func OpenACMessageNACL(context *ickp.SecretKey, rnd, cmsg, peerNick, myNick []byte) (out []byte, err error) {
//fmt.Fprintf(os.Stderr, "OpenACMessageNACL()\n")
b64, err := icutl.B64DecodeData(cmsg)
if err != nil {
return nil, &icutl.AcError{Value: -1, Msg: "OpenACMessageNACL(): ", Err: err}
}
cnonce, myHdr, ciphertext, err := unpackMessageAC(b64)
if err != nil {
return nil, &icutl.AcError{Value: -2, Msg: "OpenACMessageNACL(): ", Err: err}
}
// XXX this is to handle private message instead of channel communication
// as the destination are assymetrical eau's dst is frl and frl's dst is eau
//
ac_bob := context.GetBob()
ok_bob, _ := IsValidChannelName(ac_bob)
//fmt.Fprintf(os.Stderr, "[+] OpenACMessage: is %s a valid channel: %t\n", ac_bob, ok_bob)
if ok_bob == false && len(myNick) > 0 {
ac_bob = myNick
}
/* let's build the nonce */
//BuildNonceAC(inonce uint32, bob, mynick, myhdr []byte) (nonce []byte, noncebyte *[24]byte, err error)
_, noncebyte, err := BuildNonceAC(cnonce, ac_bob, peerNick, myHdr)
// OPEN the key
context.RndKey(rnd)
// XXX new to check rnd and context.key are the same size
/*
for j := 0; j < len(rnd); j++ {
context.key[j] = context.key[j] ^ rnd[j]
}
*/
packed, ok := secretbox.Open(nil, ciphertext, noncebyte, context.GetSealKey())
// Close the key
context.RndKey(rnd)
/*
for j := 0; j < len(rnd); j++ {
context.key[j] = context.key[j] ^ rnd[j]
}
*/
if ok == false {
//return nil, acprotoError(1, "OpenACMessage().SecretOpen(): false ", nil)
return nil, &icutl.AcError{Value: -3, Msg: "OpenACMessageNACL().SecretOpen(): ", Err: nil}
}
out, err = icutl.DecompressData(packed)
if err != nil {
return nil, &icutl.AcError{Value: -3, Msg: "OpenACMessageNACL().DecompressData(): ", Err: err}
}
//nonceval = acIn.GetNonce()
// update the nonce value
/*
if cnonce > context.nonce {
context.nonce = cnonce + 1
} else {
context.nonce++
}
*/
context.IncNonce(cnonce)
return out, nil
//return nil, nil
}
func OpenKXMessageNACL(peerPubkey, myPrivkey *[32]byte, cmsg, channel, myNick, peerNick []byte) (context *ickp.SecretKey, SecRnd []byte, err error) {
// check that we are indeed
if peerPubkey == nil || myPrivkey == nil {
//return nil, acprotoError(-1, "OpenKXMessage().invalidPubPrivKeys(): ", err)
return nil, nil, &icutl.AcError{Value: -1, Msg: "OpenKXMessageNACL().invalidPubPrivKeys(): ", Err: err}
}
b64, err := icutl.B64DecodeData(cmsg)
if err != nil {
return nil, nil, &icutl.AcError{Value: -2, Msg: "OpenKXMessageNACL(): ", Err: err}
}
cnonce, myHdr, ciphertext, err := unpackMessageKX(b64)
if err != nil {
return nil, nil, &icutl.AcError{Value: -3, Msg: "OpenKXMessageNACL(): ", Err: err}
}
// XXX TODO: exact opposite of the one in CreateKXMessage
kx_channel := IsChannelOrPriv(channel, peerNick, myNick)
// XXX TODO: we should add the header like <ackx:peerNick> to avoid replay from
// other nickname on the channel... nonce building!
_, noncebyte, err := BuildNonceKX(cnonce, kx_channel, peerNick, myNick, myHdr)
if err != nil {
return nil, nil, &icutl.AcError{Value: -4, Msg: "OpenKXMessageNACL(): ", Err: err}
}
packed, ok := box.Open(nil, ciphertext, noncebyte, peerPubkey, myPrivkey)
if ok == false {
return nil, nil, &icutl.AcError{Value: -5, Msg: "OpenKXMessageNACL().BoxOpen(): ", Err: nil}
}
out, err := icutl.DecompressData(packed)
if err != nil {
return nil, nil, &icutl.AcError{Value: -6, Msg: "OpenKXMessageNACL(): ", Err: err}
}
//fmt.Fprintf(os.Stderr, "OPEN KX KEY: %s\n", hex.EncodeToString(out))
// XXX TODO are we at the end of the nonce value..
context, err = ickp.CreateACContext(channel, cnonce+1)
if err != nil {
return nil, nil, &icutl.AcError{Value: -7, Msg: "OpenKXMessage().CreateACContext(): ", Err: err}
}
// XXX TODO
// get RANDOMNESS bytes, return the random bytes
newRnd, err := icutl.GetRandomBytes(context.GetKeyLen())
if err != nil {
return nil, nil, &icutl.AcError{Value: -8, Msg: "OpenKXMessage() no randomness to protect the key in memory: ", Err: err}
}
/*
newRnd := make([]byte, len(context.key))
_, err = rand.Read(newRnd)
*/
// XXX TODO: check the extracted buffer size... to sure we're not copying
// too much into a restricted buffer...
//copy(context.key[:], out)
context.SetKey(out)
// Xor the key now..
context.RndKey(newRnd)
// increase nonce based on the message nonce value
context.IncNonce(cnonce)
return context, newRnd, nil
}