2016-02-28 00:20:40 +00:00
|
|
|
package goricochet
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/sha256"
|
|
|
|
"io"
|
|
|
|
)
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// AuthenticationHandler manages the stae required for the AuthHiddenService
|
|
|
|
// authentication scheme for ricochet.
|
2016-02-28 00:20:40 +00:00
|
|
|
type AuthenticationHandler struct {
|
|
|
|
clientCookie [16]byte
|
|
|
|
serverCookie [16]byte
|
|
|
|
}
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// AddClientCookie adds a client cookie to the state.
|
2016-02-28 00:20:40 +00:00
|
|
|
func (ah *AuthenticationHandler) AddClientCookie(cookie []byte) {
|
|
|
|
copy(ah.clientCookie[:], cookie[:16])
|
|
|
|
}
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// AddServerCookie adds a server cookie to the state.
|
2016-02-28 00:20:40 +00:00
|
|
|
func (ah *AuthenticationHandler) AddServerCookie(cookie []byte) {
|
|
|
|
copy(ah.serverCookie[:], cookie[:16])
|
|
|
|
}
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// GenRandom generates a random 16byte cookie string.
|
2016-02-28 00:20:40 +00:00
|
|
|
func (ah *AuthenticationHandler) GenRandom() [16]byte {
|
|
|
|
var cookie [16]byte
|
|
|
|
io.ReadFull(rand.Reader, cookie[:])
|
|
|
|
return cookie
|
|
|
|
}
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// GenClientCookie generates and adds a client cookie to the state.
|
2016-02-28 00:20:40 +00:00
|
|
|
func (ah *AuthenticationHandler) GenClientCookie() [16]byte {
|
|
|
|
ah.clientCookie = ah.GenRandom()
|
|
|
|
return ah.clientCookie
|
|
|
|
}
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// GenServerCookie generates and adds a server cookie to the state.
|
2016-02-28 00:20:40 +00:00
|
|
|
func (ah *AuthenticationHandler) GenServerCookie() [16]byte {
|
|
|
|
ah.serverCookie = ah.GenRandom()
|
|
|
|
return ah.serverCookie
|
|
|
|
}
|
|
|
|
|
2016-02-28 02:52:20 +00:00
|
|
|
// GenChallenge constructs the challenge parameter for the AuthHiddenService session.
|
|
|
|
// The challenge is the a Sha256HMAC(clientHostname+serverHostname, key=clientCookie+serverCookie)
|
2016-02-28 00:20:40 +00:00
|
|
|
func (ah *AuthenticationHandler) GenChallenge(clientHostname string, serverHostname string) []byte {
|
|
|
|
key := make([]byte, 32)
|
|
|
|
copy(key[0:16], ah.clientCookie[:])
|
|
|
|
copy(key[16:], ah.serverCookie[:])
|
|
|
|
value := []byte(clientHostname + serverHostname)
|
|
|
|
mac := hmac.New(sha256.New, key)
|
|
|
|
mac.Write(value)
|
|
|
|
hmac := mac.Sum(nil)
|
|
|
|
return hmac
|
|
|
|
}
|