go code splitted, random permutation and user storing array created, …

…padding changed

README.md

@@ -269,7 +269,7 @@ Connection can be done via network surface or directly to a node (http://[NODE_I
 
 ### Considerations
 
-1. Use a library for `iptables` management in `caerulean/whirlpool` - if some other types of operations (not adding) are required; same about `ip route` and regex in `main/console.go`.
+1. Use a library for `iptables` management in `caerulean/whirlpool` - if some other types of operations (not adding) are required; same about `ip route` and regex in `whirlpool/console.go`.
    If so, consider also environment restoration in the end of main in `main.go`.
 
 ### Current goals

caerulean/whirlpool/Dockerfile

@@ -1,20 +1,21 @@
-FROM golang:1.19-alpine3.17 as builder
+FROM golang:1.20-alpine3.17 as builder
 
 WORKDIR /seaside/caerulean
 
 RUN apk add --no-cache protobuf protobuf-dev
 RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
 
-COPY caerulean/whirlpool/go.* ./
-RUN go get ./...
-
 COPY vessels ./vessels
 RUN protoc -I=vessels --go_out=. --experimental_allow_proto3_optional vessels/*.proto
 
-COPY caerulean/whirlpool/main ./
-RUN go get main/m/v2
+COPY caerulean/whirlpool/go.mod ./
+COPY caerulean/whirlpool/sources ./sources
+COPY caerulean/whirlpool/crypto ./crypto
+COPY caerulean/whirlpool/users ./users
+COPY caerulean/whirlpool/utils ./utils
+RUN go get ./... && go mod tidy
 
-RUN go build -o whirlpool.run
+RUN go build -o whirlpool.run ./sources
 
 
 FROM alpine:3.17 as default
@@ -34,12 +35,13 @@ ENV SURFACE none
 ENV SEA_PORT 8542
 ENV CTRL_PORT 8543
 ENV NET_PORT 8587
-ENV RSA_LENGTH 512
+ENV MAX_USERS 10
+ENV MAX_ADMINS 5
 
 EXPOSE $SEA_PORT/udp
 EXPOSE $CTRL_PORT/tcp
 EXPOSE $NET_PORT/tcp
-ENTRYPOINT ./whirlpool.run -a $ADDRESS -e $EXTERNAL -s $SURFACE -p $SEA_PORT -c $CTRL_PORT -n $NET_PORT -u $MAX_USERS -o $OWNER_KEY
+ENTRYPOINT ./whirlpool.run -a $ADDRESS -e $EXTERNAL -s $SURFACE -p $SEA_PORT -c $CTRL_PORT -n $NET_PORT -o $OWNER_KEY
 
 # TODO: after docker engine 25 is out, change to: --interval=1m --timeout=1s --retries=3 --start-period=10s --start-interval=3s
-HEALTHCHECK --interval=3s --timeout=1s --retries=3 --start-period=10s CMD wget -qO- http://$ADDRESS:$NET_PORT/public | wc -c | xargs test $RSA_LENGTH -lt
+HEALTHCHECK --interval=3s --timeout=1s --retries=3 --start-period=10s CMD wget -qO- http://$ADDRESS:$NET_PORT/public | wc -c | xargs test 512 -lt

caerulean/whirlpool/Makefile

@@ -5,7 +5,7 @@ EXECUTABLE_NAME = whirlpool.run
 build:
 	go mod tidy
 	protoc -I=../../ --go_out=. ../../vessels/*.proto
-	go build -o build/$(EXECUTABLE_NAME) ./main
+	go build -o build/$(EXECUTABLE_NAME) ./sources
 .PHONY: build
 
 save:
@@ -22,7 +22,7 @@ restore:
 
 lint:
 	golint .
-	go fmt ./main
+	go fmt ./sources
 .PHONY: lint
 
 clean:

caerulean/whirlpool/main/crypto.go → caerulean/whirlpool/crypto/asymm.go

@@ -1,27 +1,38 @@
-package main
+package crypto
 
 import (
 	"bytes"
-	"crypto/cipher"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"errors"
+	"main/utils"
 
+	"github.com/sirupsen/logrus"
 	"github.com/zenazn/pkcs7pad"
-	"golang.org/x/crypto/chacha20poly1305"
 )
 
 const (
-	RSA_BLOCK_DATA_SIZE = 128
+	RSA_BIT_LENGTH      = 4096
+	RSA_BLOCK_DATA_SIZE = 223
 	RSA_BLOCK_HASH_SIZE = 32
 )
 
+var RSA_NODE_KEY *rsa.PrivateKey
+
+func init() {
+	var err error
+	RSA_NODE_KEY, err = rsa.GenerateKey(rand.Reader, RSA_BIT_LENGTH)
+	if err != nil {
+		logrus.Fatalln("error generating RSA node key:", err)
+	}
+}
+
 func ParsePublicKey(rawKey []byte) (*rsa.PublicKey, error) {
 	decodedKey, err := x509.ParsePKIXPublicKey(rawKey)
 	if err != nil {
-		return nil, err
+		return nil, utils.JoinError("RSA public key parsing error", err)
 	}
 
 	rsaPublicKey, ok := decodedKey.(*rsa.PublicKey)
@@ -35,12 +46,13 @@ func ParsePublicKey(rawKey []byte) (*rsa.PublicKey, error) {
 func EncryptRSA(plaintext []byte, key *rsa.PublicKey) ([]byte, error) {
 	ciphertext, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, key, plaintext, nil)
 	if err != nil {
-		return nil, err
+		return nil, utils.JoinError("RSA encryption error", err)
 	}
 
 	return ciphertext, nil
 }
 
+// TODO: CBC
 func DecryptBlockRSA(ciphertext []byte, key *rsa.PrivateKey) (plaintext []byte, err error) {
 	blockSize := RSA_BIT_LENGTH / 8
 	blockNum := len(ciphertext) / blockSize
@@ -56,7 +68,7 @@ func DecryptBlockRSA(ciphertext []byte, key *rsa.PrivateKey) (plaintext []byte,
 
 		block, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, key, ciphertext[rl:ru], nil)
 		if err != nil {
-			return nil, JoinError("RSA step decryption error", i, err)
+			return nil, utils.JoinError("RSA step decryption error", i, err)
 		}
 
 		initialVector = block[:RSA_BLOCK_HASH_SIZE]
@@ -65,7 +77,7 @@ func DecryptBlockRSA(ciphertext []byte, key *rsa.PrivateKey) (plaintext []byte,
 
 	plaintext, err = pkcs7pad.Unpad(decrypted)
 	if err != nil {
-		return nil, JoinError("padding error", err)
+		return nil, utils.JoinError("padding error", err)
 	}
 
 	hash := sha256.New()
@@ -78,49 +90,3 @@ func DecryptBlockRSA(ciphertext []byte, key *rsa.PrivateKey) (plaintext []byte,
 
 	return plaintext, nil
 }
-
-func GenerateSymmetricalAlgorithm() (cipher.AEAD, []byte, error) {
-	key := make([]byte, chacha20poly1305.KeySize)
-	if _, err := rand.Read(key); err != nil {
-		return nil, nil, err
-	}
-
-	aead, err := chacha20poly1305.NewX(key)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return aead, key, nil
-}
-
-func ParseSymmetricalAlgorithm(key []byte) (cipher.AEAD, error) {
-	aead, err := chacha20poly1305.NewX(key)
-	if err != nil {
-		return nil, err
-	}
-
-	return aead, nil
-}
-
-func EncryptSymmetrical(plaintext []byte, aead cipher.AEAD) ([]byte, error) {
-	nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(plaintext)+aead.Overhead())
-	if _, err := rand.Read(nonce); err != nil {
-		return nil, err
-	}
-
-	return aead.Seal(nonce, nonce, plaintext, nil), nil
-}
-
-func DecryptSymmetrical(ciphertext []byte, aead cipher.AEAD) ([]byte, error) {
-	if len(ciphertext) < aead.NonceSize() {
-		return nil, errors.New("ciphertext too short")
-	}
-
-	nonce, ciphertext := ciphertext[:aead.NonceSize()], ciphertext[aead.NonceSize():]
-	result, err := aead.Open(nil, nonce, ciphertext, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	return result, nil
-}

caerulean/whirlpool/main/obscure.go → caerulean/whirlpool/crypto/obscure.go

@@ -1,15 +1,17 @@
-package main
+package crypto
 
 import (
 	"crypto/rand"
 	"encoding/binary"
 	"errors"
+	"main/utils"
 )
 
 var GRAVITY byte
 
+// TODO: clean
 func Obfuscate(data []byte, userID *uint16, addTail bool) ([]byte, error) {
-	proposedTailLength := (RandInt() % 256) >> 1
+	proposedTailLength := (utils.RandInt() % 256) >> 1
 	actualTailLength := 0
 	if addTail {
 		actualTailLength = proposedTailLength
@@ -54,7 +56,3 @@ func Deobfuscate(data []byte, addTail bool) ([]byte, *uint16, error) {
 		return data[1:payload_end], nil, nil
 	}
 }
-
-func RandomPermute(number int) int {
-	return number + 5
-}

caerulean/whirlpool/crypto/symm.go

@@ -0,0 +1,61 @@
+package crypto
+
+import (
+	"crypto/cipher"
+	"crypto/rand"
+	"errors"
+	"main/utils"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+var (
+	SYMM_NODE_KEY  []byte
+	SYMM_NODE_AEAD cipher.AEAD
+)
+
+func GenerateSymmetricalAlgorithm() (cipher.AEAD, []byte, error) {
+	key := make([]byte, chacha20poly1305.KeySize)
+	if _, err := rand.Read(key); err != nil {
+		return nil, nil, utils.JoinError("symmetrical key reading error", err)
+	}
+
+	aead, err := chacha20poly1305.NewX(key)
+	if err != nil {
+		return nil, nil, utils.JoinError("symmetrical key creation error", err)
+	}
+
+	return aead, key, nil
+}
+
+func ParseSymmetricalAlgorithm(key []byte) (cipher.AEAD, error) {
+	aead, err := chacha20poly1305.NewX(key)
+	if err != nil {
+		return nil, utils.JoinError("symmetrical key parsing error", err)
+	}
+
+	return aead, nil
+}
+
+func EncryptSymmetrical(plaintext []byte, aead cipher.AEAD) ([]byte, error) {
+	nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(plaintext)+aead.Overhead())
+	if _, err := rand.Read(nonce); err != nil {
+		return nil, utils.JoinError("symmetrical encryption error", err)
+	}
+
+	return aead.Seal(nonce, nonce, plaintext, nil), nil
+}
+
+func DecryptSymmetrical(ciphertext []byte, aead cipher.AEAD) ([]byte, error) {
+	if len(ciphertext) < aead.NonceSize() {
+		return nil, errors.New("ciphertext too short")
+	}
+
+	nonce, ciphertext := ciphertext[:aead.NonceSize()], ciphertext[aead.NonceSize():]
+	result, err := aead.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		return nil, utils.JoinError("symmetrical decryption error", err)
+	}
+
+	return result, nil
+}

caerulean/whirlpool/go.mod

@@ -1,4 +1,4 @@
-module main/m/v2
+module main
 
 go 1.18