]> Sergey Matveev's repositories - vors.git/blobdiff - cmd/server/main.go
projects / vors.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SipHash24 for short messages is much faster and secure enough
[vors.git] / cmd / server / main.go
diff --git a/cmd/server/main.go b/cmd/server/main.go
index 514e8feb04915b12bccb0d1e893ab4783a30c0c0821cf4c1f97f1dd93880f31f..b6b72553beee9b38afae7afcc0c6df8df93ffd846bb98f9fbae3c280158658f0 100644 (file)
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -33,12 +33,11 @@ import (
        "strings"
        "time"
 
+       "github.com/dchest/siphash"
        "github.com/flynn/noise"
        "github.com/jroimartin/gocui"
        vors "go.stargrave.org/vors/internal"
        "golang.org/x/crypto/blake2s"
-       "golang.org/x/crypto/chacha20"
-       "golang.org/x/crypto/poly1305"
 )
 
 var (
@@ -257,12 +256,17 @@ func newPeer(conn *net.TCPConn) {
        }
 
        {
-               h, err := blake2s.New256(hs.ChannelBinding())
+               xof, err := blake2s.NewXOF(32+16, nil)
                if err != nil {
                        log.Fatalln(err)
                }
-               h.Write([]byte(vors.NoisePrologue))
-               peer.key = h.Sum(nil)
+               xof.Write([]byte(vors.NoisePrologue))
+               xof.Write(hs.ChannelBinding())
+               peer.key = make([]byte, 32+16)
+               if _, err = io.ReadFull(xof, peer.key); err != nil {
+                       log.Fatalln(err)
+               }
+               peer.mac = siphash.New(peer.key[32:])
        }
 
        {
@@ -379,11 +383,7 @@ func main() {
                var err error
                var sid byte
                var peer *Peer
-               var ciph *chacha20.Cipher
-               var macKey [32]byte
-               var mac *poly1305.MAC
-               tag := make([]byte, poly1305.TagSize)
-               nonce := make([]byte, 12)
+               tag := make([]byte, siphash.Size)
                for {
                        n, from, err = lnUDP.ReadFromUDP(buf)
                        if err != nil {
@@ -422,27 +422,19 @@ func main() {
                        if n == 1 {
                                continue
                        }
-                       if n <= 4+vors.TagLen {
+                       if n <= 4+siphash.Size {
                                peer.stats.bads++
                                continue
                        }
 
-                       copy(nonce[len(nonce)-4:], buf)
-                       ciph, err = chacha20.NewUnauthenticatedCipher(peer.key, nonce)
-                       if err != nil {
-                               log.Fatal(err)
-                       }
-                       clear(macKey[:])
-                       ciph.XORKeyStream(macKey[:], macKey[:])
-                       ciph.SetCounter(1)
-                       mac = poly1305.New(&macKey)
-                       if _, err = mac.Write(buf[4 : n-vors.TagLen]); err != nil {
+                       peer.mac.Reset()
+                       if _, err = peer.mac.Write(buf[: n-siphash.Size]); err != nil {
                                log.Fatal(err)
                        }
-                       mac.Sum(tag[:0])
+                       peer.mac.Sum(tag[:0])
                        if subtle.ConstantTimeCompare(
-                               tag[:vors.TagLen],
-                               buf[n-vors.TagLen:n],
+                               tag[:siphash.Size],
+                               buf[n-siphash.Size:n],
                        ) != 1 {
                                peer.stats.bads++
                                continue
Vo(IP) Really Simple