"strings"
"time"
+ "github.com/dchest/siphash"
"github.com/flynn/noise"
"github.com/jroimartin/gocui"
vors "go.stargrave.org/vors/internal"
"golang.org/x/crypto/blake2s"
- "golang.org/x/crypto/chacha20"
- "golang.org/x/crypto/poly1305"
)
var (
}
{
- h, err := blake2s.New256(hs.ChannelBinding())
+ xof, err := blake2s.NewXOF(32+16, nil)
if err != nil {
log.Fatalln(err)
}
- h.Write([]byte(vors.NoisePrologue))
- peer.key = h.Sum(nil)
+ xof.Write([]byte(vors.NoisePrologue))
+ xof.Write(hs.ChannelBinding())
+ peer.key = make([]byte, 32+16)
+ if _, err = io.ReadFull(xof, peer.key); err != nil {
+ log.Fatalln(err)
+ }
+ peer.mac = siphash.New(peer.key[32:])
}
{
var err error
var sid byte
var peer *Peer
- var ciph *chacha20.Cipher
- var macKey [32]byte
- var mac *poly1305.MAC
- tag := make([]byte, poly1305.TagSize)
- nonce := make([]byte, 12)
+ tag := make([]byte, siphash.Size)
for {
n, from, err = lnUDP.ReadFromUDP(buf)
if err != nil {
if n == 1 {
continue
}
- if n <= 4+vors.TagLen {
+ if n <= 4+siphash.Size {
peer.stats.bads++
continue
}
- copy(nonce[len(nonce)-4:], buf)
- ciph, err = chacha20.NewUnauthenticatedCipher(peer.key, nonce)
- if err != nil {
- log.Fatal(err)
- }
- clear(macKey[:])
- ciph.XORKeyStream(macKey[:], macKey[:])
- ciph.SetCounter(1)
- mac = poly1305.New(&macKey)
- if _, err = mac.Write(buf[4 : n-vors.TagLen]); err != nil {
+ peer.mac.Reset()
+ if _, err = peer.mac.Write(buf[: n-siphash.Size]); err != nil {
log.Fatal(err)
}
- mac.Sum(tag[:0])
+ peer.mac.Sum(tag[:0])
if subtle.ConstantTimeCompare(
- tag[:vors.TagLen],
- buf[n-vors.TagLen:n],
+ tag[:siphash.Size],
+ buf[n-siphash.Size:n],
) != 1 {
peer.stats.bads++
continue