import (
"bufio"
"crypto/rand"
+ "crypto/subtle"
"crypto/tls"
"encoding/hex"
"flag"
"github.com/jroimartin/gocui"
vors "go.stargrave.org/vors/internal"
"golang.org/x/crypto/blake2s"
+ "golang.org/x/crypto/chacha20"
"golang.org/x/crypto/chacha20poly1305"
+ "golang.org/x/crypto/poly1305"
)
var (
var err error
var sid byte
var peer *Peer
+ var ciph *chacha20.Cipher
+ var macKey [32]byte
+ var mac *poly1305.MAC
+ tag := make([]byte, poly1305.TagSize)
+ nonce := make([]byte, 12)
for {
n, from, err = lnUDP.ReadFromUDP(buf)
if err != nil {
if n == 1 {
continue
}
+ if n <= 4+vors.TagLen {
+ slog.Info("too small:", "peer", peer.name, "len", n)
+ continue
+ }
+
+ copy(nonce[len(nonce)-4:], buf)
+ ciph, err = chacha20.NewUnauthenticatedCipher(peer.key, nonce)
+ if err != nil {
+ log.Fatal(err)
+ }
+ clear(macKey[:])
+ ciph.XORKeyStream(macKey[:], macKey[:])
+ ciph.SetCounter(1)
+ mac = poly1305.New(&macKey)
+ if _, err = mac.Write(buf[4 : n-vors.TagLen]); err != nil {
+ log.Fatal(err)
+ }
+ mac.Sum(tag[:0])
+ if subtle.ConstantTimeCompare(
+ tag[:vors.TagLen],
+ buf[n-vors.TagLen:n],
+ ) != 1 {
+ log.Println("decrypt:", peer.name, "tag differs")
+ slog.Info("MAC failed:", "peer", peer.name, "len", n)
+ continue
+ }
+
peer.stats.last = time.Now()
for _, p := range Peers {
if p.sid == sid {