2018-10-07 17:09:45 +00:00
|
|
|
package util
|
|
|
|
|
|
|
|
|
|
import (
|
2018-10-20 20:41:01 +00:00
|
|
|
"crypto/aes"
|
|
|
|
|
"crypto/cipher"
|
2018-10-07 17:09:45 +00:00
|
|
|
"encoding/binary"
|
|
|
|
|
"errors"
|
|
|
|
|
"io"
|
|
|
|
|
prand "math/rand"
|
|
|
|
|
"net"
|
2018-10-16 20:13:19 +00:00
|
|
|
"strconv"
|
2018-10-07 17:09:45 +00:00
|
|
|
)
|
|
|
|
|
|
2019-06-09 14:03:28 +00:00
|
|
|
func AESGCMEncrypt(nonce []byte, key []byte, plaintext []byte) ([]byte, error) {
|
|
|
|
|
block, err := aes.NewCipher(key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return aesgcm.Seal(nil, nonce, plaintext, nil), nil
|
2018-10-20 20:41:01 +00:00
|
|
|
}
|
|
|
|
|
|
2019-06-09 14:03:28 +00:00
|
|
|
func AESGCMDecrypt(nonce []byte, key []byte, ciphertext []byte) ([]byte, error) {
|
|
|
|
|
block, err := aes.NewCipher(key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
plain, err := aesgcm.Open(nil, nonce, ciphertext, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return plain, nil
|
2018-10-20 20:41:01 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-07 17:09:45 +00:00
|
|
|
// PsudoRandBytes returns a byte slice filled with psudorandom bytes generated by the seed
|
|
|
|
|
func PsudoRandBytes(length int, seed int64) []byte {
|
2018-11-07 21:16:13 +00:00
|
|
|
r := prand.New(prand.NewSource(seed))
|
2018-10-07 17:09:45 +00:00
|
|
|
ret := make([]byte, length)
|
2018-11-07 21:16:13 +00:00
|
|
|
r.Read(ret)
|
2018-10-07 17:09:45 +00:00
|
|
|
return ret
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-07 21:16:13 +00:00
|
|
|
// ReadTLS reads TLS data according to its record layer
|
|
|
|
|
func ReadTLS(conn net.Conn, buffer []byte) (n int, err error) {
|
2018-10-07 17:09:45 +00:00
|
|
|
// TCP is a stream. Multiple TLS messages can arrive at the same time,
|
|
|
|
|
// a single message can also be segmented due to MTU of the IP layer.
|
|
|
|
|
// This function guareentees a single TLS message to be read and everything
|
|
|
|
|
// else is left in the buffer.
|
|
|
|
|
i, err := io.ReadFull(conn, buffer[:5])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-13 22:22:55 +00:00
|
|
|
dataLength := int(binary.BigEndian.Uint16(buffer[3:5]))
|
2018-10-16 20:13:19 +00:00
|
|
|
if dataLength > len(buffer) {
|
|
|
|
|
err = errors.New("Reading TLS message: message size greater than buffer. message size: " + strconv.Itoa(dataLength))
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-10-07 17:09:45 +00:00
|
|
|
left := dataLength
|
|
|
|
|
readPtr := 5
|
|
|
|
|
|
|
|
|
|
for left != 0 {
|
|
|
|
|
// If left > buffer size (i.e. our message got segmented), the entire MTU is read
|
|
|
|
|
// if left = buffer size, the entire buffer is all there left to read
|
|
|
|
|
// if left < buffer size (i.e. multiple messages came together),
|
|
|
|
|
// only the message we want is read
|
|
|
|
|
i, err = io.ReadFull(conn, buffer[readPtr:readPtr+left])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
left -= i
|
|
|
|
|
readPtr += i
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
n = 5 + dataLength
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddRecordLayer adds record layer to data
|
|
|
|
|
func AddRecordLayer(input []byte, typ []byte, ver []byte) []byte {
|
|
|
|
|
length := make([]byte, 2)
|
|
|
|
|
binary.BigEndian.PutUint16(length, uint16(len(input)))
|
|
|
|
|
ret := make([]byte, 5+len(input))
|
|
|
|
|
copy(ret[0:1], typ)
|
|
|
|
|
copy(ret[1:3], ver)
|
|
|
|
|
copy(ret[3:5], length)
|
|
|
|
|
copy(ret[5:], input)
|
|
|
|
|
return ret
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PeelRecordLayer peels off the record layer
|
|
|
|
|
func PeelRecordLayer(data []byte) []byte {
|
|
|
|
|
ret := data[5:]
|
|
|
|
|
return ret
|
|
|
|
|
}
|
