt.Printf(" >:ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
|
||||
|
||||
// Calculate hmac on cipher payload
|
||||
hc.wm.Write(wb.Bytes())
|
||||
hmacOut = hc.wm.Sum(nil)[0:HMAC_CHK_SZ] //finalize
|
||||
|
@ -1552,7 +1551,11 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
|
|||
|
||||
// We must 'lie' to caller indicating the length of THEIR
|
||||
// data written (ie., not including the padding and padding headers)
|
||||
return n - 2 - int(padLen), err
|
||||
retN := n - 2 - int(padLen)
|
||||
if retN <= 0 {
|
||||
retN = 0
|
||||
}
|
||||
return retN, err
|
||||
}
|
||||
|
||||
func (hc *Conn) EnableChaff() {
|
||||
|
|
Loading…
Reference in New Issue