logos-messaging/noise
1
0
Fork 0
mirror of https://github.com/logos-messaging/noise.git synced 2026-01-02 14:13:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use X25519 instead of ScalarMult for safety (#43)

Browse Source
This commit is contained in:
Jonathan Rudenberg 2021-04-22 13:00:17 -04:00 committed by GitHub
parent 8554521d17
commit fc2bb37e28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 70 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cipher_suite.go
View File

@ -30,7 +30,7 @@ type DHFunc interface {
// DH performs a Diffie-Hellman calculation between the provided private and // DH performs a Diffie-Hellman calculation between the provided private and
// public keys and returns the result. // public keys and returns the result.
DH(privkey, pubkey []byte) []byte DH(privkey, pubkey []byte) ([]byte, error)
// DHLen is the number of bytes returned by DH. // DHLen is the number of bytes returned by DH.
DHLen() int DHLen() int
@ -105,23 +105,22 @@ var DH25519 DHFunc = dh25519{}
type dh25519 struct{} type dh25519 struct{}
func (dh25519) GenerateKeypair(rng io.Reader) (DHKey, error) { func (dh25519) GenerateKeypair(rng io.Reader) (DHKey, error) {
var pubkey, privkey [32]byte privkey := make([]byte, 32)
if rng == nil { if rng == nil {
rng = rand.Reader rng = rand.Reader
} }
if _, err := io.ReadFull(rng, privkey[:]); err != nil { if _, err := io.ReadFull(rng, privkey); err != nil {
return DHKey{}, err return DHKey{}, err
} }
curve25519.ScalarBaseMult(&pubkey, &privkey) pubkey, err := curve25519.X25519(privkey, curve25519.Basepoint)
return DHKey{Private: privkey[:], Public: pubkey[:]}, nil if err != nil {
return DHKey{}, err
}
return DHKey{Private: privkey, Public: pubkey}, nil
} }
func (dh25519) DH(privkey, pubkey []byte) []byte { func (dh25519) DH(privkey, pubkey []byte) ([]byte, error) {
var dst, in, base [32]byte return curve25519.X25519(privkey, pubkey)
copy(in[:], privkey)
copy(base[:], pubkey)
curve25519.ScalarMult(&dst, &in, &base)
return dst[:]
} }
func (dh25519) DHLen() int { return 32 } func (dh25519) DHLen() int { return 32 }

72
state.go
View File

@ -359,21 +359,45 @@ func (s *HandshakeState) WriteMessage(out, payload []byte) ([]byte, *CipherState
} }
out = s.ss.EncryptAndHash(out, s.s.Public) out = s.ss.EncryptAndHash(out, s.s.Public)
case MessagePatternDHEE: case MessagePatternDHEE:
s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.re)) dh, err := s.ss.cs.DH(s.e.Private, s.re)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
case MessagePatternDHES: case MessagePatternDHES:
if s.initiator { if s.initiator {
s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs)) dh, err := s.ss.cs.DH(s.e.Private, s.rs)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} else { } else {
s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re)) dh, err := s.ss.cs.DH(s.s.Private, s.re)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} }
case MessagePatternDHSE: case MessagePatternDHSE:
if s.initiator { if s.initiator {
s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re)) dh, err := s.ss.cs.DH(s.s.Private, s.re)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} else { } else {
s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs)) dh, err := s.ss.cs.DH(s.e.Private, s.rs)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} }
case MessagePatternDHSS: case MessagePatternDHSS:
s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.rs)) dh, err := s.ss.cs.DH(s.s.Private, s.rs)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
case MessagePatternPSK: case MessagePatternPSK:
s.ss.MixKeyAndHash(s.psk) s.ss.MixKeyAndHash(s.psk)
} }
@ -447,21 +471,45 @@ func (s *HandshakeState) ReadMessage(out, message []byte) ([]byte, *CipherState,
} }
message = message[expected:] message = message[expected:]
case MessagePatternDHEE: case MessagePatternDHEE:
s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.re)) dh, err := s.ss.cs.DH(s.e.Private, s.re)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
case MessagePatternDHES: case MessagePatternDHES:
if s.initiator { if s.initiator {
s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs)) dh, err := s.ss.cs.DH(s.e.Private, s.rs)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} else { } else {
s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re)) dh, err := s.ss.cs.DH(s.s.Private, s.re)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} }
case MessagePatternDHSE: case MessagePatternDHSE:
if s.initiator { if s.initiator {
s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re)) dh, err := s.ss.cs.DH(s.s.Private, s.re)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} else { } else {
s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs)) dh, err := s.ss.cs.DH(s.e.Private, s.rs)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
} }
case MessagePatternDHSS: case MessagePatternDHSS:
s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.rs)) dh, err := s.ss.cs.DH(s.s.Private, s.rs)
if err != nil {
return nil, nil, nil, err
}
s.ss.MixKey(dh)
case MessagePatternPSK: case MessagePatternPSK:
s.ss.MixKeyAndHash(s.psk) s.ss.MixKeyAndHash(s.psk)
} }