kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change authenticationInfo structure

This commit is contained in:
Andy Wang 2020-01-24 14:38:41 +00:00
parent 13b66f6fef
commit fe8b2d78ef
3 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/server/TLS.go
View File

@ -54,14 +54,13 @@ func (TLS) handshake(clientHello []byte, privateKey crypto.PrivateKey, originalC
} }
func unmarshalClientHello(ch *ClientHello, staticPv crypto.PrivateKey) (ai authenticationInfo, err error) { func unmarshalClientHello(ch *ClientHello, staticPv crypto.PrivateKey) (ai authenticationInfo, err error) {
ephPub, ok := ecdh.Unmarshal(ch.random) ai.randPubKey = ch.random
ephPub, ok := ecdh.Unmarshal(ai.randPubKey)
if !ok { if !ok {
err = ErrInvalidPubKey err = ErrInvalidPubKey
return return
} }
ai.nonce = ch.random[:12]
ai.sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub) ai.sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub)
var keyShare []byte var keyShare []byte
keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}]) keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])

6
internal/server/auth.go
View File

@ -23,7 +23,7 @@ type ClientInfo struct {
type authenticationInfo struct { type authenticationInfo struct {
sharedSecret []byte sharedSecret []byte
nonce []byte randPubKey []byte
ciphertextWithTag []byte ciphertextWithTag []byte
} }
@ -37,7 +37,7 @@ var ErrUnreconisedProtocol = errors.New("unreconised protocol")
// touchStone checks if a the authenticationInfo are valid. It doesn't check if the UID is authorised // touchStone checks if a the authenticationInfo are valid. It doesn't check if the UID is authorised
func touchStone(ai authenticationInfo, now func() time.Time) (info ClientInfo, err error) { func touchStone(ai authenticationInfo, now func() time.Time) (info ClientInfo, err error) {
var plaintext []byte var plaintext []byte
plaintext, err = util.AESGCMDecrypt(ai.nonce, ai.sharedSecret, ai.ciphertextWithTag) plaintext, err = util.AESGCMDecrypt(ai.randPubKey[0:12], ai.sharedSecret, ai.ciphertextWithTag)
if err != nil { if err != nil {
return return
} }
@ -87,7 +87,7 @@ func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info Clie
return return
} }
if sta.registerRandom(ai.nonce) { if sta.registerRandom(ai.randPubKey) {
err = ErrReplay err = ErrReplay
return return
} }

6
internal/server/websocket.go
View File

@ -73,14 +73,14 @@ func unmarshalHidden(hidden []byte, staticPv crypto.PrivateKey) (ai authenticati
err = ErrBadGET err = ErrBadGET
return return
} }
ephPub, ok := ecdh.Unmarshal(hidden[0:32])
ai.randPubKey = hidden[0:32]
ephPub, ok := ecdh.Unmarshal(ai.randPubKey)
if !ok { if !ok {
err = ErrInvalidPubKey err = ErrInvalidPubKey
return return
} }
ai.nonce = hidden[:12]
ai.sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub) ai.sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub)
ai.ciphertextWithTag = hidden[32:] ai.ciphertextWithTag = hidden[32:]