Beispiel #1
0
func (c *Client) Reconnect() error {
	conn, err := tls.Dial("tcp", c.hostname, c.config)
	if err != nil {
		return err
	}
	c.conn = conn

	loginByte := []byte{TReconnect}
	c.conn.Write(loginByte)
	ulen := WriteInt32(int32(len(c.username)))
	c.conn.Write(ulen)
	c.conn.Write([]byte(c.username))
	sc := make([]byte, 32)
	c.conn.Read(sc)

	//Generate a response
	cc := GeneratePepper()
	combSalt := make([]byte, len(sc)+len(cc))
	copy(combSalt, sc)
	copy(combSalt[len(sc):], cc)

	//Generate a hash of the password with the challenge and response as salts
	hashA, _ := scrypt.Key(c.phash, combSalt, 16384, 8, 1, 32)

	//write the hash, and the response
	c.conn.Write(hashA)
	c.conn.Write(cc)
	sr := make([]byte, 32)

	//Read the servers response
	_, err = c.conn.Read(sr)
	if err != nil {
		return err
	}
	srVer, _ := scrypt.Key(c.phash, combSalt, 16384, 4, 3, 32)

	//and ensure that it is correct
	for i := 0; i < 32; i++ {
		if sr[i] != srVer[i] {
			return errors.New("Invalid response from server")
		}
	}
	//Send login flags to the server
	loginByte[0] = c.lflags
	c.conn.Write(loginByte)

	return nil
}
Beispiel #2
0
func deriveKey(result chan []byte, secret string) {
	keySlice, err := scrypt.Key([]byte(secret), nil, 1<<18, 20, 1, 32)
	if err != nil {
		panic(err)
	}
	result <- keySlice
}
Beispiel #3
0
func HashPassword(username, password string) []byte {
	pHash, err := scrypt.Key([]byte(password), []byte(tSalt+username), 16384, 9, 7, 32)
	if err != nil {
		panic(err)
	}
	return pHash
}
Beispiel #4
0
func (u *User) CheckPassword(password string) bool {
	passwordHash, err := scrypt.Key([]byte(password), u.PasswordSalt, 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}
	return subtle.ConstantTimeCompare(passwordHash, u.PasswordHash) == 1
}
Beispiel #5
0
func (a *AccountDetail) HashPassword(password string) []byte {
	hash, err := scrypt.Key([]byte(password), a.Salt, a.N, a.R, a.P, 32)
	if err != nil {
		panic(err)
	}
	return hash
}
Beispiel #6
0
func (e *EmailAddr) initLazyKey() {
	emailKey := e.Canonical()
	keyCache.Lock()
	v, ok := keyCache.m[emailKey]
	keyCache.Unlock()

	if ok {
		e.lazyKey = v
		return
	}

	key, err := scrypt.Key([]byte(emailKey), fistSalt, 16384*8, 8, 1, 32)
	if err != nil {
		panic(err)
	}
	e.lazyKey = key

	keyCache.Lock()
	if keyCache.m == nil {
		keyCache.m = make(map[string][]byte)
	}
	keyCache.m[emailKey] = key
	// TODO: Prune the cache
	keyCache.Unlock()
}
Beispiel #7
0
// Handles login functions, returns true (successful) false (unsucessful)
func (h *Client) Login(handle, password string, lflags byte) (bool, string) {
	loginByte := make([]byte, 1)
	loginByte[0] = TLogin
	h.conn.Write(loginByte)
	h.phash = HashPassword(handle, password)
	//Write the usernames length, followed by the username.
	ulen := WriteInt32(int32(len(handle)))
	h.conn.Write(ulen)
	h.conn.Write([]byte(handle))
	h.username = handle
	//Read the servers challenge
	sc := make([]byte, 32)
	h.conn.Read(sc)

	//Generate a response
	cc := GeneratePepper()
	combSalt := make([]byte, len(sc)+len(cc))
	copy(combSalt, sc)
	copy(combSalt[len(sc):], cc)

	//Generate a hash of the password with the challenge and response as salts
	hashA, _ := scrypt.Key(h.phash, combSalt, 16384, 8, 1, 32)

	//write the hash, and the response
	h.conn.Write(hashA)
	h.conn.Write(cc)
	sr := make([]byte, 32)

	//Read the servers response
	_, err := h.conn.Read(sr)
	if err != nil {
		return false, "Auth Failed."
	}
	srVer, _ := scrypt.Key(h.phash, combSalt, 16384, 4, 3, 32)

	//and ensure that it is correct
	for i := 0; i < 32; i++ {
		if sr[i] != srVer[i] {
			return false, "Invalid response from server"
		}
	}
	//Send login flags to the server
	loginByte[0] = lflags
	h.conn.Write(loginByte)

	return true, "Authenticated"
}
Beispiel #8
0
func main() {
	stateFile := flag.String("state-file", "", "File in which to save persistent state")
	pandaScrypt := flag.Bool("panda-scrypt", false, "Run in subprocess mode to process passphrase")
	cliFlag := flag.Bool("cli", false, "If true, the CLI will be used, even if the GUI is available")
	devFlag := flag.Bool("dev", false, "Is this a development environment?")
	flag.Parse()

	if *pandaScrypt {
		var numBytes uint32
		if err := binary.Read(os.Stdin, binary.LittleEndian, &numBytes); err != nil {
			panic(err)
		}
		if numBytes > 1024*1024 {
			panic("passphrase too large")
		}
		passphrase := make([]byte, int(numBytes))
		if _, err := os.Stdin.Read(passphrase); err != nil {
			panic(err)
		}
		data, err := scrypt.Key(passphrase, nil, 1<<17, 16, 4, 32*3)
		if err != nil {
			panic(err)
		}
		os.Stdout.Write(data)
		os.Exit(0)
	}

	dev := os.Getenv("POND") == "dev" || *devFlag
	runtime.GOMAXPROCS(4)

	if len(*stateFile) == 0 && dev {
		*stateFile = "state"
	}

	if len(*stateFile) == 0 {
		home := os.Getenv("HOME")
		if len(home) == 0 {
			fmt.Fprintf(os.Stderr, "$HOME not set. Please either export $HOME or use --state-file to set the location of the state file explicitly.\n")
			os.Exit(1)
		}
		configDir := filepath.Join(home, ".config")
		os.Mkdir(configDir, 0700)
		*stateFile = filepath.Join(configDir, "pond")
	}

	if !haveGUI || *cliFlag || len(os.Getenv("PONDCLI")) > 0 {
		client := NewCLIClient(*stateFile, rand.Reader, false /* testing */, true /* autoFetch */)
		client.disableV2Ratchet = true
		client.dev = dev
		client.Start()
	} else {
		ui := NewGTKUI()
		client := NewGUIClient(*stateFile, ui, rand.Reader, false /* testing */, true /* autoFetch */)
		client.disableV2Ratchet = true
		client.dev = dev
		client.Start()
		ui.Run()
	}
}
Beispiel #9
0
func (user *User) Authenticate(password string) bool {
	// Scrypt the password.
	scryptPassword, err := scrypt.Key([]byte(password), user.Salt, 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}
	return bytes.Equal(scryptPassword, user.Scrypt)
}
Beispiel #10
0
func BenchmarkR32768r8p4k32(b *testing.B) {
	for i := 0; i < b.N; i++ {
		_, err := scrypt.Key(password, salt, 32768, 8, 4, 32)
		if err != nil {
			b.Fatalf("%v", err)
		}
	}
}
Beispiel #11
0
func BenchmarkR16384r8p1k32(b *testing.B) {
	for i := 0; i < b.N; i++ {
		_, err := scrypt.Key(password, salt, 16384, 8, 1, 32)
		if err != nil {
			b.Fatalf("%v", err)
		}
	}
}
Beispiel #12
0
func (p *adminPlugin) scryptHash(cmd *mup.Command, password, salt string) (hash string, ok bool) {
	key, err := scrypt.Key([]byte(password), []byte(salt), 16384, 8, 1, 32)
	if err != nil {
		p.plugger.Logf("scrypt.Key failed: %v", err)
		p.plugger.Sendf(cmd, "Internal error hashing password. Sorry.")
	}
	return hex.EncodeToString(key), err == nil
}
Beispiel #13
0
func deriveScrypt(in [32]byte) (psk [32]byte, err error) {
	out, err := scrypt.Key(in[:], in[:], 1<<16, 8, 1, 32)
	if err != nil {
		return
	}
	copy(psk[:], out)

	return
}
Beispiel #14
0
func recoverKey(password, salt []byte) (key []byte, ok bool) {
	key, err := scrypt.Key(password, salt, scryN, scryP, scryR, pwKeyLength)
	if err != nil {
		key = nil
		salt = nil
		return
	}
	ok = true
	return
}
Beispiel #15
0
// deriveKey applies Scrypt with very strong parameters to generate an
// encryption key from a passphrase and salt.
func deriveKey(passphrase []byte, salt []byte) *[keySize]byte {
	rawKey, err := scrypt.Key(passphrase, salt, 32768, 8, 4, keySize)
	if err != nil {
		return nil
	}

	var key [keySize]byte
	copy(key[:], rawKey)
	zero(rawKey)
	return &key
}
Beispiel #16
0
func main() {
	var pass, salt string
	fmt.Printf("pass:"******"%v", &pass)
	fmt.Printf("salt:")
	fmt.Scanf("%v", &salt)
	key, err := scrypt.Key([]byte(pass), []byte(salt), 16384, 8, 1, 32)
	check(err)
	err = ioutil.WriteFile("blobstash.key", key, 0644)
	check(err)
}
Beispiel #17
0
func calculateHash(pass string, salt []byte) ([]byte, error) {
	const (
		N      = 16384
		r      = 8
		p      = 1
		keyLen = 32
	)

	bpass := []byte(pass)
	return scrypt.Key(bpass, salt, N, r, p, keyLen)
}
Beispiel #18
0
func DeriveKey(password, salt []byte, N, r, p, n int) (key *Key, err error) {
	// Derive key using password and salt.
	k, err := scrypt.Key(password, salt, N, r, p, n)

	if err != nil {
		return
	}

	subtle.ConstantTimeCopy(1, key[:], k)
	return
}
Beispiel #19
0
func validateMeshID(id *MeshID) bool {
	now := time.Now().Unix()

	if id.T > now || (now-id.T) > nidMaxAge {
		return false
	}

	stampSha := sha512.New()
	stampSha.Write([]byte(strconv.FormatInt(id.T, 10)))
	stampSha.Write(id.S)

	stampHash := stampSha.Sum(nil)

	aHash, err := scrypt.Key(stampHash[:], []byte(strconv.FormatUint(uint64(id.A), 10)),
		nidScrN, nidScrR, nidScrP, 32)
	if err != nil {
		panic(err)
	}

	bHash, err := scrypt.Key(stampHash[:], []byte(strconv.FormatUint(uint64(id.B), 10)),
		nidScrN, nidScrR, nidScrP, 32)
	if err != nil {
		panic(err)
	}

	if bitPrefix(aHash, nidPreBits) != bitPrefix(bHash, nidPreBits) {
		return false
	}

	text := fmt.Sprintf("%d%d", id.A, id.B)
	codeSha := sha512.New()
	codeSha.Write(id.S)
	codeSha.Write([]byte(text))
	code := codeSha.Sum(nil)[32:64]

	if hex.EncodeToString(id.ID) != hex.EncodeToString(code) {
		return false
	}

	return true
}
Beispiel #20
0
func (sf *StateFile) deriveKey(pw string) error {
	if len(pw) == 0 && sf.header.Scrypt != nil {
		return BadPasswordError
	}
	params := sf.header.Scrypt
	key, err := scrypt.Key([]byte(pw), sf.header.KdfSalt, int(params.GetN()), int(params.GetR()), int(params.GetP()), kdfKeyLen)
	if err != nil {
		return err
	}
	copy(sf.key[:], key)
	return nil
}
Beispiel #21
0
func (a *AuthChallengeProvider) DeriveKey(password string, salt []byte) []byte {
	if password == "" {
		return nil
	}

	key, err := scrypt.Key([]byte(password), salt, 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}

	return key
}
Beispiel #22
0
func (store *FilesystemPasteStore) EncryptionKeyForPasteWithPassword(p *Paste, password string) []byte {
	if password == "" {
		return nil
	}

	key, err := scrypt.Key([]byte(password), []byte(p.encryptionSalt), 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}

	return key
}
Beispiel #23
0
func genKey(conn *userConn, pass, salt []byte) (key string, err error) {

	// Generate their salted, hashed password.
	keyBytes, err := scrypt.Key(pass, salt, 16384, 8, 1, 32)
	if err != nil {
		// If you can get here, it's probably
		// because of a bad password.
		sendAuthFail(conn, "Invalid Password")
		return "", err
	}

	return string(keyBytes), nil
}
Beispiel #24
0
// NewScrypt returns a new key derivation function that uses scrypt to do
// the derivation. The returned key will be 32 bytes in size.
// If N, r, or p are invalid nil and an error are returned.
// See code.google.com/p/go.crypto/scrypt#Key for details on proper values for
// N, r, and p.
func NewScrypt(N, r, p int) (func(salt, password []byte) []byte, error) {
	// The following two checks where copied directly from the scrypt implementation.
	if N <= 1 || N&(N-1) != 0 {
		return nil, errors.New("scrypt: N must be > 1 and a power of 2")
	}
	if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r {
		return nil, errors.New("scrypt: parameters are too large")
	}

	return func(salt, password []byte) []byte {
		key, _ := scrypt.Key(password, salt, N, r, p, 32)
		return key
	}, nil
}
Beispiel #25
0
func (u *User) SetPassword(password string) {
	var err error

	u.PasswordSalt = make([]byte, 16)
	_, err = rand.Read(u.PasswordSalt)
	if err != nil {
		panic(err)
	}

	u.PasswordHash, err = scrypt.Key([]byte(password), u.PasswordSalt, 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}
}
Beispiel #26
0
func (kx *KeyExchange) derivePassword() error {
	serialised, err := proto.Marshal(kx.sharedSecret.toProto())
	if err != nil {
		return err
	}

	if kx.Testing {
		h := sha256.New()
		h.Write([]byte{0})
		h.Write(serialised)
		h.Sum(kx.key[:0])

		h.Reset()
		h.Write([]byte{1})
		h.Write(serialised)
		h.Sum(kx.meeting1[:0])

		h.Reset()
		h.Write([]byte{2})
		h.Write(serialised)
		h.Sum(kx.meeting2[:0])
	} else {
		data, err := scrypt.Key(serialised, nil, 1<<17, 16, 4, 32*3)
		if err != nil {
			return err
		}

		copy(kx.key[:], data)
		copy(kx.meeting1[:], data[32:])
		copy(kx.meeting2[:], data[64:])
	}

	var encryptedDHPublic [32]byte
	rijndael.NewCipher(&kx.key).Encrypt(&encryptedDHPublic, &kx.dhPublic)

	l := len(encryptedDHPublic)
	if padding := kx.meetingPlace.Padding(); l > padding {
		return errors.New("panda: initial message too large for meeting place")
	} else if l < padding {
		l = padding
	}

	kx.message1 = make([]byte, l)
	copy(kx.message1, encryptedDHPublic[:])
	if _, err := io.ReadFull(kx.rand, kx.message1[len(encryptedDHPublic):]); err != nil {
		return err
	}

	return nil
}
Beispiel #27
0
// runtime is roughly proportional to r * p which must be less than 1 << 30
// this is intended to be SLOW, to foil brute force password attacks.
func main() {
	password := []byte("this is my key")
	salt := mdr.UdevRandomBlock(8)
	N := 16384
	r := 8
	p := 1
	keyLen := 32
	newKey, err := scrypt.Key(password, salt, N, r, p, keyLen)
	if err != nil {
		mdr.FatalError(err)
	}
	fmt.Printf("newKey : %x\n", newKey)
	fmt.Printf("r * p (%d) < (%d) \n", r*p, 1<<30)
	fmt.Printf("done\n")
}
Beispiel #28
0
func NewSecret(password []byte) (secret *Secret, err error) {
	secret = new(Secret)

	secret.Salt, err = Random(16)
	if err != nil {
		return
	}

	key, err := scrypt.Key(password, secret.Salt, 16384, 8, 1, 32)
	if err != nil {
		return
	}

	copy(secret.Key[:], key)
	return
}
Beispiel #29
0
func deriveKey(salt []byte) *[keyvault.KeyLen]byte {
	password, err := readpass.PasswordPromptBytes("Vault password: "******"Failed to read password: %v\n", err)
		os.Exit(1)
	}

	key, err := scrypt.Key(password, salt, 16384, 8, 1, keyvault.KeyLen)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Failed to derive key: %v\n", err)
		os.Exit(1)
	}

	var vaultKey [keyvault.KeyLen]byte
	copy(vaultKey[:], key)
	return &vaultKey
}
Beispiel #30
0
// encrypt uses scrypt
// https://code.google.com/p/go/source/browse/?repo=crypto#hg%2Fscrypt
// to derive a secure key
func encrypt(salt string, clearstr string) (crypt string, err error) {

	saltBytes, err := hex.DecodeString(salt)
	if err != nil {
		glog.Errorf("Undecodable pw_salt (%s)", salt)
		return
	}

	combined := make([]byte, 64+32)
	_ = copy(combined[0:64], Conf.ServerKey)
	_ = copy(combined[64:], saltBytes)

	cryptBytes, err := scrypt.Key([]byte(clearstr), combined, 16384, 8, 1, 64)
	if err != nil {
		glog.Errorf("Failure in execution of scrypt: %s", err)
	}
	crypt = hex.EncodeToString(cryptBytes)
	return crypt, err
}