作者:houndbe
项目:pon
func (kx *KeyExchange) exchange2() ([]byte, error) {
reply, err := kx.meetingPlace.Exchange(kx.Log, kx.meeting2[:], kx.message2[:], kx.ShutdownChan)
if err != nil {
return nil, err
}
var nonce [24]byte
if len(reply) < len(nonce) {
return nil, errors.New("panda: meeting point reply too small")
}
if kx.sharedKey[0] == 0 && kx.sharedKey[1] == 0 {
panic("here")
}
copy(nonce[:], reply)
message, ok := secretbox.Open(nil, reply[24:], &nonce, &kx.sharedKey)
if !ok {
return nil, errors.New("panda: peer's message cannot be authenticated")
}
if len(message) < 4 {
return nil, errors.New("panda: peer's message is invalid")
}
l := binary.LittleEndian.Uint32(message)
message = message[4:]
if l > uint32(len(message)) {
return nil, errors.New("panda: peer's message is truncated")
}
message = message[:int(l)]
return message, nil
}
作者:postfi
项目:lemm
// OpenWithKey is the same as Open, but a different key can be passed in.
func (s *Service) OpenWithKey(e *SealedBytes, secretKey *[SecretKeyLength]byte) (byt []byte, err error) {
// once function is complete, check if we are returning err or not.
// if we are, return emit a failure metric, if not a success metric.
defer func() {
if err == nil {
s.metricsClient.Inc("success", 1, 1)
} else {
s.metricsClient.Inc("failure", 1, 1)
}
}()
// check that we either initialized with a key or one was passed in
if secretKey == nil {
return nil, fmt.Errorf("secret key is nil")
}
// convert nonce to an array
nonce, err := nonceSliceToArray(e.Nonce)
if err != nil {
return nil, err
}
// decrypt
var decrypted []byte
decrypted, ok := secretbox.Open(decrypted, e.Ciphertext, nonce, secretKey)
if !ok {
return nil, fmt.Errorf("unable to decrypt message")
}
return decrypted, nil
}
作者:rahulxkrishn
项目:weav
func (nd *NaClDecryptor) decrypt(buf []byte) ([]byte, bool) {
seqNoAndDF := binary.BigEndian.Uint64(buf[:8])
df := (seqNoAndDF & (1 << 63)) != 0
seqNo := seqNoAndDF & ((1 << 63) - 1)
var di *NaClDecryptorInstance
if df {
di = nd.instanceDF
} else {
di = nd.instance
}
binary.BigEndian.PutUint64(di.nonce[16:24], seqNoAndDF)
result, success := secretbox.Open(nil, buf[8:], &di.nonce, nd.sessionKey)
if !success {
return nil, false
}
// Drop duplicates. We do this *after* decryption since we must
// not advance our state unless decryption succeeded. Doing so
// would open an easy attack vector where an adversary could
// inject a packet with a sequence number of (1 << 63) - 1,
// causing all subsequent genuine packets to get dropped.
offset, usedOffsets := di.advanceState(seqNo)
if usedOffsets == nil || usedOffsets.Contains(offset) {
// We have detected a possible replay attack, but it is
// possible we may have just received a very old packet, or
// duplication may have occurred in the network. So let's just
// drop the packet silently.
return nil, true
}
usedOffsets.Add(offset)
return result, success
}
作者:rahulxkrishn
项目:weav
func (receiver *EncryptedTCPReceiver) Decode(msg []byte) ([]byte, error) {
decodedMsg, success := secretbox.Open(nil, msg, &receiver.state.nonce, receiver.state.sessionKey)
if !success {
return nil, fmt.Errorf("Unable to decrypt TCP msg")
}
receiver.state.advance()
return decodedMsg, nil
}
作者:kiso
项目:passwor
// decrypt extracts the nonce from the ciphertext, and attempts to
// decrypt with NaCl's secretbox.
func decrypt(key *[keySize]byte, in []byte) ([]byte, bool) {
if len(in) < nonceSize {
return nil, false
}
var nonce [nonceSize]byte
copy(nonce[:], in)
return secretbox.Open(nil, in[nonceSize:], &nonce, key)
}
作者:jwilkin
项目:pon
// trySavedKeys tries to decrypt ciphertext using keys saved for missing messages.
func (r *Ratchet) trySavedKeys(ciphertext []byte) ([]byte, error) {
if len(ciphertext) < sealedHeaderSize {
return nil, errors.New("ratchet: header too small to be valid")
}
sealedHeader := ciphertext[:sealedHeaderSize]
var nonce [24]byte
copy(nonce[:], sealedHeader)
sealedHeader = sealedHeader[len(nonce):]
for headerKey, messageKeys := range r.saved {
header, ok := secretbox.Open(nil, sealedHeader, &nonce, &headerKey)
if !ok {
continue
}
if len(header) != headerSize {
continue
}
msgNum := binary.LittleEndian.Uint32(header[:4])
msgKey, ok := messageKeys[msgNum]
if !ok {
// This is a fairly common case: the message key might
// not have been saved because it's the next message
// key.
return nil, nil
}
sealedMessage := ciphertext[sealedHeaderSize:]
copy(nonce[:], header[nonceInHeaderOffset:])
msg, ok := secretbox.Open(nil, sealedMessage, &nonce, &msgKey.key)
if !ok {
return nil, errors.New("ratchet: corrupt message")
}
delete(messageKeys, msgNum)
if len(messageKeys) == 0 {
delete(r.saved, headerKey)
}
return msg, nil
}
return nil, nil
}
作者:houndbe
项目:pon
func (c *Conn) Read(out []byte) (n int, err error) {
if len(c.readPending) > 0 {
n = copy(out, c.readPending)
c.readPending = c.readPending[n:]
return
}
if c.readBuffer == nil {
c.readBuffer = make([]byte, blockSize+2)
}
if _, err := io.ReadFull(c.conn, c.readBuffer[:2]); err != nil {
return 0, err
}
n = int(c.readBuffer[0]) | int(c.readBuffer[1])<<8
if n > len(c.readBuffer) {
return 0, errors.New("transport: peer's message too large for Read")
}
if _, err := io.ReadFull(c.conn, c.readBuffer[:n]); err != nil {
return 0, err
}
var ok bool
if len(out) >= n-secretbox.Overhead {
// We can decrypt directly into the output buffer.
out, ok = secretbox.Open(out[:0], c.readBuffer[:n], &c.readSequence, &c.readKey)
n = len(out)
} else {
// We need to decrypt into a side buffer and copy a prefix of
// the result into the caller's buffer.
c.decryptBuffer, ok = secretbox.Open(c.decryptBuffer[:0], c.readBuffer[:n], &c.readSequence, &c.readKey)
n = copy(out, c.decryptBuffer)
c.readPending = c.decryptBuffer[n:]
}
incSequence(&c.readSequence)
if !ok {
c.readPending = c.readPending[:0]
return 0, errors.New("transport: bad MAC")
}
return
}
作者:jansfe
项目:pon
func (c *Conn) decrypt(data []byte) ([]byte, error) {
if !c.readKeyValid {
return data, nil
}
decrypted, ok := secretbox.Open(nil, data, &c.readSequence, &c.readKey)
incSequence(&c.readSequence)
if !ok {
return nil, errors.New("transport: bad MAC")
}
return decrypted, nil
}
作者:jrwre
项目:macaroon-baker
func decrypt(key, ciphertext []byte) ([]byte, error) {
if len(ciphertext) < nonceLen+secretbox.Overhead {
return nil, fmt.Errorf("message too short")
}
var nonce [nonceLen]byte
copy(nonce[:], ciphertext)
ciphertext = ciphertext[nonceLen:]
text, ok := secretbox.Open(nil, ciphertext, &nonce, makeKey(key))
if !ok {
return nil, fmt.Errorf("decryption failure")
}
return text, nil
}
作者:carriercom
项目:grumbl
// Decrypt decrypts a message using XSalsa20-Poly1305 and outputs it to dst.
// Returns false if decryption failed (authentication tag mismatch).
func (sb *secretBoxMode) Decrypt(dst []byte, src []byte, nonce []byte) bool {
if len(src) <= sb.Overhead() {
panic("cryptstate: bad src")
}
if len(nonce) != 24 {
panic("cryptstate: bad nonce length")
}
noncePtr := (*[24]byte)(unsafe.Pointer(&nonce[0]))
_, ok := secretbox.Open(dst[0:0], src, noncePtr, &sb.key)
return ok
}
作者:2008chn
项目:weav
func DecryptPrefixNonce(ciphertxt []byte, secret *[32]byte) ([]byte, bool) {
if len(ciphertxt) < secretbox.Overhead+24 {
return nil, false
}
// There is no way to nicely convert from a slice to an
// array. So have to used the following loop.
var nonce [24]byte
for idx, e := range ciphertxt[0:24] {
nonce[idx] = e
}
ciphertxt = ciphertxt[24:]
return secretbox.Open(nil, ciphertxt, &nonce, secret)
}
作者:jaekwo
项目:gouram
// TODO : consider caching the last deciphered chunk
func (this *CipherReaderAt) ReadAt(p []byte, off int64) (n int, err error) {
log.Printf("ReadAt len(p):%v, off:%v\n", len(p), off)
// read Nonce if not yet read
if this.Nonce == nil {
this.Nonce = &[24]byte{}
_, err := this.Reader.ReadAt(this.Nonce[:], 0)
if err != nil {
return 0, err
}
}
// ...
for len(p) > 0 {
chunkIndex := off / (this.ChunkSize - secretbox.Overhead)
chunkStart := chunkIndex * this.ChunkSize
offChunk := off - chunkIndex*(this.ChunkSize-secretbox.Overhead)
log.Printf(" - chunkIndex: %v, chunkStart: %v, offChunk: %v\n", chunkIndex, chunkStart, offChunk)
// compute nonce, basically a base 256 addition operation
var nonce [24]byte
copy(nonce[:], this.Nonce[:])
{
ci := chunkIndex // copy
i := 0
carry := int16(0)
for ci > 0 || carry > 0 {
sum := int16(ci % 256)
sum += int16(nonce[i])
sum += int16(carry)
nonce[i] = byte(sum % 256)
carry = int16(sum >> 8)
ci >>= 8
i++
}
log.Printf(" - nonce: %v", nonce)
}
numRead, err := this.Reader.ReadAt(this.Chunk, 24+chunkStart)
if err != nil && err != io.EOF {
return n, err
}
openedChunk, ok := secretbox.Open(nil, this.Chunk[:numRead], &nonce, this.Key)
//fmt.Println(colors.Cyan("nonce:", nonce, " key:", this.Key, " numRead:", numRead))
if !ok {
return n, errors.New(fmt.Sprintf("Failed to decipher chunk %v", chunkIndex))
}
copied := copy(p, openedChunk[offChunk:])
p = p[copied:]
n += copied
off += int64(copied)
}
return n, nil
}
作者:voidExceptio
项目:bazi
func (s *Convergent) Get(key []byte) ([]byte, error) {
boxedkey := s.computeBoxedKey(key)
box, err := s.untrusted.Get(boxedkey)
if err != nil {
return nil, err
}
nonce := s.makeNonce(key)
plain, ok := secretbox.Open(nil, box, nonce, s.secret)
if !ok {
return nil, Corrupt{Key: key}
}
return plain, nil
}
作者:jhautefeuill
项目:filecryp
// decrypt extracts the nonce from the ciphertext, and attempts to
// decrypt with NaCl's secretbox.
func decrypt(key *[keySize]byte, message []byte) ([]byte, error) {
if len(message) < (nonceSize + secretbox.Overhead) {
return nil, ErrDecrypt
}
var nonce [nonceSize]byte
copy(nonce[:], message[:nonceSize])
out, ok := secretbox.Open(nil, message[nonceSize:], &nonce, key)
if !ok {
return nil, ErrDecrypt
}
return out, nil
}
作者:ag
项目:pand
func unbox(key *[32]byte, body []byte) ([]byte, error) {
var nonce [24]byte
if len(body) < len(nonce)+secretbox.Overhead+2 {
return nil, errors.New("panda: reply from server is too short to be valid")
}
copy(nonce[:], body)
unsealed, ok := secretbox.Open(nil, body[len(nonce):], &nonce, key)
if !ok {
return nil, errors.New("panda: failed to authenticate reply from server")
}
l := int(unsealed[0]) | int(unsealed[1])<<8
unsealed = unsealed[2:]
if l > len(unsealed) {
return nil, errors.New("panda: corrupt but authentic message found")
}
return unsealed[:l], nil
}
作者:houndbe
项目:pon
// importTombFile decrypts a file with the given path, using a hex-encoded key
// and loads the client state from the result.
func (c *client) importTombFile(stateFile *disk.StateFile, keyHex, path string) error {
keyBytes, err := hex.DecodeString(keyHex)
if err != nil {
return err
}
var key [32]byte
var nonce [24]byte
if len(keyBytes) != len(key) {
return fmt.Errorf("Incorrect key length: %d (want %d)", len(keyBytes), len(key))
}
copy(key[:], keyBytes)
tombBytes, err := ioutil.ReadFile(path)
if err != nil {
return err
}
plaintext, ok := secretbox.Open(nil, tombBytes, &nonce, &key)
if !ok {
return errors.New("Incorrect key")
}
c.stateLock, err = stateFile.Lock(true /* create */)
if c.stateLock == nil && err == nil {
return errors.New("Output statefile is locked.")
}
if err != nil {
return err
}
writerChan := make(chan disk.NewState)
writerDone := make(chan struct{})
go stateFile.StartWriter(writerChan, writerDone)
writerChan <- disk.NewState{State: plaintext}
close(writerChan)
<-writerDone
return nil
}
作者:postfi
项目:holepunc
func (m *secretboxMode) Decrypt(encrypted []byte) ([]byte, bool) {
var opened []byte
var nonce [24]byte
if len(encrypted) < 24 {
log.Printf("secretbox: Not good: len (%d) < 24\n", len(encrypted))
return nil, false
}
for i := 0; i < 24; i++ {
nonce[i] = encrypted[len(encrypted)-24+i]
}
data := encrypted[:len(encrypted)-24]
opened, ok := secretbox.Open(opened[:0], data, &nonce, &m.key)
if !ok {
log.Printf("secretbox: Not good: Open() returned false\n")
}
return opened, ok
}
作者:shpedoika
项目:pon
func (c *client) loadState(b []byte, key *[32]byte) error {
if len(b) < sCryptSaltLen+24*smearedCopies {
return errors.New("state file is too small to be valid")
}
b = b[sCryptSaltLen:]
var nonce [24]byte
for i := 0; i < smearedCopies; i++ {
for j := 0; j < 24; j++ {
nonce[j] ^= b[24*i+j]
}
}
b = b[24*smearedCopies:]
plaintext, ok := secretbox.Open(nil, b, &nonce, key)
if !ok {
return badPasswordError
}
if len(plaintext) < 4 {
return errors.New("state file corrupt")
}
length := binary.LittleEndian.Uint32(plaintext[:4])
plaintext = plaintext[4:]
if length > 1<<31 || length > uint32(len(plaintext)) {
return errors.New("state file corrupt")
}
plaintext = plaintext[:int(length)]
var state protos.State
if err := proto.Unmarshal(plaintext, &state); err != nil {
return err
}
if err := c.unmarshal(&state); err != nil {
return err
}
return nil
}
作者:joncav
项目:pon
func loadOldState(b []byte, key *[32]byte) (*State, error) {
const (
SCryptSaltLen = 32
smearedCopies = 32768 / 24
)
if len(b) < SCryptSaltLen+24*smearedCopies {
return nil, errors.New("state file is too small to be valid")
}
var nonce [24]byte
for i := 0; i < smearedCopies; i++ {
for j := 0; j < 24; j++ {
nonce[j] ^= b[24*i+j]
}
}
b = b[24*smearedCopies:]
plaintext, ok := secretbox.Open(nil, b, &nonce, key)
if !ok {
return nil, BadPasswordError
}
if len(plaintext) < 4 {
return nil, errors.New("state file corrupt")
}
length := binary.LittleEndian.Uint32(plaintext[:4])
plaintext = plaintext[4:]
if length > 1<<31 || length > uint32(len(plaintext)) {
return nil, errors.New("state file corrupt")
}
plaintext = plaintext[:int(length)]
var state State
if err := proto.Unmarshal(plaintext, &state); err != nil {
return nil, err
}
return &state, nil
}
作者:jimja
项目:strowge
func (s *httpService) getBackendSticky(req *http.Request) (*httputil.ClientConn, *http.Cookie) {
cookie, err := req.Cookie(stickyCookie)
if err != nil {
return s.getNewBackendSticky()
}
data, err := base64.StdEncoding.DecodeString(cookie.Value)
if err != nil {
return s.getNewBackendSticky()
}
var nonce [24]byte
if len(data) < len(nonce) {
return s.getNewBackendSticky()
}
copy(nonce[:], data)
res, ok := secretbox.Open(nil, data[len(nonce):], &nonce, s.cookieKey)
if !ok {
return s.getNewBackendSticky()
}
addr := string(res)
ok = false
for _, a := range s.ss.Addrs() {
if a == addr {
ok = true
break
}
}
if !ok {
return s.getNewBackendSticky()
}
backend, err := net.Dial("tcp", string(addr))
if err != nil {
return s.getNewBackendSticky()
}
return httputil.NewClientConn(backend, nil), nil
}
