Пример #1
0
// The client has sent the server a one-time AES key+iv encrypted with
// the server's RSA comms public key.  The server creates the real
// session iv+key and returns them to the client encrypted with the
// one-time key+iv.
//
// XXX This is simply a copy of the function in s_in_handler.go, with
// "Out" inserted: we definitely need to refactor!
//
func handleOutPeerHello(h *ClusterOutHandler) (err error) {
	var (
		ciphertext, ciphertextOut []byte
		version1                  uint32
		sOneShot, sSession        *xa.AesSession
		rng                       *xr.PRNG
	)
	ciphertext, err = h.ReadData()
	if err == nil {
		rng = xr.MakeSystemRNG()
		sOneShot, version1, err = xa.ServerDecryptHello(
			ciphertext, h.us.ckPriv, rng)
	}
	if err == nil {
		_ = version1 // just ignored for now
		version2 := uint32(serverVersion)
		sSession, ciphertextOut, err = xa.ServerEncryptHelloReply(
			sOneShot, version2)
		if err == nil {
			h.AesSession = *sSession
			err = h.WriteData(ciphertextOut)
		}
		if err == nil {
			h.version = uint32(version2)
			h.State = S_HELLO_RCVD
		}
	}
	// On any error silently close the connection and delete the handler,
	// an exciting thing to do.
	if err != nil {
		// DEBUG
		fmt.Printf("handleOutPeerHello closing cnx, error was %v\n", err)
		// END
		h.Cnx.Close()
		h = nil
	}
	return
}
Пример #2
0
func handleHello(h *InHandler) (err error) {
	var (
		sOneShot   *xa.AesSession
		ciphertext []byte
		version1   uint32
	)
	rn := &h.reg.RegNode
	ciphertext, err = h.ReadData()
	if err == nil {
		sOneShot, version1,
			err = xa.ServerDecryptHello(ciphertext, rn.ckPriv, h.RNG)
		_ = version1 // ignore whatever version they propose
	}
	if err == nil {
		version2 := serverVersion
		sSession, ciphertextOut, err := xa.ServerEncryptHelloReply(
			sOneShot, uint32(version2))
		if err == nil {
			// we have our AesSession
			h.AesSession = *sSession
			// The server has preceded the ciphertext with the plain text IV.
			err = h.WriteData(ciphertextOut)
		}
		if err == nil {
			h.version = uint32(version2)
			h.State = HELLO_RCVD
		}
	}
	// On any error silently close the connection.
	if err != nil {
		// DEBUG
		fmt.Printf("handleHello closing cnx, error was %v\n", err)
		// END
		h.Cnx.Close()
	}
	return
}
Пример #3
0
// The client has sent the server a one-time AES key+iv encrypted with
// the server's RSA comms public key.  The server creates the real
// session iv+key and returns them to the client encrypted with the
// one-time key+iv.
func handleClientHello(h *ClientInHandler) (err error) {
	var (
		ciphertext, ciphertextOut []byte
		version1, version2        uint32
		sOneShot, sSession        *xa.AesSession
	)
	rng := xr.MakeSystemRNG()
	ciphertext, err = h.ReadData()
	if err == nil {
		sOneShot, version1, err = xa.ServerDecryptHello(
			ciphertext, h.us.ckPriv, rng)
		_ = version1 // we don't actually use this
	}
	if err == nil {
		version2 = uint32(serverVersion) // a global !
		sSession, ciphertextOut, err = xa.ServerEncryptHelloReply(
			sOneShot, version2)
		if err == nil {
			h.AesSession = *sSession
			err = h.WriteData(ciphertextOut)
		}
		if err == nil {
			h.version = version2
			h.State = C_HELLO_RCVD
		}
	}
	// On any error silently close the connection.
	if err != nil {
		// DEBUG
		fmt.Printf("handleClientHello closing cnx, error was %s\n",
			err.Error())
		// END
		h.Cnx.Close()
	}
	return
}