func TestGenTempKey(t *testing.T) {
privkey := [PrivateKeySize]byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0xaf, 0xff}
testPriv := [PrivateKeySize]byte{0x00, 0x00, 0x03, 0x03, 0x03, 0x06, 0x07, 0x08, 0x09, 0x07, 0x07, 0x07, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0xaf, 0xff}
testPriv2 := [PrivateKeySize]byte{0x01, 0x02, 0x03, 0x03, 0x03, 0x06, 0x07, 0x08, 0x09, 0x07, 0x07, 0x07, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0xaf, 0xff}
testPub := [PublicKeySize]byte{}
testPub2 := [PublicKeySize]byte{}
curve25519.ScalarBaseMult(&testPub, &testPriv)
curve25519.ScalarBaseMult(&testPub2, &testPriv2)
serverPriv, serverPub, challenge := GenTempKeyTime(uint64(time.Now().Unix()), &privkey)
_, _, _ = serverPriv, serverPub, challenge
answer := Answer(challenge, &testPriv)
ok := Verify(answer, &privkey, &testPub)
if !ok {
t.Error("Verification failed")
}
ok = Verify(answer, &privkey, &testPub2)
if ok {
t.Error("Verification must fail 1")
}
answer = Answer(challenge, &testPriv2)
ok = Verify(answer, &privkey, &testPub)
if ok {
t.Error("Verification must fail 2")
}
if !VerifyTimeNow(answer, 1) {
t.Error("Time verification failed")
}
answer[0] = 0x01 // bad time
if VerifyTimeNow(answer, 1) {
t.Error("Time verification must fail")
}
}
func TestStreamData(t *testing.T) {
var serverPrivate, clientPrivate, serverPublic, clientPublic [32]byte
randBytes(serverPrivate[:])
randBytes(clientPrivate[:])
curve25519.ScalarBaseMult(&serverPublic, &serverPrivate)
curve25519.ScalarBaseMult(&clientPublic, &clientPrivate)
x, y := NewBiDiPipe()
client := NewClient(x, &clientPrivate, &clientPublic, &serverPublic)
server := NewServer(y, &serverPrivate)
clientComplete := make(chan bool)
go func() {
defer x.Close()
err := client.Handshake()
if err != nil {
panic(err)
}
if _, err = client.Write(nil); err != nil {
panic(err)
}
if _, err = client.Write([]byte("hello")); err != nil {
panic(err)
}
if _, err = client.Write([]byte("world")); err != nil {
panic(err)
}
if _, err = client.Write(make([]byte, 20*1024)); err != nil {
panic(err)
}
close(clientComplete)
}()
serverComplete := make(chan bool)
go func() {
defer y.Close()
err := server.Handshake()
if err != nil {
panic(err)
}
h := sha256.New()
if _, err := io.Copy(h, server); err != nil {
panic(err)
}
if h.Sum(nil)[0] != 0xec {
panic("bad data received")
}
close(serverComplete)
}()
<-clientComplete
<-serverComplete
}
// FillKeyExchange sets elements of kx with key exchange information from the
// ratchet.
func (r *Ratchet) FillKeyExchange(kx *pond.KeyExchange) error {
if r.kxPrivate0 == nil || r.kxPrivate1 == nil {
return errors.New("ratchet: handshake already complete")
}
var public0, public1 [32]byte
curve25519.ScalarBaseMult(&public0, r.kxPrivate0)
curve25519.ScalarBaseMult(&public1, r.kxPrivate1)
kx.Dh = public0[:]
kx.Dh1 = public1[:]
return nil
}
func (r *Ratchet) EncryptFirst(out, msg []byte, theirRatchetPublic *[32]byte) []byte {
r.saved = make(map[[32]byte]map[uint32]savedKey)
r.ratchet = true
r.randBytes(r.ourRatchetPrivate[:])
copy(r.theirRatchetPublic[:], theirRatchetPublic[:])
copy(r.theirAuthPublic[:], theirRatchetPublic[:])
var sharedKey [32]byte
curve25519.ScalarMult(&sharedKey, &r.ourRatchetPrivate, &r.theirRatchetPublic)
h := hmac.New(sha256.New, sharedKey[:])
deriveKey(&r.rootKey, rootKeyLabel, h)
deriveKey(&r.recvHeaderKey, headerKeyLabel, h)
deriveKey(&r.nextSendHeaderKey, sendHeaderKeyLabel, h)
deriveKey(&r.nextRecvHeaderKey, nextRecvHeaderKeyLabel, h)
deriveKey(&r.recvChainKey, chainKeyLabel, h)
var ourRatchetPublic [32]byte
curve25519.ScalarBaseMult(&ourRatchetPublic, &r.ourRatchetPrivate)
tag_idx := len(out)
out = append(out, make([]byte, authSize)...)
out = append(out, ourRatchetPublic[:]...)
out = r.encrypt(out, msg)
r.FillAuth(out[tag_idx:][:authSize], out[tag_idx+authSize:], theirRatchetPublic)
return out
}
func NewTestServer(setup func(dir string)) *TestServer {
listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1)})
if err != nil {
panic(err)
}
dir, err := ioutil.TempDir("", "servertest")
if err != nil {
panic(err)
}
if setup != nil {
setup(dir)
}
testServer := &TestServer{
listener: listener,
addr: listener.Addr().(*net.TCPAddr),
dir: dir,
server: NewServer(dir, true),
}
io.ReadFull(rand.Reader, testServer.identity[:])
curve25519.ScalarBaseMult(&testServer.identityPublic, &testServer.identity)
go testServer.Loop()
return testServer
}
func (c *client) sendDraft(draft *Draft) (uint64, time.Time, error) {
to := c.contacts[draft.to]
// Zero length bodies are ACKs.
if len(draft.body) == 0 {
draft.body = " "
}
id := c.randId()
created := c.Now()
message := &pond.Message{
Id: proto.Uint64(id),
Time: proto.Int64(created.Unix()),
Body: []byte(draft.body),
BodyEncoding: pond.Message_RAW.Enum(),
Files: draft.attachments,
DetachedFiles: draft.detachments,
SupportedVersion: proto.Int32(protoVersion),
}
if r := draft.inReplyTo; r != 0 {
message.InReplyTo = proto.Uint64(r)
}
if to.ratchet == nil {
var nextDHPub [32]byte
curve25519.ScalarBaseMult(&nextDHPub, &to.currentDHPrivate)
message.MyNextDh = nextDHPub[:]
}
err := c.send(to, message)
return id, created, err
}
func (tmp AddressTemplate) genDetermKeys(nonce, nym []byte) (pub, priv *[KeySize]byte) {
pub, priv = new([KeySize]byte), new([KeySize]byte)
privkeyA := calcHmac(tmp.Secret, nonce, nym)
copy(priv[:], privkeyA)
curve25519.ScalarBaseMult(pub, priv)
return pub, priv
}
func (c *Conn) handshakeAsServer(ctx context.Context) error {
// Check that a private key has actually been specified.
c.curves = c.cfg.Curvek
if keyIsZero(&c.curves) {
return fmt.Errorf("Server private key not specified.")
}
// Derive server public key from server private key.
if c.cfg.CurveK != nil {
c.curveS = *c.cfg.CurveK
} else {
curve25519.ScalarBaseMult(&c.curveS, &c.curves)
}
err := c.hsReadClientHello()
if err != nil {
return err
}
err = c.hsWriteServerHello()
if err != nil {
return err
}
// Determine the shared secret key used for encryption.
box.Precompute(&c.curveCtSt, &c.curveCt, &c.curvest)
err = c.hsReadClientCommence()
if err != nil {
return err
}
return nil
}
func TestKeyPairs(t *testing.T) {
var pubkey, privkey [32]byte
ikp := GenerateIdentityKeyPair()
copy(privkey[:], ikp.PrivateKey.Key()[:])
curve25519.ScalarBaseMult(&pubkey, &privkey)
assert.Equal(t, pubkey[:], ikp.PublicKey.Key()[:])
}
// ECDH computes a Diffie-Hellman (DH) key exchange over the elliptic curve (EC)
// curve25519. If ownPublicKey is given it is used to check for the key
// reflection attack. Otherwise it is derived from privateKey.
func ECDH(privateKey, peersPublicKey, ownPublicKey *[32]byte) (*[32]byte, error) {
var (
sharedKey [32]byte
pubKey []byte
)
// check mandatory key length
if privateKey == nil {
return nil, log.Error("cipher: curve25519.ECDH(): privateKey == nil")
}
if peersPublicKey == nil {
return nil, log.Error("cipher: curve25519.ECDH(): peersPublicKey == nil")
}
// check for key reflection attack
if ownPublicKey != nil {
pubKey = ownPublicKey[:]
} else {
var publicKey [32]byte
curve25519.ScalarBaseMult(&publicKey, privateKey)
pubKey = publicKey[:]
}
if bytes.Equal(pubKey, peersPublicKey[:]) {
return nil, log.Errorf("cipher: curve25519.ECDH(): publicKey == peersPublicKey")
}
// perform Diffie-Hellman key exchange
curve25519.ScalarMult(&sharedKey, privateKey, peersPublicKey)
return &sharedKey, nil
}
func UnmarshalKeyExchange(rand io.Reader, meetingPlace MeetingPlace, serialised []byte) (*KeyExchange, error) {
var p panda_proto.KeyExchange
if err := proto.Unmarshal(serialised, &p); err != nil {
return nil, err
}
sharedSecret, ok := newSharedSecret(p.SharedSecret)
if !ok {
return nil, errors.New("panda: invalid shared secret in serialised key exchange")
}
kx := &KeyExchange{
rand: rand,
meetingPlace: meetingPlace,
status: p.GetStatus(),
sharedSecret: sharedSecret,
serialised: serialised,
kxBytes: p.KeyExchangeBytes,
message1: p.Message1,
message2: p.Message2,
}
copy(kx.key[:], p.Key)
copy(kx.meeting1[:], p.Meeting1)
copy(kx.meeting2[:], p.Meeting2)
copy(kx.sharedKey[:], p.SharedKey)
copy(kx.dhPrivate[:], p.DhPrivate)
curve25519.ScalarBaseMult(&kx.dhPublic, &kx.dhPrivate)
return kx, nil
}
// Share creates a shared key, which the given key can use to decrypt
// the secret.
// Requires the master key to be unsealed.
func (s *Secret) Share(key *Key) (shared *Secret, err error) {
if IsSealed() {
err = errors.New("Please unseal first")
return
}
shared = new(Secret)
shared.Name = s.Name
shared.Key = *key
err = s.Key.Decrypt()
if err != nil {
return
}
defer s.Key.Zero()
if err = shared.newNonce(); err != nil {
return
}
// Generate a public key from the master
pub := new([32]byte)
curve25519.ScalarBaseMult(pub, master)
shared.Pubkey = pub[:]
shared.Message = box.Seal(
nil,
s.Key.raw[:],
shared.nonce(),
key.pubkey(),
master)
return
}
func (kp *curve25519KeyPair) generate(rand io.Reader) error {
if _, err := io.ReadFull(rand, kp.priv[:]); err != nil {
return err
}
curve25519.ScalarBaseMult(&kp.pub, &kp.priv)
return nil
}
func TestBox(t *testing.T) {
var privateKey1, privateKey2 [32]byte
for i := range privateKey1[:] {
privateKey1[i] = 1
}
for i := range privateKey2[:] {
privateKey2[i] = 2
}
var publicKey1 [32]byte
curve25519.ScalarBaseMult(&publicKey1, &privateKey1)
var message [64]byte
for i := range message[:] {
message[i] = 3
}
var nonce [24]byte
for i := range nonce[:] {
nonce[i] = 4
}
box := Seal(nil, message[:], &nonce, &publicKey1, &privateKey2)
// expected was generated using the C implementation of NaCl.
expected, _ := hex.DecodeString("78ea30b19d2341ebbdba54180f821eec265cf86312549bea8a37652a8bb94f07b78a73ed1708085e6ddd0e943bbdeb8755079a37eb31d86163ce241164a47629c0539f330b4914cd135b3855bc2a2dfc")
if !bytes.Equal(box, expected) {
t.Fatalf("box didn't match, got\n%x\n, expected\n%x", box, expected)
}
}
// Encrypt an envelope (Client-Mix) with CURVE25519-AES-GCM
func Encrypt(peerPublicKey, myPrivateKey *[KeySize]byte, cleartextData []byte) ([]byte, error) {
var myPublicKey [KeySize]byte
if myPrivateKey == nil {
myPrivateKey = new([KeySize]byte)
_, err := io.ReadFull(Rand, myPrivateKey[:])
if err != nil {
return nil, err
}
}
secret, nonce := CalculateSharedSecret(peerPublicKey, myPrivateKey, nil)
if secret == nil {
return nil, ErrNoKeys
}
curve25519.ScalarBaseMult(&myPublicKey, myPrivateKey)
encData, err := GCMEncrypt(nonce[:], secret[:], cleartextData)
if err != nil {
return nil, err
}
encData2 := make([]byte, KeySize*3+len(encData))
copy(encData2[0:KeySize], peerPublicKey[:])
copy(encData2[KeySize:KeySize*2], myPublicKey[:])
copy(encData2[KeySize*2:KeySize*3], nonce[:])
copy(encData2[KeySize*3:], encData)
return encData2, nil
}
func TestBasic(t *testing.T) {
var priv, pub [32]byte
rand.Read(priv[:])
curve25519.ScalarBaseMult(&pub, &priv)
var d Descriptor
d.Nickname = "mylittletorry18"
d.Contact = "TvdW"
d.Platform = "Tor 0.2.6.2-alpha on MS-DOS"
d.Address = net.ParseIP("80.57.124.58")
d.ORPort = 1234
d.UptimeStart = time.Now()
d.NTORKey = pub[:]
d.BandwidthAvg = 1000000
d.BandwidthBurst = 1200000
d.BandwidthObserved = 30107
k, err := openssl.GenerateRSAKeyWithExponent(1024, 65537)
if err != nil {
t.Error(err)
}
d.OnionKey, err = openssl.GenerateRSAKeyWithExponent(1024, 65537)
d.SigningKey = k
desc, err := d.SignedDescriptor()
if err != nil {
t.Error(err)
}
log.Println(desc)
}
// DeriveKeyPair takes a utf8 string, returns the [32]byte pub and secret keys
func DeriveKeyPair(input string) (pubKey, privateKey *[32]byte) {
privateKey = new([32]byte)
pubKey = new([32]byte)
privateKeySlice := sha512.Sum512([]byte(input))
copy(privateKey[:], privateKeySlice[0:32])
curve25519.ScalarBaseMult(pubKey, privateKey)
return
}
// encrypt acts like append() but appends an encrypted version of msg to out.
func (r *Ratchet) encrypt(out, msg []byte) []byte {
if r.ratchet {
r.randBytes(r.ourRatchetPrivate[:])
r.randBytes(r.ourAuthPrivate[:])
copy(r.sendHeaderKey[:], r.nextSendHeaderKey[:])
var sharedKey, keyMaterial [32]byte
curve25519.ScalarMult(&sharedKey, &r.ourRatchetPrivate, &r.theirRatchetPublic)
sha := sha256.New()
sha.Write(rootKeyUpdateLabel)
sha.Write(r.rootKey[:])
sha.Write(sharedKey[:])
sha.Sum(keyMaterial[:0])
h := hmac.New(sha256.New, keyMaterial[:])
deriveKey(&r.rootKey, rootKeyLabel, h)
deriveKey(&r.nextSendHeaderKey, sendHeaderKeyLabel, h)
deriveKey(&r.sendChainKey, chainKeyLabel, h)
r.prevSendCount, r.sendCount = r.sendCount, 0
r.ratchet = false
}
var messageKey [32]byte
h := hmac.New(sha256.New, r.sendChainKey[:])
deriveKey(&messageKey, messageKeyLabel, h)
deriveKey(&r.sendChainKey, chainKeyStepLabel, h)
var ourRatchetPublic, ourAuthPublic [32]byte
curve25519.ScalarBaseMult(&ourRatchetPublic, &r.ourRatchetPrivate)
curve25519.ScalarBaseMult(&ourAuthPublic, &r.ourAuthPrivate)
var header [headerSize]byte
var headerNonce, messageNonce [24]byte
r.randBytes(headerNonce[:])
r.randBytes(messageNonce[:])
binary.LittleEndian.PutUint32(header[0:4], r.sendCount)
binary.LittleEndian.PutUint32(header[4:8], r.prevSendCount)
copy(header[8:], ourRatchetPublic[:])
copy(header[8+32:], ourAuthPublic[:])
copy(header[nonceInHeaderOffset:], messageNonce[:])
out = append(out, headerNonce[:]...)
out = secretbox.Seal(out, header[:], &headerNonce, &r.sendHeaderKey)
r.sendCount++
return secretbox.Seal(out, msg, &messageNonce, &messageKey)
}
func TestKeyEntry(t *testing.T) {
// create UID message
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// KeyInit
now := uint64(times.Now())
ki, _, privateKey, err := msg.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// KeyEntry
ke, err := ki.KeyEntryECDHE25519(msg.SigPubKey())
if err != nil {
t.Fatal(err)
}
// verify consistency
if err := ke.Verify(); err != nil {
t.Fatal(err)
}
// equal
if !KeyEntryEqual(ke, ke) {
t.Error("ke should be equal to itself")
}
a := ke
var b KeyEntry
b.CIPHERSUITE = a.CIPHERSUITE
b.FUNCTION = a.FUNCTION
b.HASH = a.HASH
b.PUBKEY = a.PUBKEY
if !KeyEntryEqual(a, &b) {
t.Error("a and b should be equal to itself")
}
// private key check
if err := ke.SetPrivateKey(privateKey); err != nil {
t.Fatal(err)
}
privKey := ke.PrivateKey32()
if privateKey != base64.Encode(privKey[:]) {
t.Error("private keys differ")
}
// public key check
var publicKey [32]byte
curve25519.ScalarBaseMult(&publicKey, privKey)
pubKey := ke.PublicKey32()
if !bytes.Equal(publicKey[:], pubKey[:]) {
t.Error("public keys differ")
}
}
// genKey returns a keypair
func genKey() (pub, priv *[KeySize]byte, err error) {
publicKey := new([KeySize]byte)
privateKey := new([KeySize]byte)
if _, err := io.ReadFull(Rand, privateKey[:]); err != nil {
return nil, nil, err
}
curve25519.ScalarBaseMult(publicKey, privateKey)
return publicKey, privateKey, nil
}
// Pubkey returns the associated public key for the supplied private key.
func (k *Private) Pubkey() *Public {
var pub [32]byte
priv := [32]byte(*k)
// Performs ScalarBaseMult on the supplied private key, returning the public key
curve25519.ScalarBaseMult(&pub, &priv)
public := Public(pub)
return &public
}
func genKeyRandom() (pub, priv *[KeySize]byte, err error) {
privateKey, err := genNonce()
if err != nil {
return nil, nil, err
}
publicKey := new([KeySize]byte)
curve25519.ScalarBaseMult(publicKey, privateKey)
return publicKey, privateKey, nil
}
// NewECDH_Curve25519 returns an Elliptic Curve Diffie-Hellman Curve25519 KeyExchange algorithm.
func NewECDH_Curve25519() (err error, keyexchange KeyExchange) {
c := new(c255)
_, err = io.ReadFull(rand.Reader, c.privateKey[:])
if err != nil {
return
}
curve25519.ScalarBaseMult(&c.publicKey, &c.privateKey)
return nil, c
}
func TestHandshake(t *testing.T) {
var serverPrivate, clientPrivate, serverPublic, clientPublic [32]byte
randBytes(serverPrivate[:])
randBytes(clientPrivate[:])
curve25519.ScalarBaseMult(&serverPublic, &serverPrivate)
curve25519.ScalarBaseMult(&clientPublic, &clientPrivate)
clientError, serverError := runHandshake(&clientPrivate, &clientPublic, &serverPrivate, &serverPublic)
if clientError != nil || serverError != nil {
t.Fatalf("handshake failed: client:'%s' server:'%s'", clientError, serverError)
}
serverPublic[0] ^= 0x40
clientError, serverError = runHandshake(&clientPrivate, &clientPublic, &serverPrivate, &serverPublic)
if clientError == nil && serverError == nil {
t.Fatal("bad handshake succeeded")
}
}
// Curve25519Generate generates a new Curve25519 key pair.
func Curve25519Generate(rand io.Reader) (*Curve25519Key, error) {
var c Curve25519Key
c.privateKey = new([32]byte)
if _, err := io.ReadFull(rand, c.privateKey[:]); err != nil {
return nil, err
}
c.publicKey = new([32]byte)
curve25519.ScalarBaseMult(c.publicKey, c.privateKey)
return &c, nil
}
func TestKeys(t *testing.T) {
var cpriv, cpub, cpub2 [32]byte
pub, priv, err := ed25519.GenerateKey(rand.Reader)
if assert.NoError(t, err) {
assert.True(t, extra25519.PublicKeyToCurve25519(&cpub, pub), "Calling PublicKeyToCurve25519 failed")
extra25519.PrivateKeyToCurve25519(&cpriv, priv)
curve25519.ScalarBaseMult(&cpub2, &cpriv)
assert.Equal(t, cpub, cpub2)
}
}
func TestCalculateSharedSecret(t *testing.T) {
var pubkey1, privkey1, pubkey2, privkey2 [KeySize]byte
testData := []byte("Some data to be tested")
io.ReadFull(Rand, privkey1[:])
io.ReadFull(Rand, privkey2[:])
curve25519.ScalarBaseMult(&pubkey1, &privkey1)
curve25519.ScalarBaseMult(&pubkey2, &privkey2)
secret, nonce := CalculateSharedSecret(nil, nil, nil)
if secret != nil || nonce != nil {
t.Error("CalculateSharedSecret without parameters must return nils")
}
secret1, nonce1 := CalculateSharedSecret(&pubkey1, &privkey2, nil)
secret2, nonce2 := CalculateSharedSecret(&pubkey2, &privkey1, nonce1)
if *secret1 != *secret2 {
t.Error("Secrets do not match")
}
if *nonce1 != *nonce2 || nonce1 == nil {
t.Error("Nonce creation failed")
}
encryptedData, err := GCMEncrypt(nonce1[:], secret1[:], testData)
if err != nil {
t.Fatalf("GCMEncrypt: %s", err)
}
decryptedData, err := GCMDecrypt(nonce2[:], secret2[:], encryptedData)
if err != nil {
t.Fatalf("GCMDecrypt: %s", err)
}
if !bytes.Equal(testData, decryptedData) {
t.Error("Pre/Post encryption data do not match")
}
encryptedData, err = Encrypt(&pubkey2, &privkey1, testData)
if err != nil {
t.Errorf("Encrypt failed: %s", err)
}
decryptedData, err = Decrypt(func(*[KeySize]byte) *[KeySize]byte { return &privkey2 }, encryptedData)
if err != nil {
t.Errorf("Decrypt failed: %s", err)
}
if !bytes.Equal(testData, decryptedData) {
t.Error("Pre/Post encryption data do not match")
}
}
func pairedRatchet() (a, b *Ratchet) {
var privA, pubA, privB, pubB [32]byte
io.ReadFull(rand.Reader, privA[:])
io.ReadFull(rand.Reader, privB[:])
curve25519.ScalarBaseMult(&pubA, &privA)
curve25519.ScalarBaseMult(&pubB, &privB)
// These are the "Ed25519" public keys for the two parties. Of course,
// they're not actually valid Ed25519 keys but that doesn't matter
// here.
var aSigningPublic, bSigningPublic [32]byte
io.ReadFull(rand.Reader, aSigningPublic[:])
io.ReadFull(rand.Reader, bSigningPublic[:])
a, b = New(rand.Reader), New(rand.Reader)
a.Now = nowFunc
b.Now = nowFunc
a.MyIdentityPrivate = &privA
b.MyIdentityPrivate = &privB
a.TheirIdentityPublic = &pubB
b.TheirIdentityPublic = &pubA
a.MySigningPublic = &aSigningPublic
b.MySigningPublic = &bSigningPublic
a.TheirSigningPublic = &bSigningPublic
b.TheirSigningPublic = &aSigningPublic
kxA, kxB := new(pond.KeyExchange), new(pond.KeyExchange)
if err := a.FillKeyExchange(kxA); err != nil {
panic(err)
}
if err := b.FillKeyExchange(kxB); err != nil {
panic(err)
}
if err := a.CompleteKeyExchange(kxB, true); err != nil {
panic(err)
}
if err := b.CompleteKeyExchange(kxA, true); err != nil {
panic(err)
}
return
}
func TestPublicPrivateKeys(test *testing.T) {
tox := initialize(test)
defer tox.Destroy()
publicKey := tox.GetPublicKey()
secretKey := tox.GetSecretKey()
var product [32]byte
curve25519.ScalarBaseMult(&product, (*[32]byte)(&secretKey))
if product != publicKey {
test.Fatalf("Failed to generate valid Tox public/private key pair.")
}
}
func (a *api) auth() bool {
var err error
k := new(secrets.Key)
var secretKey string
// Grab the credentials, look in the header first and fall back to the query string.
if k.Name = a.req.Header.Get("X-Secret-ID"); k.Name == "" {
k.Name = a.req.FormValue("secretid")
}
if secretKey = a.req.Header.Get("X-Secret-Key"); secretKey == "" {
secretKey = a.req.FormValue("secretkey")
}
// If the master key has been used then just check the key, else check both.
if k.Name == secrets.MasterKeyName {
if secretKeyRegex.MatchString(secretKey) != true {
log.Error("Invalid auth credential format.")
return false
}
} else if secretIDRegex.MatchString(k.Name) != true || secretKeyRegex.MatchString(secretKey) != true {
log.Error("Invalid auth credential format.")
return false
}
a.keyID = k.Name
a.key, err = base64.StdEncoding.DecodeString(
secretKey)
if err != nil {
return false
}
priv := new([32]byte)
pub := new([32]byte)
copy(priv[:], a.key)
defer secrets.Zero(priv[:])
err = database.GetKey(k)
if err != nil {
return false
}
if !k.ReadOnly {
a.admin = true
}
curve25519.ScalarBaseMult(pub, priv)
if subtle.ConstantTimeCompare(pub[:], k.Public) == 1 {
return true
}
return false
}