diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-03-03 04:04:41 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-03-03 05:00:40 +0100 |
| commit | 69f0fe67b63d90e523a5a1241fb1b46c2e8dbe03 (patch) | |
| tree | 1ef86da3242afde462dcadb7241bb09f499d5bd7 /noise-helpers.go | |
| parent | tun: windows: expose GUID (diff) | |
| download | wireguard-go-69f0fe67b63d90e523a5a1241fb1b46c2e8dbe03.tar.xz wireguard-go-69f0fe67b63d90e523a5a1241fb1b46c2e8dbe03.zip | |
global: begin modularization
Diffstat (limited to 'noise-helpers.go')
| -rw-r--r-- | noise-helpers.go | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/noise-helpers.go b/noise-helpers.go deleted file mode 100644 index af11f09..0000000 --- a/noise-helpers.go +++ /dev/null @@ -1,104 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright (C) 2017-2019 WireGuard LLC. All Rights Reserved. - */ - -package main - -import ( - "crypto/hmac" - "crypto/rand" - "crypto/subtle" - "golang.org/x/crypto/blake2s" - "golang.org/x/crypto/curve25519" - "hash" -) - -/* KDF related functions. - * HMAC-based Key Derivation Function (HKDF) - * https://tools.ietf.org/html/rfc5869 - */ - -func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte) { - mac := hmac.New(func() hash.Hash { - h, _ := blake2s.New256(nil) - return h - }, key) - mac.Write(in0) - mac.Sum(sum[:0]) -} - -func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte) { - mac := hmac.New(func() hash.Hash { - h, _ := blake2s.New256(nil) - return h - }, key) - mac.Write(in0) - mac.Write(in1) - mac.Sum(sum[:0]) -} - -func KDF1(t0 *[blake2s.Size]byte, key, input []byte) { - HMAC1(t0, key, input) - HMAC1(t0, t0[:], []byte{0x1}) - return -} - -func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte) { - var prk [blake2s.Size]byte - HMAC1(&prk, key, input) - HMAC1(t0, prk[:], []byte{0x1}) - HMAC2(t1, prk[:], t0[:], []byte{0x2}) - setZero(prk[:]) - return -} - -func KDF3(t0, t1, t2 *[blake2s.Size]byte, key, input []byte) { - var prk [blake2s.Size]byte - HMAC1(&prk, key, input) - HMAC1(t0, prk[:], []byte{0x1}) - HMAC2(t1, prk[:], t0[:], []byte{0x2}) - HMAC2(t2, prk[:], t1[:], []byte{0x3}) - setZero(prk[:]) - return -} - -func isZero(val []byte) bool { - acc := 1 - for _, b := range val { - acc &= subtle.ConstantTimeByteEq(b, 0) - } - return acc == 1 -} - -/* This function is not used as pervasively as it should because this is mostly impossible in Go at the moment */ -func setZero(arr []byte) { - for i := range arr { - arr[i] = 0 - } -} - -func (sk *NoisePrivateKey) clamp() { - sk[0] &= 248 - sk[31] = (sk[31] & 127) | 64 -} - -func newPrivateKey() (sk NoisePrivateKey, err error) { - _, err = rand.Read(sk[:]) - sk.clamp() - return -} - -func (sk *NoisePrivateKey) publicKey() (pk NoisePublicKey) { - apk := (*[NoisePublicKeySize]byte)(&pk) - ask := (*[NoisePrivateKeySize]byte)(sk) - curve25519.ScalarBaseMult(apk, ask) - return -} - -func (sk *NoisePrivateKey) sharedSecret(pk NoisePublicKey) (ss [NoisePublicKeySize]byte) { - apk := (*[NoisePublicKeySize]byte)(&pk) - ask := (*[NoisePrivateKeySize]byte)(sk) - curve25519.ScalarMult(&ss, ask, apk) - return ss -} |