Пример #1
0
// STS initiator: creates a new session, initiates a key exchange, verifies the other side and authenticates itself.
func initiator(group, generator *big.Int, cipher func([]byte) (cipher.Block, error), bits int,
	hash crypto.Hash, skey *rsa.PrivateKey, pkey *rsa.PublicKey, trans, out chan []byte) {
	// Create a new empty session
	session, err := sts.New(rand.Reader, group, generator, cipher, bits, hash)
	if err != nil {
		fmt.Printf("failed to create new session: %v\n", err)
		close(out)
		return
	}
	// Initiate a key exchange, send the exponential
	exp, err := session.Initiate()
	if err != nil {
		fmt.Printf("failed to initiate key exchange: %v\n", err)
		close(out)
		return
	}
	trans <- exp.Bytes()

	// Receive the foreign exponential and auth token and if verifies, send own auth
	bytes, token := <-trans, <-trans
	exp = new(big.Int).SetBytes(bytes)
	token, err = session.Verify(rand.Reader, skey, pkey, exp, token)
	if err != nil {
		fmt.Printf("failed to verify acceptor auth token: %v\n", err)
		close(out)
		return
	}
	trans <- token

	// Protocol done, other side should finalize if all is correct
	secret, err := session.Secret()
	if err != nil {
		fmt.Printf("failed to retrieve exchanged secret: %v\n", err)
		close(out)
		return
	}
	out <- secret
	return
}
Пример #2
0
// STS acceptor: creates a new session, accepts an exchange request, authenticates itself and verifies the other side.
func acceptor(group, generator *big.Int, cipher func([]byte) (cipher.Block, error), bits int,
	hash crypto.Hash, skey *rsa.PrivateKey, pkey *rsa.PublicKey, trans, out chan []byte) {
	// Create a new empty session
	session, err := sts.New(rand.Reader, group, generator, cipher, bits, hash)
	if err != nil {
		fmt.Printf("failed to create new session: %v\n", err)
		close(out)
		return
	}
	// Receive foreign exponential, accept the incoming key exchange request and send back own exp + auth token
	bytes := <-trans
	exp := new(big.Int).SetBytes(bytes)
	exp, token, err := session.Accept(rand.Reader, skey, exp)
	if err != nil {
		fmt.Printf("failed to accept incoming exchange: %v\n", err)
		close(out)
		return
	}
	trans <- exp.Bytes()
	trans <- token

	// Receive the foreign auth token and if verifies conclude session
	token = <-trans
	err = session.Finalize(pkey, token)
	if err != nil {
		fmt.Printf("failed to finalize exchange: %v\n", err)
		close(out)
		return
	}
	// Protocol done
	secret, err := session.Secret()
	if err != nil {
		fmt.Printf("failed to retrieve exchanged secret: %v\n", err)
		close(out)
		return
	}
	out <- secret
	return
}