"gopkg.in/hraban/opus.v2"
)
-const TagLen = 8
-
type Stream struct {
name string
ctr uint32
ciph.XORKeyStream(macKey[:], macKey[:])
ciph.SetCounter(1)
mac = poly1305.New(&macKey)
- if _, err = mac.Write(buf[4 : len(buf)-TagLen]); err != nil {
+ if _, err = mac.Write(buf[4 : len(buf)-vors.TagLen]); err != nil {
log.Fatal(err)
}
mac.Sum(tag[:0])
- if subtle.ConstantTimeCompare(tag[:TagLen], buf[len(buf)-TagLen:]) != 1 {
+ if subtle.ConstantTimeCompare(
+ tag[:vors.TagLen],
+ buf[len(buf)-vors.TagLen:],
+ ) != 1 {
log.Println("decrypt:", stream.name, "tag differs")
continue
}
- pkt = buf[4 : len(buf)-TagLen]
+ pkt = buf[4 : len(buf)-vors.TagLen]
ciph.XORKeyStream(pkt, pkt)
ctr = binary.BigEndian.Uint32(nonce[len(nonce)-4:])
log.Println("wrong addr:", from)
continue
}
- if n <= 1+4+poly1305.TagSize {
+ if n <= 4+vors.TagLen {
log.Println("too small:", n)
continue
}
log.Fatal(err)
}
mac.Sum(tag[:0])
- copy(buf[4+n:], tag[:TagLen])
- pkt = buf[:4+n+TagLen]
+ copy(buf[4+n:], tag[:vors.TagLen])
+ pkt = buf[:4+n+vors.TagLen]
OurStats.pkts++
OurStats.bytes += uint64(len(pkt))
import (
"bufio"
"crypto/rand"
+ "crypto/subtle"
"crypto/tls"
"encoding/hex"
"flag"
"github.com/jroimartin/gocui"
vors "go.stargrave.org/vors/internal"
"golang.org/x/crypto/blake2s"
+ "golang.org/x/crypto/chacha20"
"golang.org/x/crypto/chacha20poly1305"
+ "golang.org/x/crypto/poly1305"
)
var (
var err error
var sid byte
var peer *Peer
+ var ciph *chacha20.Cipher
+ var macKey [32]byte
+ var mac *poly1305.MAC
+ tag := make([]byte, poly1305.TagSize)
+ nonce := make([]byte, 12)
for {
n, from, err = lnUDP.ReadFromUDP(buf)
if err != nil {
if n == 1 {
continue
}
+ if n <= 4+vors.TagLen {
+ slog.Info("too small:", "peer", peer.name, "len", n)
+ continue
+ }
+
+ copy(nonce[len(nonce)-4:], buf)
+ ciph, err = chacha20.NewUnauthenticatedCipher(peer.key, nonce)
+ if err != nil {
+ log.Fatal(err)
+ }
+ clear(macKey[:])
+ ciph.XORKeyStream(macKey[:], macKey[:])
+ ciph.SetCounter(1)
+ mac = poly1305.New(&macKey)
+ if _, err = mac.Write(buf[4 : n-vors.TagLen]); err != nil {
+ log.Fatal(err)
+ }
+ mac.Sum(tag[:0])
+ if subtle.ConstantTimeCompare(
+ tag[:vors.TagLen],
+ buf[n-vors.TagLen:n],
+ ) != 1 {
+ log.Println("decrypt:", peer.name, "tag differs")
+ slog.Info("MAC failed:", "peer", peer.name, "len", n)
+ continue
+ }
+
peer.stats.last = time.Now()
for _, p := range Peers {
if p.sid == sid {