"strings"
"time"
+ "github.com/dchest/siphash"
"github.com/flynn/noise"
"github.com/jroimartin/gocui"
"go.stargrave.org/opus/v2"
vors "go.stargrave.org/vors/internal"
"golang.org/x/crypto/blake2s"
"golang.org/x/crypto/chacha20"
- "golang.org/x/crypto/poly1305"
)
type Stream struct {
}
}
- var keyOur []byte
+ var keyCiphOur []byte
+ var keyMACOur []byte
{
- h, err := blake2s.New256(hs.ChannelBinding())
+ xof, err := blake2s.NewXOF(32+16, nil)
if err != nil {
log.Fatalln(err)
}
- h.Write([]byte(vors.NoisePrologue))
- keyOur = h.Sum(nil)
+ xof.Write([]byte(vors.NoisePrologue))
+ xof.Write(hs.ChannelBinding())
+ buf := make([]byte, 32+16)
+ if _, err = io.ReadFull(xof, buf); err != nil {
+ log.Fatalln(err)
+ }
+ keyCiphOur, keyMACOur = buf[:32], buf[32:]
}
seen := time.Now()
if err != nil {
log.Fatal(err)
}
+ keyCiph, keyMAC := key[:32], key[32:]
stream := &Stream{
name: name,
in: make(chan []byte, 1<<10),
}
var ciph *chacha20.Cipher
- var macKey [32]byte
- var mac *poly1305.MAC
- tag := make([]byte, poly1305.TagSize)
+ mac := siphash.New(keyMAC)
+ tag := make([]byte, siphash.Size)
var ctr uint32
pcm := make([]int16, vors.FrameLen)
nonce := make([]byte, 12)
var lastDur int
for buf := range stream.in {
copy(nonce[len(nonce)-4:], buf)
- ciph, err = chacha20.NewUnauthenticatedCipher(key, nonce)
- if err != nil {
- log.Fatal(err)
- }
- clear(macKey[:])
- ciph.XORKeyStream(macKey[:], macKey[:])
- ciph.SetCounter(1)
- mac = poly1305.New(&macKey)
- if _, err = mac.Write(buf[4 : len(buf)-vors.TagLen]); err != nil {
+ mac.Reset()
+ if _, err = mac.Write(buf[: len(buf)-siphash.Size]); err != nil {
log.Fatal(err)
}
mac.Sum(tag[:0])
if subtle.ConstantTimeCompare(
- tag[:vors.TagLen],
- buf[len(buf)-vors.TagLen:],
+ tag[:siphash.Size],
+ buf[len(buf)-siphash.Size:],
) != 1 {
stream.stats.bads++
continue
}
- pkt = buf[4 : len(buf)-vors.TagLen]
+ ciph, err = chacha20.NewUnauthenticatedCipher(keyCiph, nonce)
+ if err != nil {
+ log.Fatal(err)
+ }
+ pkt = buf[4 : len(buf)-siphash.Size]
ciph.XORKeyStream(pkt, pkt)
ctr = binary.BigEndian.Uint32(nonce[len(nonce)-4:])
log.Println("wrong addr:", from)
continue
}
- if n <= 4+vors.TagLen {
+ if n <= 4+siphash.Size {
log.Println("too small:", n)
continue
}
}
<-LoggerReady
var ciph *chacha20.Cipher
- var macKey [32]byte
- var mac *poly1305.MAC
- tag := make([]byte, poly1305.TagSize)
+ mac := siphash.New(keyMACOur)
+ tag := make([]byte, siphash.Size)
buf := make([]byte, 2*vors.FrameLen)
pcm := make([]int16, vors.FrameLen)
nonce := make([]byte, 12)
incr(nonce[len(nonce)-3:])
copy(buf, nonce[len(nonce)-4:])
- ciph, err = chacha20.NewUnauthenticatedCipher(keyOur, nonce)
+ ciph, err = chacha20.NewUnauthenticatedCipher(keyCiphOur, nonce)
if err != nil {
log.Fatal(err)
}
- clear(macKey[:])
- ciph.XORKeyStream(macKey[:], macKey[:])
- ciph.SetCounter(1)
ciph.XORKeyStream(buf[4:4+n], buf[4:4+n])
- mac = poly1305.New(&macKey)
- if _, err = mac.Write(buf[4 : 4+n]); err != nil {
+ mac.Reset()
+ if _, err = mac.Write(buf[: 4+n]); err != nil {
log.Fatal(err)
}
mac.Sum(tag[:0])
- copy(buf[4+n:], tag[:vors.TagLen])
- pkt = buf[:4+n+vors.TagLen]
+ copy(buf[4+n:], tag)
+ pkt = buf[:4+n+siphash.Size]
OurStats.pkts++
OurStats.bytes += vors.IPHdrLen(srvAddrUDP.IP) + 8 + uint64(len(pkt))