diff options
author | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2017-07-12 23:11:49 +0200 |
---|---|---|
committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2017-07-12 23:11:49 +0200 |
commit | 8393cbff521560caef5b1b468cbb2ad030e8eda4 (patch) | |
tree | 7fb701a023beb36780eebded65d4915ff196925d /src/macs_device.go | |
parent | 86707cbc88fbad58481b400eaf12fa75c78f9855 (diff) | |
download | wireguard-go-8393cbff521560caef5b1b468cbb2ad030e8eda4.tar.gz wireguard-go-8393cbff521560caef5b1b468cbb2ad030e8eda4.zip |
Restructured MAC/cookie calculation
Added copy-right headers accidentally removed
Diffstat (limited to 'src/macs_device.go')
-rw-r--r-- | src/macs_device.go | 173 |
1 files changed, 0 insertions, 173 deletions
diff --git a/src/macs_device.go b/src/macs_device.go deleted file mode 100644 index 68181e6..0000000 --- a/src/macs_device.go +++ /dev/null @@ -1,173 +0,0 @@ -package main - -import ( - "crypto/cipher" - "crypto/hmac" - "crypto/rand" - "github.com/aead/chacha20poly1305" // Needed for XChaCha20Poly1305, TODO: - "golang.org/x/crypto/blake2s" - "net" - "sync" - "time" -) - -type MACStateDevice struct { - mutex sync.RWMutex - refreshed time.Time - secret [blake2s.Size]byte - keyMAC1 [blake2s.Size]byte - keyMAC2 [blake2s.Size]byte - xaead cipher.AEAD -} - -func (state *MACStateDevice) Init(pk NoisePublicKey) { - state.mutex.Lock() - defer state.mutex.Unlock() - - func() { - hsh, _ := blake2s.New256(nil) - hsh.Write([]byte(WGLabelMAC1)) - hsh.Write(pk[:]) - hsh.Sum(state.keyMAC1[:0]) - }() - - func() { - hsh, _ := blake2s.New256(nil) - hsh.Write([]byte(WGLabelCookie)) - hsh.Write(pk[:]) - hsh.Sum(state.keyMAC2[:0]) - }() - - state.xaead, _ = chacha20poly1305.NewXCipher(state.keyMAC2[:]) - state.refreshed = time.Time{} -} - -func (state *MACStateDevice) CheckMAC1(msg []byte) bool { - size := len(msg) - startMac1 := size - (blake2s.Size128 * 2) - startMac2 := size - blake2s.Size128 - - var mac1 [blake2s.Size128]byte - func() { - mac, _ := blake2s.New128(state.keyMAC1[:]) - mac.Write(msg[:startMac1]) - mac.Sum(mac1[:0]) - }() - - return hmac.Equal(mac1[:], msg[startMac1:startMac2]) -} - -func (state *MACStateDevice) CheckMAC2(msg []byte, addr *net.UDPAddr) bool { - state.mutex.RLock() - defer state.mutex.RUnlock() - - if time.Now().Sub(state.refreshed) > CookieRefreshTime { - return false - } - - // derive cookie key - - var cookie [blake2s.Size128]byte - func() { - port := [2]byte{byte(addr.Port >> 8), byte(addr.Port)} - mac, _ := blake2s.New128(state.secret[:]) - mac.Write(addr.IP) - mac.Write(port[:]) - mac.Sum(cookie[:0]) - }() - - // calculate mac of packet - - start := len(msg) - blake2s.Size128 - - var mac2 [blake2s.Size128]byte - func() { - mac, _ := blake2s.New128(cookie[:]) - mac.Write(msg[:start]) - mac.Sum(mac2[:0]) - }() - - return hmac.Equal(mac2[:], msg[start:]) -} - -func (device *Device) CreateMessageCookieReply(msg []byte, receiver uint32, addr *net.UDPAddr) (*MessageCookieReply, error) { - state := &device.mac - state.mutex.RLock() - - // refresh cookie secret - - if time.Now().Sub(state.refreshed) > CookieRefreshTime { - state.mutex.RUnlock() - state.mutex.Lock() - _, err := rand.Read(state.secret[:]) - if err != nil { - state.mutex.Unlock() - return nil, err - } - state.refreshed = time.Now() - state.mutex.Unlock() - state.mutex.RLock() - } - - // derive cookie key - - var cookie [blake2s.Size128]byte - func() { - port := [2]byte{byte(addr.Port >> 8), byte(addr.Port)} - mac, _ := blake2s.New128(state.secret[:]) - mac.Write(addr.IP) - mac.Write(port[:]) - mac.Sum(cookie[:0]) - }() - - // encrypt cookie - - size := len(msg) - - startMac1 := size - (blake2s.Size128 * 2) - startMac2 := size - blake2s.Size128 - - mac1 := msg[startMac1:startMac2] - - reply := new(MessageCookieReply) - reply.Type = MessageCookieReplyType - reply.Receiver = receiver - _, err := rand.Read(reply.Nonce[:]) - if err != nil { - state.mutex.RUnlock() - return nil, err - } - state.xaead.Seal(reply.Cookie[:0], reply.Nonce[:], cookie[:], mac1) - state.mutex.RUnlock() - return reply, nil -} - -func (device *Device) ConsumeMessageCookieReply(msg *MessageCookieReply) bool { - - if msg.Type != MessageCookieReplyType { - return false - } - - // lookup peer - - lookup := device.indices.Lookup(msg.Receiver) - if lookup.handshake == nil { - return false - } - - // decrypt and store cookie - - var cookie [blake2s.Size128]byte - state := &lookup.peer.mac - - state.mutex.Lock() - defer state.mutex.Unlock() - - _, err := state.xaead.Open(cookie[:0], msg.Nonce[:], msg.Cookie[:], state.lastMAC1[:]) - if err != nil { - return false - } - state.cookieSet = time.Now() - state.cookie = cookie - return true -} |