Exemple #1
0
func forwardData(conn net.Conn, data []byte, stream cipher.Stream) (n int, err error) {
	left := len(data) % 16
	first := len(data) - left
	n1 := 0
	if first != 0 {
		dst := make([]byte, 8+first)
		binary.BigEndian.PutUint32(dst, uint32(first))
		binary.BigEndian.PutUint32(dst[4:], uint32(first))
		stream.XORKeyStream(dst[8:], data[0:first])
		n1, err = conn.Write(dst)
		if err != nil {
			return n1, err
		}
	}
	n2 := 0
	if left != 0 {
		src := make([]byte, 16)
		dst := make([]byte, 8+16)
		copy(src, data[first:])
		binary.BigEndian.PutUint32(dst, uint32(left))
		binary.BigEndian.PutUint32(dst[4:], uint32(16))
		stream.XORKeyStream(dst[8:], src)
		n2, err = conn.Write(dst)
		if err != nil {
			return n2, err
		}
	}
	return n1 + n2, err
}
Exemple #2
0
// Try to generate a point on this curve from a chosen x-coordinate,
// with a random sign.
func (p *curvePoint) genPoint(x *big.Int, rand cipher.Stream) bool {

	// Compute the corresponding Y coordinate, if any
	y2 := new(big.Int).Mul(x, x)
	y2.Mul(y2, x)
	threeX := new(big.Int).Lsh(x, 1)
	threeX.Add(threeX, x)
	y2.Sub(y2, threeX)
	y2.Add(y2, p.c.p.B)
	y2.Mod(y2, p.c.p.P)
	y := p.c.sqrt(y2)

	// Pick a random sign for the y coordinate
	b := make([]byte, 1)
	rand.XORKeyStream(b, b)
	if (b[0] & 0x80) != 0 {
		y.Sub(p.c.p.P, y)
	}

	// Check that it's a valid point
	y2t := new(big.Int).Mul(y, y)
	y2t.Mod(y2t, p.c.p.P)
	if y2t.Cmp(y2) != 0 {
		return false // Doesn't yield a valid point!
	}

	p.x = x
	p.y = y
	return true
}
Exemple #3
0
func AesEncryptData(data, key []byte, ctp string) []byte {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil
	}

	// The IV needs to be unique, but not secure. Therefore it's common to
	// include it at the beginning of the ciphertext.
	data_enc := make([]byte, aes.BlockSize+len(data))
	iv := data_enc[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		return nil
	}

	var stream cipher.Stream
	switch ctp {
	case "cfb":
		stream = cipher.NewCFBEncrypter(block, iv)
	case "ctr":
		stream = cipher.NewCTR(block, iv)
	default:
		stream = cipher.NewOFB(block, iv)
	}
	stream.XORKeyStream(data_enc[aes.BlockSize:], data)

	// It's important to remember that ciphertexts must be authenticated
	// (i.e. by using crypto/hmac) as well as being encrypted in order to
	// be secure.

	return data_enc
}
Exemple #4
0
func (s *secret) Pick(rand cipher.Stream) abstract.Secret {
	rand.XORKeyStream(s.b[:], s.b[:])
	s.b[0] &= 248
	s.b[31] &= 63
	s.b[31] |= 64
	return s
}
Exemple #5
0
func AESEncrypt(s string, key string) (c string, err error) {
	var k []byte
	var block cipher.Block
	var cfb cipher.Stream
	var cb []byte
	var iv []byte

	k = AESMake256Key(key)

	block, err = aes.NewCipher(k)
	if err != nil {
		return
	}

	cb = make([]byte, aes.BlockSize+len(s))
	iv = cb[:aes.BlockSize]
	_, err = io.ReadFull(rand.Reader, iv)
	if err != nil {
		return
	}

	cfb = cipher.NewCFBEncrypter(block, iv)
	cfb.XORKeyStream(cb[aes.BlockSize:], bytes.NewBufferString(s).Bytes())

	c = hex.EncodeToString(cb)
	return
}
Exemple #6
0
func (p *point) Pick(data []byte, rand cipher.Stream) (abstract.Point, []byte) {

	l := p.c.PointLen()
	dl := p.PickLen()
	if dl > len(data) {
		dl = len(data)
	}

	b := make([]byte, l)
	for {
		// Pick a random compressed point, and overlay the data.
		// Decoding will fail if the point is not on the curve.
		rand.XORKeyStream(b, b)
		b[0] = (b[0] & 1) | 2 // COMPRESSED, random y bit

		if data != nil {
			b[l-1] = byte(dl)         // Encode length in low 8 bits
			copy(b[l-dl-1:l-1], data) // Copy in data to embed
		}

		if err := p.UnmarshalBinary(b); err == nil { // See if it decodes!
			return p, data[dl:]
		}

		// otherwise try again...
	}
}
Exemple #7
0
func AESDecrypt(c string, key string) (s string, err error) {
	var k []byte
	var block cipher.Block
	var cfb cipher.Stream
	var cb []byte
	var iv []byte

	k = AESMake256Key(key)

	cb, err = hex.DecodeString(c)
	if err != nil {
		return
	}

	block, err = aes.NewCipher(k)
	if err != nil {
		return
	}
	if len(cb) < aes.BlockSize {
		err = errors.New("crypt string is too short")
		return
	}

	iv = cb[:aes.BlockSize]
	cb = cb[aes.BlockSize:]

	cfb = cipher.NewCFBDecrypter(block, iv)
	cfb.XORKeyStream(cb, cb)
	s = bytes.NewBuffer(cb).String()
	return
}
Exemple #8
0
// HideEncode a Int such that it appears indistinguishable
// from a HideLen()-byte string chosen uniformly at random,
// assuming the Int contains a uniform integer modulo M.
// For a Int this always succeeds and returns non-nil.
func (i *Int) HideEncode(rand cipher.Stream) []byte {

	// Lengh of required encoding
	hidelen := i.HideLen()

	// Bit-position of the most-significant bit of the modular integer
	// in the most-significant byte of its encoding.
	highbit := uint((i.M.BitLen() - 1) & 7)

	var enc big.Int
	for {
		// Pick a random multiplier of a suitable bit-length.
		var b [1]byte
		rand.XORKeyStream(b[:], b[:])
		mult := int64(b[0] >> highbit)

		// Multiply, and see if we end up with
		// a Int of the proper byte-length.
		// Reroll if we get a result larger than HideLen(),
		// to ensure uniformity of the resulting encoding.
		enc.SetInt64(mult).Mul(&i.V, &enc)
		if enc.BitLen() <= hidelen*8 {
			break
		}
	}

	b := enc.Bytes() // may be shorter than l
	if ofs := hidelen - len(b); ofs != 0 {
		b = append(make([]byte, ofs), b...)
	}
	return b
}
Exemple #9
0
func AesDecryptData(data, key []byte, ctp string) []byte {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil
	}

	if len(data) < aes.BlockSize {
		return nil
	}

	iv := data[:aes.BlockSize]
	data_dec := data[aes.BlockSize:]

	var stream cipher.Stream
	switch ctp {
	case "cfb":
		stream = cipher.NewCFBDecrypter(block, iv)
	case "ctr":
		stream = cipher.NewCTR(block, iv)
	default:
		stream = cipher.NewOFB(block, iv)
	}

	// XORKeyStream can work in-place if the two arguments are the same.
	stream.XORKeyStream(data_dec, data_dec)
	return data_dec
}
Exemple #10
0
func benchmarkStream(b *testing.B, c cipher.Stream) {
	b.SetBytes(benchSize)
	input := make([]byte, benchSize)
	output := make([]byte, benchSize)
	for i := 0; i < b.N; i++ {
		c.XORKeyStream(output, input)
	}
}
Exemple #11
0
// Elligator 1 reverse-map from point to uniform representative.
// Returns nil if point has no uniform representative.
// See section 3.3 of the Elligator paper.
func (el *el1param) HideEncode(P point, rand cipher.Stream) []byte {
	ec := el.ec
	x, y := P.getXY()
	var a, b, etar, etarp1, X, z, u, t, t1 nist.Int

	// condition 1: a = y+1 is nonzero
	a.Add(y, &ec.one)
	if a.V.Sign() == 0 {
		return nil // y+1 = 0, no representative
	}

	// etar = r(y-1)/2(y+1)
	t1.Add(y, &ec.one).Add(&t1, &t1) // 2(y+1)
	etar.Sub(y, &ec.one).Mul(&etar, &el.r).Div(&etar, &t1)

	// condition 2: b = (1 + eta r)^2 - 1 is a square
	etarp1.Add(&ec.one, &etar) // etarp1 = (1 + eta r)
	b.Mul(&etarp1, &etarp1).Sub(&b, &ec.one)
	if math.Jacobi(&b.V, b.M) < 0 {
		return nil // b not a square, no representative
	}

	// condition 3: if etar = -2 then x=2s(c-1)Chi(c)/r
	if etar.Equal(&el.m2) && !x.Equal(&el.c3x) {
		return nil
	}

	// X = -(1+eta r)+((1+eta r)^2-1)^((q+1)/4)
	X.Exp(&b, &el.pp1d4).Sub(&X, &etarp1)

	// z = Chi((c-1)sX(1+X)x(X^2+1/c^2))
	z.Mul(&el.cm1s, &X).Mul(&z, t.Add(&ec.one, &X)).Mul(&z, x)
	z.Mul(&z, t.Mul(&X, &X).Add(&t, &el.invc2))
	chi(&z, &z)

	// u = zX
	u.Mul(&z, &X)

	// t = (1-u)/(1+u)
	t.Div(a.Sub(&ec.one, &u), b.Add(&ec.one, &u))

	// Map representative to a byte-string by padding the upper byte.
	// This assumes that the prime c.P is close enough to a power of 2
	// that the adversary will never notice the "missing" values;
	// this is true for the class of curves Elligator1 was designed for.
	rep, _ := t.MarshalBinary()
	padmask := el.padmask()
	if padmask != 0 {
		var pad [1]byte
		rand.XORKeyStream(pad[:], pad[:])
		rep[0] |= pad[0] & padmask
	}
	return rep
}
Exemple #12
0
func encrypt_data(plain, keys []byte) ([]byte, error) {
	var iv, key []byte
	var block cipher.Block
	var stream cipher.Stream

	iv_offset := TotalIVLen
	res := make([]byte, len(plain)+iv_offset)

	iv = res[iv_offset-SalsaIVLen : iv_offset]
	_, err := rand.Read(iv)
	if err != nil {
		return nil, err
	}
	// For some reason salsa20 API is different
	key_array := new([32]byte)
	copy(key_array[:], keys[cipherKeyLen*2:])
	salsa20.XORKeyStream(res[iv_offset:], plain, iv, key_array)
	iv_offset -= SalsaIVLen

	iv = res[iv_offset-IVLen : iv_offset]
	_, err = rand.Read(iv)
	if err != nil {
		return nil, err
	}
	key = keys[cipherKeyLen : cipherKeyLen*2]
	block, err = twofish.NewCipher(key)
	if err != nil {
		return nil, err
	}
	stream = cipher.NewCTR(block, iv)
	stream.XORKeyStream(res[iv_offset:], res[iv_offset:])
	iv_offset -= IVLen

	iv = res[iv_offset-IVLen : iv_offset]
	_, err = rand.Read(iv)
	if err != nil {
		return nil, err
	}
	key = keys[:cipherKeyLen]
	block, err = aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	stream = cipher.NewCTR(block, iv)
	stream.XORKeyStream(res[iv_offset:], res[iv_offset:])
	iv_offset -= IVLen

	if iv_offset != 0 {
		panic(fmt.Errorf("something went terribly wrong: iv_offset final value non-zero"))
	}

	return res, nil
}
Exemple #13
0
func test_correctness2(t *testing.T, ec, dc cipher.Stream, sample2, origin2 []byte) {
	n := mrand.Int() & 0xff
	for i := 0; i < n; i++ {
		ec.XORKeyStream(sample2, sample2)
	}
	for i := 0; i < n; i++ {
		dc.XORKeyStream(sample2, sample2)
	}
	// assertion
	if dumpDiff(origin2, sample2) {
		t.Fatalf("Incorrect result")
	}
}
Exemple #14
0
func (P *point) Pick(data []byte, rand cipher.Stream) (abstract.Point, []byte) {

	// How many bytes to embed?
	dl := P.PickLen()
	if dl > len(data) {
		dl = len(data)
	}

	for {
		// Pick a random point, with optional embedded data
		var b [32]byte
		rand.XORKeyStream(b[:], b[:])
		if data != nil {
			b[0] = byte(dl)       // Encode length in low 8 bits
			copy(b[1:1+dl], data) // Copy in data to embed
		}
		if !P.ge.FromBytes(b[:]) { // Try to decode
			continue // invalid point, retry
		}

		// If we're using the full group,
		// we just need any point on the curve, so we're done.
		//		if c.full {
		//			return P,data[dl:]
		//		}

		// We're using the prime-order subgroup,
		// so we need to make sure the point is in that subgroup.
		// If we're not trying to embed data,
		// we can convert our point into one in the subgroup
		// simply by multiplying it by the cofactor.
		if data == nil {
			P.Mul(P, cofactor) // multiply by cofactor
			if P.Equal(nullPoint) {
				continue // unlucky; try again
			}
			return P, data[dl:] // success
		}

		// Since we need the point's y-coordinate to hold our data,
		// we must simply check if the point is in the subgroup
		// and retry point generation until it is.
		var Q point
		Q.Mul(P, primeOrder)
		if Q.Equal(nullPoint) {
			return P, data[dl:] // success
		}

		// Keep trying...
	}
}
Exemple #15
0
// Elligator 2 reverse-map from point to uniform representative.
// Returns nil if point has no uniform representative.
// See section 5.3 of the Elligator paper.
func (el *el2param) HideEncode(P point, rand cipher.Stream) []byte {
	edx, edy := P.getXY()
	var x, y, r, xpA, t1 nist.Int

	// convert Edwards to Montgomery coordinates
	el.ed2mont(&x, &y, edx, edy)

	// condition 1: x != -A
	if x.Equal(&el.negA) {
		return nil // x = -A, no representative
	}

	// condition 2: if y=0, then x=0
	if y.V.Sign() == 0 && x.V.Sign() != 0 {
		return nil // y=0 but x!=0, no representative
	}

	// condition 3: -ux(x+A) is a square
	xpA.Add(&x, &el.A)
	t1.Mul(&el.u, &x).Mul(&t1, &xpA).Neg(&t1)
	if math.Jacobi(&t1.V, t1.M) < 0 {
		return nil // not a square, no representative
	}

	if y.V.Cmp(&el.pm1d2) <= 0 { // y in image of sqrt function
		r.Mul(&xpA, &el.u).Div(&x, &r)
	} else { // y not in image of sqrt function
		r.Mul(&el.u, &x).Div(&xpA, &r)
	}
	r.Neg(&r)
	el.sqrt(&r, &r)

	// Sanity check on result
	if r.V.Cmp(&el.pm1d2) > 0 {
		panic("el2: r too big")
	}

	// Map representative to a byte-string by padding the upper byte.
	// This assumes that the prime c.P is close enough to a power of 2
	// that the adversary will never notice the "missing" values;
	// this is true for the class of curves Elligator1 was designed for.
	rep, _ := r.MarshalBinary()
	padmask := el.padmask()
	if padmask != 0 {
		var pad [1]byte
		rand.XORKeyStream(pad[:], pad[:])
		rep[0] |= pad[0] & padmask
	}
	return rep
}
Exemple #16
0
// Set bignum n to a uniform random BigInt with a given maximum BitLen.
// If 'exact' is true, choose a BigInt with _exactly_ that BitLen, not less
func (n *bignum) RandBits(bitlen uint, exact bool, rand cipher.Stream) *bignum {
	b := make([]byte, (bitlen+7)/8)
	rand.XORKeyStream(b, b)
	highbits := bitlen & 7
	if highbits != 0 {
		b[0] &= ^(0xff << highbits)
	}
	if exact {
		if highbits != 0 {
			b[0] |= 1 << (highbits - 1)
		} else {
			b[0] |= 0x80
		}
	}
	n.SetBytes(b)
	return n
}
Exemple #17
0
func HandleStream(t net.Conn, f net.Conn, s cipher.Stream) {
	in := make([]byte, 1024*4)
	out := make([]byte, 1024*4)
	for {
		n, err := f.Read(in)
		if n > 0 {
			s.XORKeyStream(out, in[:n])
			_, err2 := t.Write(out[:n])
			if err != nil || err2 != nil {
				return
			}
		} else {
			return
		}

	}
}
Exemple #18
0
func (this *OnlineUser) PullFromClient() {
	for {
		var content string
		err := websocket.Message.Receive(this.Connection, &content)
		// If user closes or refreshes the browser, a err will occur
		if err != nil {
			return
		}

		// Podemos modificar el texto que reciben todos los usuarios
		// content = "prueba"

		// Obtenemos hash de 256 con la clave
		h := sha256.New()
		h.Reset()
		h.Write([]byte(clave))
		key := h.Sum(nil)

		// Utilizamos la interfaz cipher para descifrar y cifrar
		var S cipher.Stream

		// RC4 proporciona un cipher.Stream directamente al ser cifrado en flujo
		a, err := rc4.NewCipher(key)
		check(err)
		S = a

		// Desciframos y parseamos de []byte a string
		cadCifrada := []byte(content)
		plaintext := make([]byte, len(cadCifrada))
		S.XORKeyStream(plaintext, cadCifrada)
		content = string(plaintext[:])

		// Mostramos el mensaje a todos

		m := Message{
			MType: TEXT_MTYPE,
			TextMessage: TextMessage{
				UserInfo: this.UserInfo,
				Time:     humanCreatedAt(),
				Content:  content,
			},
		}
		this.InRoom.Broadcast <- m
	}
}
Exemple #19
0
// After Layout() has been called to layout the header,
// the client may call Payload() any number of times
// to reserve regions for encrypted payloads in the message.
// Returns the byte offset in the message where the payload was placed.
//
// Although the client could as well encrypt the data before calling Payload(),
// we take a cleartext and a cipher.Stream to "make sure" it gets encrypted.
// (Callers who really want to do their own encryption can pass in
// a no-op cipher.Stream, but this isn't recommended.)
func (w *Writer) Payload(data []byte, encrypt cipher.Stream) int {
	l := len(data)
	if l == 0 {
		panic("zero-length payload not allowed")
	}

	// Allocate space for the payload
	lo := w.layout.alloc(l, "payload")
	hi := lo + l

	// Expand the message buffer capacity as needed
	buf := w.growBuf(lo, hi)

	// Encrypt and copy in the payload.
	encrypt.XORKeyStream(buf, data)

	return lo
}
Exemple #20
0
func test_correctness(t *testing.T, ec, dc cipher.Stream, sample2, origin2 []byte) {
	// n-times encrypt, then decrypt all onetime.
	randSlice(sample2, ec.XORKeyStream)
	dc.XORKeyStream(sample2, sample2)

	// assertion
	if dumpDiff(origin2, sample2) {
		t.Fatalf("Incorrect result")
	}

	// encrypt all onetime. then n-times decrypt
	ec.XORKeyStream(sample2, sample2)
	randSlice(sample2, dc.XORKeyStream)

	// assertion
	if dumpDiff(origin2, sample2) {
		t.Fatalf("Incorrect result")
	}
}
Exemple #21
0
func decrypt_data(dst, data, keys []byte) error {
	var iv, key []byte
	var block cipher.Block
	var stream cipher.Stream
	var err error

	buffer := append([]byte{}, data...)

	iv_offset := IVLen
	iv = buffer[:iv_offset]
	key = keys[:cipherKeyLen]
	block, err = aes.NewCipher(key)
	if err != nil {
		return err
	}
	stream = cipher.NewCTR(block, iv)
	stream.XORKeyStream(buffer[iv_offset:], buffer[iv_offset:])

	iv_offset += IVLen
	iv = buffer[iv_offset-IVLen : iv_offset]
	key = keys[cipherKeyLen : cipherKeyLen*2]
	block, err = twofish.NewCipher(key)
	if err != nil {
		return err
	}
	stream = cipher.NewCTR(block, iv)
	stream.XORKeyStream(buffer[iv_offset:], buffer[iv_offset:])

	iv_offset += SalsaIVLen
	iv = buffer[iv_offset-SalsaIVLen : iv_offset]
	key_array := new([32]byte)
	copy(key_array[:], keys[cipherKeyLen*2:])
	salsa20.XORKeyStream(dst, buffer[iv_offset:], iv, key_array)

	if len(buffer[iv_offset:]) != len(data)-TotalIVLen {
		return fmt.Errorf("something went terribly wrong: bufsz is wrong")
	}

	return nil
}
func Obfs3fHandshake(wire net.Conn, is_server bool) (io.ReadWriteCloser, error) {
	var their_public dh_public_key
	var our_keypair = dh_gen_key(1536)
	var secret []byte
	var write_rc4, read_rc4 cipher.Stream
	their_public = make([]byte, 1536/8)
	if is_server {
		_, err := io.ReadFull(wire, their_public)
		if err != nil {
			return nil, err
		}
		_, err = wire.Write(our_keypair.Public)
		if err != nil {
			return nil, err
		}
		secret = dh_gen_secret(our_keypair.Private, their_public)
		write_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_downstr")))
		read_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_upstr")))
	} else {
		_, err := wire.Write(our_keypair.Public)
		if err != nil {
			return nil, err
		}
		_, err = io.ReadFull(wire, their_public)
		if err != nil {
			return nil, err
		}
		secret = dh_gen_secret(our_keypair.Private, their_public)
		write_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_upstr")))
		read_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_downstr")))
	}
	read_rc4.XORKeyStream(make([]byte, 8192), make([]byte, 8192))
	write_rc4.XORKeyStream(make([]byte, 8192), make([]byte, 8192))

	toret := &Obfs3f{read_rc4, write_rc4, wire}
	thing := make(chan bool)
	go func() {
		randlen := make([]byte, 2)
		rand.Read(randlen)
		rlint := int(randlen[0])*256 + int(randlen[1])
		xaxa := make([]byte, rlint)
		toret.Write(randlen)
		toret.Write(xaxa)
		thing <- true
	}()

	randlen := make([]byte, 2)
	_, err := io.ReadFull(toret, randlen)
	if err != nil {
		return nil, err
	}
	_, err = io.ReadFull(toret, make([]byte, int(randlen[0])*256+int(randlen[1])))
	if err != nil {
		return nil, err
	}
	<-thing
	return io.ReadWriteCloser(toret), nil
}
Exemple #23
0
func (this *OnlineUser) PushToClient() {
	for b := range this.Send {

		// Podemos modificar el texto que se envia
		// b.TextMessage.Content = "prueba"

		// Obtenemos hash de 256 con la clave
		h := sha256.New()
		h.Reset()
		h.Write([]byte(clave))
		key := h.Sum(nil)

		// Utilizamos la interfaz cipher para descifrar y cifrar
		var S cipher.Stream

		// RC4 proporciona un cipher.Stream directamente al ser cifrado en flujo
		c, error := rc4.NewCipher(key)
		check(error)
		S = c

		// Ciframos
		plaintext := []byte(b.TextMessage.Content)
		cadCifrada := make([]byte, len(plaintext))
		S.XORKeyStream(cadCifrada, plaintext)

		// Enviamos parseando de []byte a string
		b.TextMessage.Content = string(cadCifrada[:])

		// Enviamos la cadena cifrada

		err := websocket.JSON.Send(this.Connection, b)
		if err != nil {
			break
		}
	}
}
Exemple #24
0
// Choose a uniform random BigInt with a given maximum BitLen.
// If 'exact' is true, choose a BigInt with _exactly_ that BitLen, not less
func Bits(bitlen uint, exact bool, rand cipher.Stream) []byte {
	b := make([]byte, (bitlen+7)/8)
	rand.XORKeyStream(b, b)
	highbits := bitlen & 7
	if highbits != 0 {
		b[0] &= ^(0xff << highbits)
	}
	if exact {
		if highbits != 0 {
			b[0] |= 1 << (highbits - 1)
		} else {
			b[0] |= 0x80
		}
	}
	return b
}
Exemple #25
0
func encodeAndWrite(conn net.Conn, in []byte, s cipher.Stream) {
	out := make([]byte, len(in))
	s.XORKeyStream(out, in)
	conn.Write(out)
}
Exemple #26
0
func readAndDecode(conn net.Conn, out []byte, s cipher.Stream) {
	in := make([]byte, len(out))
	conn.Read(in)
	s.XORKeyStream(out, in)
}
Exemple #27
0
// Choose a random n-byte slice
func Bytes(n int, rand cipher.Stream) []byte {
	b := make([]byte, n)
	rand.XORKeyStream(b, b)
	return b
}
Exemple #28
0
// force filling xor buffer
func initStream(chacha cipher.Stream) {
	tmp := make([]byte, _CHACHA_STREAM_SIZE)
	chacha.XORKeyStream(tmp, tmp)
}
Exemple #29
0
// Pick a [pseudo-]random curve point with optional embedded data,
// filling in the point's x,y coordinates
// and returning any remaining data not embedded.
func (c *curve) pickPoint(P point, data []byte, rand cipher.Stream) []byte {

	// How much data to embed?
	dl := c.pickLen()
	if dl > len(data) {
		dl = len(data)
	}

	// Retry until we find a valid point
	var x, y nist.Int
	var Q abstract.Point
	for {
		// Get random bits the size of a compressed Point encoding,
		// in which the topmost bit is reserved for the x-coord sign.
		l := c.PointLen()
		b := make([]byte, l)
		rand.XORKeyStream(b, b) // Interpret as little-endian
		if data != nil {
			b[0] = byte(dl)       // Encode length in low 8 bits
			copy(b[1:1+dl], data) // Copy in data to embed
		}
		util.Reverse(b, b) // Convert to big-endian form

		xsign := b[0] >> 7                    // save x-coordinate sign bit
		b[0] &^= 0xff << uint(c.P.BitLen()&7) // clear high bits

		y.M = &c.P // set y-coordinate
		y.SetBytes(b)

		if !c.solveForX(&x, &y) { // Corresponding x-coordinate?
			continue // none, retry
		}

		// Pick a random sign for the x-coordinate
		if c.coordSign(&x) != uint(xsign) {
			x.Neg(&x)
		}

		// Initialize the point
		P.initXY(&x.V, &y.V, c.self)
		if c.full {
			// If we're using the full group,
			// we just need any point on the curve, so we're done.
			return data[dl:]
		}

		// We're using the prime-order subgroup,
		// so we need to make sure the point is in that subgroup.
		// If we're not trying to embed data,
		// we can convert our point into one in the subgroup
		// simply by multiplying it by the cofactor.
		if data == nil {
			P.Mul(P, &c.cofact) // multiply by cofactor
			if P.Equal(c.null) {
				continue // unlucky; try again
			}
			return data[dl:]
		}

		// Since we need the point's y-coordinate to make sense,
		// we must simply check if the point is in the subgroup
		// and retry point generation until it is.
		if Q == nil {
			Q = c.self.Point()
		}
		Q.Mul(P, &c.order)
		if Q.Equal(c.null) {
			return data[dl:]
		}

		// Keep trying...
	}
}
Exemple #30
0
// Download file from filesystem
func (m Mega) DownloadFile(src *Node, dstpath string, progress *chan int) error {
	m.FS.mutex.Lock()
	defer m.FS.mutex.Unlock()

	defer func() {
		if progress != nil {
			close(*progress)
		}
	}()

	if src == nil {
		return EARGS
	}

	var msg [1]DownloadMsg
	var res [1]DownloadResp
	var outfile *os.File
	var mutex sync.Mutex

	_, err := os.Stat(dstpath)
	if os.IsExist(err) {
		os.Remove(dstpath)
	}

	outfile, err = os.OpenFile(dstpath, os.O_RDWR|os.O_CREATE, 0600)
	if err != nil {
		return err
	}

	msg[0].Cmd = "g"
	msg[0].G = 1
	msg[0].N = src.hash

	request, _ := json.Marshal(msg)
	result, err := m.api_request(request)
	if err != nil {
		return err
	}

	err = json.Unmarshal(result, &res)
	if err != nil {
		return err
	}
	resourceUrl := res[0].G

	_, err = decryptAttr(src.meta.key, []byte(res[0].Attr))

	aes_block, _ := aes.NewCipher(src.meta.key)

	mac_data := a32_to_bytes([]uint32{0, 0, 0, 0})
	mac_enc := cipher.NewCBCEncrypter(aes_block, mac_data)
	t := bytes_to_a32(src.meta.iv)
	iv := a32_to_bytes([]uint32{t[0], t[1], t[0], t[1]})

	sorted_chunks := []int{}
	chunks := getChunkSizes(int(res[0].Size))
	chunk_macs := make([][]byte, len(chunks))

	for k, _ := range chunks {
		sorted_chunks = append(sorted_chunks, k)
	}
	sort.Ints(sorted_chunks)

	workch := make(chan int)
	errch := make(chan error, 1)
	wg := sync.WaitGroup{}

	// Fire chunk download workers
	for w := 0; w < m.dl_workers; w++ {
		wg.Add(1)

		go func() {
			defer wg.Done()
			var id int
			var ok bool

			for {
				// Wait for work blocked on channel
				select {
				case err := <-errch:
					errch <- err
					return
				case id, ok = <-workch:
					if ok == false {
						return
					}
				}

				var resource *http.Response
				mutex.Lock()
				chk_start := sorted_chunks[id]
				chk_size := chunks[chk_start]
				mutex.Unlock()
				chunk_url := fmt.Sprintf("%s/%d-%d", resourceUrl, chk_start, chk_start+chk_size-1)
				for retry := 0; retry < m.retries+1; retry++ {
					resource, err = client.Get(chunk_url)
					if err == nil {
						break
					}
				}

				var ctr_iv []uint32
				var ctr_aes cipher.Stream
				var chunk []byte

				if err == nil {
					ctr_iv = bytes_to_a32(src.meta.iv)
					ctr_iv[2] = uint32(uint64(chk_start) / 0x1000000000)
					ctr_iv[3] = uint32(chk_start / 0x10)
					ctr_aes = cipher.NewCTR(aes_block, a32_to_bytes(ctr_iv))
					chunk, err = ioutil.ReadAll(resource.Body)
				}

				if err != nil {
					errch <- err
					return
				}
				resource.Body.Close()
				ctr_aes.XORKeyStream(chunk, chunk)
				outfile.WriteAt(chunk, int64(chk_start))

				enc := cipher.NewCBCEncrypter(aes_block, iv)
				i := 0
				block := []byte{}
				chunk = paddnull(chunk, 16)
				for i = 0; i < len(chunk); i += 16 {
					block = chunk[i : i+16]
					enc.CryptBlocks(block, block)
				}

				mutex.Lock()
				if len(chunk_macs) > 0 {
					chunk_macs[id] = make([]byte, 16)
					copy(chunk_macs[id], block)
				}
				mutex.Unlock()

				if progress != nil {
					*progress <- chk_size
				}
			}
		}()
	}

	// Place chunk download jobs to chan
	for id := 0; id < len(chunks); {
		select {
		case workch <- id:
			id++
			if id == len(chunks) {
				close(workch)
				break
			}
		case err := <-errch:
			errch <- err
			break
		}
	}

	wg.Wait()

	select {
	case err = <-errch:
	default:
	}

	if err != nil {
		os.Remove(dstpath)
		return err
	}

	for _, v := range chunk_macs {
		mac_enc.CryptBlocks(mac_data, v)
	}

	outfile.Close()
	tmac := bytes_to_a32(mac_data)
	if bytes.Equal(a32_to_bytes([]uint32{tmac[0] ^ tmac[1], tmac[2] ^ tmac[3]}), src.meta.mac) == false {
		return EMACMISMATCH
	}

	return nil
}