func OpenPKMessageNACL(ircmsg []byte) (out []byte, err error) { b64, err := acutl.B64DecodeData(ircmsg) if err != nil { return nil, &acutl.AcError{Value: -1, Msg: "OpenPKMessageNACL(): ", Err: err} } ciphertext, err := unpackMessagePK(b64) if err != nil { return nil, &acutl.AcError{Value: -2, Msg: "OpenPKMessageNACL(): ", Err: err} } out, err = acutl.DecompressData(ciphertext) if err != nil { return nil, &acutl.AcError{Value: -3, Msg: "OpenPKMessageNACL(): ", Err: err} } return out, nil }
func OpenACMessageNACL(context *ackp.SecKey, rnd, cmsg, peerNick, myNick []byte) (out []byte, err error) { fmt.Fprintf(os.Stderr, "OpenACMessageNACL()\n") b64, err := acutl.B64DecodeData(cmsg) if err != nil { return nil, &acutl.AcError{Value: -1, Msg: "OpenACMessageNACL(): ", Err: err} } cnonce, myHdr, ciphertext, err := unpackMessageAC(b64) if err != nil { return nil, &acutl.AcError{Value: -2, Msg: "OpenACMessageNACL(): ", Err: err} } // XXX this is to handle private message instead of channel communication // as the destination are assymetrical eau's dst is frl and frl's dst is eau // ac_bob := context.GetBob() ok_bob, _ := IsValidChannelName(ac_bob) fmt.Fprintf(os.Stderr, "[+] OpenACMessage: is %s a valid channel: %t\n", ac_bob, ok_bob) if ok_bob == false && len(myNick) > 0 { ac_bob = myNick } /* let's build the nonce */ //BuildNonceAC(inonce uint32, bob, mynick, myhdr []byte) (nonce []byte, noncebyte *[24]byte, err error) _, noncebyte, err := BuildNonceAC(cnonce, ac_bob, peerNick, myHdr) // OPEN the key context.RndKey(rnd) // XXX new to check rnd and context.key are the same size /* for j := 0; j < len(rnd); j++ { context.key[j] = context.key[j] ^ rnd[j] } */ packed, ok := secretbox.Open(nil, ciphertext, noncebyte, context.GetSealKey()) // Close the key context.RndKey(rnd) /* for j := 0; j < len(rnd); j++ { context.key[j] = context.key[j] ^ rnd[j] } */ if ok == false { //return nil, acprotoError(1, "OpenACMessage().SecretOpen(): false ", nil) return nil, &acutl.AcError{Value: -3, Msg: "OpenACMessageNACL().SecretOpen(): ", Err: nil} } out, err = acutl.DecompressData(packed) if err != nil { return nil, &acutl.AcError{Value: -3, Msg: "OpenACMessageNACL().DecompressData(): ", Err: err} } //nonceval = acIn.GetNonce() // update the nonce value /* if cnonce > context.nonce { context.nonce = cnonce + 1 } else { context.nonce++ } */ context.IncNonce(cnonce) return out, nil //return nil, nil }
func OpenKXMessageNACL(peerPubkey, myPrivkey *[32]byte, cmsg, channel, myNick, peerNick []byte) (context *ackp.SecKey, SecRnd []byte, err error) { // check that we are indeed if peerPubkey == nil || myPrivkey == nil { //return nil, acprotoError(-1, "OpenKXMessage().invalidPubPrivKeys(): ", err) return nil, nil, &acutl.AcError{Value: -1, Msg: "OpenKXMessageNACL().invalidPubPrivKeys(): ", Err: err} } b64, err := acutl.B64DecodeData(cmsg) if err != nil { return nil, nil, &acutl.AcError{Value: -2, Msg: "OpenKXMessageNACL(): ", Err: err} } cnonce, myHdr, ciphertext, err := unpackMessageKX(b64) if err != nil { return nil, nil, &acutl.AcError{Value: -3, Msg: "OpenKXMessageNACL(): ", Err: err} } // XXX TODO: exact opposite of the one in CreateKXMessage kx_channel := IsChannelOrPriv(channel, peerNick, myNick) // XXX TODO: we should add the header like <ackx:peerNick> to avoid replay from // other nickname on the channel... nonce building! _, noncebyte, err := BuildNonceKX(cnonce, kx_channel, peerNick, myNick, myHdr) if err != nil { return nil, nil, &acutl.AcError{Value: -4, Msg: "OpenKXMessageNACL(): ", Err: err} } packed, ok := box.Open(nil, ciphertext, noncebyte, peerPubkey, myPrivkey) if ok == false { return nil, nil, &acutl.AcError{Value: -5, Msg: "OpenKXMessageNACL().BoxOpen(): ", Err: nil} } out, err := acutl.DecompressData(packed) if err != nil { return nil, nil, &acutl.AcError{Value: -6, Msg: "OpenKXMessageNACL(): ", Err: err} } //fmt.Fprintf(os.Stderr, "OPEN KX KEY: %s\n", hex.EncodeToString(out)) // XXX TODO are we at the end of the nonce value.. context, err = ackp.CreateACContext(channel, cnonce+1) if err != nil { return nil, nil, &acutl.AcError{Value: -7, Msg: "OpenKXMessage().CreateACContext(): ", Err: err} } // XXX TODO // get RANDOMNESS bytes, return the random bytes newRnd, err := acutl.GetRandomBytes(context.GetKeyLen()) if err != nil { return nil, nil, &acutl.AcError{Value: -8, Msg: "OpenKXMessage() no randomness to protect the key in memory: ", Err: err} } /* newRnd := make([]byte, len(context.key)) _, err = rand.Read(newRnd) */ // XXX TODO: check the extracted buffer size... to sure we're not copying // too much into a restricted buffer... //copy(context.key[:], out) context.SetKey(out) // Xor the key now.. context.RndKey(newRnd) // increase nonce based on the message nonce value context.IncNonce(cnonce) return context, newRnd, nil }