Пример #1
0
func OpenACMessageNACL(context *ickp.SecretKey, rnd, cmsg, peerNick, myNick []byte) (out []byte, err error) {
	//fmt.Fprintf(os.Stderr, "OpenACMessageNACL()\n")
	b64, err := icutl.B64DecodeData(cmsg)
	if err != nil {
		return nil, &icutl.AcError{Value: -1, Msg: "OpenACMessageNACL(): ", Err: err}
	}

	cnonce, myHdr, ciphertext, err := unpackMessageAC(b64)
	if err != nil {
		return nil, &icutl.AcError{Value: -2, Msg: "OpenACMessageNACL(): ", Err: err}
	}

	// XXX this is to handle private message instead of channel communication
	// as the destination are assymetrical eau's dst is frl and frl's dst is eau
	//
	ac_bob := context.GetBob()
	ok_bob, _ := IsValidChannelName(ac_bob)
	//fmt.Fprintf(os.Stderr, "[+] OpenACMessage: is %s a valid channel: %t\n", ac_bob, ok_bob)
	if ok_bob == false && len(myNick) > 0 {
		ac_bob = myNick
	}

	/* let's build the nonce */
	//BuildNonceAC(inonce uint32, bob, mynick, myhdr []byte) (nonce []byte, noncebyte *[24]byte, err error)
	_, noncebyte, err := BuildNonceAC(cnonce, ac_bob, peerNick, myHdr)

	// OPEN the key
	context.RndKey(rnd)
	// XXX new to check rnd and context.key are the same size
	/*
		for j := 0; j < len(rnd); j++ {
			context.key[j] = context.key[j] ^ rnd[j]
		}
	*/

	packed, ok := secretbox.Open(nil, ciphertext, noncebyte, context.GetSealKey())

	// Close the key
	context.RndKey(rnd)
	/*
		for j := 0; j < len(rnd); j++ {
			context.key[j] = context.key[j] ^ rnd[j]
		}
	*/

	if ok == false {
		//return nil, acprotoError(1, "OpenACMessage().SecretOpen(): false ", nil)
		return nil, &icutl.AcError{Value: -3, Msg: "OpenACMessageNACL().SecretOpen(): ", Err: nil}
	}

	out, err = icutl.DecompressData(packed)
	if err != nil {
		return nil, &icutl.AcError{Value: -3, Msg: "OpenACMessageNACL().DecompressData(): ", Err: err}
	}

	//nonceval = acIn.GetNonce()
	// update the nonce value
	/*
		if cnonce > context.nonce {
			context.nonce = cnonce + 1
		} else {
			context.nonce++
		}
	*/
	context.IncNonce(cnonce)
	return out, nil
	//return nil, nil
}
Пример #2
0
func OpenKXMessageNACL(peerPubkey, myPrivkey *[32]byte, cmsg, channel, myNick, peerNick []byte) (context *ickp.SecretKey, SecRnd []byte, err error) {
	// check that we are indeed
	if peerPubkey == nil || myPrivkey == nil {
		//return nil, acprotoError(-1, "OpenKXMessage().invalidPubPrivKeys(): ", err)
		return nil, nil, &icutl.AcError{Value: -1, Msg: "OpenKXMessageNACL().invalidPubPrivKeys(): ", Err: err}
	}

	b64, err := icutl.B64DecodeData(cmsg)
	if err != nil {
		return nil, nil, &icutl.AcError{Value: -2, Msg: "OpenKXMessageNACL(): ", Err: err}
	}

	cnonce, myHdr, ciphertext, err := unpackMessageKX(b64)
	if err != nil {
		return nil, nil, &icutl.AcError{Value: -3, Msg: "OpenKXMessageNACL(): ", Err: err}
	}

	// XXX TODO: exact opposite of the one in CreateKXMessage
	kx_channel := IsChannelOrPriv(channel, peerNick, myNick)

	// XXX TODO: we should add the header like <ackx:peerNick> to avoid replay from
	// other nickname on the channel... nonce building!
	_, noncebyte, err := BuildNonceKX(cnonce, kx_channel, peerNick, myNick, myHdr)
	if err != nil {
		return nil, nil, &icutl.AcError{Value: -4, Msg: "OpenKXMessageNACL(): ", Err: err}
	}

	packed, ok := box.Open(nil, ciphertext, noncebyte, peerPubkey, myPrivkey)
	if ok == false {
		return nil, nil, &icutl.AcError{Value: -5, Msg: "OpenKXMessageNACL().BoxOpen(): ", Err: nil}
	}

	out, err := icutl.DecompressData(packed)
	if err != nil {
		return nil, nil, &icutl.AcError{Value: -6, Msg: "OpenKXMessageNACL(): ", Err: err}
	}

	//fmt.Fprintf(os.Stderr, "OPEN KX KEY: %s\n", hex.EncodeToString(out))
	// XXX TODO are we at the end of the nonce value..
	context, err = ickp.CreateACContext(channel, cnonce+1)
	if err != nil {
		return nil, nil, &icutl.AcError{Value: -7, Msg: "OpenKXMessage().CreateACContext(): ", Err: err}
	}

	// XXX TODO
	// get RANDOMNESS bytes, return the random bytes
	newRnd, err := icutl.GetRandomBytes(context.GetKeyLen())
	if err != nil {
		return nil, nil, &icutl.AcError{Value: -8, Msg: "OpenKXMessage() no randomness to protect the key in memory: ", Err: err}
	}
	/*
		newRnd := make([]byte, len(context.key))
		_, err = rand.Read(newRnd)
	*/

	// XXX TODO: check the extracted buffer size... to sure we're not copying
	// too much into a restricted buffer...
	//copy(context.key[:], out)
	context.SetKey(out)

	// Xor the key now..
	context.RndKey(newRnd)

	// increase nonce based on the message nonce value
	context.IncNonce(cnonce)

	return context, newRnd, nil
}