From 3eee573231dacad5e87758f849d16ad4e17ab543 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Wed, 5 Feb 2020 21:26:03 -0800 Subject: [PATCH] Resync w/cryptmt, wanderer repos Signed-off-by: Russ Magee --- go.mod | 24 ++--- go.sum | 4 + vendor/blitter.com/go/cryptmt/cryptmt.go | 10 +- vendor/blitter.com/go/goutmp/README.md | 4 +- vendor/blitter.com/go/wanderer/wanderer.go | 113 +++++++++++---------- vendor/modules.txt | 18 ++-- xsnet/chan.go | 4 +- 7 files changed, 92 insertions(+), 85 deletions(-) diff --git a/go.mod b/go.mod index 9860336..dab7a12 100644 --- a/go.mod +++ b/go.mod @@ -3,28 +3,28 @@ module blitter.com/go/xs go 1.12 require ( - blitter.com/go/cryptmt v1.0.0 + blitter.com/go/cryptmt v1.0.1 blitter.com/go/goutmp v1.0.2 blitter.com/go/herradurakex v1.0.0 blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9 - blitter.com/go/mtwist v1.0.1 // indirect + blitter.com/go/mtwist v1.0.1 blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae - blitter.com/go/wanderer v0.8.1 + blitter.com/go/wanderer v0.8.2 github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f - github.com/klauspost/cpuid v1.2.2 // indirect - github.com/klauspost/reedsolomon v1.9.3 // indirect + github.com/klauspost/cpuid v1.2.2 + github.com/klauspost/reedsolomon v1.9.3 github.com/kr/pty v1.1.4 github.com/mattn/go-isatty v0.0.7 - github.com/pkg/errors v0.8.1 // indirect - github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect - github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b // indirect - github.com/tjfoc/gmsm v1.0.1 // indirect + github.com/pkg/errors v0.8.1 + github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 + github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b + github.com/tjfoc/gmsm v1.0.1 github.com/xtaci/kcp-go v5.4.19+incompatible github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae // indirect golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d - golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect + golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 golang.org/x/sys v0.0.0-20190902133755-9109b7679e13 - gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect - gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect + gopkg.in/hlandau/easymetric.v1 v1.0.0 + gopkg.in/hlandau/measurable.v1 v1.0.1 gopkg.in/hlandau/passlib.v1 v1.0.10 ) diff --git a/go.sum b/go.sum index 23bb532..ce9ef5f 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7e blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo= blitter.com/go/cryptmt v1.0.0 h1:n+cNP/ReZrNe/w5FbD8DSfv0Wpj48nxhmMoLEk4hPXs= blitter.com/go/cryptmt v1.0.0/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84= +blitter.com/go/cryptmt v1.0.1 h1:NAi4FrZqo52bhPJopYw1jbausj1NnHEWELaINC60Nk0= +blitter.com/go/cryptmt v1.0.1/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84= blitter.com/go/goutmp v1.0.1 h1:jBqtp6pDwSbF4QEC3DjNfyaS8Nv5dFCOyaTfSbbb7TU= blitter.com/go/goutmp v1.0.1/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk= blitter.com/go/goutmp v1.0.2 h1:oCc/dt9TlTOP2kvmX1Y7J/wSQUhywjcyF101jXuLxZ8= @@ -16,6 +18,8 @@ blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMT blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0= blitter.com/go/wanderer v0.8.1 h1:oQw8yASM7iI+S8GIgf3cUFdkJ8Sy/UQxRDJqhTswgwM= blitter.com/go/wanderer v0.8.1/go.mod h1:FX1pAnZ5woEavy5CUIZco0/Gc2Msb3U0zsmi+6Hs4Rw= +blitter.com/go/wanderer v0.8.2 h1:fzwRn60RDDxy4GEYxSyfA4gXkkZb33WQRk/Fv5ugPAI= +blitter.com/go/wanderer v0.8.2/go.mod h1:FX1pAnZ5woEavy5CUIZco0/Gc2Msb3U0zsmi+6Hs4Rw= git.schwanenlied.me/yawning/chacha20.git v0.0.0-20170904085104-e3b1f968fc63 h1:bwZNsbw3qFbg6ox55HrA37nPmh+/wtJxZ7uWeiAdUUc= git.schwanenlied.me/yawning/chacha20.git v0.0.0-20170904085104-e3b1f968fc63/go.mod h1:NYi4Ifd1g/YbhIDgDfw6t7QdsW4tofQWMX/+FiDtJWs= git.schwanenlied.me/yawning/kyber.git v0.0.0-20180530164001-a270899bd22c h1:SGOx1s56QSOmuCegRcG3yvOG7W8PvRS9ZVnFQl5K2aQ= diff --git a/vendor/blitter.com/go/cryptmt/cryptmt.go b/vendor/blitter.com/go/cryptmt/cryptmt.go index 6b3960f..6888667 100644 --- a/vendor/blitter.com/go/cryptmt/cryptmt.go +++ b/vendor/blitter.com/go/cryptmt/cryptmt.go @@ -20,21 +20,21 @@ type Cipher struct { m *mtwist.MT19937_64 } -func (c *Cipher) yield8() (r byte) { +func (c *Cipher) yield() (r byte) { c.accum = c.accum * (c.m.Int63() | 1) r = byte(c.accum>>56) & 0xFF return } -// NewCipher creates and returns a Cipher. The key argument should be the +// New creates and returns a Cipher. The key argument should be the // CryptMT key, 64 bytes. -func NewCipher(key []byte) (c *Cipher) { +func New(key []byte) (c *Cipher) { c = &Cipher{m: mtwist.New()} c.m.SeedFullState(key) c.accum = 1 // from paper, discard first 64 bytes of output for idx := 0; idx < 64; idx++ { - _ = c.yield8() + _ = c.yield() } return c } @@ -55,6 +55,6 @@ func (c *Cipher) XORKeyStream(dst, src []byte) { } for i, b := range src { - dst[i] = b ^ c.yield8() + dst[i] = b ^ c.yield() } } diff --git a/vendor/blitter.com/go/goutmp/README.md b/vendor/blitter.com/go/goutmp/README.md index ec6fe95..cb956fc 100644 --- a/vendor/blitter.com/go/goutmp/README.md +++ b/vendor/blitter.com/go/goutmp/README.md @@ -10,8 +10,8 @@ Golang bindings for basic login/utmp accounting type UtmpEntry struct{ ... } -func Put_lastlog_entry(app string, usr string, host string) +func Put_lastlog_entry(app, usr, ptsname, host string) func Unput_utmp(entry UtmpEntry) -func Put_utmp(user string, host string) UtmpEntry +func Put_utmp(user, ptsname, host string) UtmpEntry ``` diff --git a/vendor/blitter.com/go/wanderer/wanderer.go b/vendor/blitter.com/go/wanderer/wanderer.go index fe24277..efc0ca9 100644 --- a/vendor/blitter.com/go/wanderer/wanderer.go +++ b/vendor/blitter.com/go/wanderer/wanderer.go @@ -1,4 +1,4 @@ -// WANDERER - a crypto doodle that appears to give adequate +// Package wanderer - a crypto doodle that appears to give adequate // protection to data in a stream cipher context // // Properties visualized using https://github.com/circulosmeos/circle @@ -23,6 +23,20 @@ const ( sboxCount = keylen / 8 ) +type Cipher struct { + prng *mtwist.MT19937_64 + r io.Reader + w io.Writer + k []byte + kidx uint + sboxen [][]byte + sw int + sh int + sctr int // TODO: used to count down to re-keying & sbox regen + mode int + n byte +} + // Given input byte x (treated as 2-bit dirs), // 'walk' box applying XOR of each position (E/S/W/N) given box // dimensions w,h @@ -74,53 +88,7 @@ func (c *Cipher) genSBoxen(n uint) { //fmt.Fprintf(os.Stderr, "sboxen[0]:%v\n", c.sboxen[0]) } -// Mutate the session key (intended to be called as encryption -// proceeds), so that the 'walk path' through sboxes also does so. -func (c *Cipher) keyUpdate(perturb byte) { - c.k[c.kidx] = c.k[c.kidx] ^ c.k[(c.kidx+1)%uint(len(c.k))] - c.k[c.kidx] = c.k[c.kidx] ^ byte((c.prng.Int63()>>4)%256) - c.kidx = (c.kidx + uint(perturb)) % uint(len(c.k)) -} - -// slow - perturb a single octet of a single sbox for each octet -// (CV = ~8.725% over 700 MiB of 0-byte pt) -func (c *Cipher) sboxUpdateA(perturb byte) { - c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^= - perturb -} - -// slower - perturb a single sbox for each octet -// (CV = ~?% over 700 MiB of 0-byte pt) -func (c *Cipher) sboxUpdateB(perturb byte) { - lim := c.sw * c.sh - for idx := 0; idx < lim; idx++ { - c.sboxen[perturb%sboxCount][idx] ^= perturb - } -} - -// slowest -- full sbox re-gen after each octet -// (but lowest CV, ~0.05% over 700MiB of 0-byte pt) -func (c *Cipher) sboxUpdateC(perturb byte) { - c.genSBoxen(sboxCount) - //c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^= - // perturb -} - -type Cipher struct { - prng *mtwist.MT19937_64 - r io.Reader - w io.Writer - k []byte - kidx uint - sboxen [][]byte - sw int - sh int - sctr int // TODO: used to count down to re-keying & sbox regen - mode int - n byte -} - -func NewCodec(r io.Reader, w io.Writer, mode int, key []byte, width, height int) (c *Cipher) { +func New(r io.Reader, w io.Writer, mode int, key []byte, width, height int) (c *Cipher) { c = &Cipher{} c.prng = mtwist.New() if len(key) == 0 { @@ -163,20 +131,55 @@ func (c *Cipher) Write(p []byte) (n int, err error) { return n, err } -func (c *Cipher) yield(pt byte) (ct byte) { - ct = walkingXOR(c.k, c.sboxen[c.n], c.sw, c.sh, pt) +// Mutate the session key (intended to be called as encryption +// proceeds), so that the 'walk path' through sboxes also does so. +func (c *Cipher) keyUpdate(perturb byte) { + c.k[c.kidx] = c.k[c.kidx] ^ c.k[(c.kidx+1)%uint(len(c.k))] + c.k[c.kidx] = c.k[c.kidx] ^ byte((c.prng.Int63()>>4)%256) + c.kidx = (c.kidx + uint(perturb)) % uint(len(c.k)) + //for idx := 0; idx < len(c.k); idx++ { + // c.k[idx] = c.k[idx] ^ byte(c.prng.Int63() % 256) + //} +} + +// slow - perturb a single octet of a single sbox for each octet +// (CV = ~8.725% over 700 MiB of 0-byte pt) +func (c *Cipher) sboxUpdateA(perturb byte) { + c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^= + perturb +} + +// slower - perturb a single sbox for each octet +// (CV = ~5.6369% over 700 MiB of 0-byte pt) +func (c *Cipher) sboxUpdateB(perturb byte) { + lim := c.sw * c.sh + for idx := 0; idx < lim; idx++ { + c.sboxen[perturb%sboxCount][idx] ^= perturb + } +} + +// slowest -- full sbox re-gen after each octet +// (but lowest CV, ~0.0554% over 700MiB of 0-byte pt) +func (c *Cipher) sboxUpdateC(perturb byte) { + c.genSBoxen(sboxCount) + //c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^= + // perturb +} + +func (c *Cipher) yield(ib byte) (ob byte) { + ob = walkingXOR(c.k, c.sboxen[c.n], c.sw, c.sh, ib) c.n = (c.n + 1) % byte(len(c.sboxen)) - c.keyUpdate(ct ^ pt) // must be equal in either encrypt/decrypt dirs + c.keyUpdate(ob ^ ib) // must be equal in either encrypt/decrypt dirs switch c.mode { case 0: // [nothing - varA] break case 1: - c.sboxUpdateA(ct ^ pt) // varA + c.sboxUpdateA(ob ^ ib) // varA case 2: - c.sboxUpdateB(ct ^ pt) // varB + c.sboxUpdateB(ob ^ ib) // varB case 3: - c.sboxUpdateC(ct ^ pt) // varC + c.sboxUpdateC(ob ^ ib) // varC default: // [nothing] } @@ -185,7 +188,7 @@ func (c *Cipher) yield(pt byte) (ct byte) { // c.genSBoxen(sboxCount) // c.sctr = c.sw // } - return ct + return ob } // XORKeyStream XORs each byte in the given slice with a byte from the diff --git a/vendor/modules.txt b/vendor/modules.txt index 35598c6..ce9a3c6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -3,9 +3,9 @@ blitter.com/go/chacha20 blitter.com/go/chacha20/internal/api blitter.com/go/chacha20/internal/hardware blitter.com/go/chacha20/internal/ref -# blitter.com/go/cryptmt v1.0.0 +# blitter.com/go/cryptmt v1.0.1 blitter.com/go/cryptmt -# blitter.com/go/goutmp v1.0.1 +# blitter.com/go/goutmp v1.0.2 blitter.com/go/goutmp # blitter.com/go/herradurakex v1.0.0 blitter.com/go/herradurakex @@ -15,7 +15,7 @@ blitter.com/go/kyber blitter.com/go/mtwist # blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae blitter.com/go/newhope -# blitter.com/go/wanderer v0.8.1 +# blitter.com/go/wanderer v0.8.2 blitter.com/go/wanderer # github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f github.com/jameskeane/bcrypt @@ -39,19 +39,19 @@ github.com/tjfoc/gmsm/sm4 github.com/xtaci/kcp-go # golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d golang.org/x/crypto/blowfish -golang.org/x/crypto/pbkdf2 -golang.org/x/crypto/twofish -golang.org/x/crypto/sha3 golang.org/x/crypto/cast5 +golang.org/x/crypto/pbkdf2 golang.org/x/crypto/salsa20 golang.org/x/crypto/tea +golang.org/x/crypto/twofish golang.org/x/crypto/xtea -golang.org/x/crypto/argon2 -golang.org/x/crypto/bcrypt +golang.org/x/crypto/blake2b golang.org/x/crypto/internal/subtle golang.org/x/crypto/salsa20/salsa -golang.org/x/crypto/blake2b +golang.org/x/crypto/argon2 +golang.org/x/crypto/bcrypt golang.org/x/crypto/scrypt +golang.org/x/crypto/sha3 # golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 golang.org/x/net/ipv4 golang.org/x/net/ipv6 diff --git a/xsnet/chan.go b/xsnet/chan.go index cfc3722..a9758a9 100644 --- a/xsnet/chan.go +++ b/xsnet/chan.go @@ -103,10 +103,10 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err rc = cipher.NewOFB(block, iv) log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts) case CAlgCryptMT1: - rc = cryptmt.NewCipher(keymat) + rc = cryptmt.New(keymat) log.Printf("[cipher CRYPTMT1 (%d)]\n", copts) case CAlgWanderer: - rc = wanderer.NewCodec(nil, nil, 1, keymat, 3, 3) + rc = wanderer.New(nil, nil, 1, keymat, 3, 3) log.Printf("[cipher WANDERER mode 1 (%d)]\n", copts) default: log.Printf("[invalid cipher (%d)]\n", copts)