// Calculates the key and iv for AES decryption given a password and salt.
func calcAes30Params(pass []uint16, salt []byte) (key, iv []byte) {
p := make([]byte, 0, len(pass)*2+len(salt))
for _, v := range pass {
p = append(p, byte(v), byte(v>>8))
}
p = append(p, salt...)
hash := sha1.New()
iv = make([]byte, 16)
s := make([]byte, 0, hash.Size())
for i := 0; i < hashRounds; i++ {
hash.Write(p)
hash.Write([]byte{byte(i), byte(i >> 8), byte(i >> 16)})
if i%(hashRounds/16) == 0 {
s = hash.Sum(s[:0])
iv[i/(hashRounds/16)] = s[4*4+3]
}
}
key = hash.Sum(s[:0])
key = key[:16]
for k := key; len(k) >= 4; k = k[4:] {
k[0], k[1], k[2], k[3] = k[3], k[2], k[1], k[0]
}
return key, iv
}
// An implementation of PBKDF2 (Password-Based Key Derivation Function 2) as
// specified in PKCS #5 v2.0 from RSA Laboratorie and in `RFC 2898
// <http://www.ietf.org/rfc/rfc2898.txt>`.
func PBKDF2(hashfunc func([]byte) hash.Hash, password, salt []byte, iterations, keylen int) (key []byte) {
var (
digest []byte
i, j, k, length int
)
key = make([]byte, keylen)
slice := key
hash := hashfunc(password)
hashlen := hash.Size()
scratch := make([]byte, 4)
for keylen > 0 {
if hashlen > keylen {
length = keylen
} else {
length = hashlen
}
i += 1
scratch[0] = byte(i >> 24)
scratch[1] = byte(i >> 16)
scratch[2] = byte(i >> 8)
scratch[3] = byte(i)
hash.Write(salt)
hash.Write(scratch)
digest = hash.Sum()
hash.Reset()
for j = 0; j < length; j++ {
slice[j] = digest[j]
}
for k = 1; k < iterations; k++ {
hash.Write(digest)
digest = hash.Sum()
for j = 0; j < length; j++ {
slice[j] ^= digest[j]
}
hash.Reset()
}
keylen -= length
slice = slice[length:]
}
return
}
// Encode encodes the given byte slice and returns a token.
func (tok *T) Encode(data []byte) (token []byte, err error) {
if data == nil {
data = []byte{}
}
body := make([]byte, 4+len(data))
now := uint32(time.Now().UTC().Unix())
binary.BigEndian.PutUint32(body, now)
copy(body[4:], data)
body, err = pkcs7Pad(body, aes.BlockSize)
if err != nil {
return nil, err
}
iv := NewKey(aes.BlockSize)
mode := cipher.NewCBCEncrypter(tok.aes, iv)
mode.CryptBlocks(body, body)
hash := tok.hmac()
// size = len(iv + aesblocks + signature)
token = make([]byte, len(iv)+len(body)+hash.Size())
copy(token, iv)
offset := len(iv)
copy(token[offset:], body)
offset += len(body)
hash.Write(token[:offset])
copy(token[offset:], hash.Sum(nil))
b := make([]byte, base64.RawURLEncoding.EncodedLen(len(token)))
base64.RawURLEncoding.Encode(b, token)
return b, nil
}
func Hash(fileName string, newHash func() hash.Hash) ([]byte, error) {
hash := newHash()
file, err := os.Open(fileName)
if err != nil {
return nil, common.TraceError(err)
}
defer file.Close()
temp := make([]byte, 4096)
for {
nn, err := file.Read(temp)
if err == io.EOF {
break
}
if err != nil {
return nil, common.TraceError(err)
}
hash.Write(temp[0:nn])
}
return hash.Sum(nil), nil
}
// ObjectPut creates or updates the path in the container from
// contents. contents should be an open io.Reader which will have all
// its contents read.
//
// This is a low level interface.
//
// If checkHash is True then it will calculate the MD5 Hash of the
// file as it is being uploaded and check it against that returned
// from the server. If it is wrong then it will return
// ObjectCorrupted.
//
// If you know the MD5 hash of the object ahead of time then set the
// Hash parameter and it will be sent to the server (as an Etag
// header) and the server will check the MD5 itself after the upload,
// and this will return ObjectCorrupted if it is incorrect.
//
// If you don't want any error protection (not recommended) then set
// checkHash to false and Hash to "".
//
// If contentType is set it will be used, otherwise one will be
// guessed from objectName using mime.TypeByExtension
func (c *Connection) ObjectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers) (headers Headers, err error) {
extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
hash := md5.New()
var body io.Reader = contents
if checkHash {
body = io.TeeReader(contents, hash)
}
_, headers, err = c.storage(RequestOpts{
Container: container,
ObjectName: objectName,
Operation: "PUT",
Headers: extraHeaders,
Body: body,
NoResponse: true,
ErrorMap: objectErrorMap,
})
if err != nil {
return
}
if checkHash {
receivedMd5 := strings.ToLower(headers["Etag"])
calculatedMd5 := fmt.Sprintf("%x", hash.Sum(nil))
if receivedMd5 != calculatedMd5 {
err = ObjectCorrupted
return
}
}
return
}
func calculateHashes(filename string, pkg *types.Package) {
var (
writers []io.Writer
hashes []hash.Hash
)
push := func(h hash.Hash) {
writers = append(writers, h)
hashes = append(hashes, h)
}
push(sha256.New())
push(sha1.New())
in, err := os.Open(filename)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
io.Copy(io.MultiWriter(writers...), in)
formatHash := func(hash hash.Hash) string {
return base64.StdEncoding.EncodeToString(hash.Sum(nil))
}
pkg.Sha256Sum = formatHash(hashes[0])
pkg.Sha1Sum = formatHash(hashes[1])
}
func calculateHash(values url.Values, path string) string {
hash := sha1.New()
hash.Write([]byte(path))
hash.Write([]byte{0x00})
if len(values) > 0 {
if len(values) == 1 {
for key, value := range values {
hash.Write([]byte(key))
hash.Write([]byte{0x00})
addSortedKeys(value, hash)
}
} else {
urlValues := make(UrlValueSlice, 0, len(values))
for key, value := range values {
urlValue := new(UrlValue)
urlValue.Key = key
urlValue.Values = value
urlValues = append(urlValues, urlValue)
}
sort.Sort(urlValues)
for _, sortedUrlValue := range urlValues {
hash.Write([]byte(sortedUrlValue.Key))
hash.Write([]byte{0x00})
addSortedKeys(sortedUrlValue.Values, hash)
}
}
}
return string(hash.Sum([]byte{0x00}))
}
// Md5sum calculates the Md5sum of a file returning a lowercase hex string
func (o *FsObjectLocal) Md5sum() (string, error) {
if o.md5sum != "" {
return o.md5sum, nil
}
in, err := os.Open(o.path)
if err != nil {
fs.Stats.Error()
fs.ErrorLog(o, "Failed to open: %s", err)
return "", err
}
hash := md5.New()
_, err = io.Copy(hash, in)
closeErr := in.Close()
if err != nil {
fs.Stats.Error()
fs.ErrorLog(o, "Failed to read: %s", err)
return "", err
}
if closeErr != nil {
fs.Stats.Error()
fs.ErrorLog(o, "Failed to close: %s", closeErr)
return "", closeErr
}
o.md5sum = hex.EncodeToString(hash.Sum(nil))
return o.md5sum, nil
}
func signPayload(payload, secret string, hashFunc func() hash.Hash) string {
hash := hmac.New(hashFunc, []byte(secret))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
return string(signature)
}
// Compute an SHA256 digest for a string.
func Digest(data string) string {
hash := crypto.SHA256.New()
if _, err := hash.Write([]byte(data)); err != nil {
panic("Writing to a hash should never fail")
}
return hex.EncodeToString(hash.Sum())
}
func (cri *checksummedReaderImpl) Verify() (bool, error) {
originalOffset, err := cri.delegate.Seek(0, 1)
if err != nil {
return false, err
}
if cri.checksumOffset > 0 {
_, err = cri.delegate.Seek(-int64(cri.checksumOffset), 1)
if err != nil {
return false, err
}
}
block := make([]byte, cri.checksumInterval+4)
checksum := block[cri.checksumInterval:]
_, err = io.ReadFull(cri.delegate, block)
if err != nil {
return false, err
}
block = block[:cri.checksumInterval]
hash := cri.newHash()
hash.Write(block)
verified := bytes.Equal(checksum, hash.Sum(cri.checksum[:0]))
_, err = cri.delegate.Seek(originalOffset, 0)
if err != nil {
return verified, err
}
return verified, nil
}
// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash
// id suitable for signing by a TLS client certificate.
func (h finishedHash) hashForClientCertificate(signatureAndHash signatureAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) {
if (h.version == VersionSSL30 || h.version >= VersionTLS12) && h.buffer == nil {
panic("a handshake hash for a client-certificate was requested after discarding the handshake buffer")
}
if h.version == VersionSSL30 {
if signatureAndHash.signature != signatureRSA {
return nil, 0, errors.New("ssltvd: unsupported signature type for client certificate")
}
md5Hash := md5.New()
md5Hash.Write(h.buffer)
sha1Hash := sha1.New()
sha1Hash.Write(h.buffer)
return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil
}
if h.version >= VersionTLS12 {
hashAlg, err := lookupTLSHash(signatureAndHash.hash)
if err != nil {
return nil, 0, err
}
hash := hashAlg.New()
hash.Write(h.buffer)
return hash.Sum(nil), hashAlg, nil
}
if signatureAndHash.signature == signatureECDSA {
return h.server.Sum(nil), crypto.SHA1, nil
}
return h.Sum(), crypto.MD5SHA1, nil
}
// Update the object from in with modTime and size
func (o *FsObjectLocal) Update(in io.Reader, modTime time.Time, size int64) error {
dir := path.Dir(o.path)
err := os.MkdirAll(dir, 0777)
if err != nil {
return err
}
out, err := os.Create(o.path)
if err != nil {
return err
}
// Calculate the md5sum of the object we are reading as we go along
hash := md5.New()
in = io.TeeReader(in, hash)
_, err = io.Copy(out, in)
outErr := out.Close()
if err != nil {
return err
}
if outErr != nil {
return outErr
}
// All successful so update the md5sum
o.md5sum = hex.EncodeToString(hash.Sum(nil))
// Set the mtime
o.SetModTime(modTime)
// ReRead info now that we have finished
return o.lstat()
}
// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash
// id suitable for signing by a TLS client certificate.
func (h finishedHash) hashForClientCertificate(signatureAndHash signatureAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) {
if h.version == VersionSSL30 {
if signatureAndHash.signature != signatureRSA {
return nil, 0, errors.New("tls: unsupported signature type for client certificate")
}
md5Hash := md5.New()
md5Hash.Write(h.buffer)
sha1Hash := sha1.New()
sha1Hash.Write(h.buffer)
return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil
}
if h.version >= VersionTLS12 {
hashAlg, err := lookupTLSHash(signatureAndHash.hash)
if err != nil {
return nil, 0, err
}
hash := hashAlg.New()
hash.Write(h.buffer)
return hash.Sum(nil), hashAlg, nil
}
if signatureAndHash.signature == signatureECDSA {
return h.server.Sum(nil), crypto.SHA1, nil
}
return h.Sum(), crypto.MD5SHA1, nil
}
func GetIronValue(name, value string, key []byte, timestamped bool) (val string, ok bool) {
split := strings.SplitN(value, ":", 2)
if len(split) != 2 {
return
}
expected, value := []byte(split[0]), split[1]
message := fmt.Sprintf("%s|%s", strings.Replace(name, "|", `\|`, -1), value)
hash := hmac.New(ironHMAC, key)
hash.Write([]byte(message))
digest := hash.Sum(nil)
mac := make([]byte, base64.URLEncoding.EncodedLen(len(digest)))
base64.URLEncoding.Encode(mac, digest)
if subtle.ConstantTimeCompare(mac, expected) != 1 {
return
}
if timestamped {
split = strings.SplitN(value, ":", 2)
if len(split) != 2 {
return
}
timestring, value := split[0], split[1]
timestamp, err := strconv.ParseInt(timestring, 10, 64)
if err != nil {
return
}
if time.Now().UnixNano() > timestamp {
return
}
return value, true
}
return value, true
}
// Decode decodes the given token and return its data
// and creation time in UTC.
func (tok *T) Decode(token []byte) (data []byte, creation time.Time, err error) {
raw := make([]byte, base64.RawURLEncoding.DecodedLen(len(token)))
n, err := base64.RawURLEncoding.Decode(raw, token)
if err != nil {
return nil, time.Time{}, err
}
raw = raw[:n]
hash := tok.hmac()
if len(raw) < aes.BlockSize*2+hash.Size() {
return nil, time.Time{}, ErrInvalidToken
}
soff := len(raw) - hash.Size() // signature offset
hash.Write(raw[:soff])
want := hash.Sum(nil)
have := raw[soff:]
if !hmac.Equal(want, have) {
return nil, time.Time{}, ErrInvalidTokenSignature
}
iv := raw[:aes.BlockSize]
body := raw[aes.BlockSize:soff]
if len(body)%aes.BlockSize != 0 {
return nil, time.Time{}, ErrInvalidToken
}
mode := cipher.NewCBCDecrypter(tok.aes, iv)
mode.CryptBlocks(body, body)
ts := time.Unix(int64(binary.BigEndian.Uint32(body)), 0)
body, err = pkcs7Unpad(body, aes.BlockSize)
if err != nil {
return nil, time.Time{}, err
}
return body[4:], ts.UTC(), nil
}
// Generates an ID for the node
func (vn *Vnode) genId(idx uint16, conf *Config) {
hash := conf.HashFunc()
hash.Write([]byte(conf.Hostname))
binary.Write(hash, binary.BigEndian, idx)
// Use the hash as the ID
vn.Id = hash.Sum(nil)
}
// Computes a cryptographic fingerprint of this identity
func (this *PublicIdentity) Fingerprint() (fingerprint *Digest) {
hash := sha256.New224()
data, err := x509.MarshalPKIXPublicKey(this.key)
if err != nil {
panic(err)
}
hash.Write(data)
return &Digest{impl: hash.Sum(nil)}
}
// Called by the server to initiate a new client connection.
func (server *Server) handleIncomingClient(conn net.Conn) (err error) {
client := new(Client)
addr := conn.RemoteAddr()
if addr == nil {
err = errors.New("Unable to extract address for client.")
return
}
client.lf = &clientLogForwarder{client, server.Logger}
client.Logger = log.New(client.lf, "", 0)
client.session = server.pool.Get()
client.Printf("New connection: %v (%v)", conn.RemoteAddr(), client.Session())
client.tcpaddr = addr.(*net.TCPAddr)
client.server = server
client.conn = conn
client.reader = bufio.NewReader(client.conn)
client.state = StateClientConnected
client.udprecv = make(chan []byte)
client.voiceTargets = make(map[uint32]*VoiceTarget)
client.user = nil
// Extract user's cert hash
tlsconn := client.conn.(*tls.Conn)
err = tlsconn.Handshake()
if err != nil {
client.Printf("TLS handshake failed: %v", err)
client.Disconnect()
return
}
state := tlsconn.ConnectionState()
if len(state.PeerCertificates) > 0 {
hash := sha1.New()
hash.Write(state.PeerCertificates[0].Raw)
sum := hash.Sum(nil)
client.certHash = hex.EncodeToString(sum)
}
// Check whether the client's cert hash is banned
if server.IsCertHashBanned(client.CertHash()) {
client.Printf("Certificate hash is banned")
client.Disconnect()
return
}
// Launch network readers
go client.tlsRecvLoop()
go client.udpRecvLoop()
return
}
// IronString returns "tamper-resistant" strings.
func IronString(name, value string, key []byte, duration int64) string {
if duration > 0 {
value = fmt.Sprintf("%d:%s", time.Now().UnixNano()+duration, value)
}
message := fmt.Sprintf("%s|%s", strings.Replace(name, "|", `\|`, -1), value)
hash := hmac.New(ironHMAC, key)
hash.Write([]byte(message))
mac := base64.URLEncoding.EncodeToString(hash.Sum(nil))
return fmt.Sprintf("%s:%s", mac, value)
}
// hashForChannelID returns the hash to be signed for TLS Channel
// ID. If a resumption, resumeHash has the previous handshake
// hash. Otherwise, it is nil.
func (h finishedHash) hashForChannelID(resumeHash []byte) []byte {
hash := sha256.New()
hash.Write(channelIDLabel)
if resumeHash != nil {
hash.Write(channelIDResumeLabel)
hash.Write(resumeHash)
}
hash.Write(h.server.Sum(nil))
return hash.Sum(nil)
}
func HashFile(filepath string, ht hashtype, digestlen int) string {
if f, e := os.Open(filepath); e == nil {
defer f.Close()
hash := ht()
if _, e := io.Copy(hash, f); e == nil {
digest := make([]byte, 0, digestlen)
return hex.EncodeToString(hash.Sum(digest))
}
}
return ""
}
func hashFiles(fileCsv string) hash.Hash {
files := strings.Split(fileCsv, ",")
hash := md5.New()
for _, f := range files {
file, err := os.Open(f)
handleErr(err)
_, err = io.Copy(hash, file)
handleErr(err)
}
log.Printf("Ended up with: %x", hash.Sum(nil))
return hash
}
func main() {
image := parseFlags()
hash, err := image.build(tarStream, mountFlagsStream)
if err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
os.Exit(-1)
}
if err := image.writeMetadata(metadataStream, hash.Sum(nil)); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
os.Exit(-1)
}
}
// | signature | deadline | str
func (c *Cipher) encrypt(deadline uint64, b []byte) []byte {
result := make([]byte, c.hdrLen+len(b))
binary.BigEndian.PutUint64(result[c.sigLen:c.hdrLen], deadline)
copy(result[c.hdrLen:], b)
hash := hmac.New(c.hash, c.signKey)
hash.Write(b)
hash.Write(result[c.sigLen:c.hdrLen])
copy(result, hash.Sum(nil)[:c.sigLen])
return result
}
func generateSalt(secret []byte) ([]byte, error) {
buf := make([]byte, saltSize, saltSize+sha1.Size)
_, err := io.ReadFull(rand.Reader, buf)
if err != nil {
return nil, err
}
hash := sha1.New()
hash.Write(buf)
hash.Write(secret)
return hash.Sum(buf), nil
}
// Sha1sum is an utility function that obtains the SHA1 hash of a file (as
// referenced to by the filename parameter).
func Sha1sum(filename string) ([]byte, error) {
hash := sha1.New()
fd, err := os.Open(filename)
if err != nil {
return nil, err
}
defer fd.Close()
if _, err := io.Copy(hash, fd); err != nil {
return nil, err
}
return hash.Sum(nil), nil
}
func main() {
// Create the output file.
outFile, err := os.Create("/tmp/bottles.crypt")
if err != nil {
log.Fatal(err)
}
defer outFile.Close()
hash, err := generate(outFile)
if err != nil {
log.Fatal(err)
}
fmt.Printf("checksum of encrypted data: %x\n", hash.Sum(nil))
}
func (self *FileNode) Signature() ([]byte, error) {
if self.sig != nil {
return self.sig, nil
}
hash := fnv.New64a()
err := HashFile(self.Name(), hash)
if err != nil {
return nil, err
}
signature := make([]byte, 0, hash.Size())
signature = hash.Sum(signature)
self.sig = signature
return signature, nil
}
func addHashCommand(app *cli.Cli, command string, description string, hashFactory func() hash.Hash) {
app.Command(command, description, func(cmd *cli.Cmd) {
cmd.Spec = "[FILE]"
file := cmd.StringArg("FILE", "", "File to hash.")
cmd.Action = func() {
printHash(*file, func(input io.Reader) []byte {
hash := hashFactory()
io.Copy(hash, input)
return hash.Sum(nil)
})
}
})
}