kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better keygen

This commit is contained in:
Qian Wang 2018-12-08 14:49:47 +00:00
parent 18d47ec857
commit 7919834dfe
2 changed files with 35 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
cmd/keygen/keygen.go
View File

@ -10,21 +10,38 @@ import (
var b64 = base64.StdEncoding.EncodeToString var b64 = base64.StdEncoding.EncodeToString
func main() { func main() {
for {
fmt.Println("1 to generate UID, 2 to generate a key pair")
UID := make([]byte, 32) var sel int
rand.Read(UID) _, err := fmt.Scanln(&sel)
if err != nil {
fmt.Println("Please enter a number")
continue
}
if sel != 1 && sel != 2 {
fmt.Println("Please enter 1 or 2")
continue
}
ec := ecdh.NewCurve25519ECDH() if sel == 1 {
staticPv, staticPub, _ := ec.GenerateKey(rand.Reader) UID := make([]byte, 32)
marshPub := ec.Marshal(staticPub) rand.Read(UID)
marshPv := staticPv.(*[32]byte)[:] fmt.Printf("\"UID\":\"%v\"\n", b64(UID))
} else if sel == 2 {
fmt.Printf("USER: \n") ec := ecdh.NewCurve25519ECDH()
fmt.Printf("\"UID\":\"%v\",\n", b64(UID)) staticPv, staticPub, _ := ec.GenerateKey(rand.Reader)
fmt.Printf("\"PublicKey\":\"%v\"\n", b64(marshPub)) marshPub := ec.Marshal(staticPub)
marshPv := staticPv.(*[32]byte)[:]
fmt.Println("=========================================") fmt.Printf("USER: \n")
fmt.Printf("\"PublicKey\":\"%v\"\n", b64(marshPub))
fmt.Printf("SERVER: \n") fmt.Println("=========================================")
fmt.Printf("\"PrivateKey\":\"%v\"\n", b64(marshPv))
fmt.Printf("SERVER: \n")
fmt.Printf("\"PrivateKey\":\"%v\"\n", b64(marshPv))
}
}
} }

6
internal/server/usermanager/controller.go
View File

@ -47,6 +47,8 @@ func (c *controller) HandleRequest(req []byte) ([]byte, error) {
if err == ErrInvalidMac { if err == ErrInvalidMac {
log.Printf("!!!CONTROL MESSAGE AND HMAC MISMATCH!!!\n raw request:\n%x\ndecrypted msg:\n%x", req, plain) log.Printf("!!!CONTROL MESSAGE AND HMAC MISMATCH!!!\n raw request:\n%x\ndecrypted msg:\n%x", req, plain)
return nil, err return nil, err
} else {
return c.respond([]byte(err.Error())), nil
} }
switch plain[0] { switch plain[0] {
@ -102,6 +104,7 @@ func (c *controller) HandleRequest(req []byte) ([]byte, error) {
} }
var ErrInvalidMac = errors.New("Mac mismatch") var ErrInvalidMac = errors.New("Mac mismatch")
var errMsgTooShort = errors.New("Message length is less than 54")
// protocol: [TLS record layer 5 bytes][IV 16 bytes][data][hmac 32 bytes] // protocol: [TLS record layer 5 bytes][IV 16 bytes][data][hmac 32 bytes]
func (c *controller) respond(resp []byte) []byte { func (c *controller) respond(resp []byte) []byte {
@ -127,6 +130,9 @@ func (c *controller) respond(resp []byte) []byte {
} }
func (c *controller) checkAndDecrypt(data []byte) ([]byte, error) { func (c *controller) checkAndDecrypt(data []byte) ([]byte, error) {
if len(data) < 54 {
return nil, errMsgTooShort
}
macIndex := len(data) - 32 macIndex := len(data) - 32
mac := hmac.New(sha256.New, c.adminUID[16:32]) mac := hmac.New(sha256.New, c.adminUID[16:32])
mac.Write(data[5:macIndex]) mac.Write(data[5:macIndex])