Exemple #1
0
// Read reads the next len(p) bytes from the SecureReader or until the
// SecureReader's buffer is drained.
//
// In the case that the decrypted message does not fit into p, the
// remainder is made available on the next call to Read.
func (r *SecureReader) Read(p []byte) (n int, err error) {
	// Previous short read?
	if r.n > 0 && r.n < len(r.msg) {
		n = copy(p, r.msg[r.n:])
		r.n += n
		return n, err
	}

	nr, err := io.ReadAtLeast(r.r, r.buf, nsize+minBoxSize)
	if nr == 0 {
		return 0, io.EOF
	} else if err == io.ErrUnexpectedEOF {
		return 0, ErrInvalidMessage
	} else if err != nil {
		return 0, err
	}

	// The first nsize bytes of the stream are the nonce; the box then
	// follows.
	copy(r.nonce[:], r.buf[:nsize])

	var ok bool
	r.msg, ok = box.OpenAfterPrecomputation(r.msg[:0], r.buf[nsize:nr], &r.nonce, &r.key)
	n = copy(p, r.msg)
	if !ok {
		return n, ErrOpenBox
	}

	r.n += n
	return n, err
}
Exemple #2
0
// Read verifies and decrypts a ciphertext using NACL.
// Wire format:
//  1. nonce (24 bytes)
//  2. size (2 bytes, little endian)
//  3. ciphertext (number of bytes given by previous value)
// Not sure if it would be worth beginning with a magic id.
// This simple implementation is equivalent to a ReadFull - the supplied buffer
// must be big enough to contain the entire plaintext (which is limited to 32K)
// as a successful read will return the entire message.
func (sr secureReader) Read(buf []byte) (int, error) {
	// read the 24 bytes nonce
	var nonce [24]byte
	if _, err := io.ReadFull(sr.r, nonce[:]); err != nil {
		return 0, errors.New("secureReader: cant read nonce: " + err.Error())
	}
	// read the ciphertext size
	var size uint16
	if err := binary.Read(sr.r, binary.LittleEndian, &size); err != nil {
		return 0, errors.New("secureReader: cant read ciphertext size: " + err.Error())
	}
	// check if the supplied buffer is big enough to contain the plain text
	if uint16(len(buf)) < size-box.Overhead {
		return 0, fmt.Errorf("secureReader: ciphertext too long (%d, max = %d)", size, len(buf)+box.Overhead)
	}
	// read the ciphertext
	ctext := make([]byte, size)
	if _, err := io.ReadFull(sr.r, ctext); err != nil {
		return 0, errors.New("secureReader: cant read ciphertext: " + err.Error())
	}
	// verify + decrypt ciphertext into buf and return size of plaintext
	if buf, ok := box.OpenAfterPrecomputation(buf[0:0], ctext, &nonce, &sr.shared); ok {
		return len(buf), nil
	}
	return 0, errors.New("secureReader: error opening box")
}
Exemple #3
0
func (c *Conn) readFrame() ([]byte, opcode, error) {
	b, err := c.conn.ReadFrame()
	if err != nil {
		return nil, 0, err
	}

	if len(b) < 17 {
		return nil, 0, fmt.Errorf("unexpected non-message opcode")
	}

	var nonce [24]byte
	if c.cfg.IsServer {
		c.nonceC.Next(&nonce)
	} else {
		c.nonceS.Next(&nonce)
	}
	b2, ok := box.OpenAfterPrecomputation(nil, b[1:], &nonce, &c.curveCtSt)
	if !ok {
		return nil, 0, fmt.Errorf("invalid msg box received")
	}

	if len(b2) == 0 || b2[0] != 0 {
		return nil, 0, fmt.Errorf("nonzero type byte in msg box")
	}

	return b2[1:], opcode(b[0]), nil
}
Exemple #4
0
// Read reads secured data, deciphers it and populates incoming
// buffer p
// The method is thread-safe
func (r *secureReader) Read(p []byte) (n int, err error) {
	r.m.Lock()
	defer r.m.Unlock()

	// read nonce first
	if n, err = r.r.Read(r.nonceBuf[:]); err != nil {
		return
	} else if n != 24 {
		err = errors.New("could not read nonce")
		return
	}

	// read actual message and decipher it
	if n, err = r.r.Read(r.dataBuf[:]); err != nil {
		return
	}

	out, ok := box.OpenAfterPrecomputation([]byte{}, r.dataBuf[:n], &r.nonceBuf, r.key)
	if !ok {
		err = errors.New("could not decrypt incoming message")
		return
	}

	n = copy(p, out)
	if n < len(out) {
		err = fmt.Errorf("buffer is too small. Need to allocate %d bytes, got %d", len(out), n)
	}
	return
}
Exemple #5
0
func secureRead(r io.Reader, p []byte, sharedKey *[32]byte) (n int, err error) {
	if len(p) > MaxMsgLen {
		p = p[:MaxMsgLen]
	}

	nonce := &[24]byte{}
	r.Read(nonce[:])
	//log.Printf("Readed nonce: %v\n", nonce)

	var msgLen uint16
	err = binary.Read(r, binary.LittleEndian, &msgLen)
	if err != nil {
		return
	}
	//log.Printf("Readed message length: %v\n", msgLen)

	b := make([]byte, msgLen)
	n, err = r.Read(b)
	if err != nil {
		return
	}
	b = b[:n]
	//log.Printf("Readed box: %v\n", b)

	o, ok := box.OpenAfterPrecomputation(nil, b, nonce, sharedKey)
	n = copy(p, o)
	//log.Printf("Reading: %s\n", p)
	if ok == false {
		err = ErrDecrypt
	}
	return
}
Exemple #6
0
// Implementation of io.Reader for SecureReader
// Messages are read and decrypted using the previous initialized keys
func (sr SecureReader) Read(p []byte) (n int, err error) {
	// Get the new nonce
	var nonce [24]byte
	n, err = sr.reader.Read(nonce[:])
	if err != nil {
		return 0, err
	}

	// Followed by length of enc message
	var msgLen uint64
	err = binary.Read(sr.reader, binary.BigEndian, &msgLen)
	if err != nil {
		return 0, err
	}

	// grab encrypted box
	encBox := make([]byte, msgLen)
	n, err = sr.reader.Read(encBox)
	if err != nil {
		return 0, err
	}

	// Read directly into the output slice p[:0]
	ret, valid := box.OpenAfterPrecomputation(p[:0], encBox, &nonce, &sr.sharedKey)
	if !valid {
		return 0, errors.New("Invalid encryption")
	}

	return len(ret), nil
}
Exemple #7
0
func (sr *secureReader) readAndOpenMessage() error {
	var totalLength uint16

	// read total length
	err := binary.Read(sr.r, binary.BigEndian, &totalLength)
	if err != nil {
		return err
	}

	// read nonce
	var nonce [nonceSize]byte
	_, err = io.ReadFull(sr.r, nonce[:])
	if err != nil {
		return err
	}

	// read sealed message (length = total length - nonce)
	sealedMessage := make([]byte, totalLength-nonceSize)
	_, err = io.ReadFull(sr.r, sealedMessage)
	if err != nil {
		return err
	}

	// open sealed message
	sr.openedBuffer = sr.openedBuffer[0:0]
	var ok bool
	sr.openedBuffer, ok = box.OpenAfterPrecomputation(sr.openedBuffer, sealedMessage, &nonce, &sr.sharedKey)
	if !ok {
		return errors.New("failed to open NaCl box")
	}
	sr.openedPointer = 0
	return nil
}
Exemple #8
0
func (s *secureReader) Read(bs []byte) (int, error) {
	if len(s.decrypted) > 0 {
		return s.readDecoded(bs), nil
	}

	// Read the next packet from the underlying reader.
	p := s.packet
	err := p.Read(s.underlying, s.buffer)
	if err != nil {
		return 0, err
	}

	// Decode the packet into bs where possible, bs[:0] will return a slice with 0 length
	// but reuse the underlying array's capacity when appending, avoiding memory allocations.
	decrypted, valid := nacl.OpenAfterPrecomputation(bs[:0], p.data, &p.nonce, &s.sharedKey)
	if !valid {
		return 0, ErrInvalidData
	}

	// If the decrypted data was smaller than the size of bs, then bs contains all the data.
	read := len(p.data) - nacl.Overhead
	if read <= len(bs) {
		s.decrypted = nil
		return read, nil
	}

	// Otherwise, the data was too large for bs, and needs to be copied into bs.
	s.decrypted = decrypted
	return s.readDecoded(bs), nil
}
Exemple #9
0
func (sr SecureReader) Read(p []byte) (int, error) {
	var nonce [24]byte

	_, err := io.ReadFull(sr.r, nonce[:])
	if err != nil {
		return 0, err
	}

	var msgSize uint32
	err = binary.Read(sr.r, binary.LittleEndian, &msgSize)
	if err != nil {
		return 0, err
	}

	// msg := box.SealAfterPrecomputation(nil, p, nonce, sw.sharedKey)
	msg := make([]byte, msgSize)
	_, err = io.ReadFull(sr.r, msg)
	if err != nil {
		return 0, err
	}

	decodedMsg, ok := box.OpenAfterPrecomputation(nil, msg, &nonce, sr.sharedKey)
	if !ok {
		return 0, fmt.Errorf("Failed to decode")
	}
	n := copy(p, decodedMsg)
	return n, nil

}
Exemple #10
0
func decryptWithPreShared(preSharedKey [keySize]byte, m EncryptedMessage) ([]byte, error) {
	if decryptedMessage, valid := box.OpenAfterPrecomputation(nil, m.data, &m.nonce, &preSharedKey); !valid {
		return nil, MessageDecryptionError
	} else {
		return decryptedMessage, nil
	}
}
Exemple #11
0
func (sr SecureReader) Read(decryptedMsg []byte) (n int, err error) {
	nonce := [24]byte{}

	_, err = sr.r.Read(nonce[:])
	if err != nil {
		return 0, err
	}

	msg := [32768]byte{}
	l, err := sr.r.Read(msg[:])
	if err != nil {
		return 0, err
	}
	cryptedMsg := msg[:l]

	// The length of the resulting message is unknown.
	// Passing an empty out will result in everything being passed to overlap
	overlap, b := box.OpenAfterPrecomputation([]byte{}, cryptedMsg, &nonce, sr.shared)
	if !b {
		return 0, errors.New("Decrypt failed")
	}
	copy(decryptedMsg, overlap)

	return len(overlap), nil
}
Exemple #12
0
// Unbox runs the unbox computation given a precomputed key.
func (k PrecomputedSharedKey) Unbox(nonce *saltpack.Nonce, msg []byte) ([]byte, error) {
	ret, ok := box.OpenAfterPrecomputation([]byte{}, msg, (*[24]byte)(nonce), (*[32]byte)(&k))
	if !ok {
		return nil, saltpack.ErrDecryptionFailed
	}
	return ret, nil
}
Exemple #13
0
// Extended Read method for reader to read secure data
func (sr SecureReader) Read(p []byte) (n int, err error) {
	//get the nonce
	r := make([]byte, nonceSize)
	if _, err = sr.r.Read(r); err != nil {
		return
	}
	var nonce [nonceSize]byte
	copy(nonce[:], r)

	//fetch encrypted message
	enc := make([]byte, maxMessageSize)
	encLen, err := sr.r.Read(enc)
	if err != nil {
		return 0, nil
	}
	enc = enc[:encLen]

	//compute the length of decrypted message
	n = encLen - box.Overhead

	//decrypt
	var s bool
	dec := make([]byte, n)
	if dec, s = box.OpenAfterPrecomputation(nil, enc, &nonce, sr.SecureKeys.share); s != true {
		return 0, errors.New("Error opening the box")
	}

	copy(p, dec)

	return
}
Exemple #14
0
// Read encrypted data from the secure reader.
//
// @param p [[]byte] buffer to store decrypted message in
// @return [Integer] number of decrypted bytes read
// @return [Error] if error, or nil
func (secureReader SecureReader) Read(p []byte) (int, error) {
	// Get the encrypted bytes from the internal reader
	data := make([]byte, maxMsgLen)
	n, err := secureReader.reader.Read(data)
	if n == 0 || (err != nil && err != io.EOF) {
		return 0, err
	}

	//  The first set of bytes is the nonce followed by the message.
	var nonce [nonceLength]byte
	for i := 0; i < nonceLength; i++ {
		nonce[i] = data[i]
	}

	decryptedData, success := box.OpenAfterPrecomputation(nil, data[nonceLength:n], &nonce, secureReader.sharedKey)
	if success != true {
		return 0, errors.New("Unable to decrypt message.")
	}

	// Copy results into p
	msgLen := n - nonceLength - box.Overhead
	for i := 0; i < msgLen; i++ {
		p[i] = decryptedData[i]
	}

	return msgLen, nil
}
Exemple #15
0
// Read satisfies the io.Reader interface. It expects to find the following sequence:
//    1) the fixed length nonce used during encryption of the message
//    2) the length of the original message
//    3) the encrytped message
func (r *SecureReader) Read(p []byte) (n int, err error) {
	// read the nonce
	_, err = io.ReadFull(r.r, r.nonce[:])
	if err != nil {
		return 0, err
	}

	// read the message length
	var mlen uint32
	err = binary.Read(r.r, binary.BigEndian, &mlen)
	if err != nil {
		return 0, err
	}
	if mlen > MaxMessageBytes {
		return 0, ErrMessageTooBig
	}

	// read the encrypted message
	em := r.buf[0 : mlen+box.Overhead]
	n, err = io.ReadFull(r.r, em)
	if err != nil {
		return 0, err
	}

	// decrypt the message
	_, ok := box.OpenAfterPrecomputation(p[0:0], em, &r.nonce, &r.shared)
	if !ok {
		return 0, ErrUndecryptable
	}
	return int(mlen), nil
}
Exemple #16
0
// readPacket reads a packet from r.rd into r.buf. EOF is returned if
// r.rd.Read() returns it. Nothing is appended to r.buf if err != nil.
func (r *SecureReader) readPacket() error {
	// 1. Read the packet header
	hdr := &PacketHdr{}
	if err := binary.Read(r.rd, binary.BigEndian, hdr); err != nil {
		return err
	}

	// 2. Read the encrypted data
	encData := make([]byte, hdr.Length)
	if _, err := io.ReadFull(r.rd, encData); err != nil {
		return err
	}

	// 3. Decrypt and verify the data
	b, ok := box.OpenAfterPrecomputation(nil, encData, &hdr.Nonce, r.key)
	if !ok {
		return ErrFailedVerify
	}
	buf := bytes.NewReader(b)

	// 4. Extract the sequence number and match it to the internal counter
	var seq uint32
	if err := binary.Read(buf, binary.BigEndian, &seq); err != nil {
		return err
	}
	if seq != r.seq {
		return ErrOutOfOrder
	}
	r.seq += 2

	// Success! Note: this append will cause the reallocation of r.buf when
	// it grows too much, and with that the old returned data will be discarded
	r.buf = append(r.buf, b[len(b)-buf.Len():]...)
	return nil
}
Exemple #17
0
// Read reads and decrypts the byte stream from the underlying Reader
func (r *NaClReader) Read(p []byte) (n int, err error) {
	buf := make([]byte, 1024*32)
	buflen, err := r.Reader.Read(buf)
	if buflen > 24 {
		// parse first 24 bytes as nounce
		nounce := new([24]byte)
		copy(nounce[:], buf[:24])

		// open the encrypted message
		opened, ok := box.OpenAfterPrecomputation(nil, buf[24:buflen], nounce, r.skey)
		if !ok {
			return 0, errors.New("unable to decrypt")
		}

		if len(p) < len(opened) {
			return 0, errors.New("read buffer exceeded")
		}

		n = copy(p, opened)
		return n, nil

	}

	if err != nil {
		return n, err
	}

	return 0, errors.New("unable to read enough data to decrypt")
}
Exemple #18
0
func (r *naclReader) Read(buf []byte) (n int, err error) {

	if len(r.leftovers) != 0 {
		n = copy(buf, r.leftovers)
		r.leftovers = r.leftovers[n:]
		return n, nil
	}

	head := naclMsgHeader{}
	err = binRead(r.in, &head)
	if err != nil {
		return 0, err
	}

	cipherText := make([]byte, head.Length)
	_, err = io.ReadFull(r.in, cipherText)
	if err != nil {
		return 0, err
	}

	msg, ok := box.OpenAfterPrecomputation(nil, cipherText, &head.Nonce, r.sharedKey)
	if !ok {
		return 0, ErrBadKey
	}

	n = copy(buf, msg)
	if len(msg) != n {
		r.leftovers = msg[n:]
	}

	return n, nil
}
Exemple #19
0
func (b boxPrecomputedSharedKey) Unbox(nonce *Nonce, msg []byte) ([]byte, error) {
	out, ok := box.OpenAfterPrecomputation([]byte{}, msg, (*[24]byte)(nonce), (*[32]byte)(&b))
	if !ok {
		return nil, errPublicKeyDecryptionFailed
	}
	return out, nil
}
Exemple #20
0
func (s *SecureReader) Read(p []byte) (n int, err error) {
	var nonce [24]byte

	if len(p) == 0 {
		return 0, nil
	}

	buf := make([]byte, 32*1024+24)
	m, err := s.r.Read(buf)
	if err != nil && err != io.EOF && m < 24 {
		return 0, err
	}

	copy(nonce[:], buf[:24])

	msg, ok := box.OpenAfterPrecomputation([]byte{}, buf[24:m], &nonce, &s.key)
	if !ok {
		return 0, errors.New("Failed to decrypt a message")
	}

	copy(p[:len(msg)], msg)
	n = len(msg)

	return
}
Exemple #21
0
func (c *Conn) hcReadServerHello() error {
	// Receive server hello message.
	data, err := c.conn.ReadFrame()
	if err != nil {
		return err
	}

	// Ensure server hello message is of adequate size.
	if len(data) < 77 {
		return fmt.Errorf("undersized server hello")
	}

	if opcode(data[0]) != opServerHello {
		return fmt.Errorf("unexpected non-server helo op")
	}

	if binary.LittleEndian.Uint32(data[1:5]) != serverHelloMagic {
		return fmt.Errorf("wrong server hello magic")
	}

	// Store server nonce.
	copy(c.nonceS.initial[:], data[5:29])

	// Open box to get St.
	var nonce [24]byte
	c.nonceS.Next(&nonce)
	b, ok := box.OpenAfterPrecomputation(nil, data[29:77], &nonce, &c.curveCtS)
	if !ok {
		return fmt.Errorf("malformed box in server hello")
	}

	copy(c.curveSt[:], b[0:32])
	return nil
}
Exemple #22
0
// Decrypt uses a crypto_box_open_afternm-equivalent function to decrypt the given data.
func Decrypt(encryptedData []byte, sharedKey *[SharedKeySize]byte, nonce *[NonceSize]byte) ([]byte, error) {
	data, success := box.OpenAfterPrecomputation(nil, encryptedData, nonce, sharedKey)
	if !success {
		return nil, errors.New("decryption failed")
	}

	return data, nil
}
Exemple #23
0
func (sr SecureReader) Read(p []byte) (n int, err error) {

	if len(p) == 0 {
		return 0, nil
	}

	plainbuf := make([]byte, 4)
	n, err = sr.r.Read(plainbuf)
	if err != nil {
		return
	}

	// Check if the message follows our "special format" for encrypted messages:
	// 4 bytes as follow [2 71 82 81] + 4 bytes [message length] + 24 bytes [nonce] + unknown bytes [message]
	if n < 4 || plainbuf[0] != 2 || plainbuf[1] != 71 || plainbuf[2] != 82 || plainbuf[3] != 81 {
		return 0, errors.New("Not encrypted msg")
	}

	// Length of the encrypted message
	lenbuf := make([]byte, 4)
	n, err = sr.r.Read(lenbuf)
	if err != nil {
		return
	}

	// nonce
	noncebuf := make([]byte, 24)
	n, err = sr.r.Read(noncebuf)
	if err != nil {
		return
	}

	msglen, err := binary.ReadUvarint(bytes.NewReader(lenbuf))
	var nonce [24]byte
	copy(nonce[:], noncebuf[:])

	// encrypted message
	msgbuf := make([]byte, msglen)
	n, err = sr.r.Read(msgbuf)
	if err != nil {
		return
	}

	if uint64(n) != msglen {
		return n, errors.New("Wrong length")
	}

	// decrypt
	msg, readed := box.OpenAfterPrecomputation(nil, msgbuf, &nonce, sr.shared)

	if !readed {
		return 0, errors.New("Can not be decrypted")
	}

	n = copy(p, msg[:])

	return n, nil
}
Exemple #24
0
func (r *decryptReader) Read(p []byte) (n int, err error) {
	if r.err != nil {
		err = r.err
		return
	}

	// Read nonce from 24 first bytes.
	if !r.nonceRead {
		_, err = io.ReadFull(r.Reader, r.nonce[:])
		r.nonceRead = true
	}

	// If unread bytes have already been decrypted
	// then return these bytes.
	if len(r.unreadBytes) != 0 {
		n = r.readUnreadBytes(p)
		return
	}

	// No bytes left unread - will have to decrypt the next block.

	// First, read the first byte for the length of clear data.
	// err may be non-nil if there was an error while reading the nonce.
	if err == nil {
		_, err = io.ReadFull(r.Reader, r.clearBlockLength[:])
	}

	// Then allocate a slice of the correct size to read the next encrypted block
	eBlock := []byte(nil)
	if err == nil {
		l := int(r.clearBlockLength[0]) + 1
		eBlock = r.encryptedBlockArray[:l+box.Overhead+1]

		_, err = io.ReadFull(r.Reader, eBlock)
	}

	// Decrypt the block and validate its size
	cBlock := []byte(nil)
	if (err == nil || err == io.EOF) && len(eBlock) != 0 {
		cBlock = r.clearBlockArray[:len(eBlock)-box.Overhead]

		cBlock, valid := box.OpenAfterPrecomputation(cBlock[:0], eBlock, &r.nonce, &r.sharedKey)
		r.incrementNonce()

		if !valid || int(cBlock[0])+2 != len(cBlock) {
			err = errors.New("The reader is reading corrupted data.")
		}
	}

	// Set unreadBytes, and return as many unread bytes as possible
	if (err == nil || err == io.EOF) && len(cBlock) != 0 {
		r.unreadBytes = cBlock[1:]
		n = r.readUnreadBytes(p)
	}

	r.err = err
	return
}
Exemple #25
0
// Read implements io.Reader to provide the decrypted contents of the underlying
// reader.
//
// Upon any read error, the reader should not be used further as the stream may
// be in an inconsistent state.
func (sr *SecureReader) Read(p []byte) (int, error) {
	if len(sr.buffer) > 0 {
		// we've got stuff in the buffer left from a previous read
		n := copy(p, sr.buffer)
		sr.buffer = sr.buffer[n:]
		return n, nil
	}

	// get & check the nonce
	var nonce [24]byte
	if _, err := io.ReadFull(sr.reader, nonce[:]); err != nil {
		return 0, err
	}
	nonceID := binary.BigEndian.Uint64(nonce[:8])
	if nonceID <= sr.lastNonceID {
		return 0, fmt.Errorf("invalid nonce")
	}

	// get length of cipher text
	ctLenBytes := make([]byte, 4)
	if _, err := io.ReadFull(sr.reader, ctLenBytes); err != nil {
		return 0, err
	}
	ctLen := binary.BigEndian.Uint32(ctLenBytes)

	// get cipher text
	ct := make([]byte, ctLen)
	if _, err := io.ReadFull(sr.reader, ct); err != nil {
		return 0, err
	}

	// decrypt
	ptLen := int(ctLen - box.Overhead)
	var buf []byte
	if len(p) < ptLen {
		buf = make([]byte, ptLen)
	} else {
		buf = p
	}
	buf, ok := box.OpenAfterPrecomputation(buf[:0], ct, &nonce, &sr.sharedKey)
	if !ok {
		return 0, fmt.Errorf("unable to decrypt message")
	}

	sr.lastNonceID = nonceID

	if len(p) < len(buf) || &p[len(buf)-1] != &buf[len(buf)-1] {
		// p wasn't big enough, and buf was reallocated
		// Everything after the || should not be necessary, but is there just in case
		// the buf was reallocated for some other reason.
		copy(p, buf[:len(p)])
		sr.buffer = buf[len(p):]
		return len(p), nil
	}

	return len(buf), nil
}
Exemple #26
0
// handleConnection is the server side function
// handles the public keys exchange as handshake and message serving
func handleConnection(conn net.Conn) error {
	defer conn.Close()
	// Handshake
	// Generate server side keys
	pub, pri, err := box.GenerateKey(rand.Reader)
	if *pri == *pub || err != nil {
		return err
	}

	// cpubk is the client public key
	cpubk := make([]byte, 2048)
	n, err := conn.Read(cpubk)
	if err != nil {
		return err
	}
	// client public key
	cpub := &[32]byte{}
	copy(cpub[:], cpubk[:n])

	// send server public key to client
	_, err = conn.Write(pub[:])
	if err != nil {
		return err
	}

	shared := &[32]byte{}
	// Let's get a bit faster
	box.Precompute(shared, cpub, pri)

	// reading message
	msg := make([]byte, 2048)
	n, err = conn.Read(msg)
	if err != nil {
		fmt.Errorf("could not read message %s", err)
		return err
	}
	// Generate a nonc, to keep it simple we synchronize
	// nonces between Clietn and Server
	nonc := &helper.Nonce{}
	nv := nonc.GenerateNonce(*shared)

	out := make([]byte, n)
	// decrypt message
	dm, ok := box.OpenAfterPrecomputation(out, msg[:n], &nv, shared)
	if !ok {
		m := fmt.Sprintf("could not decrypt message %v", msg[:n])
		return errors.New(m)
	}

	// Send back message encrypted
	em := box.SealAfterPrecomputation(nil, dm[n:], &nv, shared)
	_, err = conn.Write(em)
	if err != nil {
		return err
	}
	return nil
}
Exemple #27
0
// Unseals and verifies data
func (c *BoxConn) unseal(b []byte) ([]byte, error) {
	var nonce [NonceSize]byte
	copy(nonce[:], b[:NonceSize])
	plain, valid := box.OpenAfterPrecomputation(nil, b[NonceSize:], &nonce, c.sharedSecret)
	if !valid {
		return nil, errors.New("Recieved invalid box")
	}
	return plain, nil
}
Exemple #28
0
func (d *Decoder) readBlock(out []byte) ([]byte, error) {
	if _, err := d.reader.Read(d.block); err != nil {
		return nil, err
	}
	out, ok := box.OpenAfterPrecomputation(out, d.block, d.NextBytes(), &d.shared)
	if !ok {
		return nil, errors.New("could not authenticate encrypted block")
	}
	return out, nil
}
Exemple #29
0
func Open(onion []byte, nonce *[24]byte, sharedKeys []*[32]byte) ([]byte, bool) {
	var ok bool
	message := onion
	for i := 0; i < len(sharedKeys); i++ {
		message, ok = box.OpenAfterPrecomputation(nil, message, nonce, sharedKeys[i])
		if !ok {
			return nil, false
		}
	}

	return message, true
}
Exemple #30
0
// Read reads up to len(p) bytes into p. Encrypted data is read
// from the underlying io.Reader and decrypted with the shared key.
//
// The entire message must be decrypted at once, so this method
// returns an error if the decrypted message is larger than len(p).
// It will also return an error if the decrypted message is
// larger than maxMessageSize.
func (r *SecureReader) Read(p []byte) (int, error) {
	if len(p) == 0 {
		return 0, nil
	}

	conn, ok := r.r.(net.Conn)
	if ok {
		conn.SetReadDeadline(time.Now().Add(timeout))
	}

	// nonce is first 24 bytes of message
	nonceSlice, err := readAll(r.r, 24)
	if err != nil {
		return 0, nil
	}

	var nonce [24]byte
	copy(nonce[:], nonceSlice[:24])

	// size of encrypted message is first 4 bytes of nonce
	var size uint32
	buf := bytes.NewReader(nonce[0:4])
	bErr := binary.Read(buf, binary.LittleEndian, &size)
	if bErr != nil {
		return 0, bErr
	}

	// find length of decrypted message
	messageSize := size - uint32(box.Overhead)

	// validate message size
	if messageSize == 0 {
		return 0, nil
	} else if messageSize > uint32(len(p)) {
		return 0, errors.New("buffer is too small")
	} else if messageSize > uint32(maxMessageSize) {
		return 0, errors.New("message is too large")
	}

	message, err := readAll(r.r, int64(size))
	if err != nil {
		return 0, nil
	}

	// decrypt message with shared key
	decrypted, ok := box.OpenAfterPrecomputation(nil, message, &nonce, r.sharedKey)
	if !ok {
		return 0, errors.New("unable to open box")
	}
	copy(p, decrypted)

	return int(messageSize), err
}