diff options
Diffstat (limited to '')
| -rw-r--r-- | internal/tai64n/tai64.go (renamed from tai64.go) | 18 | ||||
| -rw-r--r-- | noise-protocol.go | 9 | ||||
| -rw-r--r-- | replay_test.go | 68 |
3 files changed, 47 insertions, 48 deletions
diff --git a/tai64.go b/internal/tai64n/tai64.go index 2299a37..da5257c 100644 --- a/tai64.go +++ b/internal/tai64n/tai64.go @@ -1,4 +1,4 @@ -package main +package tai64n import ( "bytes" @@ -6,23 +6,21 @@ import ( "time" ) -const ( - TAI64NBase = uint64(4611686018427387914) - TAI64NSize = 12 -) +const TimestampSize = 12 +const base = uint64(4611686018427387914) -type TAI64N [TAI64NSize]byte +type Timestamp [TimestampSize]byte -func Timestamp() TAI64N { - var tai64n TAI64N +func Now() Timestamp { + var tai64n Timestamp now := time.Now() - secs := TAI64NBase + uint64(now.Unix()) + secs := base + uint64(now.Unix()) nano := uint32(now.UnixNano()) binary.BigEndian.PutUint64(tai64n[:], secs) binary.BigEndian.PutUint32(tai64n[8:], nano) return tai64n } -func (t1 *TAI64N) After(t2 TAI64N) bool { +func (t1 Timestamp) After(t2 Timestamp) bool { return bytes.Compare(t1[:], t2[:]) > 0 } diff --git a/noise-protocol.go b/noise-protocol.go index c9713c0..df08a0a 100644 --- a/noise-protocol.go +++ b/noise-protocol.go @@ -2,6 +2,7 @@ package main import ( "errors" + "git.zx2c4.com/wireguard-go/internal/tai64n" "golang.org/x/crypto/blake2s" "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/poly1305" @@ -58,7 +59,7 @@ type MessageInitiation struct { Sender uint32 Ephemeral NoisePublicKey Static [NoisePublicKeySize + poly1305.TagSize]byte - Timestamp [TAI64NSize + poly1305.TagSize]byte + Timestamp [tai64n.TimestampSize + poly1305.TagSize]byte MAC1 [blake2s.Size128]byte MAC2 [blake2s.Size128]byte } @@ -99,7 +100,7 @@ type Handshake struct { remoteStatic NoisePublicKey // long term key remoteEphemeral NoisePublicKey // ephemeral public key precomputedStaticStatic [NoisePublicKeySize]byte // precomputed shared secret - lastTimestamp TAI64N + lastTimestamp tai64n.Timestamp lastInitiationConsumption time.Time } @@ -206,7 +207,7 @@ func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, e // encrypt timestamp - timestamp := Timestamp() + timestamp := tai64n.Now() func() { var key [chacha20poly1305.KeySize]byte KDF2( @@ -271,7 +272,7 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer { // verify identity - var timestamp TAI64N + var timestamp tai64n.Timestamp var key [chacha20poly1305.KeySize]byte handshake.mutex.RLock() diff --git a/replay_test.go b/replay_test.go index 228fce6..f697701 100644 --- a/replay_test.go +++ b/replay_test.go @@ -24,40 +24,40 @@ func TestReplay(t *testing.T) { filter.Init() - /* 1 */ T(0, true) - /* 2 */ T(1, true) - /* 3 */ T(1, false) - /* 4 */ T(9, true) - /* 5 */ T(8, true) - /* 6 */ T(7, true) - /* 7 */ T(7, false) - /* 8 */ T(T_LIM, true) - /* 9 */ T(T_LIM-1, true) - /* 10 */ T(T_LIM-1, false) - /* 11 */ T(T_LIM-2, true) - /* 12 */ T(2, true) - /* 13 */ T(2, false) - /* 14 */ T(T_LIM+16, true) - /* 15 */ T(3, false) - /* 16 */ T(T_LIM+16, false) - /* 17 */ T(T_LIM*4, true) - /* 18 */ T(T_LIM*4-(T_LIM-1), true) - /* 19 */ T(10, false) - /* 20 */ T(T_LIM*4-T_LIM, false) - /* 21 */ T(T_LIM*4-(T_LIM+1), false) - /* 22 */ T(T_LIM*4-(T_LIM-2), true) - /* 23 */ T(T_LIM*4+1-T_LIM, false) - /* 24 */ T(0, false) - /* 25 */ T(RejectAfterMessages, false) - /* 26 */ T(RejectAfterMessages-1, true) - /* 27 */ T(RejectAfterMessages, false) - /* 28 */ T(RejectAfterMessages-1, false) - /* 29 */ T(RejectAfterMessages-2, true) - /* 30 */ T(RejectAfterMessages+1, false) - /* 31 */ T(RejectAfterMessages+2, false) - /* 32 */ T(RejectAfterMessages-2, false) - /* 33 */ T(RejectAfterMessages-3, true) - /* 34 */ T(0, false) + T(0, true) /* 1 */ + T(1, true) /* 2 */ + T(1, false) /* 3 */ + T(9, true) /* 4 */ + T(8, true) /* 5 */ + T(7, true) /* 6 */ + T(7, false) /* 7 */ + T(T_LIM, true) /* 8 */ + T(T_LIM-1, true) /* 9 */ + T(T_LIM-1, false) /* 10 */ + T(T_LIM-2, true) /* 11 */ + T(2, true) /* 12 */ + T(2, false) /* 13 */ + T(T_LIM+16, true) /* 14 */ + T(3, false) /* 15 */ + T(T_LIM+16, false) /* 16 */ + T(T_LIM*4, true) /* 17 */ + T(T_LIM*4-(T_LIM-1), true) /* 18 */ + T(10, false) /* 19 */ + T(T_LIM*4-T_LIM, false) /* 20 */ + T(T_LIM*4-(T_LIM+1), false) /* 21 */ + T(T_LIM*4-(T_LIM-2), true) /* 22 */ + T(T_LIM*4+1-T_LIM, false) /* 23 */ + T(0, false) /* 24 */ + T(RejectAfterMessages, false) /* 25 */ + T(RejectAfterMessages-1, true) /* 26 */ + T(RejectAfterMessages, false) /* 27 */ + T(RejectAfterMessages-1, false) /* 28 */ + T(RejectAfterMessages-2, true) /* 29 */ + T(RejectAfterMessages+1, false) /* 30 */ + T(RejectAfterMessages+2, false) /* 31 */ + T(RejectAfterMessages-2, false) /* 32 */ + T(RejectAfterMessages-3, true) /* 33 */ + T(0, false) /* 34 */ t.Log("Bulk test 1") filter.Init() |