本文整理汇总了Golang中golang.org/x/crypto/salsa20.XORKeyStream函数的典型用法代码示例。如果您正苦于以下问题:Golang XORKeyStream函数的具体用法?Golang XORKeyStream怎么用?Golang XORKeyStream使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了XORKeyStream函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: Chaff
// Chaff the data. noncePrfx is 64-bit nonce. Output data will be much
// larger: 256 bytes for each input byte.
func Chaff(authKey *[32]byte, noncePrfx, in []byte) []byte {
out := make([]byte, len(in)*EnlargeFactor)
keys := make([]byte, 8*64)
nonce := make([]byte, 24)
copy(nonce[:8], noncePrfx)
var i int
var v byte
tag := new([16]byte)
macKey := new([32]byte)
for n, b := range in {
binary.BigEndian.PutUint64(nonce[16:], uint64(n))
salsa20.XORKeyStream(keys, keys, nonce, authKey)
for i = 0; i < 8; i++ {
v = (b >> uint8(i)) & 1
copy(macKey[:], keys[64*i:64*i+32])
if v == 0 {
poly1305.Sum(tag, []byte("1"), macKey)
} else {
poly1305.Sum(tag, []byte("0"), macKey)
}
copy(out[16*(n*16+i*2):], tag[:])
copy(macKey[:], keys[64*i+32:64*i+64])
if v == 1 {
poly1305.Sum(tag, []byte("1"), macKey)
} else {
poly1305.Sum(tag, []byte("0"), macKey)
}
copy(out[16*(n*16+i*2+1):], tag[:])
}
zero(keys)
}
zero(macKey[:])
return out
}示例2: HandshakeStart
// Start handshake's procedure from the client. It is the entry point
// for starting the handshake procedure. // First handshake packet
// will be sent immediately.
func HandshakeStart(addr string, conn io.Writer, conf *PeerConf) *Handshake {
state := NewHandshake(addr, conn, conf)
var dhPubRepr *[32]byte
state.dhPriv, dhPubRepr = dhKeypairGen()
state.rNonce = new([RSize]byte)
if _, err := Rand.Read(state.rNonce[:]); err != nil {
log.Fatalln("Error reading random for nonce:", err)
}
var enc []byte
if conf.Noise {
enc = make([]byte, conf.MTU-xtea.BlockSize-RSize)
} else {
enc = make([]byte, 32)
}
copy(enc, dhPubRepr[:])
if conf.Encless {
var err error
enc, err = EnclessEncode(state.dsaPubH, state.rNonce[:], enc)
if err != err {
panic(err)
}
} else {
salsa20.XORKeyStream(enc, enc, state.rNonce[:], state.dsaPubH)
}
data := append(state.rNonce[:], enc...)
data = append(data, idTag(state.Conf.Id, state.Conf.TimeSync, state.rNonce[:])...)
state.conn.Write(data)
return state
}示例3: Encrypt
func (session *CryptoSession) Encrypt(plaintext string) []byte {
in := make([]byte, 64)
copy(in, []byte(plaintext))
out := make([]byte, 64)
salsa20.XORKeyStream(out, in, Session.nonce, Session.sessionKey)
return out
}示例4: fill
func (sr *Salsa20Rand) fill() {
var nonce [8]byte
binary.BigEndian.PutUint64(nonce[:], sr.nonce)
sr.nonce += 1
salsa20.XORKeyStream(sr.buffer, sr.zeroes, nonce[:], &sr.key)
sr.bufferOffset = 0
}示例5: BenchmarkSalsa20_1K
// Salsa20 cipher
func BenchmarkSalsa20_1K(b *testing.B) {
var key [32]byte
var nonce [8]byte
size := 1024
b.SetBytes(int64(size))
for i := 0; i < b.N; i++ {
salsa20.XORKeyStream(buf[:size], buf[:size], nonce[:], &key)
}
}示例6: Winnow
// Winnow the data.
func Winnow(authKey *[32]byte, noncePrfx, in []byte) ([]byte, error) {
if len(in)%EnlargeFactor != 0 {
return nil, errors.New("Invalid data size")
}
out := make([]byte, len(in)/EnlargeFactor)
keys := make([]byte, 8*64)
nonce := make([]byte, 24)
copy(nonce[:8], noncePrfx)
var i int
var v byte
tag := new([16]byte)
macKey := new([32]byte)
defer zero(macKey[:])
var is01 bool
var is00 bool
var is11 bool
var is10 bool
for n := 0; n < len(out); n++ {
binary.BigEndian.PutUint64(nonce[16:], uint64(n))
salsa20.XORKeyStream(keys, keys, nonce, authKey)
v = 0
for i = 0; i < 8; i++ {
copy(macKey[:], keys[64*i:64*i+32])
poly1305.Sum(tag, []byte("1"), macKey)
is01 = subtle.ConstantTimeCompare(
tag[:],
in[16*(n*16+i*2):16*(n*16+i*2+1)],
) == 1
poly1305.Sum(tag, []byte("0"), macKey)
is00 = subtle.ConstantTimeCompare(
tag[:],
in[16*(n*16+i*2):16*(n*16+i*2+1)],
) == 1
copy(macKey[:], keys[64*i+32:64*i+64])
poly1305.Sum(tag, []byte("1"), macKey)
is11 = subtle.ConstantTimeCompare(
tag[:],
in[16*(n*16+i*2+1):16*(n*16+i*2+2)],
) == 1
poly1305.Sum(tag, []byte("0"), macKey)
is10 = subtle.ConstantTimeCompare(
tag[:],
in[16*(n*16+i*2+1):16*(n*16+i*2+2)],
) == 1
if !((is01 && is10) || (is00 && is11)) {
zero(keys)
return nil, errors.New("Invalid authenticator received")
}
if is11 {
v = v | 1<<uint8(i)
}
}
out[n] = v
zero(keys)
}
return out, nil
}示例7: PktProcess
// Process incoming UDP packet.
// ConnListen'es synchronization channel used to tell him that he is
// free to receive new packets. Authenticated and decrypted packets
// will be written to the interface immediately (except heartbeat ones).
func (p *Peer) PktProcess(data []byte, tap io.Writer, ready chan struct{}) bool {
p.size = len(data)
copy(p.buf, Emptiness)
copy(p.tag[:], data[p.size-poly1305.TagSize:])
copy(p.buf[S20BS:], data[NonceSize:p.size-poly1305.TagSize])
salsa20.XORKeyStream(
p.buf[:S20BS+p.size-poly1305.TagSize],
p.buf[:S20BS+p.size-poly1305.TagSize],
data[:NonceSize],
p.Key,
)
copy(p.keyAuth[:], p.buf[:SSize])
if !poly1305.Verify(p.tag, data[:p.size-poly1305.TagSize], p.keyAuth) {
ready <- struct{}{}
p.FramesUnauth++
return false
}
// Check if received nonce is known to us in either of two buckets.
// If yes, then this is ignored duplicate.
// Check from the oldest bucket, as in most cases this will result
// in constant time check.
// If Bucket0 is filled, then it becomes Bucket1.
p.NonceCipher.Decrypt(p.buf, data[:NonceSize])
ready <- struct{}{}
p.nonceRecv, _ = binary.Uvarint(p.buf[:NonceSize])
if _, p.nonceFound = p.nonceBucket1[p.NonceRecv]; p.nonceFound {
p.FramesDup++
return false
}
if _, p.nonceFound = p.nonceBucket0[p.NonceRecv]; p.nonceFound {
p.FramesDup++
return false
}
p.nonceBucket0[p.NonceRecv] = struct{}{}
p.nonceBucketN++
if p.nonceBucketN == NonceBucketSize {
p.nonceBucket1 = p.nonceBucket0
p.nonceBucket0 = make(map[uint64]struct{}, NonceBucketSize)
p.nonceBucketN = 0
}
p.FramesIn++
p.BytesIn += int64(p.size)
p.LastPing = time.Now()
p.NonceRecv = p.nonceRecv
p.pktSize, _ = binary.Uvarint(p.buf[S20BS : S20BS+PktSizeSize])
if p.pktSize == 0 {
p.HeartbeatRecv++
return true
}
p.frame = p.buf[S20BS+PktSizeSize : S20BS+PktSizeSize+p.pktSize]
p.BytesPayloadIn += int64(p.pktSize)
tap.Write(p.frame)
return true
}示例8: encrypt_data
func encrypt_data(plain, keys []byte) ([]byte, error) {
var iv, key []byte
var block cipher.Block
var stream cipher.Stream
iv_offset := TotalIVLen
res := make([]byte, len(plain)+iv_offset)
iv = res[iv_offset-SalsaIVLen : iv_offset]
_, err := rand.Read(iv)
if err != nil {
return nil, err
}
// For some reason salsa20 API is different
key_array := new([32]byte)
copy(key_array[:], keys[cipherKeyLen*2:])
salsa20.XORKeyStream(res[iv_offset:], plain, iv, key_array)
iv_offset -= SalsaIVLen
iv = res[iv_offset-IVLen : iv_offset]
_, err = rand.Read(iv)
if err != nil {
return nil, err
}
key = keys[cipherKeyLen : cipherKeyLen*2]
block, err = twofish.NewCipher(key)
if err != nil {
return nil, err
}
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(res[iv_offset:], res[iv_offset:])
iv_offset -= IVLen
iv = res[iv_offset-IVLen : iv_offset]
_, err = rand.Read(iv)
if err != nil {
return nil, err
}
key = keys[:cipherKeyLen]
block, err = aes.NewCipher(key)
if err != nil {
return nil, err
}
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(res[iv_offset:], res[iv_offset:])
iv_offset -= IVLen
if iv_offset != 0 {
panic(fmt.Errorf("something went terribly wrong: iv_offset final value non-zero"))
}
return res, nil
}示例9: Read
func (rng salsaRNG) Read(buf []byte) (n int, err error) {
for i := range buf {
buf[i] = 0
}
var nonce [8]byte
var key [32]byte
binary.LittleEndian.PutUint32(key[:], uint32(rng.seed))
rng.seed++
salsa20.XORKeyStream(buf, buf, nonce[:], &key)
return len(buf), nil
}示例10: newNonceCipher
func newNonceCipher(key *[32]byte) *xtea.Cipher {
nonceKey := make([]byte, 16)
salsa20.XORKeyStream(
nonceKey,
make([]byte, 32),
make([]byte, xtea.BlockSize),
key,
)
ciph, err := xtea.NewCipher(nonceKey)
if err != nil {
panic(err)
}
return ciph
}示例11: Encode
// Encode the data, produce AONT package. Data size will be larger than
// the original one for 48 bytes.
func Encode(r *[RSize]byte, in []byte) ([]byte, error) {
out := make([]byte, len(in)+HSize+RSize)
copy(out, in)
h := blake2b.New256()
h.Write(r[:])
h.Write(in)
copy(out[len(in):], h.Sum(nil))
salsaKey := new([32]byte)
copy(salsaKey[:], r[:])
salsa20.XORKeyStream(out, out, dummyNonce, salsaKey)
h.Reset()
h.Write(out[:len(in)+32])
for i, b := range h.Sum(nil)[:RSize] {
out[len(in)+32+i] = b ^ r[i]
}
return out, nil
}示例12: EthProcess
// Process incoming Ethernet packet.
// ready channel is TAPListen's synchronization channel used to tell him
// that he is free to receive new packets. Encrypted and authenticated
// packets will be sent to remote Peer side immediately.
func (p *Peer) EthProcess(data []byte, ready chan struct{}) {
p.now = time.Now()
p.size = len(data)
// If this heartbeat is necessary
if p.size == 0 && !p.LastSent.Add(p.Timeout).Before(p.now) {
return
}
copy(p.buf, Emptiness)
if p.size > 0 {
copy(p.buf[S20BS+PktSizeSize:], data)
ready <- struct{}{}
binary.PutUvarint(p.buf[S20BS:S20BS+PktSizeSize], uint64(p.size))
p.BytesPayloadOut += int64(p.size)
} else {
p.HeartbeatSent++
}
p.NonceOur += 2
copy(p.nonce, Emptiness)
binary.PutUvarint(p.nonce, p.NonceOur)
p.NonceCipher.Encrypt(p.nonce, p.nonce)
salsa20.XORKeyStream(p.buf, p.buf, p.nonce, p.Key)
copy(p.buf[S20BS-NonceSize:S20BS], p.nonce)
copy(p.keyAuth[:], p.buf[:SSize])
if p.NoiseEnable {
p.frame = p.buf[S20BS-NonceSize : S20BS+MTU-NonceSize-poly1305.TagSize]
} else {
p.frame = p.buf[S20BS-NonceSize : S20BS+PktSizeSize+p.size]
}
poly1305.Sum(p.tag, p.frame, p.keyAuth)
p.BytesOut += int64(len(p.frame) + poly1305.TagSize)
p.FramesOut++
if p.CPRCycle != time.Duration(0) {
p.willSentCycle = p.LastSent.Add(p.CPRCycle)
if p.willSentCycle.After(p.now) {
time.Sleep(p.willSentCycle.Sub(p.now))
p.now = p.willSentCycle
}
}
p.LastSent = p.now
p.Conn.Write(append(p.frame, p.tag[:]...))
}示例13: Decode
// Decode the data from AONT package. Data size will be smaller than the
// original one for 48 bytes.
func Decode(in []byte) ([]byte, error) {
if len(in) < HSize+RSize {
return nil, errors.New("Too small input buffer")
}
h := blake2b.New256()
h.Write(in[:len(in)-RSize])
salsaKey := new([32]byte)
for i, b := range h.Sum(nil)[:RSize] {
salsaKey[i] = b ^ in[len(in)-RSize+i]
}
h.Reset()
h.Write(salsaKey[:RSize])
out := make([]byte, len(in)-RSize)
salsa20.XORKeyStream(out, in[:len(in)-RSize], dummyNonce, salsaKey)
h.Write(out[:len(out)-HSize])
if subtle.ConstantTimeCompare(h.Sum(nil), out[len(out)-HSize:]) != 1 {
return nil, errors.New("Invalid checksum")
}
return out[:len(out)-HSize], nil
}示例14: decrypt_data
func decrypt_data(dst, data, keys []byte) error {
var iv, key []byte
var block cipher.Block
var stream cipher.Stream
var err error
buffer := append([]byte{}, data...)
iv_offset := IVLen
iv = buffer[:iv_offset]
key = keys[:cipherKeyLen]
block, err = aes.NewCipher(key)
if err != nil {
return err
}
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(buffer[iv_offset:], buffer[iv_offset:])
iv_offset += IVLen
iv = buffer[iv_offset-IVLen : iv_offset]
key = keys[cipherKeyLen : cipherKeyLen*2]
block, err = twofish.NewCipher(key)
if err != nil {
return err
}
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(buffer[iv_offset:], buffer[iv_offset:])
iv_offset += SalsaIVLen
iv = buffer[iv_offset-SalsaIVLen : iv_offset]
key_array := new([32]byte)
copy(key_array[:], keys[cipherKeyLen*2:])
salsa20.XORKeyStream(dst, buffer[iv_offset:], iv, key_array)
if len(buffer[iv_offset:]) != len(data)-TotalIVLen {
return fmt.Errorf("something went terribly wrong: bufsz is wrong")
}
return nil
}示例15: Server
// Process handshake message on the server side.
// This function is intended to be called on server's side.
// If this is the final handshake message, then new Peer object
// will be created and used as a transport. If no mutually
// authenticated Peer is ready, then return nil.
func (h *Handshake) Server(data []byte) *Peer {
// R + ENC(H(DSAPub), R, El(CDHPub)) + IDtag
if h.rNonce == nil {
// Generate DH keypair
var dhPubRepr *[32]byte
h.dhPriv, dhPubRepr = dhKeypairGen()
h.rNonce = new([RSize]byte)
copy(h.rNonce[:], data[:RSize])
// Decrypt remote public key and compute shared key
cDHRepr := new([32]byte)
salsa20.XORKeyStream(
cDHRepr[:],
data[RSize:RSize+32],
h.rNonce[:],
h.dsaPubH,
)
cDH := new([32]byte)
extra25519.RepresentativeToPublicKey(cDH, cDHRepr)
h.key = dhKeyGen(h.dhPriv, cDH)
encPub := make([]byte, 32)
salsa20.XORKeyStream(encPub, dhPubRepr[:], h.rNonceNext(1), h.dsaPubH)
// Generate R* and encrypt them
h.rServer = new([RSize]byte)
if err := randRead(h.rServer[:]); err != nil {
log.Fatalln("Error reading random for R:", err)
}
h.sServer = new([SSize]byte)
if err := randRead(h.sServer[:]); err != nil {
log.Fatalln("Error reading random for S:", err)
}
var encRs []byte
if h.Conf.Noise {
encRs = make([]byte, MTU-len(encPub)-xtea.BlockSize)
} else {
encRs = make([]byte, RSize+SSize)
}
copy(encRs, append(h.rServer[:], h.sServer[:]...))
salsa20.XORKeyStream(encRs, encRs, h.rNonce[:], h.key)
// Send that to client
h.conn.Write(append(encPub, append(encRs, idTag(h.Conf.Id, encPub)...)...))
h.LastPing = time.Now()
} else
// ENC(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag
if h.rClient == nil {
// Decrypted Rs compare rServer
dec := make([]byte, RSize+RSize+SSize+ed25519.SignatureSize)
salsa20.XORKeyStream(
dec,
data[:RSize+RSize+SSize+ed25519.SignatureSize],
h.rNonceNext(1),
h.key,
)
if subtle.ConstantTimeCompare(dec[:RSize], h.rServer[:]) != 1 {
log.Println("Invalid server's random number with", h.addr)
return nil
}
sign := new([ed25519.SignatureSize]byte)
copy(sign[:], dec[RSize+RSize+SSize:])
if !ed25519.Verify(h.Conf.DSAPub, h.key[:], sign) {
log.Println("Invalid signature from", h.addr)
return nil
}
// Send final answer to client
var enc []byte
if h.Conf.Noise {
enc = make([]byte, MTU-xtea.BlockSize)
} else {
enc = make([]byte, RSize)
}
copy(enc, dec[RSize:RSize+RSize])
salsa20.XORKeyStream(enc, enc, h.rNonceNext(2), h.key)
h.conn.Write(append(enc, idTag(h.Conf.Id, enc)...))
// Switch peer
peer := newPeer(
false,
h.addr,
h.conn,
h.Conf,
keyFromSecrets(h.sServer[:], dec[RSize+RSize:RSize+RSize+SSize]))
h.LastPing = time.Now()
return peer
} else {
log.Println("Invalid handshake message from", h.addr)
}
return nil
}