// The client has sent the server a one-time AES key+iv encrypted with
// the server's RSA comms public key. The server creates the real
// session iv+key and returns them to the client encrypted with the
// one-time key+iv.
//
// XXX This is simply a copy of the function in s_in_handler.go, with
// "Out" inserted: we definitely need to refactor!
//
func handleOutPeerHello(h *ClusterOutHandler) (err error) {
var (
ciphertext, ciphertextOut []byte
version1 uint32
sOneShot, sSession *xa.AesSession
rng *xr.PRNG
)
ciphertext, err = h.ReadData()
if err == nil {
rng = xr.MakeSystemRNG()
sOneShot, version1, err = xa.ServerDecryptHello(
ciphertext, h.us.ckPriv, rng)
}
if err == nil {
_ = version1 // just ignored for now
version2 := uint32(serverVersion)
sSession, ciphertextOut, err = xa.ServerEncryptHelloReply(
sOneShot, version2)
if err == nil {
h.AesSession = *sSession
err = h.WriteData(ciphertextOut)
}
if err == nil {
h.version = uint32(version2)
h.State = S_HELLO_RCVD
}
}
// On any error silently close the connection and delete the handler,
// an exciting thing to do.
if err != nil {
// DEBUG
fmt.Printf("handleOutPeerHello closing cnx, error was %v\n", err)
// END
h.Cnx.Close()
h = nil
}
return
}
func handleHello(h *InHandler) (err error) {
var (
sOneShot *xa.AesSession
ciphertext []byte
version1 uint32
)
rn := &h.reg.RegNode
ciphertext, err = h.ReadData()
if err == nil {
sOneShot, version1,
err = xa.ServerDecryptHello(ciphertext, rn.ckPriv, h.RNG)
_ = version1 // ignore whatever version they propose
}
if err == nil {
version2 := serverVersion
sSession, ciphertextOut, err := xa.ServerEncryptHelloReply(
sOneShot, uint32(version2))
if err == nil {
// we have our AesSession
h.AesSession = *sSession
// The server has preceded the ciphertext with the plain text IV.
err = h.WriteData(ciphertextOut)
}
if err == nil {
h.version = uint32(version2)
h.State = HELLO_RCVD
}
}
// On any error silently close the connection.
if err != nil {
// DEBUG
fmt.Printf("handleHello closing cnx, error was %v\n", err)
// END
h.Cnx.Close()
}
return
}
// The client has sent the server a one-time AES key+iv encrypted with
// the server's RSA comms public key. The server creates the real
// session iv+key and returns them to the client encrypted with the
// one-time key+iv.
func handleClientHello(h *ClientInHandler) (err error) {
var (
ciphertext, ciphertextOut []byte
version1, version2 uint32
sOneShot, sSession *xa.AesSession
)
rng := xr.MakeSystemRNG()
ciphertext, err = h.ReadData()
if err == nil {
sOneShot, version1, err = xa.ServerDecryptHello(
ciphertext, h.us.ckPriv, rng)
_ = version1 // we don't actually use this
}
if err == nil {
version2 = uint32(serverVersion) // a global !
sSession, ciphertextOut, err = xa.ServerEncryptHelloReply(
sOneShot, version2)
if err == nil {
h.AesSession = *sSession
err = h.WriteData(ciphertextOut)
}
if err == nil {
h.version = version2
h.State = C_HELLO_RCVD
}
}
// On any error silently close the connection.
if err != nil {
// DEBUG
fmt.Printf("handleClientHello closing cnx, error was %s\n",
err.Error())
// END
h.Cnx.Close()
}
return
}