This repository has been archived by the owner on Mar 28, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 69
/
hKex.go
74 lines (58 loc) · 2.3 KB
/
hKex.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package crypt
import (
"encoding/hex"
"net/http"
"time"
"github.com/seknox/trasa/server/global"
"github.com/seknox/trasa/server/utils"
"github.com/sirupsen/logrus"
)
type KexRequest struct {
// Intent of kex, example - KEX_EXPORT_DH, KEX_ENROL_DEVICE, KEX_HTTP_SR
Intent string `json:"intent"`
// IntentID is unique identifier for key exchange process. Should be trasaID in KEX_ENROL_DEVICE and sessionID in case of other intents
IntentID string `json:"intentID"`
// Unique id of device which is making kex request. Machine ID can be used here?
DeviceID string `json:"deviceID"`
// Public key of client
PublicKey string `json:"publicKey"`
}
// Kex expects (1) intent, intentID and public key of client, (2) generates server keypair (3) generates secret key (4) store secret key in ecdhKexDerivedKey map and (5) resopods with public key received in step 2.
// This handler is only to be used be client side flow i.e. kex request initiated by client. eg. device register process.
func Kex(w http.ResponseWriter, r *http.Request) {
logrus.Trace("kex request received")
var req KexRequest
if err := utils.ParseAndValidateRequest(r, &req); err != nil {
logrus.Error(err)
utils.TrasaResponse(w, 200, "success", "invalid request", "Kex", nil)
return
}
// TODO imp!! @bhrg3se, if intent is not KEX_ENROL_DEVICE and deviceID is not present in device table, exit this handler.
// generate our keypair
priv, pub, err := utils.ECDHGenKeyPair()
if err != nil {
logrus.Error(err)
utils.TrasaResponse(w, 200, "failed", "failed to generate key pair", "Kex", nil)
return
}
pubKeyBytes, err := hex.DecodeString(req.PublicKey)
if err != nil {
logrus.Error(err)
utils.TrasaResponse(w, 200, "failed", "failed to decode public key", "Kex", nil)
return
}
var clientPublicKey [32]byte
copy(clientPublicKey[:], pubKeyBytes)
// gen secret
sec := utils.ECDHComputeSecret(priv, &clientPublicKey)
//logrus.Trace("our secret: ", hex.EncodeToString(sec))
var kexData = global.KexDerivedKey{
DeviceID: req.DeviceID,
Secretkey: sec,
Timestamp: time.Now().Unix(),
}
// store secret in ECDHKexDerivedKey
global.ECDHKexDerivedKey[req.IntentID] = kexData
// respond with our public key
utils.TrasaResponseWithDataString(w, 200, "success", "kex process completed on server", "Kex", hex.EncodeToString(pub[:]))
}