diff --git a/hkexchan.gox b/hkexchan.gox new file mode 100644 index 0000000..12bef6e --- /dev/null +++ b/hkexchan.gox @@ -0,0 +1,75 @@ +/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange. + Copyright (C) 2017 Omar Alejandro Herrera Reyna + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + golang implementation by Russ Magee (rmagee_at_gmail.com) */ +package herradurakex + +import ( + "crypto/aes" + "crypto/cipher" + "fmt" + "io" + "math/big" + "os" +) + +const ( + C_AES_256 = 0 +) + +const ( + H_SHA256 = 0 +) + +/*TODO: HMAC derived from HKEx FA.*/ +/* Auxilliary functionality to set up encryption after a channel has +been negotiated via hkexnet.go -- set up encryption algs with key, IV, +*/ +func (hd Conn) cryptoSetup(keymat *big.Int, flags uint32, r io.Reader) (ret io.Reader) { + // 256 algs should be enough for everybody.(tm) + var key []byte + var block cipher.Block + + cipherAlg := (flags & 8) + //TODO: flags for HMAC from keymat + switch cipherAlg { + case C_AES_256: + key = keymat.Bytes()[0:aes.BlockSize] + block, err := aes.NewCipher(key) + break + default: + fmt.Println("DOOFUS SET A VALID CIPHER ALG") + block, err := aes.NewCipher(key) + os.Exit(1) + } + + // If the key is unique for each ciphertext, then it's ok to use a zero + // IV. + var iv [aes.BlockSize]byte + stream := cipher.NewOFB(block, iv[:]) + + ret = &cipher.StreamReader{S: stream, R: inFile} + // Copy the input file to the output file, decrypting as we go. + if _, err := io.Copy(outFile, reader); err != nil { + panic(err) + } + + // Note that this example is simplistic in that it omits any + // authentication of the encrypted data. If you were actually to use + // StreamReader in this manner, an attacker could flip arbitrary bits in + // the output. + return +} diff --git a/hkexnet.go b/hkexnet.go index 30c4d05..ec0e699 100644 --- a/hkexnet.go +++ b/hkexnet.go @@ -16,13 +16,9 @@ package herradurakex import ( - "crypto/aes" - "crypto/cipher" "fmt" - "io" "math/big" "net" - "os" ) /*---------------------------------------------------------------------*/