Rewrite hap secure connection
This commit is contained in:
Alex X
+1
-1
@@ -217,7 +217,7 @@ func (c *Client) Dial() (err error) {
|
||||
return
|
||||
}
|
||||
// new reader for new conn
|
||||
c.reader = bufio.NewReaderSize(c.Conn, 32*1024) // 32K like default request body
|
||||
c.reader = bufio.NewReader(c.Conn)
|
||||
|
||||
go c.eventsReader()
|
||||
|
||||
|
||||
+69
-58
@@ -1,6 +1,7 @@
|
||||
package secure
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"encoding/binary"
|
||||
"io"
|
||||
"net"
|
||||
@@ -14,6 +15,10 @@ import (
|
||||
type Conn struct {
|
||||
conn net.Conn
|
||||
|
||||
rd *bufio.Reader
|
||||
wr *bufio.Writer
|
||||
rb []byte // temporary reading buffer
|
||||
|
||||
encryptKey []byte
|
||||
decryptKey []byte
|
||||
encryptCnt uint64
|
||||
@@ -33,11 +38,19 @@ func Client(conn net.Conn, sharedKey []byte, isClient bool) (net.Conn, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if isClient {
|
||||
return &Conn{conn: conn, encryptKey: key2, decryptKey: key1}, nil
|
||||
} else {
|
||||
return &Conn{conn: conn, encryptKey: key1, decryptKey: key2}, nil
|
||||
c := &Conn{
|
||||
conn: conn,
|
||||
rd: bufio.NewReaderSize(conn, BufferSize),
|
||||
wr: bufio.NewWriterSize(conn, BufferSize),
|
||||
}
|
||||
|
||||
if isClient {
|
||||
c.encryptKey, c.decryptKey = key2, key1
|
||||
} else {
|
||||
c.encryptKey, c.decryptKey = key1, key2
|
||||
}
|
||||
|
||||
return c, nil
|
||||
}
|
||||
|
||||
const (
|
||||
@@ -47,87 +60,85 @@ const (
|
||||
VerifySize = 2
|
||||
NonceSize = 8
|
||||
Overhead = 16 // chacha20poly1305.Overhead
|
||||
|
||||
BufferSize = 2 + 0xFFFF + Overhead
|
||||
)
|
||||
|
||||
func (c *Conn) Read(b []byte) (n int, err error) {
|
||||
verify := make([]byte, VerifySize) // = packet length
|
||||
buf := make([]byte, PacketSizeMax+Overhead)
|
||||
nonce := make([]byte, NonceSize)
|
||||
|
||||
for {
|
||||
if len(b) < PacketSizeMax {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = io.ReadFull(c.conn, verify); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
size := binary.LittleEndian.Uint16(verify)
|
||||
ciphertext := buf[:size+Overhead]
|
||||
|
||||
if _, err = io.ReadFull(c.conn, ciphertext); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
binary.LittleEndian.PutUint64(nonce, c.decryptCnt)
|
||||
c.decryptCnt++
|
||||
|
||||
// put decrypted text to b's end
|
||||
_, err = chacha20poly1305.DecryptAndVerify(c.decryptKey, b[:0], nonce, ciphertext, verify)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
n += int(size) // plaintext size
|
||||
|
||||
// Finish when all bytes fit in b
|
||||
if size < PacketSizeMax {
|
||||
return
|
||||
}
|
||||
|
||||
b = b[size:]
|
||||
// something in reading buffer
|
||||
if len(c.rb) > 0 {
|
||||
n = copy(b, c.rb)
|
||||
c.rb = c.rb[n:]
|
||||
return
|
||||
}
|
||||
|
||||
verify := make([]byte, 2) // verify = plain message size
|
||||
if _, err = io.ReadFull(c.rd, verify); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
n = int(binary.LittleEndian.Uint16(verify))
|
||||
ciphertext := make([]byte, n+Overhead)
|
||||
|
||||
if _, err = io.ReadFull(c.rd, ciphertext); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
nonce := make([]byte, NonceSize)
|
||||
binary.LittleEndian.PutUint64(nonce, c.decryptCnt)
|
||||
c.decryptCnt++
|
||||
|
||||
// buffer size enought for direct reading
|
||||
if n <= cap(b) {
|
||||
_, err = chacha20poly1305.DecryptAndVerify(c.decryptKey, b[:0], nonce, ciphertext, verify)
|
||||
return
|
||||
}
|
||||
|
||||
// reading to temporary buffer
|
||||
c.rb = make([]byte, 0, n)
|
||||
if _, err = chacha20poly1305.DecryptAndVerify(c.decryptKey, c.rb, nonce, ciphertext, verify); err != nil {
|
||||
return
|
||||
}
|
||||
return c.Read(b)
|
||||
}
|
||||
|
||||
func (c *Conn) Write(b []byte) (n int, err error) {
|
||||
c.mx.Lock()
|
||||
defer c.mx.Unlock()
|
||||
var ciphertext []byte
|
||||
var nonce = make([]byte, NonceSize)
|
||||
var verify = make([]byte, VerifySize)
|
||||
|
||||
nonce := make([]byte, NonceSize)
|
||||
buf := make([]byte, NonceSize+PacketSizeMax+Overhead)
|
||||
verify := buf[:VerifySize] // part of write buffer
|
||||
|
||||
for {
|
||||
for len(b) > 0 {
|
||||
size := len(b)
|
||||
if size > PacketSizeMax {
|
||||
size = PacketSizeMax
|
||||
}
|
||||
|
||||
binary.LittleEndian.PutUint16(verify, uint16(size))
|
||||
if _, err = c.wr.Write(verify); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
binary.LittleEndian.PutUint64(nonce, c.encryptCnt)
|
||||
c.encryptCnt++
|
||||
|
||||
// put encrypted text to writing buffer just after size (2 bytes)
|
||||
_, err = chacha20poly1305.EncryptAndSeal(c.encryptKey, buf[2:2], nonce, b[:size], verify)
|
||||
if cap(ciphertext) < size+Overhead {
|
||||
ciphertext = make([]byte, size+Overhead)
|
||||
}
|
||||
|
||||
_, err = chacha20poly1305.EncryptAndSeal(c.encryptKey, ciphertext[:0], nonce, b[:size], verify)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = c.conn.Write(buf[:VerifySize+size+Overhead]); err != nil {
|
||||
if _, err = c.wr.Write(ciphertext); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
n += size // plaintext size
|
||||
|
||||
if size < PacketSizeMax {
|
||||
break
|
||||
}
|
||||
|
||||
b = b[PacketSizeMax:]
|
||||
b = b[size:]
|
||||
n += size
|
||||
}
|
||||
|
||||
err = c.wr.Flush()
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user