diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/box.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/box.go index 6cdad07..cf07a9a 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/box.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/box.go @@ -7,89 +7,89 @@ package nacl import "C" import ( - "errors" + "errors" ) // encrypts a message to a user given their public key is known // returns an encrypted box func CryptoBox(msg, nounce, pk, sk []byte) ([]byte, error) { - msgbuff := NewBuffer(msg) - defer msgbuff.Free() + msgbuff := NewBuffer(msg) + defer msgbuff.Free() - // check sizes - if len(pk) != int(C.crypto_box_publickeybytes()) { - err := errors.New("len(pk) != crypto_box_publickey_bytes") - return nil, err - } - if len(sk) != int(C.crypto_box_secretkeybytes()) { - err := errors.New("len(sk) != crypto_box_secretkey_bytes") - return nil, err - } - if len(nounce) != int(C.crypto_box_macbytes()) { - err := errors.New ("len(nounce) != crypto_box_macbytes()") - return nil, err - } - - pkbuff := NewBuffer(pk) - defer pkbuff.Free() - skbuff := NewBuffer(sk) - defer skbuff.Free() - nouncebuff := NewBuffer(nounce) - defer nouncebuff.Free() - - resultbuff := malloc(msgbuff.size + nouncebuff.size) - defer resultbuff.Free() - res := C.crypto_box_easy(resultbuff.uchar(), msgbuff.uchar(), C.ulonglong(msgbuff.size), nouncebuff.uchar(), pkbuff.uchar(), skbuff.uchar()) - if res != 0 { - err := errors.New("crypto_box_easy failed") - return nil, err - } - return resultbuff.Bytes(), nil + // check sizes + if len(pk) != int(C.crypto_box_publickeybytes()) { + err := errors.New("len(pk) != crypto_box_publickey_bytes") + return nil, err + } + if len(sk) != int(C.crypto_box_secretkeybytes()) { + err := errors.New("len(sk) != crypto_box_secretkey_bytes") + return nil, err + } + if len(nounce) != int(C.crypto_box_macbytes()) { + err := errors.New("len(nounce) != crypto_box_macbytes()") + return nil, err + } + + pkbuff := NewBuffer(pk) + defer pkbuff.Free() + skbuff := NewBuffer(sk) + defer skbuff.Free() + nouncebuff := NewBuffer(nounce) + defer nouncebuff.Free() + + resultbuff := malloc(msgbuff.size + nouncebuff.size) + defer resultbuff.Free() + res := C.crypto_box_easy(resultbuff.uchar(), msgbuff.uchar(), C.ulonglong(msgbuff.size), nouncebuff.uchar(), pkbuff.uchar(), skbuff.uchar()) + if res != 0 { + err := errors.New("crypto_box_easy failed") + return nil, err + } + return resultbuff.Bytes(), nil } // open an encrypted box func CryptoBoxOpen(box, nounce, sk, pk []byte) ([]byte, error) { - boxbuff := NewBuffer(box) - defer boxbuff.Free() + boxbuff := NewBuffer(box) + defer boxbuff.Free() - // check sizes - if len(pk) != int(C.crypto_box_publickeybytes()) { - err := errors.New("len(pk) != crypto_box_publickey_bytes") - return nil, err - } - if len(sk) != int(C.crypto_box_secretkeybytes()) { - err := errors.New("len(sk) != crypto_box_secretkey_bytes") - return nil, err - } - if len(nounce) != int(C.crypto_box_macbytes()) { - err := errors.New("len(nounce) != crypto_box_macbytes()") - return nil, err - } - - pkbuff := NewBuffer(pk) - defer pkbuff.Free() - skbuff := NewBuffer(sk) - defer skbuff.Free() - nouncebuff := NewBuffer(nounce) - defer nouncebuff.Free() - resultbuff := malloc(boxbuff.size - nouncebuff.size) - defer resultbuff.Free() - - // decrypt - res := C.crypto_box_open_easy(resultbuff.uchar(), boxbuff.uchar(), C.ulonglong(boxbuff.size), nouncebuff.uchar(), pkbuff.uchar(), skbuff.uchar()) - if res != 0 { - return nil, errors.New("crypto_box_open_easy failed") - } - // return result - return resultbuff.Bytes(), nil + // check sizes + if len(pk) != int(C.crypto_box_publickeybytes()) { + err := errors.New("len(pk) != crypto_box_publickey_bytes") + return nil, err + } + if len(sk) != int(C.crypto_box_secretkeybytes()) { + err := errors.New("len(sk) != crypto_box_secretkey_bytes") + return nil, err + } + if len(nounce) != int(C.crypto_box_macbytes()) { + err := errors.New("len(nounce) != crypto_box_macbytes()") + return nil, err + } + + pkbuff := NewBuffer(pk) + defer pkbuff.Free() + skbuff := NewBuffer(sk) + defer skbuff.Free() + nouncebuff := NewBuffer(nounce) + defer nouncebuff.Free() + resultbuff := malloc(boxbuff.size - nouncebuff.size) + defer resultbuff.Free() + + // decrypt + res := C.crypto_box_open_easy(resultbuff.uchar(), boxbuff.uchar(), C.ulonglong(boxbuff.size), nouncebuff.uchar(), pkbuff.uchar(), skbuff.uchar()) + if res != 0 { + return nil, errors.New("crypto_box_open_easy failed") + } + // return result + return resultbuff.Bytes(), nil } // generate a new nounce func NewBoxNounce() []byte { - return RandBytes(NounceLen()) + return RandBytes(NounceLen()) } // length of a nounce func NounceLen() int { - return int(C.crypto_box_macbytes()) + return int(C.crypto_box_macbytes()) } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/buffer.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/buffer.go index cf2d9e8..64b0a1c 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/buffer.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/buffer.go @@ -10,78 +10,77 @@ package nacl import "C" import ( - "encoding/hex" - "reflect" - "unsafe" + "encoding/hex" + "reflect" + "unsafe" ) // wrapper arround malloc/free type Buffer struct { - ptr unsafe.Pointer; - length C.int; - size C.size_t; - + ptr unsafe.Pointer + length C.int + size C.size_t } // wrapper arround nacl.malloc func Malloc(size int) *Buffer { - if size > 0 { - return malloc(C.size_t(size)) - } - return nil + if size > 0 { + return malloc(C.size_t(size)) + } + return nil } // does not check for negatives func malloc(size C.size_t) *Buffer { - ptr := C.malloc(size) - C.sodium_memzero(ptr, size) - buffer := &Buffer{ptr: ptr, size: size , length: C.int(size)} - return buffer + ptr := C.malloc(size) + C.sodium_memzero(ptr, size) + buffer := &Buffer{ptr: ptr, size: size, length: C.int(size)} + return buffer } // create a new buffer copying from a byteslice func NewBuffer(buff []byte) *Buffer { - buffer := Malloc(len(buff)) - if buffer == nil { - return nil - } - if copy(buffer.Data(), buff) != len(buff) { - return nil - } - return buffer + buffer := Malloc(len(buff)) + if buffer == nil { + return nil + } + if copy(buffer.Data(), buff) != len(buff) { + return nil + } + return buffer } func (self *Buffer) uchar() *C.uchar { - return C.deref_uchar(self.ptr) + return C.deref_uchar(self.ptr) } func (self *Buffer) Length() int { - return int(self.length) + return int(self.length) } // get immutable byte slice func (self *Buffer) Bytes() []byte { - buff := make([]byte, self.Length()) - copy(buff, self.Data()) - return buff + buff := make([]byte, self.Length()) + copy(buff, self.Data()) + return buff } // get underlying byte slice func (self *Buffer) Data() []byte { - hdr := reflect.SliceHeader{ - Data: uintptr(self.ptr), - Len: self.Length(), - Cap: self.Length(), - } - return *(*[]byte)(unsafe.Pointer(&hdr)) + hdr := reflect.SliceHeader{ + Data: uintptr(self.ptr), + Len: self.Length(), + Cap: self.Length(), + } + return *(*[]byte)(unsafe.Pointer(&hdr)) } func (self *Buffer) String() string { - return hex.EncodeToString(self.Data()) + return hex.EncodeToString(self.Data()) } // zero out memory and then free func (self *Buffer) Free() { - C.sodium_memzero(self.ptr, self.size) - C.free(self.ptr) + C.sodium_memzero(self.ptr, self.size) + C.free(self.ptr) } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/key.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/key.go index 1144d52..e9e964a 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/key.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/key.go @@ -7,174 +7,172 @@ package nacl import "C" import ( - "encoding/hex" - "errors" - "fmt" + "encoding/hex" + "errors" + "fmt" ) type KeyPair struct { - pk *Buffer - sk *Buffer + pk *Buffer + sk *Buffer } // free this keypair from memory func (self *KeyPair) Free() { - self.pk.Free() - self.sk.Free() + self.pk.Free() + self.sk.Free() } func (self *KeyPair) Secret() []byte { - return self.sk.Bytes() + return self.sk.Bytes() } func (self *KeyPair) Public() []byte { - return self.pk.Bytes() + return self.pk.Bytes() } func (self *KeyPair) Seed() []byte { - seed_len := C.crypto_sign_seedbytes() - return self.sk.Bytes()[:seed_len] + seed_len := C.crypto_sign_seedbytes() + return self.sk.Bytes()[:seed_len] } // generate a keypair func GenSignKeypair() *KeyPair { - sk_len := C.crypto_sign_secretkeybytes() - sk := malloc(sk_len) - pk_len := C.crypto_sign_publickeybytes() - pk := malloc(pk_len) - res := C.crypto_sign_keypair(pk.uchar(), sk.uchar()) - if res == 0 { - return &KeyPair{pk,sk} - } - pk.Free() - sk.Free() - return nil + sk_len := C.crypto_sign_secretkeybytes() + sk := malloc(sk_len) + pk_len := C.crypto_sign_publickeybytes() + pk := malloc(pk_len) + res := C.crypto_sign_keypair(pk.uchar(), sk.uchar()) + if res == 0 { + return &KeyPair{pk, sk} + } + pk.Free() + sk.Free() + return nil } // get public key from secret key func GetSignPubkey(sk []byte) ([]byte, error) { - sk_len := C.crypto_sign_secretkeybytes() - if C.size_t(len(sk)) != sk_len { - return nil, errors.New(fmt.Sprintf("nacl.GetSignPubkey() invalid secret key size %d != %d", len(sk), sk_len)) - } - - pk_len := C.crypto_sign_publickeybytes() - pkbuff := malloc(pk_len) - defer pkbuff.Free() + sk_len := C.crypto_sign_secretkeybytes() + if C.size_t(len(sk)) != sk_len { + return nil, errors.New(fmt.Sprintf("nacl.GetSignPubkey() invalid secret key size %d != %d", len(sk), sk_len)) + } - skbuff := NewBuffer(sk) - defer skbuff.Free() - //XXX: hack - res := C.crypto_sign_seed_keypair(pkbuff.uchar(), skbuff.uchar(), skbuff.uchar()) - - if res != 0 { - return nil, errors.New(fmt.Sprintf("nacl.GetSignPubkey() failed to get public key from secret key: %d", res)) - } - - return pkbuff.Bytes(), nil + pk_len := C.crypto_sign_publickeybytes() + pkbuff := malloc(pk_len) + defer pkbuff.Free() + + skbuff := NewBuffer(sk) + defer skbuff.Free() + //XXX: hack + res := C.crypto_sign_seed_keypair(pkbuff.uchar(), skbuff.uchar(), skbuff.uchar()) + + if res != 0 { + return nil, errors.New(fmt.Sprintf("nacl.GetSignPubkey() failed to get public key from secret key: %d", res)) + } + + return pkbuff.Bytes(), nil } // make keypair from seed func LoadSignKey(seed []byte) *KeyPair { - seed_len := C.crypto_sign_seedbytes() - if C.size_t(len(seed)) != seed_len { - return nil - } - seedbuff := NewBuffer(seed) - defer seedbuff.Free() - pk_len := C.crypto_sign_publickeybytes() - sk_len := C.crypto_sign_secretkeybytes() - pkbuff := malloc(pk_len) - skbuff := malloc(sk_len) - res := C.crypto_sign_seed_keypair(pkbuff.uchar(), skbuff.uchar(), seedbuff.uchar()) - if res != 0 { - pkbuff.Free() - skbuff.Free() - return nil - } - return &KeyPair{pkbuff, skbuff} + seed_len := C.crypto_sign_seedbytes() + if C.size_t(len(seed)) != seed_len { + panic(fmt.Sprintf("Bad seed length %d bytes", len(seed))) + } + seedbuff := NewBuffer(seed) + defer seedbuff.Free() + pk_len := C.crypto_sign_publickeybytes() + sk_len := C.crypto_sign_secretkeybytes() + pkbuff := malloc(pk_len) + skbuff := malloc(sk_len) + res := C.crypto_sign_seed_keypair(pkbuff.uchar(), skbuff.uchar(), seedbuff.uchar()) + if res != 0 { + pkbuff.Free() + skbuff.Free() + return nil + } + return &KeyPair{pkbuff, skbuff} } func GenBoxKeypair() *KeyPair { - sk_len := C.crypto_box_secretkeybytes() - sk := malloc(sk_len) - pk_len := C.crypto_box_publickeybytes() - pk := malloc(pk_len) - res := C.crypto_box_keypair(pk.uchar(), sk.uchar()) - if res == 0 { - return &KeyPair{pk,sk} - } - pk.Free() - sk.Free() - return nil + sk_len := C.crypto_box_secretkeybytes() + sk := malloc(sk_len) + pk_len := C.crypto_box_publickeybytes() + pk := malloc(pk_len) + res := C.crypto_box_keypair(pk.uchar(), sk.uchar()) + if res == 0 { + return &KeyPair{pk, sk} + } + pk.Free() + sk.Free() + return nil } - // get public key from secret key func GetBoxPubkey(sk []byte) []byte { - sk_len := C.crypto_box_seedbytes() - if C.size_t(len(sk)) != sk_len { - return nil - } - - pk_len := C.crypto_box_publickeybytes() - pkbuff := malloc(pk_len) - defer pkbuff.Free() + sk_len := C.crypto_box_seedbytes() + if C.size_t(len(sk)) != sk_len { + return nil + } - skbuff := NewBuffer(sk) - defer skbuff.Free() + pk_len := C.crypto_box_publickeybytes() + pkbuff := malloc(pk_len) + defer pkbuff.Free() - // compute the public key - C.crypto_scalarmult_base(pkbuff.uchar(), skbuff.uchar()) - - return pkbuff.Bytes() + skbuff := NewBuffer(sk) + defer skbuff.Free() + + // compute the public key + C.crypto_scalarmult_base(pkbuff.uchar(), skbuff.uchar()) + + return pkbuff.Bytes() } // load keypair from secret key func LoadBoxKey(sk []byte) *KeyPair { - pk := GetBoxPubkey(sk) - if pk == nil { - return nil - } - pkbuff := NewBuffer(pk) - skbuff := NewBuffer(sk) - return &KeyPair{pkbuff, skbuff} + pk := GetBoxPubkey(sk) + if pk == nil { + return nil + } + pkbuff := NewBuffer(pk) + skbuff := NewBuffer(sk) + return &KeyPair{pkbuff, skbuff} } // make keypair from seed func SeedBoxKey(seed []byte) *KeyPair { - seed_len := C.crypto_box_seedbytes() - if C.size_t(len(seed)) != seed_len { - return nil - } - seedbuff := NewBuffer(seed) - defer seedbuff.Free() - pk_len := C.crypto_box_publickeybytes() - sk_len := C.crypto_box_secretkeybytes() - pkbuff := malloc(pk_len) - skbuff := malloc(sk_len) - res := C.crypto_box_seed_keypair(pkbuff.uchar(), skbuff.uchar(), seedbuff.uchar()) - if res != 0 { - pkbuff.Free() - skbuff.Free() - return nil - } - return &KeyPair{pkbuff, skbuff} + seed_len := C.crypto_box_seedbytes() + if C.size_t(len(seed)) != seed_len { + return nil + } + seedbuff := NewBuffer(seed) + defer seedbuff.Free() + pk_len := C.crypto_box_publickeybytes() + sk_len := C.crypto_box_secretkeybytes() + pkbuff := malloc(pk_len) + skbuff := malloc(sk_len) + res := C.crypto_box_seed_keypair(pkbuff.uchar(), skbuff.uchar(), seedbuff.uchar()) + if res != 0 { + pkbuff.Free() + skbuff.Free() + return nil + } + return &KeyPair{pkbuff, skbuff} } func (self *KeyPair) String() string { - return fmt.Sprintf("pk=%s sk=%s", hex.EncodeToString(self.pk.Data()), hex.EncodeToString(self.sk.Data())) + return fmt.Sprintf("pk=%s sk=%s", hex.EncodeToString(self.pk.Data()), hex.EncodeToString(self.sk.Data())) } func CryptoSignPublicLen() int { - return int(C.crypto_sign_publickeybytes()) + return int(C.crypto_sign_publickeybytes()) } - func CryptoSignSecretLen() int { - return int(C.crypto_sign_secretkeybytes()) + return int(C.crypto_sign_secretkeybytes()) } func CryptoSignSeedLen() int { - return int(C.crypto_sign_seedbytes()) + return int(C.crypto_sign_seedbytes()) } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/nacl.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/nacl.go index aa68262..ee50d18 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/nacl.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/nacl.go @@ -7,39 +7,38 @@ package nacl import "C" import ( - "log" + "log" ) // return how many bytes overhead does CryptoBox have func CryptoBoxOverhead() int { - return int(C.crypto_box_macbytes()) + return int(C.crypto_box_macbytes()) } // size of crypto_box public keys func CryptoBoxPubKeySize() int { - return int(C.crypto_box_publickeybytes()) + return int(C.crypto_box_publickeybytes()) } // size of crypto_box private keys func CryptoBoxPrivKeySize() int { - return int(C.crypto_box_secretkeybytes()) + return int(C.crypto_box_secretkeybytes()) } // size of crypto_sign public keys func CryptoSignPubKeySize() int { - return int(C.crypto_sign_publickeybytes()) + return int(C.crypto_sign_publickeybytes()) } // size of crypto_sign private keys func CryptoSignPrivKeySize() int { - return int(C.crypto_sign_secretkeybytes()) + return int(C.crypto_sign_secretkeybytes()) } - // initialize sodium func init() { - status := C.sodium_init() - if status == -1 { - log.Fatalf("failed to initialize libsodium status=%d", status) - } + status := C.sodium_init() + if status == -1 { + log.Fatalf("failed to initialize libsodium status=%d", status) + } } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/rand.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/rand.go index 27ccfc2..05e0884 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/rand.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/rand.go @@ -8,17 +8,17 @@ import "C" func randbytes(size C.size_t) *Buffer { - buff := malloc(size) - C.randombytes_buf(buff.ptr, size) - return buff + buff := malloc(size) + C.randombytes_buf(buff.ptr, size) + return buff } func RandBytes(size int) []byte { - if size > 0 { - buff := randbytes(C.size_t(size)) - defer buff.Free() - return buff.Bytes() - } - return nil + if size > 0 { + buff := randbytes(C.size_t(size)) + defer buff.Free() + return buff.Bytes() + } + return nil } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/sign.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/sign.go index dcdc67f..f80ade6 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/sign.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/sign.go @@ -6,55 +6,53 @@ package nacl // #include import "C" - -// sign data detached with secret key sk +// sign data detached with secret key sk func CryptoSignDetached(msg, sk []byte) []byte { - msgbuff := NewBuffer(msg) - defer msgbuff.Free() - skbuff := NewBuffer(sk) - defer skbuff.Free() - if skbuff.size != C.crypto_sign_bytes() { - return nil - } - - // allocate the signature buffer - sig := malloc(C.crypto_sign_bytes()) - defer sig.Free() - // compute signature - siglen := C.ulonglong(0) - res := C.crypto_sign_detached(sig.uchar(), &siglen, msgbuff.uchar(), C.ulonglong(msgbuff.size), skbuff.uchar()) - if res == 0 && siglen == C.ulonglong(C.crypto_sign_bytes()) { - // return copy of signature buffer - return sig.Bytes() - } - // failure to sign - return nil -} + msgbuff := NewBuffer(msg) + defer msgbuff.Free() + skbuff := NewBuffer(sk) + defer skbuff.Free() + if skbuff.size != C.crypto_sign_bytes() { + return nil + } + // allocate the signature buffer + sig := malloc(C.crypto_sign_bytes()) + defer sig.Free() + // compute signature + siglen := C.ulonglong(0) + res := C.crypto_sign_detached(sig.uchar(), &siglen, msgbuff.uchar(), C.ulonglong(msgbuff.size), skbuff.uchar()) + if res == 0 && siglen == C.ulonglong(C.crypto_sign_bytes()) { + // return copy of signature buffer + return sig.Bytes() + } + // failure to sign + return nil +} // sign data with secret key sk // return detached sig // this uses crypto_sign instead pf crypto_sign_detached func CryptoSignFucky(msg, sk []byte) []byte { - msgbuff := NewBuffer(msg) - defer msgbuff.Free() - skbuff := NewBuffer(sk) - defer skbuff.Free() - if skbuff.size != C.crypto_sign_bytes() { - return nil - } - - // allocate the signed message buffer - sig := malloc(C.crypto_sign_bytes()+msgbuff.size) - defer sig.Free() - // compute signature - siglen := C.ulonglong(0) - res := C.crypto_sign(sig.uchar(), &siglen, msgbuff.uchar(), C.ulonglong(msgbuff.size), skbuff.uchar()) - if res == 0 { - // return copy of signature inside the signed message - offset := int(C.crypto_sign_bytes()) - return sig.Bytes()[:offset] - } - // failure to sign - return nil + msgbuff := NewBuffer(msg) + defer msgbuff.Free() + skbuff := NewBuffer(sk) + defer skbuff.Free() + if skbuff.size != C.crypto_sign_bytes() { + return nil + } + + // allocate the signed message buffer + sig := malloc(C.crypto_sign_bytes() + msgbuff.size) + defer sig.Free() + // compute signature + siglen := C.ulonglong(0) + res := C.crypto_sign(sig.uchar(), &siglen, msgbuff.uchar(), C.ulonglong(msgbuff.size), skbuff.uchar()) + if res == 0 { + // return copy of signature inside the signed message + offset := int(C.crypto_sign_bytes()) + return sig.Bytes()[:offset] + } + // failure to sign + return nil } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/stream.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/stream.go index 704b51e..af3b181 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/stream.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/stream.go @@ -1,15 +1,14 @@ package nacl import ( - "bytes" - "errors" - "io" - "net" - "time" + "bytes" + "errors" + "io" + "net" + "time" ) -// TOY encrypted authenticated stream protocol like tls - +// TOY encrypted authenticated stream protocol like tls var BadHandshake = errors.New("Bad handshake") var ShortWrite = errors.New("short write") @@ -23,106 +22,106 @@ const DefaultMTU = 512 // provides an authenticated encrypted stream // this is a TOY type CryptoStream struct { - // underlying stream to write on - stream io.ReadWriteCloser - // secret key seed - key *KeyPair - // public key of who we expect on the other end - remote_pk []byte - tx_nonce []byte - rx_nonce []byte - // box size - mtu int + // underlying stream to write on + stream io.ReadWriteCloser + // secret key seed + key *KeyPair + // public key of who we expect on the other end + remote_pk []byte + tx_nonce []byte + rx_nonce []byte + // box size + mtu int } func (cs *CryptoStream) Close() (err error) { - if cs.key != nil { - cs.key.Free() - cs.key = nil - } - return cs.stream.Close() + if cs.key != nil { + cs.key.Free() + cs.key = nil + } + return cs.stream.Close() } // implements io.Writer func (cs *CryptoStream) Write(data []byte) (n int, err error) { - // let's split it up - for n < len(data) && err == nil { - if n + cs.mtu < len(data) { - err = cs.writeSegment(data[n:n+cs.mtu]) - n += cs.mtu - } else { - err = cs.writeSegment(data[n:]) - if err == nil { - n = len(data) - } - } - } - return + // let's split it up + for n < len(data) && err == nil { + if n+cs.mtu < len(data) { + err = cs.writeSegment(data[n : n+cs.mtu]) + n += cs.mtu + } else { + err = cs.writeSegment(data[n:]) + if err == nil { + n = len(data) + } + } + } + return } func (cs *CryptoStream) public() (p []byte) { - p = cs.key.Public() - return + p = cs.key.Public() + return } func (cs *CryptoStream) secret() (s []byte) { - s = cs.key.Secret() - return + s = cs.key.Secret() + return } // read 1 segment func (cs *CryptoStream) readSegment() (s []byte, err error) { - var stream_read int - var seg []byte - nl := NounceLen() - msg := make([]byte, cs.mtu + nl) - stream_read, err = cs.stream.Read(msg) - seg, err = CryptoBoxOpen(msg[:stream_read], cs.rx_nonce, cs.secret(), cs.remote_pk) - if err == nil { - copy(cs.rx_nonce, seg[:nl]) - s = seg[nl:] - } - return + var stream_read int + var seg []byte + nl := NounceLen() + msg := make([]byte, cs.mtu+nl) + stream_read, err = cs.stream.Read(msg) + seg, err = CryptoBoxOpen(msg[:stream_read], cs.rx_nonce, cs.secret(), cs.remote_pk) + if err == nil { + copy(cs.rx_nonce, seg[:nl]) + s = seg[nl:] + } + return } // write 1 segment encrypted // update nounce func (cs *CryptoStream) writeSegment(data []byte) (err error) { - var segment []byte - nl := NounceLen() - msg := make([]byte, len(data) + nl) - // generate next nounce - nextNounce := NewBoxNounce() - copy(msg, nextNounce) - copy(msg[nl:], data) - // encrypt segment with current nounce - segment, err = CryptoBox(data, cs.tx_nonce, cs.remote_pk, cs.secret()) - var n int - n, err = cs.stream.Write(segment) - if n != len(segment) { - // short write? - err = ShortWrite - return - } - // update nounce - copy(cs.tx_nonce, nextNounce) - return + var segment []byte + nl := NounceLen() + msg := make([]byte, len(data)+nl) + // generate next nounce + nextNounce := NewBoxNounce() + copy(msg, nextNounce) + copy(msg[nl:], data) + // encrypt segment with current nounce + segment, err = CryptoBox(data, cs.tx_nonce, cs.remote_pk, cs.secret()) + var n int + n, err = cs.stream.Write(segment) + if n != len(segment) { + // short write? + err = ShortWrite + return + } + // update nounce + copy(cs.tx_nonce, nextNounce) + return } // implements io.Reader func (cs *CryptoStream) Read(data []byte) (n int, err error) { - var seg []byte - seg, err = cs.readSegment() - if err == nil { - if len(seg) <= len(data) { - copy(data, seg) - n = len(seg) - } else { - // too big? - err = ShortRead - } - } - return + var seg []byte + seg, err = cs.readSegment() + if err == nil { + if len(seg) <= len(data) { + copy(data, seg) + n = len(seg) + } else { + // too big? + err = ShortRead + } + } + return } // version 0 protocol magic @@ -130,216 +129,214 @@ var protocol_magic = []byte("BENIS|00") // verify that a handshake is signed right and is in the correct format etc func verifyHandshake(hs, pk []byte) (valid bool) { - ml := len(protocol_magic) - // valid handshake? - if bytes.Equal(hs[0:ml], protocol_magic) { - // check pk - pl := CryptoSignPublicLen() - nl := NounceLen() - if bytes.Equal(pk, hs[ml:ml+pl]) { - // check signature - msg := hs[0:ml+pl+nl] - sig := hs[ml+pl+nl:] - valid = CryptoVerifyFucky(msg, sig, pk) - } - } - return + ml := len(protocol_magic) + // valid handshake? + if bytes.Equal(hs[0:ml], protocol_magic) { + // check pk + pl := CryptoSignPublicLen() + nl := NounceLen() + if bytes.Equal(pk, hs[ml:ml+pl]) { + // check signature + msg := hs[0 : ml+pl+nl] + sig := hs[ml+pl+nl:] + valid = CryptoVerifyFucky(msg, sig, pk) + } + } + return } // get claimed public key from handshake func getPubkey(hs []byte) (pk []byte) { - ml := len(protocol_magic) - pl := CryptoSignPublicLen() - pk = hs[ml:ml+pl] - return + ml := len(protocol_magic) + pl := CryptoSignPublicLen() + pk = hs[ml : ml+pl] + return } func (cs *CryptoStream) genHandshake() (d []byte) { - // protocol magic string version 00 - // Benis Encrypted Network Information Stream - // :-DDDDD meme crypto - d = append(d, protocol_magic...) - // our public key - d = append(d, cs.public()...) - // nounce - cs.tx_nonce = NewBoxNounce() - d = append(d, cs.tx_nonce...) - // sign protocol magic string, nounce and pubkey - sig := CryptoSignFucky(d, cs.secret()) - // if sig is nil we'll just die - d = append(d, sig...) - return + // protocol magic string version 00 + // Benis Encrypted Network Information Stream + // :-DDDDD meme crypto + d = append(d, protocol_magic...) + // our public key + d = append(d, cs.public()...) + // nounce + cs.tx_nonce = NewBoxNounce() + d = append(d, cs.tx_nonce...) + // sign protocol magic string, nounce and pubkey + sig := CryptoSignFucky(d, cs.secret()) + // if sig is nil we'll just die + d = append(d, sig...) + return } // extract nounce from handshake func getNounce(hs []byte) (n []byte) { - ml := len(protocol_magic) - pl := CryptoSignPublicLen() - nl := NounceLen() - n = hs[ml+pl:ml+pl+nl] - return + ml := len(protocol_magic) + pl := CryptoSignPublicLen() + nl := NounceLen() + n = hs[ml+pl : ml+pl+nl] + return } // initiate protocol handshake func (cs *CryptoStream) Handshake() (err error) { - // send them our info - hs := cs.genHandshake() - var n int - n, err = cs.stream.Write(hs) - if n != len(hs) { - err = ShortWrite - return - } - // read thier info - buff := make([]byte, len(hs)) - _, err = io.ReadFull(cs.stream, buff) + // send them our info + hs := cs.genHandshake() + var n int + n, err = cs.stream.Write(hs) + if n != len(hs) { + err = ShortWrite + return + } + // read thier info + buff := make([]byte, len(hs)) + _, err = io.ReadFull(cs.stream, buff) - if cs.remote_pk == nil { - // inbound - pk := getPubkey(buff) - cs.remote_pk = make([]byte, len(pk)) - copy(cs.remote_pk, pk) - } - - if ! verifyHandshake(buff, cs.remote_pk) { - // verification failed - err = BadHandshake - return - } - cs.rx_nonce = make([]byte, NounceLen()) - copy(cs.rx_nonce, getNounce(buff)) - return + if cs.remote_pk == nil { + // inbound + pk := getPubkey(buff) + cs.remote_pk = make([]byte, len(pk)) + copy(cs.remote_pk, pk) + } + + if !verifyHandshake(buff, cs.remote_pk) { + // verification failed + err = BadHandshake + return + } + cs.rx_nonce = make([]byte, NounceLen()) + copy(cs.rx_nonce, getNounce(buff)) + return } - -// create a client +// create a client func Client(stream io.ReadWriteCloser, local_sk, remote_pk []byte) (c *CryptoStream) { - c = &CryptoStream{ - stream: stream, - mtu: DefaultMTU, - } - c.remote_pk = make([]byte, len(remote_pk)) - copy(c.remote_pk, remote_pk) - c.key = LoadSignKey(local_sk) - if c.key == nil { - return nil - } - return c + c = &CryptoStream{ + stream: stream, + mtu: DefaultMTU, + } + c.remote_pk = make([]byte, len(remote_pk)) + copy(c.remote_pk, remote_pk) + c.key = LoadSignKey(local_sk) + if c.key == nil { + return nil + } + return c } - type CryptoConn struct { - stream *CryptoStream - conn net.Conn + stream *CryptoStream + conn net.Conn } func (cc *CryptoConn) Close() (err error) { - err = cc.stream.Close() - return + err = cc.stream.Close() + return } func (cc *CryptoConn) Write(d []byte) (n int, err error) { - return cc.stream.Write(d) + return cc.stream.Write(d) } func (cc *CryptoConn) Read(d []byte) (n int, err error) { - return cc.stream.Read(d) + return cc.stream.Read(d) } func (cc *CryptoConn) LocalAddr() net.Addr { - return cc.conn.LocalAddr() + return cc.conn.LocalAddr() } func (cc *CryptoConn) RemoteAddr() net.Addr { - return cc.conn.RemoteAddr() + return cc.conn.RemoteAddr() } func (cc *CryptoConn) SetDeadline(t time.Time) (err error) { - return cc.conn.SetDeadline(t) + return cc.conn.SetDeadline(t) } func (cc *CryptoConn) SetReadDeadline(t time.Time) (err error) { - return cc.conn.SetReadDeadline(t) + return cc.conn.SetReadDeadline(t) } func (cc *CryptoConn) SetWriteDeadline(t time.Time) (err error) { - return cc.conn.SetWriteDeadline(t) + return cc.conn.SetWriteDeadline(t) } type CryptoListener struct { - l net.Listener - handshake chan net.Conn - accepted chan *CryptoConn - trust func(pk []byte) bool - key *KeyPair + l net.Listener + handshake chan net.Conn + accepted chan *CryptoConn + trust func(pk []byte) bool + key *KeyPair } func (cl *CryptoListener) Close() (err error) { - err = cl.l.Close() - close(cl.accepted) - close(cl.handshake) - cl.key.Free() - cl.key = nil - return + err = cl.l.Close() + close(cl.accepted) + close(cl.handshake) + cl.key.Free() + cl.key = nil + return } func (cl *CryptoListener) acceptInbound() { - for { - c, err := cl.l.Accept() - if err == nil { - cl.handshake <- c - } else { - return - } - } + for { + c, err := cl.l.Accept() + if err == nil { + cl.handshake <- c + } else { + return + } + } } func (cl *CryptoListener) runChans() { - for { - select { - case c := <- cl.handshake: - go func(){ - s := &CryptoStream{ - stream: c, - mtu: DefaultMTU, - key: cl.key, - } - err := s.Handshake() - if err == nil { - // we gud handshake was okay - if cl.trust(s.remote_pk) { - // the key is trusted okay - cl.accepted <- &CryptoConn{stream: s, conn: c} - } else { - // not trusted, close connection - s.Close() - } - } - }() - } - } + for { + select { + case c := <-cl.handshake: + go func() { + s := &CryptoStream{ + stream: c, + mtu: DefaultMTU, + key: cl.key, + } + err := s.Handshake() + if err == nil { + // we gud handshake was okay + if cl.trust(s.remote_pk) { + // the key is trusted okay + cl.accepted <- &CryptoConn{stream: s, conn: c} + } else { + // not trusted, close connection + s.Close() + } + } + }() + } + } } // accept inbound authenticated and trusted connections func (cl *CryptoListener) Accept() (c net.Conn, err error) { - var ok bool - c, ok = <- cl.accepted - if ! ok { - err = Closed - } - return + var ok bool + c, ok = <-cl.accepted + if !ok { + err = Closed + } + return } // create a listener func Server(l net.Listener, local_sk []byte, trust func(pk []byte) bool) (s *CryptoListener) { - s = &CryptoListener{ - l: l, - trust: trust, - handshake: make(chan net.Conn), - accepted: make(chan *CryptoConn), - } - s.key = LoadSignKey(local_sk) - go s.runChans() - go s.acceptInbound() - return + s = &CryptoListener{ + l: l, + trust: trust, + handshake: make(chan net.Conn), + accepted: make(chan *CryptoConn), + } + s.key = LoadSignKey(local_sk) + go s.runChans() + go s.acceptInbound() + return } diff --git a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/verfiy.go b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/verfiy.go index 1f2725f..9b86347 100644 --- a/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/verfiy.go +++ b/contrib/backends/srndv2/src/srnd/vendor/github.com/majestrate/nacl/verfiy.go @@ -6,49 +6,48 @@ package nacl // #include import "C" - // verify a fucky detached sig func CryptoVerifyFucky(msg, sig, pk []byte) bool { - var smsg []byte - smsg = append(smsg, sig...) - smsg = append(smsg, msg...) - return CryptoVerify(smsg, pk) + var smsg []byte + smsg = append(smsg, sig...) + smsg = append(smsg, msg...) + return CryptoVerify(smsg, pk) } // verify a signed message func CryptoVerify(smsg, pk []byte) bool { - smsg_buff := NewBuffer(smsg) - defer smsg_buff.Free() - pk_buff := NewBuffer(pk) - defer pk_buff.Free() + smsg_buff := NewBuffer(smsg) + defer smsg_buff.Free() + pk_buff := NewBuffer(pk) + defer pk_buff.Free() - if pk_buff.size != C.crypto_sign_publickeybytes() { - return false - } - mlen := C.ulonglong(0) - msg := malloc(C.size_t(len(smsg))) - defer msg.Free() - smlen := C.ulonglong(smsg_buff.size) - return C.crypto_sign_open(msg.uchar(), &mlen, smsg_buff.uchar(), smlen, pk_buff.uchar()) != -1 + if pk_buff.size != C.crypto_sign_publickeybytes() { + return false + } + mlen := C.ulonglong(0) + msg := malloc(C.size_t(len(smsg))) + defer msg.Free() + smlen := C.ulonglong(smsg_buff.size) + return C.crypto_sign_open(msg.uchar(), &mlen, smsg_buff.uchar(), smlen, pk_buff.uchar()) != -1 } // verfiy a detached signature // return true on valid otherwise false func CryptoVerifyDetached(msg, sig, pk []byte) bool { - msg_buff := NewBuffer(msg) - defer msg_buff.Free() - sig_buff := NewBuffer(sig) - defer sig_buff.Free() - pk_buff := NewBuffer(pk) - defer pk_buff.Free() + msg_buff := NewBuffer(msg) + defer msg_buff.Free() + sig_buff := NewBuffer(sig) + defer sig_buff.Free() + pk_buff := NewBuffer(pk) + defer pk_buff.Free() - if pk_buff.size != C.crypto_sign_publickeybytes() { - return false - } - - // invalid sig size - if sig_buff.size != C.crypto_sign_bytes() { - return false - } - return C.crypto_sign_verify_detached(sig_buff.uchar(), msg_buff.uchar(), C.ulonglong(len(msg)), pk_buff.uchar()) == 0 + if pk_buff.size != C.crypto_sign_publickeybytes() { + return false + } + + // invalid sig size + if sig_buff.size != C.crypto_sign_bytes() { + return false + } + return C.crypto_sign_verify_detached(sig_buff.uchar(), msg_buff.uchar(), C.ulonglong(len(msg)), pk_buff.uchar()) == 0 }