Beispiel #1
0
func auth(conn net.Conn) (secret []byte, err error) {
	challenge, err := readPack(conn)
	if err != nil {
		return
	}
	log(DEBUG, "challenge: %X\n", challenge)

	a := crypt.Randomkey()
	A := crypt.DHExchange(a)
	err = writePack(conn, A.Bytes())
	if err != nil {
		return
	}
	log(DEBUG, "A: %X\n", A.Bytes())

	B, err := readPack(conn)
	if err != nil {
		return
	}
	log(DEBUG, "B: %X\n", B)

	z := new(big.Int)
	z.SetBytes(B)
	s := crypt.DHSecret(a, z)
	log(DEBUG, "secret: %X\n", s.Bytes())

	mac := hmac.New(sha256.New, s.Bytes())
	mac.Write(challenge)
	err = writePack(conn, mac.Sum(nil))
	if err != nil {
		return
	}

	if len(s.Bytes()) < 16 {
		err = errors.New("secret length less than 16 bytes")
		return
	}

	secret = s.Bytes()[:16]
	return
}
Beispiel #2
0
func dhsecret(conn net.Conn) (secret []byte, err error) {
	challenge := make([]byte, 8)
	binary.BigEndian.PutUint64(challenge, uint64(rand.Int63()))
	err = writePack(conn, challenge)
	if err != nil {
		return
	}

	B, err := readPack(conn)
	if err != nil {
		return
	}

	a := crypt.Randomkey()
	A := crypt.DHExchange(a)
	err = writePack(conn, A.Bytes())
	if err != nil {
		return
	}

	z := new(big.Int)
	z.SetBytes(B)
	s := crypt.DHSecret(a, z)

	response, err := readPack(conn)
	if err != nil {
		return
	}

	if !challengeCheck(challenge, s.Bytes(), response) {
		err = errors.New("challenge failed")
		return
	}

	secret = s.Bytes()[:16]
	return
}