func auth(conn net.Conn) (secret []byte, err error) {
challenge, err := readPack(conn)
if err != nil {
return
}
log(DEBUG, "challenge: %X\n", challenge)
a := crypt.Randomkey()
A := crypt.DHExchange(a)
err = writePack(conn, A.Bytes())
if err != nil {
return
}
log(DEBUG, "A: %X\n", A.Bytes())
B, err := readPack(conn)
if err != nil {
return
}
log(DEBUG, "B: %X\n", B)
z := new(big.Int)
z.SetBytes(B)
s := crypt.DHSecret(a, z)
log(DEBUG, "secret: %X\n", s.Bytes())
mac := hmac.New(sha256.New, s.Bytes())
mac.Write(challenge)
err = writePack(conn, mac.Sum(nil))
if err != nil {
return
}
if len(s.Bytes()) < 16 {
err = errors.New("secret length less than 16 bytes")
return
}
secret = s.Bytes()[:16]
return
}
func dhsecret(conn net.Conn) (secret []byte, err error) {
challenge := make([]byte, 8)
binary.BigEndian.PutUint64(challenge, uint64(rand.Int63()))
err = writePack(conn, challenge)
if err != nil {
return
}
B, err := readPack(conn)
if err != nil {
return
}
a := crypt.Randomkey()
A := crypt.DHExchange(a)
err = writePack(conn, A.Bytes())
if err != nil {
return
}
z := new(big.Int)
z.SetBytes(B)
s := crypt.DHSecret(a, z)
response, err := readPack(conn)
if err != nil {
return
}
if !challengeCheck(challenge, s.Bytes(), response) {
err = errors.New("challenge failed")
return
}
secret = s.Bytes()[:16]
return
}