From 1cf23c000540bac53324cffd864506c92077bf94 Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Sun, 11 Feb 2018 19:25:33 +0100 Subject: Moved tai64n into sub-package --- internal/tai64n/tai64.go | 26 ++++++++++++++++++ noise-protocol.go | 9 ++++--- replay_test.go | 68 ++++++++++++++++++++++++------------------------ tai64.go | 28 -------------------- 4 files changed, 65 insertions(+), 66 deletions(-) create mode 100644 internal/tai64n/tai64.go delete mode 100644 tai64.go diff --git a/internal/tai64n/tai64.go b/internal/tai64n/tai64.go new file mode 100644 index 0000000..da5257c --- /dev/null +++ b/internal/tai64n/tai64.go @@ -0,0 +1,26 @@ +package tai64n + +import ( + "bytes" + "encoding/binary" + "time" +) + +const TimestampSize = 12 +const base = uint64(4611686018427387914) + +type Timestamp [TimestampSize]byte + +func Now() Timestamp { + var tai64n Timestamp + now := time.Now() + secs := base + uint64(now.Unix()) + nano := uint32(now.UnixNano()) + binary.BigEndian.PutUint64(tai64n[:], secs) + binary.BigEndian.PutUint32(tai64n[8:], nano) + return tai64n +} + +func (t1 Timestamp) After(t2 Timestamp) bool { + return bytes.Compare(t1[:], t2[:]) > 0 +} diff --git a/noise-protocol.go b/noise-protocol.go index c9713c0..df08a0a 100644 --- a/noise-protocol.go +++ b/noise-protocol.go @@ -2,6 +2,7 @@ package main import ( "errors" + "git.zx2c4.com/wireguard-go/internal/tai64n" "golang.org/x/crypto/blake2s" "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/poly1305" @@ -58,7 +59,7 @@ type MessageInitiation struct { Sender uint32 Ephemeral NoisePublicKey Static [NoisePublicKeySize + poly1305.TagSize]byte - Timestamp [TAI64NSize + poly1305.TagSize]byte + Timestamp [tai64n.TimestampSize + poly1305.TagSize]byte MAC1 [blake2s.Size128]byte MAC2 [blake2s.Size128]byte } @@ -99,7 +100,7 @@ type Handshake struct { remoteStatic NoisePublicKey // long term key remoteEphemeral NoisePublicKey // ephemeral public key precomputedStaticStatic [NoisePublicKeySize]byte // precomputed shared secret - lastTimestamp TAI64N + lastTimestamp tai64n.Timestamp lastInitiationConsumption time.Time } @@ -206,7 +207,7 @@ func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, e // encrypt timestamp - timestamp := Timestamp() + timestamp := tai64n.Now() func() { var key [chacha20poly1305.KeySize]byte KDF2( @@ -271,7 +272,7 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer { // verify identity - var timestamp TAI64N + var timestamp tai64n.Timestamp var key [chacha20poly1305.KeySize]byte handshake.mutex.RLock() diff --git a/replay_test.go b/replay_test.go index 228fce6..f697701 100644 --- a/replay_test.go +++ b/replay_test.go @@ -24,40 +24,40 @@ func TestReplay(t *testing.T) { filter.Init() - /* 1 */ T(0, true) - /* 2 */ T(1, true) - /* 3 */ T(1, false) - /* 4 */ T(9, true) - /* 5 */ T(8, true) - /* 6 */ T(7, true) - /* 7 */ T(7, false) - /* 8 */ T(T_LIM, true) - /* 9 */ T(T_LIM-1, true) - /* 10 */ T(T_LIM-1, false) - /* 11 */ T(T_LIM-2, true) - /* 12 */ T(2, true) - /* 13 */ T(2, false) - /* 14 */ T(T_LIM+16, true) - /* 15 */ T(3, false) - /* 16 */ T(T_LIM+16, false) - /* 17 */ T(T_LIM*4, true) - /* 18 */ T(T_LIM*4-(T_LIM-1), true) - /* 19 */ T(10, false) - /* 20 */ T(T_LIM*4-T_LIM, false) - /* 21 */ T(T_LIM*4-(T_LIM+1), false) - /* 22 */ T(T_LIM*4-(T_LIM-2), true) - /* 23 */ T(T_LIM*4+1-T_LIM, false) - /* 24 */ T(0, false) - /* 25 */ T(RejectAfterMessages, false) - /* 26 */ T(RejectAfterMessages-1, true) - /* 27 */ T(RejectAfterMessages, false) - /* 28 */ T(RejectAfterMessages-1, false) - /* 29 */ T(RejectAfterMessages-2, true) - /* 30 */ T(RejectAfterMessages+1, false) - /* 31 */ T(RejectAfterMessages+2, false) - /* 32 */ T(RejectAfterMessages-2, false) - /* 33 */ T(RejectAfterMessages-3, true) - /* 34 */ T(0, false) + T(0, true) /* 1 */ + T(1, true) /* 2 */ + T(1, false) /* 3 */ + T(9, true) /* 4 */ + T(8, true) /* 5 */ + T(7, true) /* 6 */ + T(7, false) /* 7 */ + T(T_LIM, true) /* 8 */ + T(T_LIM-1, true) /* 9 */ + T(T_LIM-1, false) /* 10 */ + T(T_LIM-2, true) /* 11 */ + T(2, true) /* 12 */ + T(2, false) /* 13 */ + T(T_LIM+16, true) /* 14 */ + T(3, false) /* 15 */ + T(T_LIM+16, false) /* 16 */ + T(T_LIM*4, true) /* 17 */ + T(T_LIM*4-(T_LIM-1), true) /* 18 */ + T(10, false) /* 19 */ + T(T_LIM*4-T_LIM, false) /* 20 */ + T(T_LIM*4-(T_LIM+1), false) /* 21 */ + T(T_LIM*4-(T_LIM-2), true) /* 22 */ + T(T_LIM*4+1-T_LIM, false) /* 23 */ + T(0, false) /* 24 */ + T(RejectAfterMessages, false) /* 25 */ + T(RejectAfterMessages-1, true) /* 26 */ + T(RejectAfterMessages, false) /* 27 */ + T(RejectAfterMessages-1, false) /* 28 */ + T(RejectAfterMessages-2, true) /* 29 */ + T(RejectAfterMessages+1, false) /* 30 */ + T(RejectAfterMessages+2, false) /* 31 */ + T(RejectAfterMessages-2, false) /* 32 */ + T(RejectAfterMessages-3, true) /* 33 */ + T(0, false) /* 34 */ t.Log("Bulk test 1") filter.Init() diff --git a/tai64.go b/tai64.go deleted file mode 100644 index 2299a37..0000000 --- a/tai64.go +++ /dev/null @@ -1,28 +0,0 @@ -package main - -import ( - "bytes" - "encoding/binary" - "time" -) - -const ( - TAI64NBase = uint64(4611686018427387914) - TAI64NSize = 12 -) - -type TAI64N [TAI64NSize]byte - -func Timestamp() TAI64N { - var tai64n TAI64N - now := time.Now() - secs := TAI64NBase + uint64(now.Unix()) - nano := uint32(now.UnixNano()) - binary.BigEndian.PutUint64(tai64n[:], secs) - binary.BigEndian.PutUint32(tai64n[8:], nano) - return tai64n -} - -func (t1 *TAI64N) After(t2 TAI64N) bool { - return bytes.Compare(t1[:], t2[:]) > 0 -} -- cgit v1.2.3