-
Notifications
You must be signed in to change notification settings - Fork 0
/
dake.go
154 lines (126 loc) · 5.14 KB
/
dake.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
package gotra
import (
"github.com/coyim/gotrax"
"github.com/otrv4/ed448"
)
type identityMessage struct {
senderInstanceTag uint32
receiverInstanceTag uint32
clientProfile *gotrax.ClientProfile
y ed448.Point
b *dhPublicKey
}
type identityMessagePrivate struct {
y *gotrax.Keypair
b *dhKeypair
}
type authRMessage struct {
senderInstanceTag uint32
receiverInstanceTag uint32
clientProfile *gotrax.ClientProfile
x ed448.Point
a *dhPublicKey
sigma *gotrax.RingSignature
}
type authRMessagePrivate struct {
x *gotrax.Keypair
a *dhKeypair
}
type authIMessage struct {
senderInstanceTag uint32
receiverInstanceTag uint32
sigma *gotrax.RingSignature
}
func (c *conversation) createIdentityMessage() ValidMessage {
cp := c.getValidClientProfile()
itag := c.getInstanceTag()
ykp := gotrax.GenerateKeypair(c)
bkp, _ := generateDHKeypair(c)
im := &identityMessage{
senderInstanceTag: itag,
receiverInstanceTag: uint32(0x00),
clientProfile: cp,
y: ykp.Pub.K(),
b: bkp.pub,
}
c.im = im
c.imp = &identityMessagePrivate{y: ykp, b: bkp}
return ValidMessage(im.serialize())
}
func (m *identityMessage) validate(tag uint32) error {
// TODO: implement
// Validate the Client Profile, as defined in Validating a Client Profile section.
// Verify that the point Y received is on curve Ed448. See Verifying that a point is on the curve section for details.
// Verify that the DH public key B is from the correct group. See Verifying that an integer is in the DH group section for details.
return nil
}
func (c *conversation) createAuthRMessage() ValidMessage {
cp := c.getValidClientProfile()
itag := c.getInstanceTag()
xkp := gotrax.GenerateKeypair(c)
akp, _ := generateDHKeypair(c)
ar := &authRMessage{
senderInstanceTag: itag,
receiverInstanceTag: c.im.senderInstanceTag,
clientProfile: cp,
x: xkp.Pub.K(),
a: akp.pub,
}
// TODO: figure out a real phi
phi := []byte{}
t := []byte{0x00}
t = append(t, gotrax.Kdf(usageAuthRBobClientProfile, 64, c.im.clientProfile.Serialize())...)
t = append(t, gotrax.Kdf(usageAuthRAliceClientProfile, 64, cp.Serialize())...)
t = append(t, gotrax.SerializePoint(c.im.y)...)
t = append(t, xkp.Pub.Serialize()...)
t = append(t, c.im.b.serialize()...)
t = append(t, akp.pub.serialize()...)
t = append(t, gotrax.Kdf(usageAuthRPhi, 64, phi)...)
longTerm := c.getKeypair()
yk := gotrax.CreatePublicKey(c.im.y, gotrax.Ed448Key)
// TODO: don't ignore this error
ar.sigma, _ = gotrax.GenerateSignature(c, longTerm.Priv, longTerm.Pub, c.im.clientProfile.PublicKey, longTerm.Pub, yk, t, gotrax.Kdf, usageAuth)
c.ar = ar
c.arp = &authRMessagePrivate{x: xkp, a: akp}
return ValidMessage(ar.serialize())
}
func (m *authRMessage) validate(tag uint32) error {
// TODO: implement
// Check that the receiver's instance tag matches your sender's instance tag.
// Validate the Client Profile as defined in Validating a Client Profile section. Extract H_a from it.
// Verify that the point X received is on curve Ed448. See Verifying that a point is on the curve section for details.
// Verify that the DH public key A is from the correct group. See Verifying that an integer is in the DH group section for details.
// Compute t = 0x0 || KDF_1(usageAuthRBobClientProfile || Bob_Client_Profile, 64) || KDF_1(usageAuthRAliceClientProfile || Alice_Client_Profile, 64) || Y || X || B || A || KDF_1(usageAuthRPhi || phi, 64). phi is the shared session state as mention in its section.
// Verify the sigma as defined in Ring Signature Authentication.
return nil
}
func (c *conversation) createAuthIMessage() ValidMessage {
cp := c.getValidClientProfile()
itag := c.getInstanceTag()
ai := &authIMessage{
senderInstanceTag: itag,
receiverInstanceTag: c.ar.senderInstanceTag,
}
// TODO: figure out a real phi
phi := []byte{}
t := []byte{0x01}
t = append(t, gotrax.Kdf(usageAuthIBobClientProfile, 64, cp.Serialize())...)
t = append(t, gotrax.Kdf(usageAuthIAliceClientProfile, 64, c.ar.clientProfile.Serialize())...)
t = append(t, gotrax.SerializePoint(c.im.y)...)
t = append(t, gotrax.SerializePoint(c.ar.x)...)
t = append(t, c.im.b.serialize()...)
t = append(t, c.ar.a.serialize()...)
t = append(t, gotrax.Kdf(usageAuthIPhi, 64, phi)...)
longTerm := c.getKeypair()
// TODO: don't ignore this error
ai.sigma, _ = gotrax.GenerateSignature(c, longTerm.Priv, longTerm.Pub, longTerm.Pub, c.ar.clientProfile.PublicKey, gotrax.CreatePublicKey(c.ar.x, gotrax.Ed448Key), t, gotrax.Kdf, usageAuth)
c.ai = ai
return ValidMessage(ai.serialize())
}
func (m *authIMessage) validate(tag uint32) error {
// TODO: implement
// Check that the receiver's instance tag matches your sender's instance tag.
// Compute t = 0x1 || KDF_1(usageAuthIBobClientProfile || Bobs_Client_Profile, 64) || KDF_1(usageAuthIAliceClientProfile || Alices_Client_Profile, 64) || Y || X || B || A || KDF_1(usageAuthIPhi || phi, 64). phi is the shared session state as mention in its section.
// Verify the sigma as defined in Ring Signature Authentication.
return nil
}