From c23edc6874fc8999fb4d31455a08ef2ab7191306 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sun, 10 Jan 2021 22:04:52 -0800 Subject: [PATCH] Fixed FrodoKEM neg bug (sending cipheropts,opts order) Also tweaked pad size random to use full range; removed some junk logging --- Makefile | 6 +++- go.mod | 3 +- go.sum | 30 ++++++---------- xsd/xsd.go | 8 ++--- xsnet/chan.go | 2 +- xsnet/consts.go | 2 +- xsnet/net.go | 91 +++++++++++++++++++++++++------------------------ 7 files changed, 71 insertions(+), 71 deletions(-) diff --git a/Makefile b/Makefile index ff37254..6e3447f 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ endif INSTPREFIX = /usr/local -all: common client server +all: common client server #seccheck clean: @echo "Make: $(MAKE)" @@ -78,6 +78,10 @@ else $(MAKE) BUILDOPTS=$(BUILDOPTS) -C xsd endif +#seccheck: +# grep -r "logPlainText.*true" . +# if [ $$? -eq 0 ]; then echo "WARNING plaintext debug is enabled"; exit 1; fi + vis: @which go-callvis >/dev/null 2>&1; \ stat=$$?; if [ $$stat -ne "0" ]; then \ diff --git a/go.mod b/go.mod index ad14ca0..4cfe086 100644 --- a/go.mod +++ b/go.mod @@ -10,9 +10,9 @@ require ( blitter.com/go/mtwist v1.0.1 // indirect blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da + github.com/creack/pty v1.1.11 github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f github.com/klauspost/reedsolomon v1.9.9 // indirect - github.com/kr/pty v1.1.8 github.com/kuking/go-frodokem v1.0.1 github.com/mattn/go-isatty v0.0.12 github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect @@ -21,6 +21,7 @@ require ( github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect github.com/tjfoc/gmsm v1.3.1 // indirect github.com/xtaci/kcp-go v5.4.20+incompatible + github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 // indirect golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 golang.org/x/sys v0.0.0-20200523222454-059865788121 gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect diff --git a/go.sum b/go.sum index c74f16f..b0bb452 100644 --- a/go.sum +++ b/go.sum @@ -2,10 +2,6 @@ blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7e blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo= blitter.com/go/cryptmt v1.0.2 h1:ZcLhQk7onUssXyQwG3GdXDXctCVnNL+b7aFuvwOdKXc= blitter.com/go/cryptmt v1.0.2/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84= -blitter.com/go/goutmp v1.0.3 h1:4VPU9COXG36W5454pcV65FieVaaw64mdhvjuTVOuWTM= -blitter.com/go/goutmp v1.0.3/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk= -blitter.com/go/goutmp v1.0.4 h1:19Y4xgvdEbGESS0vuyWlPyZgjYNYxHkDfmbObKU5J6A= -blitter.com/go/goutmp v1.0.4/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk= blitter.com/go/goutmp v1.0.5 h1:isP6bxSs1O06Oy7wB8u4y5SgLr22txfjg/gjG4qn0Og= blitter.com/go/goutmp v1.0.5/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk= blitter.com/go/herradurakex v1.0.0 h1:6XaxY+JLT1HUWPF0gYJnjX3pVjrw4YhYZEzZ1U0wkyc= @@ -18,21 +14,16 @@ blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMT blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= -github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= +github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f h1:UWGE8Vi+1Agt0lrvnd7UsmvwqWKRzb9byK9iQmsbY0Y= github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f/go.mod h1:u+9Snq0w+ZdYKi8BBoaxnEwWu0fY4Kvu9ByFpM51t1s= -github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= -github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.4 h1:EBfaK0SWSwk+fgk6efYFWdzl8MwRWoOO1gkmiaTXPW4= github.com/klauspost/cpuid v1.2.4/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/reedsolomon v1.9.4 h1:FB9jDBGqUNyhUg4Gszz384ulFqVSc61Pdap+HRPgnSo= -github.com/klauspost/reedsolomon v1.9.4/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4= github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2GHND54= github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo= -github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI= -github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o= github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= @@ -41,21 +32,23 @@ github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0s github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061/go.mod h1:wqKykBG2QzQDJEzvRkcS8x6MiSJkF52hXZsXcjaB3ls= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 h1:89CEmDvlq/F7SJEOqkIdNDGJXrQIhuIx9D2DBXjavSU= github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161/go.mod h1:wM7WEvslTq+iOEAMDLSzhVuOt5BRZ05WirO+b09GHQU= github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b h1:fj5tQ8acgNUr6O8LEplsxDhUIe2573iLkJc+PqnzZTI= github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4= -github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA= -github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo= github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= +github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ= github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg= github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE= +github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E= +github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= golang.org/x/arch v0.0.0-20190909030613-46d78d1859ac/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -63,10 +56,9 @@ golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU= -golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -79,8 +71,6 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -91,6 +81,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/hlandau/easymetric.v1 v1.0.0 h1:ZbfbH7W3giuVDjWUoFhDOjjv20hiPr5HZ2yMV5f9IeE= gopkg.in/hlandau/easymetric.v1 v1.0.0/go.mod h1:yh75hypuFzAxmvECh3ZKGCvFnIfapYJh2wv7ASaX2RE= @@ -98,5 +89,6 @@ gopkg.in/hlandau/measurable.v1 v1.0.1 h1:wH5UZKCRUnRr1iD+xIZfwhtxhmr+bprRJttqA1R gopkg.in/hlandau/measurable.v1 v1.0.1/go.mod h1:6N+SYJGMTmetsx7wskULP+juuO+++tsHJkAgzvzsbuM= gopkg.in/hlandau/passlib.v1 v1.0.10 h1:q5xh9ZHp907XTjVw8/EqG03//fnlITnIYQmv4Gn7TpE= gopkg.in/hlandau/passlib.v1 v1.0.10/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= diff --git a/xsd/xsd.go b/xsd/xsd.go index d32fb7c..34bb39a 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -33,7 +33,7 @@ import ( xs "blitter.com/go/xs" "blitter.com/go/xs/logger" "blitter.com/go/xs/xsnet" - "github.com/kr/pty" + "github.com/creack/pty" ) var ( @@ -82,7 +82,7 @@ func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string, os.Clearenv() os.Setenv("HOME", u.HomeDir) // nolint: gosec,errcheck os.Setenv("TERM", ttype) // nolint: gosec,errcheck - os.Setenv("HKEXSH", "1") // nolint: gosec,errcheck + os.Setenv("XS_SESSION", "1") // nolint: gosec,errcheck var c *exec.Cmd cmdName := xs.GetTool("tar") @@ -187,7 +187,7 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string os.Clearenv() _ = os.Setenv("HOME", u.HomeDir) // nolint: gosec _ = os.Setenv("TERM", ttype) // nolint: gosec - _ = os.Setenv("HKEXSH", "1") // nolint: gosec + _ = os.Setenv("XS_SESSION", "1") // nolint: gosec var c *exec.Cmd cmdName := xs.GetTool("tar") @@ -278,7 +278,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con os.Clearenv() _ = os.Setenv("HOME", u.HomeDir) // nolint: gosec _ = os.Setenv("TERM", ttype) // nolint: gosec - _ = os.Setenv("HKEXSH", "1") // nolint: gosec + _ = os.Setenv("XS_SESSION", "1") // nolint: gosec var c *exec.Cmd if interactive { diff --git a/xsnet/chan.go b/xsnet/chan.go index e499f48..d6b2924 100644 --- a/xsnet/chan.go +++ b/xsnet/chan.go @@ -110,7 +110,7 @@ func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err er key = keymat[0:chacha.KeySize] ivlen = chacha.INonceSize iv = keymat[chacha.KeySize : chacha.KeySize+ivlen] - rc, err = chacha.NewCipher(iv, key, 20) + rc, err = chacha.NewCipher(iv, key, chacha.INonceSize) if err != nil { log.Printf("[ChaCha20 config error]\n") fmt.Printf("[ChaCha20 config error]\n") diff --git a/xsnet/consts.go b/xsnet/consts.go index c632198..ff372ed 100644 --- a/xsnet/consts.go +++ b/xsnet/consts.go @@ -98,7 +98,7 @@ const ( type CSOType uint32 //TODO: this should be small (max unfragmented packet size?) -const MAX_PAYLOAD_LEN = 4*1024*1024*1024 - 1 +const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1 // Session symmetric crypto algs const ( diff --git a/xsnet/net.go b/xsnet/net.go index 3260cab..052c895 100644 --- a/xsnet/net.go +++ b/xsnet/net.go @@ -49,7 +49,7 @@ import ( /*---------------------------------------------------------------------*/ const PAD_SZ = 32 // max size of padding applied to each packet -const HMAC_CHK_SZ = 4 // leading bytes of HMAC to xmit for verification +const HMAC_CHK_SZ = 8 // leading bytes of HMAC to xmit for verification type ( WinSize struct { @@ -426,21 +426,25 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) { kem = frodo.Frodo976SHAKE() } pubA, secA := kem.Keygen() // pA - //log.Printf("[pubKeyAlice: %v]\n", pubA) // Alice, step 2: Send the public key (na,ea) to Bob - fmt.Fprintf(c, "0x%x\n", pubA) + n, err := fmt.Fprintf(c, "0x%x\n", pubA) + if err != nil { + panic(err) + } + if n < len(pubA) { + panic(errors.New("incomplete Fprintf() of pubA")) + } - // (... and cipher, connection opts) + // (... and send cipher, connection opts) fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts) // [Bob does the same and sends use a public key (nb, eb) pubB_bigint := big.NewInt(0) _, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint) pubB := pubB_bigint.Bytes() - //log.Printf("[Got pubKeyBob[]:%v]\n", pubB) - // (... and cipher, connection opts) + // (... and sends us cipher, connection opts) _, err = fmt.Fscanf(c, "0x%x:0x%x\n", &hc.cipheropts, &hc.opts) if err != nil { @@ -460,12 +464,10 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) { ctBtoA_bigint := big.NewInt(0) _, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint) ctBtoA := ctBtoA_bigint.Bytes() - log.Printf("[Got ctBob[]:%v]\n", ctBtoA) // Alice, step 6: compute Bob's share shareB, err := kem.Dencapsulate(secA, ctBtoA) sessionKey := append(shareA, shareB...) - //log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey) hc.r, hc.rm, err = hc.getStream(sessionKey) hc.w, hc.wm, err = hc.getStream(sessionKey) @@ -521,7 +523,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) { if err != nil { panic(err) } - //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) + hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) return @@ -565,7 +567,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) { if err != nil { panic(err) } - //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) + hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) return @@ -616,7 +618,6 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) { // Alice, step 3: Decrypt the KEM cipher text. aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB) - //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) return @@ -680,27 +681,32 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) { kem = frodo.Frodo976SHAKE() } pubB, secB := kem.Keygen() - //log.Printf("[pubKeyBob: %v]\n", pubB) - // Bob, step 2: Send the public key (nb,eb) to Alice - fmt.Fprintf(*c, "0x%x\n", pubB) - - // (... and cipher, connection opts) - fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts) - - // [Alice does the same and sends use a public key (na, ea) + + // [Alice sends use a public key (na, ea) pubA_bigint := big.NewInt(0) _, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint) pubA := pubA_bigint.Bytes() - //log.Printf("[Got pubKeyAlice[]:%v]\n", pubA) - // (... and cipher, connection opts) + // (... and sends us cipher, connection opts) _, err = fmt.Fscanf(*c, "0x%x:0x%x\n", &hc.cipheropts, &hc.opts) if err != nil { return err } + // Bob, step 2: Send the public key (nb,eb) to Alice + n, err := fmt.Fprintf(*c, "0x%x\n", pubB) + if err != nil { + panic(err) + } + if n < len(pubB) { + panic(errors.New("incomplete Fprintf() of pubB")) + } + + // (... and send cipher, connection opts) + fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts) + // Bob, step 3: Create ctBtoA, shareB ctBtoA, shareB, err := kem.Encapsulate(pubA) if err != nil { @@ -714,12 +720,10 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) { ctAtoB_bigint := big.NewInt(0) _, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint) ctAtoB := ctAtoB_bigint.Bytes() - log.Printf("[Got ctAlice[]:%v]\n", ctAtoB) // Alice, step 6: compute Bob's share shareA, err := kem.Dencapsulate(secB, ctAtoB) sessionKey := append(shareA, shareB...) - //log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey) hc.r, hc.rm, err = hc.getStream(sessionKey) hc.w, hc.wm, err = hc.getStream(sessionKey) @@ -759,7 +763,6 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) { fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send, hc.cipheropts, hc.opts) - //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret) return @@ -798,7 +801,6 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) { fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send, hc.cipheropts, hc.opts) - //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret) return @@ -847,7 +849,6 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) { fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText, hc.cipheropts, hc.opts) - //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret) return @@ -1287,6 +1288,7 @@ func (hc Conn) Read(b []byte) (n int, err error) { if hc.logCipherText { log.Printf(" <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n])) } + //fmt.Printf(" <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n])) hc.rm.Write(payloadBytes) // Calc hmac on received data hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ] @@ -1306,8 +1308,9 @@ func (hc Conn) Read(b []byte) (n int, err error) { // The caller isn't necessarily reading the full payload so we need // to decrypt to an intermediate buffer, draining it on demand of caller decryptN, err := rs.Read(payloadBytes) + if hc.logPlainText { - log.Printf(" <-ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n])) + log.Printf(" <:ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n])) } if err != nil { log.Println("xsnet.Read():", err) @@ -1324,9 +1327,6 @@ func (hc Conn) Read(b []byte) (n int, err error) { payloadBytes = payloadBytes[0 : len(payloadBytes)-int(padLen)] } - //fmt.Printf("padSide:%d padLen:%d payloadBytes:%s\n", - // padSide, padLen, hex.Dump(payloadBytes)) - // Throw away pkt if it's chaff (ie., caller to Read() won't see this data) if ctrlStatOp == CSOChaff { log.Printf("[Chaff pkt, discarded (len %d)]\n", decryptN) @@ -1435,6 +1435,7 @@ func (hc Conn) Read(b []byte) (n int, err error) { } log.Printf("Read() got %d bytes\n", retN) + copy(b, hc.dBuf.Next(retN)) return retN, nil } @@ -1443,9 +1444,7 @@ func (hc Conn) Read(b []byte) (n int, err error) { // // See go doc io.Writer func (hc Conn) Write(b []byte) (n int, err error) { - //fmt.Printf("WRITE(%d)\n", len(b)) n, err = hc.WritePacket(b, CSONone) - //fmt.Printf("WROTE(%d)\n", n) return n, err } @@ -1460,27 +1459,23 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) { } //Padding prior to encryption - padSz := (rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2) + padSz := rand.Intn(PAD_SZ-1) + 1 /*(rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2)*/ padLen := padSz - ((len(b) + padSz) % padSz) if padLen == padSz { // No padding required padLen = 0 } + padBytes := make([]byte, padLen) rand.Read(padBytes) // For a little more confusion let's support padding either before // or after the payload. padSide := rand.Intn(2) - //fmt.Printf("--\n") - //fmt.Printf("PRE_PADDING:%s\r\n", hex.Dump(b)) - //fmt.Printf("padSide:%d padLen:%d\r\n", padSide, padLen) if padSide == 0 { b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(padBytes, b...)...)...) } else { b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(b, padBytes...)...)...) } - //fmt.Printf("POST_PADDING:%s\r\n", hex.Dump(b)) - //fmt.Printf("--\r\n") // N.B. Originally this Lock() surrounded only the // calls to binary.Write(hc.c ..) however there appears @@ -1492,9 +1487,8 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) { // could be tightened. hc.Lock() payloadLen = uint32(len(b)) - //!fmt.Printf(" --== payloadLen:%d\n", payloadLen) if hc.logPlainText { - log.Printf(" :>ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen])) + log.Printf(" >:ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen])) } // NOTE releases prior to v0.9 used Authenticate-then-Encrypt, @@ -1514,14 +1508,19 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) { // The StreamWriter acts like a pipe, forwarding whatever is // written to it through the cipher, encrypting as it goes ws := &cipher.StreamWriter{S: hc.w, W: &wb} - _, err = ws.Write(b[0:payloadLen]) + wN, err := ws.Write(b[0:payloadLen]) if err != nil { panic(err) } - if hc.logCipherText { - log.Printf(" ->ctext:\r\n%s\r\n", hex.Dump(wb.Bytes())) + if wN < int(payloadLen) { + panic("truncated Write to cipher *****") } + if hc.logCipherText { + log.Printf(" >:ctext:\r\n%s\r\n", hex.Dump(wb.Bytes())) + } + //fmt.Printf(" >:ctext:\r\n%s\r\n", hex.Dump(wb.Bytes())) + // Calculate hmac on cipher payload hc.wm.Write(wb.Bytes()) hmacOut = hc.wm.Sum(nil)[0:HMAC_CHK_SZ] //finalize @@ -1552,7 +1551,11 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) { // We must 'lie' to caller indicating the length of THEIR // data written (ie., not including the padding and padding headers) - return n - 2 - int(padLen), err + retN := n - 2 - int(padLen) + if retN <= 0 { + retN = 0 + } + return retN, err } func (hc *Conn) EnableChaff() {