~moody/libdp9ik

a2a95b2d0548d7fcddbc1f069dc247f36034d1a3 — Jacob Moody 7 months ago
Initial commit
authpah_hash works but not much else
12 files changed, 624 insertions(+), 0 deletions(-)

A LICENSE
A auth.go
A auth_test.go
A crypt.go
A elligator2.go
A go.mod
A go.sum
A p9any.go
A p9any_test.go
A spake2ee.go
A spake2ee_test.go
A ticket.go
A  => LICENSE +7 -0
@@ 1,7 @@
Copyright 2020 Jacob Moody

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE

A  => auth.go +69 -0
@@ 1,69 @@
package libdp9ik

import (
	"crypto/sha256"
	"math/big"

	"golang.org/x/crypto/hkdf"
)

type AuthInfo struct {
	Cuid       string /* caller id */
	Suid       string /* server id */
	Capability string /* capability (only valid on server side) */
	Secret     []byte /* secret */
}

type AuthKey struct {
	Des     [Deskeylen]byte  /* DES key from password */
	Aes     [Aeskeylen]byte  /* Aes key from password */
	Pakkey  [Pakkeylen]byte  /* shared key from AuthPak exchange */
	Pakhash [Pakhashlen]byte /* secret hash from AES key and user name */
}

func (ak *AuthKey) Passtokey(pw string) {
	//TODO: p9sk1 DES
	copy(ak.Aes[:], passtoaeskey(pw))
}

func (ak *AuthKey) AuthpakHash(u []byte) error {
	info := []byte("Plan 9 AuthPAK hash")

	H := big.NewInt(0)
	PX := big.NewInt(0)
	PY := big.NewInt(0)
	PZ := big.NewInt(0)
	PT := big.NewInt(0)

	h := make([]byte, 2*Pakslen)

	salt := sha256.Sum256(u)
	hr := hkdf.New(sha256.New, ak.Aes[:], salt[:], info)
	_, err := hr.Read(h)
	if err != nil {
		return err
	}

	c := GPAKCurve
	H = H.SetBytes(h[:Pakslen])
	Spake2ee_h2P(c.P, c.A, c.D, H, PX, PY, PZ, PT)

	n := 0
	move := func(b *big.Int) {
		b.FillBytes(ak.Pakhash[n : n+Pakslen])
		n += Pakslen
	}
	move(PX)
	move(PY)
	move(PZ)
	move(PT)

	H = H.SetBytes(h[Pakslen:])
	Spake2ee_h2P(c.P, c.A, c.D, H, PX, PY, PZ, PT)
	move(PX)
	move(PY)
	move(PZ)
	move(PT)

	return nil
}

A  => auth_test.go +30 -0
@@ 1,30 @@
package libdp9ik_test

import (
	"bytes"
	"testing"

	auth "git.sr.ht/~moody/libdp9ik"
)

func TestPasstokey(t *testing.T) {
	a := &auth.AuthKey{}
	a.Passtokey("password")
	correct := []byte{21, 209, 50, 86, 52, 66, 17, 229, 108, 82, 245, 12, 83, 157, 226, 35}
	if bytes.Compare(a.Aes[:], correct) != 0 {
		t.Fatalf("Expected %v\nGot %v\n", correct, a.Aes)
	}
}

func TestAuthPakHash(t *testing.T) {
	a := &auth.AuthKey{}
	a.Passtokey("password")
	err := a.AuthpakHash([]byte("user"))
	if err != nil {
		t.Fatal(err)
	}
	correct := []byte{158, 20, 24, 41, 20, 191, 182, 174, 93, 77, 203, 21, 104, 75, 81, 147, 102, 204, 17, 35, 142, 237, 82, 202, 73, 59, 59, 48, 147, 197, 206, 191, 164, 38, 7, 243, 132, 15, 66, 26, 168, 181, 216, 197, 63, 142, 56, 0, 5, 127, 179, 42, 252, 236, 154, 194, 253, 169, 161, 111, 16, 254, 116, 191, 63, 167, 22, 241, 72, 56, 43, 180, 226, 98, 195, 142, 137, 74, 152, 114, 231, 240, 50, 154, 227, 78, 175, 182, 12, 189, 53, 109, 73, 131, 25, 247, 183, 15, 161, 161, 40, 192, 148, 194, 45, 127, 98, 101, 99, 159, 188, 24, 106, 114, 106, 131, 87, 101, 200, 67, 88, 39, 195, 66, 123, 216, 167, 39, 69, 78, 61, 114, 26, 112, 250, 104, 54, 60, 7, 205, 18, 74, 61, 72, 203, 83, 161, 176, 211, 228, 14, 232, 87, 90, 110, 110, 10, 171, 205, 185, 207, 46, 105, 197, 242, 177, 39, 119, 22, 196, 252, 34, 26, 10, 98, 84, 166, 255, 152, 223, 236, 234, 170, 226, 42, 247, 92, 15, 111, 112, 108, 156, 67, 209, 251, 102, 215, 195, 119, 128, 151, 51, 234, 213, 9, 112, 96, 38, 109, 192, 59, 55, 209, 128, 209, 92, 63, 197, 27, 235, 163, 182, 179, 128, 93, 159, 158, 245, 128, 1, 35, 145, 103, 149, 127, 216, 0, 75, 5, 112, 126, 29, 120, 56, 48, 114, 152, 159, 119, 190, 212, 221, 201, 239, 183, 12, 227, 156, 176, 224, 238, 187, 151, 15, 183, 241, 103, 147, 190, 98, 146, 249, 184, 112, 245, 149, 197, 41, 190, 120, 13, 79, 201, 81, 17, 158, 193, 255, 168, 200, 179, 158, 151, 110, 6, 224, 22, 134, 100, 115, 177, 49, 113, 172, 181, 137, 143, 82, 220, 157, 89, 47, 224, 82, 60, 193, 196, 51, 158, 24, 51, 57, 0, 173, 48, 41, 194, 249, 2, 9, 182, 11, 201, 110, 139, 213, 240, 134, 40, 138, 99, 242, 89, 96, 22, 156, 250, 99, 147, 157, 0, 124, 199, 83, 224, 184, 97, 134, 59, 66, 49, 215, 128, 42, 211, 58, 235, 131, 176, 184, 201, 3, 16, 72, 17, 96, 221, 89, 1, 61, 104, 104, 153, 222, 25, 230, 106, 228, 124, 136, 108, 108, 12, 66, 100, 35, 193, 198, 5, 186, 50, 139, 171, 53, 89, 58, 126, 206, 62, 113, 241, 36, 46, 243, 28, 175, 180, 90, 219, 214, 178, 104, 197, 21, 56, 183, 162, 211, 205, 26, 79, 1, 54, 147, 189, 23, 188, 232, 82, 240, 184, 41, 245, 124, 18, 71, 44, 177}
	if bytes.Compare(correct, a.Pakhash[:]) != 0 {
		t.Fatalf("Expected %v\nGot %v\n", correct, a.Pakhash)
	}
}

A  => crypt.go +46 -0
@@ 1,46 @@
package libdp9ik

import (
	"crypto/sha1"
	"math/big"

	"golang.org/x/crypto/pbkdf2"
)

func passtoaeskey(passwd string) []byte {
	return pbkdf2.Key([]byte(passwd), []byte("Plan 9 key derivation"), 9001, Aeskeylen, sha1.New)
}

type PAKCurve struct {
	P *big.Int
	A *big.Int
	D *big.Int
	X *big.Int
	Y *big.Int
}

const (
	//see drawterm/libauthsrv/ed448.mpc
	edP0 = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	edA0 = 1
	edD0 = -39081
	edX0 = "297EA0EA2692FF1B4FAFF46098453A6A26ADF733245F065C3C59D0709CECFA96147EAAF3932D94C63D96C170033F4BA0C7F0DE840AED939F"
	edY0 = 13
)

//GPAKCurve is to be used as readonly
var GPAKCurve *PAKCurve = func() *PAKCurve {
	c := &PAKCurve{
		&big.Int{},
		&big.Int{},
		&big.Int{},
		&big.Int{},
		&big.Int{},
	}
	c.P.SetString(edP0, 16)
	c.A.SetInt64(edA0)
	c.D.SetInt64(edD0)
	c.X.SetString(edX0, 16)
	c.Y.SetInt64(edY0)
	return c
}()

A  => elligator2.go +137 -0
@@ 1,137 @@
package libdp9ik

import (
	"math/big"
)

func modmul(b1 *big.Int, b2 *big.Int, m *big.Int, r *big.Int) {
	r.Mul(b1, b2)
	r.Mod(r, m)
}

func modadd(b1 *big.Int, b2 *big.Int, m *big.Int, r *big.Int) {
	r.Add(b1, b2)
	r.Mod(r, m)
}

func modsub(b1 *big.Int, b2 *big.Int, m *big.Int, r *big.Int) {
	r.Sub(b1, b2)
	r.Mod(r, m)
}

func misqrt(a *big.Int, p *big.Int, r *big.Int) {
	e := big.NewInt(0)
	tmp1 := big.NewInt(4)
	tmp1.Mod(p, tmp1)
	tmp2 := big.NewInt(3)
	if tmp1.Cmp(tmp2) == 0 {
		e.SetUint64(3)
		e.Sub(p, e)
		e.Rsh(e, 2)
		r.Exp(a, e, p)
	} else {
		r.ModSqrt(a, p)
		if r.Cmp(big.NewInt(0)) != 0 {
			r.ModInverse(r, p)
		}
	}
}

//Probably not safe from timing attacks
func elligator2(p *big.Int, a *big.Int, d *big.Int, n *big.Int, r0 *big.Int, X *big.Int, Y *big.Int, Z *big.Int, T *big.Int) {
	t := big.NewInt(0)
	s := big.NewInt(0)
	e := big.NewInt(0)
	c := big.NewInt(0)
	ND := big.NewInt(0)
	N := big.NewInt(0)
	D := big.NewInt(0)
	r := big.NewInt(0)
	tmp1 := big.NewInt(0)

	modmul(n, r0, p, tmp1)
	modmul(tmp1, r0, p, r)
	tmp1.SetInt64(0)
	modmul(d, r, p, tmp1)
	modadd(tmp1, a, p, tmp1)
	modsub(tmp1, d, p, tmp1)
	tmp2 := big.NewInt(0)
	modmul(d, r, p, tmp2)
	tmp3 := big.NewInt(0)
	modmul(a, r, p, tmp3)
	modsub(tmp2, tmp3, p, tmp2)
	modsub(tmp2, d, p, tmp2)
	modmul(tmp1, tmp2, p, D)
	tmp2.SetInt64(0)
	modadd(r, big.NewInt(1), p, tmp2)
	tmp1.SetInt64(0)
	modadd(d, d, p, tmp1)
	modsub(a, tmp1, p, tmp1)
	modmul(tmp2, tmp1, p, N)
	modmul(N, D, p, ND)
	if ND.Cmp(big.NewInt(0)) == 0 {
		c.SetInt64(1)
		e.SetInt64(0)
	} else {
		e.ModSqrt(ND, p)
		if e.Cmp(big.NewInt(0)) != 0 {
			c.SetInt64(1)
			e.ModInverse(e, p)
		} else {
			modsub(big.NewInt(0), big.NewInt(1), p, c)
			tmp4 := big.NewInt(0)
			modmul(n, r0, p, tmp4)
			tmp5 := big.NewInt(0)
			tmp6 := big.NewInt(0)
			modmul(n, ND, p, tmp6)
			misqrt(tmp6, p, tmp5)
			modmul(tmp4, tmp5, p, e)
		}
	}
	tmp1.SetInt64(0)
	modmul(c, N, p, tmp1)
	modmul(tmp1, e, p, s)
	tmp1.SetInt64(0)
	tmp2.SetInt64(0)
	modmul(c, N, p, tmp2)
	tmp3.SetInt64(0)
	modsub(r, big.NewInt(1), p, tmp3)
	modmul(tmp2, tmp3, p, tmp1)
	tmp3.SetInt64(0)
	tmp2.SetInt64(0)
	modadd(d, d, p, tmp2)
	modsub(a, tmp2, p, tmp2)
	modmul(tmp2, e, p, tmp3)
	modmul(tmp3, tmp3, p, tmp3)
	modmul(tmp1, tmp3, p, t)
	modsub(big.NewInt(0), t, p, t)
	modsub(t, big.NewInt(1), p, t)
	tmp3.SetInt64(0)
	modadd(s, s, p, tmp3)
	modmul(tmp3, t, p, X)
	tmp3.SetInt64(0)
	tmp1.SetInt64(0)
	modmul(a, s, p, tmp1)
	modmul(tmp1, s, p, tmp3)
	modsub(big.NewInt(1), tmp3, p, tmp3)
	tmp1.SetInt64(0)
	tmp2.SetInt64(0)
	modmul(a, s, p, tmp2)
	modmul(tmp2, s, p, tmp1)
	modadd(big.NewInt(1), tmp1, p, tmp1)
	modmul(tmp3, tmp1, p, Y)
	tmp1.SetInt64(0)
	tmp3.SetInt64(0)
	modmul(a, s, p, tmp3)
	modmul(tmp3, s, p, tmp1)
	modadd(big.NewInt(1), tmp1, p, tmp1)
	modmul(tmp1, t, p, Z)
	tmp1.SetInt64(0)
	modadd(s, s, p, tmp1)
	tmp3.SetInt64(0)
	tmp2.SetInt64(0)
	modmul(a, s, p, tmp2)
	modmul(tmp2, s, p, tmp3)
	modsub(big.NewInt(1), tmp3, p, tmp3)
	modmul(tmp1, tmp3, p, T)
}

A  => go.mod +8 -0
@@ 1,8 @@
module git.sr.ht/~moody/libdp9ik

go 1.15

require (
	github.com/otrv4/ed448 v0.0.0-20200323231521-cbd7e88467e9
	golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
)

A  => go.sum +57 -0
@@ 1,57 @@
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0=
github.com/awnumar/memcall v0.0.0-20191004114545-73db50fd9f80/go.mod h1:S911igBPR9CThzd/hYQQmTc9SWNu3ZHIlCGaWsWsoJo=
github.com/awnumar/memguard v0.21.0/go.mod h1:+ejY3DekvjnDWBXHwL5xB5p4Il77kDsrIz+UOUNrm2Q=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/otrv4/ed448 v0.0.0-20200323231521-cbd7e88467e9/go.mod h1:DjzKOYp/KeBguDPfGuSe0/h5+P5w6gHBpLlXyttsAjc=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 h1:hb9wdF1z5waM+dSIICn1l0DkLVDT3hqhhQsDNUmHPRE=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200117145432-59e60aa80a0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20191017151554-a3bc800455d5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200124220429-8fe064f891f2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools/gopls v0.1.8-0.20200124220429-8fe064f891f2/go.mod h1:gl6R36ojRXGBQy36p7BYYZBu495D+W3pYAX3UYwDTpM=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E=

A  => p9any.go +110 -0
@@ 1,110 @@
package libdp9ik

import (
	"crypto/rand"
	"errors"
	"fmt"
	"io"
	"strings"
)

const (
	dp9ik = "dp9ik"
	p9sk1 = "p9sk1"

	Anamelen  = 28
	Aerrlen   = 64
	Domlen    = 48
	Deskeylen = 7
	Aeskeylen = 16

	Challen   = 8
	Netchlen  = 16
	Configlen = 14
	Secretlen = 32
	Passwdlen = 28

	Noncelen = 32

	Pakkeylen  = 32
	Pakslen    = (448 + 7) / 8
	Pakplen    = 4 * Pakslen
	Pakhashlen = 2 * Pakplen
	Pakxlen    = Pakslen
	Pakylen    = Pakslen

	Tickreqlen = 3*Anamelen + Challen + Domlen + 1
)

var (
	ErrNoProto = errors.New("server did not offer dp9ik or p9sk1")
	ErrNoDom   = errors.New("server did not offer a dom")
)

func P9any(fd io.ReadWriter, user, pass string) (*AuthInfo, error) {
	buf := make([]byte, 1024)
	_, err := fd.Read(buf)
	if err != nil {
		return nil, err
	}

	protos := strings.Split(string(buf), " ")
	var proto, dom string
	//Take the latter proto if two are present, this will prefer dp9ik if available
	for _, s := range protos {
		dp := strings.Split(s, "@")
		if len(dp) < 2 {
			return nil, ErrNoDom
		}
		dom = dp[1]
		proto = dp[0]
	}
	if proto != dp9ik && proto != p9sk1 {
		return nil, ErrNoProto
	}
	_, err = fd.Write([]byte(fmt.Sprintf("%s %s", proto, dom)))
	if err != nil {
		return nil, err
	}

	crand := make([]byte, 2*Noncelen)
	cchal := make([]byte, Challen)
	_, err = rand.Read(crand)
	if err != nil {
		return nil, err
	}
	_, err = rand.Read(cchal)
	if err != nil {
		return nil, err
	}
	_, err = fd.Write(cchal)
	if err != nil {
		return nil, err
	}

	n := Tickreqlen
	if proto == dp9ik {
		n += Pakylen
	}
	buf = make([]byte, n)
	_, err = fd.Read(buf)
	if err != nil {
		return nil, err
	}
	tr := &TicketReq{}
	tr.UnmarshalBinary(buf)

	ak := &AuthKey{}
	ak.Passtokey(pass)
	if proto == dp9ik {
		ak.AuthpakHash([]byte(pass))
	}

	copy(tr.Hostid[:], []byte(user))
	copy(tr.Uid[:], []byte(user))

	y := make([]byte, Pakylen)
	copy(y, buf[Tickreqlen:])

	return nil, nil
}

A  => p9any_test.go +20 -0
@@ 1,20 @@
package libdp9ik_test

import (
	//"net"
	"testing"
	//auth "git.sr.ht/~moody/libdp9ik"
)

const (
	rcpuPort  = "17019"
	cpuServer = "192.168.1.6"
)

func TestP9any(t *testing.T) {
	//fd, err := net.Dial("tcp", cpuServer+":"+rcpuPort)
	//if err != nil {
	//	t.Fatal(err)
	//}
	//auth.P9any(fd, "user", "password")
}

A  => spake2ee.go +32 -0
@@ 1,32 @@
package libdp9ik

import (
	"math/big"
)

func legendresymbol(a *big.Int, p *big.Int, r *big.Int) {
	pm1 := big.NewInt(0)
	pm1.Sub(p, big.NewInt(1))
	r.Rsh(pm1, 1)
	r.Exp(a, r, p)
	if r.Cmp(pm1) == 0 {
		r.SetInt64(-1)
	}
}

func Spake2ee_h2P(p *big.Int, a *big.Int, d *big.Int, h *big.Int, PX *big.Int, PY *big.Int, PZ *big.Int, PT *big.Int) {
	n := big.NewInt(2)
	for {
		tmp1 := big.NewInt(0)
		legendresymbol(n, p, tmp1)
		tmp2 := big.NewInt(-1)
		if tmp1.Cmp(tmp2) != 0 {
			n = n.Add(n, big.NewInt(1))
		} else {
			break
		}
	}
	tmp3 := big.NewInt(0)
	tmp3.Mod(h, p)
	elligator2(p, a, d, n, tmp3, PX, PY, PZ, PT)
}

A  => spake2ee_test.go +54 -0
@@ 1,54 @@
package libdp9ik_test

import (
	"fmt"
	"math/big"
	"testing"

	auth "git.sr.ht/~moody/libdp9ik"
)

func TestSpake2ee_h2P(t *testing.T) {
	p := big.NewInt(0)
	a := big.NewInt(0)
	d := big.NewInt(0)
	h := big.NewInt(0)

	PX := big.NewInt(0)
	PY := big.NewInt(0)
	PZ := big.NewInt(0)
	PT := big.NewInt(0)

	p.SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 16)
	a.SetString("1", 16)
	d.SetInt64(-39081)
	h.SetString("9FFAA7A0174BF9330A7397D878457FB83BA403AD2E0F86C968EFE5B96513783B1A848B416509DA6C9777AACF83C433044FD27766E7376AF4", 16)
	auth.Spake2ee_h2P(p, a, d, h, PX, PY, PZ, PT)
	px := fmt.Sprintf("%X", PX)
	py := fmt.Sprintf("%X", PY)
	pz := fmt.Sprintf("%X", PZ)
	pt := fmt.Sprintf("%X", PT)

	const (
		cpx = "9E14182914BFB6AE5D4DCB15684B519366CC11238EED52CA493B3B3093C5CEBFA42607F3840F421AA8B5D8C53F8E3800057FB32AFCEC9AC2"
		cpy = "FDA9A16F10FE74BF3FA716F148382BB4E262C38E894A9872E7F0329AE34EAFB60CBD356D498319F7B70FA1A128C094C22D7F6265639FBC18"
		cpz = "6A726A835765C8435827C3427BD8A727454E3D721A70FA68363C07CD124A3D48CB53A1B0D3E40EE8575A6E6E0AABCDB9CF2E69C5F2B12777"
		cpt = "16C4FC221A0A6254A6FF98DFECEAAAE22AF75C0F6F706C9C43D1FB66D7C377809733EAD5097060266DC03B37D180D15C3FC51BEBA3B6B380"
	)

	if px != cpx {
		t.Fatalf("Px: Expected %s\nGot %s", cpx, px)
	}

	if py != cpy {
		t.Fatalf("Py: Expected %s\nGot %s", cpy, py)
	}

	if pz != cpz {
		t.Fatalf("Pz: Expected %s\nGot %s", cpz, pz)
	}

	if pt != cpt {
		t.Fatalf("Pt: Expected %s\nGot %s", cpt, pt)
	}
}

A  => ticket.go +54 -0
@@ 1,54 @@
package libdp9ik

import (
	"fmt"
	"strings"
)

type TicketReq struct {
	Which   byte
	Authid  [Anamelen]byte
	Authdom [Domlen]byte
	Chal    [Challen]byte
	Hostid  [Anamelen]byte
	Uid     [Anamelen]byte
}

func (t *TicketReq) String() string {
	b := &strings.Builder{}
	b.WriteString(fmt.Sprintf("Which: %v\n", t.Which))
	b.WriteString("AuthID: " + string(t.Authid[:]) + "\n")
	b.WriteString("AuthDom: " + string(t.Authdom[:]) + "\n")
	b.WriteString(fmt.Sprintf("Chal: %v\n", t.Chal))
	b.WriteString(fmt.Sprintf("HostID: %v\n", t.Hostid))
	b.WriteString(fmt.Sprintf("UID: %v\n", t.Uid))

	return b.String()
}

func (t *TicketReq) UnmarshalBinary(data []byte) error {
	n := 0
	move := func(dst []byte, width int) {
		copy(dst, data[n:n+width])
		n += width
	}
	t.Which = data[n]
	n++
	move(t.Authid[:], Anamelen)
	move(t.Authdom[:], Domlen)
	move(t.Chal[:], Challen)
	move(t.Hostid[:], Anamelen)
	move(t.Uid[:], Anamelen)

	return nil
}

type Ticket struct {
	Num  byte           /* replay protection */
	Chal [Challen]byte  /* server challenge */
	Cuid [Anamelen]byte /* uid on client */
	Suid [Anamelen]byte /* uid on server */
	Key  [Noncelen]byte /* nonce key */

	Form byte /* (not transmitted) format (0 = des, 1 = ccpoly) */
}