Rsa Encryption, probably bugged

2023-12-08 20:39:52 +01:00
parent 6dfdd7f459
commit ca9320f5ee
9 changed files with 398 additions and 172 deletions
--- a/internal/common/constants.go
+++ b/internal/common/constants.go
@@ -0,0 +1,23 @@
+package common
+
+const PacketSize = 504
+
+const (
+	HeaderSize       int = 1 + 4
+	SecureHeaderSize int = 24 + 8 + 4
+)
+
+const MaxDataSize = PacketSize - HeaderSize - SecureHeaderSize - 16 // AEAD Overhead
+
+type SessionID [8]byte
+
+type HeaderFlag uint8
+
+const (
+	Request HeaderFlag = iota
+	PTE     HeaderFlag = iota
+	Ack     HeaderFlag = iota
+	File    HeaderFlag = iota
+	End     HeaderFlag = iota
+	Resend  HeaderFlag = iota
+)
--- a/internal/common/packets.go
+++ b/internal/common/packets.go
@@ -5,27 +5,8 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
-
-	"golang.org/x/crypto/chacha20poly1305"
 )

-const PacketSize = 504
-
-const HeaderSize int = 1 + 4
-const SecureHeaderSize int = 1 + 24 + 8 + 4
-
-const MaxDataSize = PacketSize - HeaderSize - SecureHeaderSize - 16 // AEAD Overhead
-
-type SessionID [8]byte
-
-type SecurePacket struct {
-	IsRsa         byte // 0 = false everything else is true
-	Nonce         [24]byte
-	Sid           SessionID
-	DataLength    uint32
-	EncryptedData []byte
-}
-
 type Packet struct {
 	Flag HeaderFlag
 	Sync uint32
@@ -36,88 +17,6 @@ type Packet struct {
 	DataLength uint32
 }

-func NewSymetricSecurePacket(key [32]byte, pck *Packet) *SecurePacket {
-	sid := pck.Sid
-	data := pck.ToBytes()
-	aead, err := chacha20poly1305.NewX(key[:])
-	if err != nil {
-		panic(err)
-	}
-
-	nonce := make([]byte, 24)
-	if _, err = rand.Read(nonce); err != nil {
-		panic(err)
-	}
-
-	encrypted := make([]byte, len(data)+aead.Overhead())
-	encrypted = aead.Seal(nil, nonce, data, nil)
-
-	return &SecurePacket{
-		IsRsa:         0,
-		Nonce:         [24]byte(nonce),
-		Sid:           sid,
-		DataLength:    uint32(len(encrypted)),
-		EncryptedData: encrypted,
-	}
-}
-
-func SecurePacketFromBytes(bytes []byte) SecurePacket {
-	isRsa := bytes[0]
-	nonce := bytes[1:25]
-	sid := SessionID(bytes[25:33])
-	length := binary.LittleEndian.Uint32(bytes[33:37])
-	enc := bytes[37 : SecureHeaderSize+int(length)]
-
-	return SecurePacket{
-		IsRsa:         isRsa,
-		Nonce:         [24]byte(nonce),
-		Sid:           sid,
-		DataLength:    length,
-		EncryptedData: enc,
-	}
-}
-
-func (secPck *SecurePacket) ToBytes() []byte {
-	encSize := int(secPck.DataLength)
-
-	arr := make([]byte, SecureHeaderSize+encSize)
-	arr[0] = secPck.IsRsa
-	copy(arr[1:25], secPck.Nonce[:])
-	copy(arr[25:33], secPck.Sid[:])
-	binary.LittleEndian.PutUint32(arr[33:37], secPck.DataLength)
-	copy(arr[37:SecureHeaderSize+encSize], secPck.EncryptedData)
-
-	return arr
-}
-
-func (secPck *SecurePacket) ExtractPacket(key [32]byte) (Packet, error) {
-	aead, err := chacha20poly1305.NewX(key[:])
-	if err != nil {
-		panic(err)
-	}
-	data, err := aead.Open(nil, secPck.Nonce[:], secPck.EncryptedData, nil)
-	if err != nil {
-		return Packet{}, err
-	}
-	// fmt.Println(data)
-	packet := PacketFromBytes(data, secPck.DataLength-uint32(HeaderSize)-uint32(aead.Overhead()), secPck.Sid)
-	return packet, nil
-}
-
-func NewRsaPacket(sid SessionID, key [32]byte) *SecurePacket {
-	return &SecurePacket{
-		IsRsa:         1,
-		Nonce:         [24]byte(make([]byte, 24)),
-		Sid:           sid,
-		EncryptedData: key[:],
-		DataLength:    32,
-	}
-}
-
-func (secPck *SecurePacket) ExtractKey( /*RSA HERE LATER*/ ) []byte {
-	return secPck.EncryptedData[:32]
-}
-
 func PacketFromBytes(bytes []byte, dataLength uint32, sid SessionID) Packet {
 	flag := HeaderFlag(bytes[0])
 	sync := binary.LittleEndian.Uint32(bytes[1:5])
@@ -240,14 +139,3 @@ func (pck *Packet) ToBytes() []byte {

 	return arr
 }
-
-type HeaderFlag uint8
-
-const (
-	Request HeaderFlag = iota
-	PTE     HeaderFlag = iota
-	Ack     HeaderFlag = iota
-	File    HeaderFlag = iota
-	End     HeaderFlag = iota
-	Resend  HeaderFlag = iota
-)
--- a/internal/common/packets_test.go
+++ b/internal/common/packets_test.go
@@ -55,9 +55,42 @@ func TestSymetricSecurePacket(t *testing.T) {
 		DataLength: 3,
 	}

-	key := [32]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
+	key := [32]byte{
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+		1,
+	}

-	secPck := NewSymetricSecurePacket(key, &expect)
+	secPck := NewSymmetricSecurePacket(key, &expect)

 	packet, err := secPck.ExtractPacket(key)
 	if err != nil {
@@ -71,8 +104,6 @@ func TestSymetricSecurePacket(t *testing.T) {

 func TestSecurePacketFromBytes(t *testing.T) {
 	bytes := []byte{
-		//IsRsa
-		0,
 		// Nonce
 		1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
 		// Sid
@@ -83,16 +114,44 @@ func TestSecurePacketFromBytes(t *testing.T) {
 		101, 10, 1,
 	}

-	secPck := SecurePacketFromBytes(bytes)
-
 	expect := SecurePacket{
-		IsRsa:         0,
-		Nonce:         [24]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
+		Nonce: [24]byte{
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+		},
 		Sid:           [8]byte{255, 255, 255, 255, 255, 255, 255, 255},
 		DataLength:    3,
 		EncryptedData: []byte{101, 10, 1},
 	}

+	secPck, err := SecurePacketFromBytes(bytes)
+
+	if err != nil {
+		t.Fail()
+	}
+
 	if !cmp.Equal(secPck, expect) {
 		t.Fail()
 	}
@@ -100,8 +159,6 @@ func TestSecurePacketFromBytes(t *testing.T) {

 func TestSecurePacketToBytes(t *testing.T) {
 	expect := []byte{
-		//IsRsa
-		0,
 		// Nonce
 		1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
 		// Sid
@@ -113,8 +170,32 @@ func TestSecurePacketToBytes(t *testing.T) {
 	}

 	secPck := SecurePacket{
-		IsRsa:         0,
-		Nonce:         [24]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1},
+		Nonce: [24]byte{
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+			1,
+		},
 		Sid:           [8]byte{255, 255, 255, 255, 255, 255, 255, 255},
 		DataLength:    3,
 		EncryptedData: []byte{101, 10, 1},
--- a/internal/common/rsapacket.go
+++ b/internal/common/rsapacket.go
@@ -0,0 +1,63 @@
+package common
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"encoding/binary"
+)
+
+type RsaPacket struct {
+	Sid          SessionID
+	DataLength   uint32
+	EncryptedKey []byte
+}
+
+func NewRsaPacket(pubKey *rsa.PublicKey, key [32]byte, sid SessionID) (*RsaPacket, error) {
+	enc, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, pubKey, key[:], nil)
+	if err != nil {
+		return nil, err
+	}
+
+	pck := RsaPacket{
+		Sid:          sid,
+		DataLength:   uint32(len(enc)),
+		EncryptedKey: enc,
+	}
+
+	return &pck, nil
+}
+
+func (rsaPck *RsaPacket) ToBytes() []byte {
+	bytes := make([]byte, rsaPck.DataLength+8+4)
+	copy(bytes[0:8], rsaPck.Sid[:])
+	binary.LittleEndian.PutUint32(bytes[8:12], rsaPck.DataLength)
+	copy(bytes[12:], rsaPck.EncryptedKey[:])
+	return bytes
+}
+
+func RsaPacketFromBytes(bytes []byte) *RsaPacket {
+	sid := SessionID(bytes[0:8])
+	dLen := binary.LittleEndian.Uint32(bytes[8:12])
+	data := bytes[12 : 12+dLen]
+
+	return &RsaPacket{
+		Sid:          sid,
+		DataLength:   dLen,
+		EncryptedKey: data,
+	}
+}
+
+func (rsaPck *RsaPacket) ExtractKey(priv *rsa.PrivateKey) ([32]byte, error) {
+	// key, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, priv, rsaPck.EncryptedKey, nil)
+	key, err := priv.Decrypt(
+		rand.Reader,
+		rsaPck.EncryptedKey,
+		&rsa.OAEPOptions{Hash: crypto.SHA256},
+	)
+	if err != nil {
+		return [32]byte{}, err
+	}
+	return [32]byte(key[0:32]), nil
+}
--- a/internal/common/securepacket.go
+++ b/internal/common/securepacket.go
@@ -0,0 +1,87 @@
+package common
+
+import (
+	"crypto/rand"
+	"encoding/binary"
+	"errors"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+type SecurePacket struct {
+	Nonce         [24]byte
+	Sid           SessionID
+	DataLength    uint32
+	EncryptedData []byte
+}
+
+func NewSymmetricSecurePacket(key [32]byte, pck *Packet) *SecurePacket {
+	sid := pck.Sid
+	data := pck.ToBytes()
+	aead, err := chacha20poly1305.NewX(key[:])
+	if err != nil {
+		panic(err)
+	}
+
+	nonce := make([]byte, 24)
+	if _, err = rand.Read(nonce); err != nil {
+		panic(err)
+	}
+
+	encrypted := make([]byte, len(data)+aead.Overhead())
+	encrypted = aead.Seal(nil, nonce, data, nil)
+
+	return &SecurePacket{
+		Nonce:         [24]byte(nonce),
+		Sid:           sid,
+		DataLength:    uint32(len(encrypted)),
+		EncryptedData: encrypted,
+	}
+}
+
+func SecurePacketFromBytes(bytes []byte) (*SecurePacket, error) {
+	nonce := bytes[:24]
+	sid := SessionID(bytes[24:32])
+	length := binary.LittleEndian.Uint32(bytes[32:36])
+	if SecureHeaderSize+int(length) > PacketSize {
+		return nil, errors.New("Packet too large")
+	}
+	enc := bytes[36 : SecureHeaderSize+int(length)]
+
+	return &SecurePacket{
+		Nonce:         [24]byte(nonce),
+		Sid:           sid,
+		DataLength:    length,
+		EncryptedData: enc,
+	}, nil
+}
+
+func (secPck *SecurePacket) ToBytes() []byte {
+	encSize := int(secPck.DataLength)
+
+	arr := make([]byte, SecureHeaderSize+encSize)
+	copy(arr[0:24], secPck.Nonce[:])
+	copy(arr[24:32], secPck.Sid[:])
+	binary.LittleEndian.PutUint32(arr[32:36], secPck.DataLength)
+	copy(arr[36:SecureHeaderSize+encSize], secPck.EncryptedData)
+
+	return arr
+}
+
+func (secPck *SecurePacket) ExtractPacket(key [32]byte) (Packet, error) {
+	aead, err := chacha20poly1305.NewX(key[:])
+	if err != nil {
+		panic(err)
+	}
+	data, err := aead.Open(nil, secPck.Nonce[:], secPck.EncryptedData, nil)
+	if err != nil {
+		return Packet{}, err
+	}
+	// fmt.Println(data)
+	packet := PacketFromBytes(
+		data,
+		secPck.DataLength-uint32(HeaderSize)-uint32(aead.Overhead()),
+		secPck.Sid,
+	)
+	return packet, nil
+}