/
crypto.go
108 lines (79 loc) · 2.2 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package snmp
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/sha1"
"encoding/binary"
)
const oneMegabyte = 1024 * 1024
// passphraseToKey generates a SHA1 hashed key using the given passphrase.
func passphraseToKey(passphrase, engineId []byte) []byte {
h := sha1.New()
passphraseLength := len(passphrase)
// Write 1 MB to the hash
repeat, remain := oneMegabyte/passphraseLength, oneMegabyte%passphraseLength
for repeat > 0 {
h.Write(passphrase)
repeat--
}
if remain > 0 {
h.Write(passphrase[:remain])
}
sum := h.Sum(nil)
h.Reset()
h.Write(sum)
h.Write(engineId)
h.Write(sum)
return h.Sum(nil)
}
// encrypt returns an AES encrypted payload with a priv parameter.
func (s *Session) encrypt(payload []byte) ([]byte, []byte) {
b := &bytes.Buffer{}
binary.Write(b, binary.BigEndian, s.engineBoots)
binary.Write(b, binary.BigEndian, s.engineTime)
b2 := &bytes.Buffer{}
binary.Write(b2, binary.BigEndian, s.aesIV)
s.aesIV++
priv := b2.Bytes()
iv := append(b.Bytes(), priv...)
encrypted := make([]byte, len(payload))
aesBlockEncrypter, err := aes.NewCipher(s.privKey)
if err != nil {
return nil, nil
}
aesEncrypter := cipher.NewCFBEncrypter(aesBlockEncrypter, iv)
aesEncrypter.XORKeyStream(encrypted, payload)
return encrypted, priv
}
// decrypt returns a decrypted payload
func (s *Session) decrypt(payload, priv []byte) []byte {
b := &bytes.Buffer{}
binary.Write(b, binary.BigEndian, s.engineBoots)
binary.Write(b, binary.BigEndian, s.engineTime)
iv := append(b.Bytes(), priv...)
decrypted := make([]byte, len(payload))
aesBlockDecrypter, err := aes.NewCipher(s.privKey)
if err != nil {
return nil
}
aesDecrypter := cipher.NewCFBDecrypter(aesBlockDecrypter, iv)
aesDecrypter.XORKeyStream(decrypted, payload)
return decrypted
}
// auth returns the authentication hash for the given payload.
func (s *Session) auth(payload []byte) []byte {
paddedAuthKey := make([]byte, 64)
copy(paddedAuthKey, s.authKey)
a := make([]byte, 64)
b := make([]byte, 64)
for i := range a {
a[i], b[i] = paddedAuthKey[i]^0x36, paddedAuthKey[i]^0x5c
}
h := sha1.New()
h.Write(append(a, payload...))
tmp := h.Sum(nil)
h.Reset()
h.Write(append(b, tmp...))
return h.Sum(nil)[:12]
}