/
encless.go
84 lines (74 loc) · 2.24 KB
/
encless.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/*
GoVPN -- simple secure free software virtual private network daemon
Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package enc
import (
"io"
"crypto/rand"
"github.com/1AD8BE38F271/vpncore/enc/cnw"
"github.com/1AD8BE38F271/vpncore/enc/aont"
)
var (
Rand io.Reader = rand.Reader
)
const (
EnclessEnlargeSize = aont.AontHashSize + aont.AontKeySize *cnw.EnlargeFactor
)
// Zero each byte.
func SliceZero(data []byte) {
for i := 0; i < len(data); i++ {
data[i] = 0
}
}
// Confidentiality preserving (but encryptionless) encoding.
//
// It uses Chaffing-and-Winnowing technology (it is neither
// encryption nor steganography) over All-Or-Nothing-Transformed data.
// nonce is 64-bit nonce. Output data will be EnclessEnlargeSize larger.
// It also consumes 64-bits of entropy.
func EnclessEncode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
r := new([aont.AontKeySize]byte)
var err error
if _, err = io.ReadFull(Rand, r[:]); err != nil {
return nil, err
}
aonted, err := aont.AontEncode(r, in)
if err != nil {
return nil, err
}
out := append(
cnw.Chaff(authKey, nonce, aonted[:aont.AontKeySize]),
aonted[aont.AontKeySize:]...,
)
SliceZero(aonted[:aont.AontKeySize])
return out, nil
}
// Decode EnclessEncode-ed data.
func EnclessDecode(authKey *[32]byte, nonce, in []byte) ([]byte, error) {
var err error
winnowed, err := cnw.Winnow(
authKey, nonce, in[:aont.AontKeySize *cnw.EnlargeFactor],
)
if err != nil {
return nil, err
}
out, err := aont.AontDecode(append(
winnowed, in[aont.AontKeySize *cnw.EnlargeFactor:]...,
))
SliceZero(winnowed)
if err != nil {
return nil, err
}
return out, nil
}