diff --git a/demo/client b/demo/client deleted file mode 100755 index b08982d..0000000 Binary files a/demo/client and /dev/null differ diff --git a/demo/server b/demo/server deleted file mode 100755 index 2cf02c0..0000000 Binary files a/demo/server and /dev/null differ diff --git a/hkexchan.gox b/hkexchan.go similarity index 55% rename from hkexchan.gox rename to hkexchan.go index 12bef6e..d0f7c82 100644 --- a/hkexchan.gox +++ b/hkexchan.go @@ -17,6 +17,9 @@ golang implementation by Russ Magee (rmagee_at_gmail.com) */ package herradurakex +/* Support functions to set up encryption once an HKEx Conn has been + established with FA exchange */ + import ( "crypto/aes" "crypto/cipher" @@ -35,37 +38,75 @@ const ( ) /*TODO: HMAC derived from HKEx FA.*/ -/* Auxilliary functionality to set up encryption after a channel has -been negotiated via hkexnet.go -- set up encryption algs with key, IV, +/* Support functionality to set up encryption after a channel has +been negotiated via hkexnet.go */ -func (hd Conn) cryptoSetup(keymat *big.Int, flags uint32, r io.Reader) (ret io.Reader) { - // 256 algs should be enough for everybody.(tm) +func (hd Conn) getReadStream(keymat *big.Int, flags uint32, r io.Reader) (ret io.Reader) { var key []byte var block cipher.Block + var err error + // 256 algs should be enough for everybody.(tm) cipherAlg := (flags & 8) //TODO: flags for HMAC from keymat switch cipherAlg { case C_AES_256: key = keymat.Bytes()[0:aes.BlockSize] - block, err := aes.NewCipher(key) + block, err = aes.NewCipher(key) break default: fmt.Println("DOOFUS SET A VALID CIPHER ALG") - block, err := aes.NewCipher(key) + block, err = aes.NewCipher(key) os.Exit(1) } + if err != nil { + panic(err) + } + // If the key is unique for each ciphertext, then it's ok to use a zero // IV. var iv [aes.BlockSize]byte stream := cipher.NewOFB(block, iv[:]) - ret = &cipher.StreamReader{S: stream, R: inFile} - // Copy the input file to the output file, decrypting as we go. - if _, err := io.Copy(outFile, reader); err != nil { - panic(err) - } + ret = &cipher.StreamReader{S: stream, R: r} + + // Note that this example is simplistic in that it omits any + // authentication of the encrypted data. If you were actually to use + // StreamReader in this manner, an attacker could flip arbitrary bits in + // the output. + return +} + +func (hd Conn) getWriteStream(keymat *big.Int, flags uint32, w io.Writer) (ret io.Writer) { + var key []byte + var block cipher.Block + var err error + + // 256 algs should be enough for everybody.(tm) + cipherAlg := (flags & 8) + //TODO: flags for HMAC from keymat + switch cipherAlg { + case C_AES_256: + key = keymat.Bytes()[0:aes.BlockSize] + block, err = aes.NewCipher(key) + break + default: + fmt.Println("DOOFUS SET A VALID CIPHER ALG") + block, err = aes.NewCipher(key) + os.Exit(1) + } + + if err != nil { + panic(err) + } + + // If the key is unique for each ciphertext, then it's ok to use a zero + // IV. + var iv [aes.BlockSize]byte + stream := cipher.NewOFB(block, iv[:]) + + ret = &cipher.StreamWriter{S: stream, W: w} // Note that this example is simplistic in that it omits any // authentication of the encrypted data. If you were actually to use diff --git a/hkexnet.go b/hkexnet.go index ec0e699..ee68fb2 100644 --- a/hkexnet.go +++ b/hkexnet.go @@ -1,20 +1,26 @@ -/* -*- go -*- - * $RCSfile$ $Revision$ : $Date$ : $Author$ - * - * Description - * - * Notes - * - ************** - * - * Copyright (c) 2018 Russtopia Labs. All Rights Reserved. - * - * This document may not, in whole or in part, be copied, photocopied, - * reproduced, translated, or reduced to any electronic medium or machine - * readable form without prior written consent from Russtopia Labs. - */ +/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange. + Copyright (C) 2017 Omar Alejandro Herrera Reyna + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + golang implementation by Russ Magee (rmagee_at_gmail.com) */ package herradurakex +// Implementation of HKEx-wrapped versions of the golang standard +// net package interfaces, allowing clients and servers to simply replace +// 'net.Dial', 'net.Listen' etc. with 'hkex.Dial', 'hkex.Listen' and so +// forth. import ( "fmt" "math/big"