本文整理汇总了Golang中github.com/brutella/hc/util.Container类的典型用法代码示例。如果您正苦于以下问题:Golang Container类的具体用法?Golang Container怎么用?Golang Container使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Container类的17个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: Handle
// Handle processes a container to verify if a client is paired correctly.
func (verify *VerifyServerController) Handle(in util.Container) (util.Container, error) {
var out util.Container
var err error
method := PairMethodType(in.GetByte(TagPairingMethod))
// It is valid that method is not sent
// If method is sent then it must be 0x00
if method != PairingMethodDefault {
return nil, errInvalidPairMethod(method)
}
seq := VerifyStepType(in.GetByte(TagSequence))
switch seq {
case VerifyStepStartRequest:
if verify.step != VerifyStepWaiting {
verify.reset()
return nil, errInvalidInternalVerifyStep(verify.step)
}
out, err = verify.handlePairVerifyStart(in)
case VerifyStepFinishRequest:
if verify.step != VerifyStepStartResponse {
verify.reset()
return nil, errInvalidInternalVerifyStep(verify.step)
}
out, err = verify.handlePairVerifyFinish(in)
default:
return nil, errInvalidVerifyStep(seq)
}
return out, err
}
开发者ID:brutella,项目名称:hklifx,代码行数:35,代码来源:verify_server_controller.go
示例2: handlePairVerifyStepFinishResponse
// Server -> Client
// - only error ocde (optional)
func (verify *VerifyClientController) handlePairVerifyStepFinishResponse(in util.Container) (util.Container, error) {
code := errCode(in.GetByte(TagErrCode))
if code != ErrCodeNo {
fmt.Printf("Unexpected error %v\n", code)
}
return nil, nil
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:10,代码来源:verify_client_controller.go
示例3: handleKeyExchange
// Client -> Server
// - encrypted tlv8: client LTPK, client name and signature (of H, client name, LTPK)
// - auth tag (mac)
//
// Server
// - Validate signature of encrpyted tlv8
// - Read and store client LTPK and name
//
// Server -> Client
// - encrpyted tlv8: bridge LTPK, bridge name, signature (of hash `H2`, bridge name, LTPK)
func (setup *SetupClientController) handleKeyExchange(in util.Container) (util.Container, error) {
data := in.GetBytes(TagEncryptedData)
message := data[:(len(data) - 16)]
var mac [16]byte
copy(mac[:], data[len(message):]) // 16 byte (MAC)
fmt.Println("-> Message:", hex.EncodeToString(message))
fmt.Println("-> MAC:", hex.EncodeToString(mac[:]))
decrypted, err := chacha20poly1305.DecryptAndVerify(setup.session.EncryptionKey[:], []byte("PS-Msg06"), message, mac, nil)
if err != nil {
fmt.Println(err)
} else {
decryptedBuf := bytes.NewBuffer(decrypted)
in, err := util.NewTLV8ContainerFromReader(decryptedBuf)
if err != nil {
fmt.Println(err)
}
username := in.GetString(TagUsername)
ltpk := in.GetBytes(TagPublicKey)
signature := in.GetBytes(TagSignature)
fmt.Println("-> Username:", username)
fmt.Println("-> LTPK:", hex.EncodeToString(ltpk))
fmt.Println("-> Signature:", hex.EncodeToString(signature))
entity := db.NewEntity(username, ltpk, nil)
err = setup.database.SaveEntity(entity)
if err != nil {
fmt.Println("[ERRO]", err)
}
}
return nil, err
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:45,代码来源:setup_client_controller.go
示例4: handlePairVerifyStart
// Server -> Client
// - B: server public key
// - signature: from server session public key, server name, client session public key
func (verify *VerifyServerController) handlePairVerifyStart(in util.Container) (util.Container, error) {
verify.step = VerifyStepStartResponse
clientPublicKey := in.GetBytes(TagPublicKey)
log.Debug.Println("-> A:", hex.EncodeToString(clientPublicKey))
if len(clientPublicKey) != 32 {
return nil, errInvalidClientKeyLength
}
var otherPublicKey [32]byte
copy(otherPublicKey[:], clientPublicKey)
verify.session.GenerateSharedKeyWithOtherPublicKey(otherPublicKey)
verify.session.SetupEncryptionKey([]byte("Pair-Verify-Encrypt-Salt"), []byte("Pair-Verify-Encrypt-Info"))
device := verify.context.GetSecuredDevice()
var material []byte
material = append(material, verify.session.PublicKey[:]...)
material = append(material, device.Name()...)
material = append(material, clientPublicKey...)
signature, err := crypto.ED25519Signature(device.PrivateKey(), material)
if err != nil {
log.Info.Println(err)
return nil, err
}
// Encrypt
encryptedOut := util.NewTLV8Container()
encryptedOut.SetString(TagUsername, device.Name())
encryptedOut.SetBytes(TagSignature, signature)
encryptedBytes, mac, _ := chacha20poly1305.EncryptAndSeal(verify.session.EncryptionKey[:], []byte("PV-Msg02"), encryptedOut.BytesBuffer().Bytes(), nil)
out := util.NewTLV8Container()
out.SetByte(TagSequence, verify.step.Byte())
out.SetBytes(TagPublicKey, verify.session.PublicKey[:])
out.SetBytes(TagEncryptedData, append(encryptedBytes, mac[:]...))
log.Debug.Println(" K:", hex.EncodeToString(verify.session.EncryptionKey[:]))
log.Debug.Println(" B:", hex.EncodeToString(verify.session.PublicKey[:]))
log.Debug.Println(" S:", hex.EncodeToString(verify.session.PrivateKey[:]))
log.Debug.Println(" Shared:", hex.EncodeToString(verify.session.SharedKey[:]))
log.Debug.Println("<- B:", hex.EncodeToString(out.GetBytes(TagPublicKey)))
return out, nil
}
开发者ID:brutella,项目名称:hklifx,代码行数:50,代码来源:verify_server_controller.go
示例5: handlePairStepVerifyResponse
// Client -> Server
// - A: client public key
// - M1: proof
//
// Server -> client
// - M2: proof
// or
// - auth error
func (setup *SetupClientController) handlePairStepVerifyResponse(in util.Container) (util.Container, error) {
serverProof := in.GetBytes(TagProof)
fmt.Println("-> M2:", hex.EncodeToString(serverProof))
if setup.session.IsServerProofValid(serverProof) == false {
return nil, fmt.Errorf("M2 %s is invalid", hex.EncodeToString(serverProof))
}
err := setup.session.SetupEncryptionKey([]byte("Pair-Setup-Encrypt-Salt"), []byte("Pair-Setup-Encrypt-Info"))
if err != nil {
return nil, err
}
fmt.Println(" K:", hex.EncodeToString(setup.session.EncryptionKey[:]))
// 2) Send username, LTPK, signature as encrypted message
hash, err := hkdf.Sha512(setup.session.PrivateKey, []byte("Pair-Setup-Controller-Sign-Salt"), []byte("Pair-Setup-Controller-Sign-Info"))
var material []byte
material = append(material, hash[:]...)
material = append(material, setup.client.Name()...)
material = append(material, setup.client.PublicKey()...)
signature, err := crypto.ED25519Signature(setup.client.PrivateKey(), material)
if err != nil {
return nil, err
}
encryptedOut := util.NewTLV8Container()
encryptedOut.SetString(TagUsername, setup.client.Name())
encryptedOut.SetBytes(TagPublicKey, []byte(setup.client.PublicKey()))
encryptedOut.SetBytes(TagSignature, []byte(signature))
encryptedBytes, tag, err := chacha20poly1305.EncryptAndSeal(setup.session.EncryptionKey[:], []byte("PS-Msg05"), encryptedOut.BytesBuffer().Bytes(), nil)
if err != nil {
return nil, err
}
out := util.NewTLV8Container()
out.SetByte(TagPairingMethod, 0)
out.SetByte(TagSequence, PairStepKeyExchangeRequest.Byte())
out.SetBytes(TagEncryptedData, append(encryptedBytes, tag[:]...))
fmt.Println("<- Encrypted:", hex.EncodeToString(out.GetBytes(TagEncryptedData)))
return out, nil
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:54,代码来源:setup_client_controller.go
示例6: ServeHTTP
func (endpoint *PairVerify) ServeHTTP(response http.ResponseWriter, request *http.Request) {
log.Printf("[VERB] %v POST /pair-verify", request.RemoteAddr)
response.Header().Set("Content-Type", netio.HTTPContentTypePairingTLV8)
key := endpoint.context.GetConnectionKey(request)
session := endpoint.context.Get(key).(netio.Session)
ctlr := session.PairVerifyHandler()
if ctlr == nil {
log.Println("[VERB] Create new pair verify controller")
ctlr = pair.NewVerifyServerController(endpoint.database, endpoint.context)
session.SetPairVerifyHandler(ctlr)
}
var err error
var in util.Container
var out util.Container
var secSession crypto.Cryptographer
if in, err = util.NewTLV8ContainerFromReader(request.Body); err == nil {
out, err = ctlr.Handle(in)
}
if err != nil {
log.Println(err)
response.WriteHeader(http.StatusInternalServerError)
} else {
io.Copy(response, out.BytesBuffer())
// When key verification is done, switch to a secure session
// based on the negotiated shared session key
b := out.GetByte(pair.TagSequence)
switch pair.VerifyStepType(b) {
case pair.VerifyStepFinishResponse:
if secSession, err = crypto.NewSecureSessionFromSharedKey(ctlr.SharedKey()); err == nil {
log.Println("[VERB] Setup secure session")
session.SetCryptographer(secSession)
} else {
log.Println("[ERRO] Could not setup secure session.", err)
}
}
}
}
开发者ID:smitterson,项目名称:hc,代码行数:42,代码来源:pair-verify.go
示例7: Handle
// Handle processes a container to pair (exchange keys) with an accessory.
func (setup *SetupClientController) Handle(in util.Container) (util.Container, error) {
method := pairMethodType(in.GetByte(TagPairingMethod))
// It is valid that method is not sent
// If method is sent then it must be 0x00
if method != PairingMethodDefault {
return nil, errInvalidPairMethod(method)
}
code := errCode(in.GetByte(TagErrCode))
if code != ErrCodeNo {
log.Println("[ERRO]", code)
return nil, code.Error()
}
seq := pairStepType(in.GetByte(TagSequence))
var out util.Container
var err error
switch seq {
case PairStepStartResponse:
out, err = setup.handlePairStepStartResponse(in)
case PairStepVerifyResponse:
out, err = setup.handlePairStepVerifyResponse(in)
case PairStepKeyExchangeResponse:
out, err = setup.handleKeyExchange(in)
default:
return nil, errInvalidPairStep(seq)
}
return out, err
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:34,代码来源:setup_client_controller.go
示例8: ServeHTTP
func (endpoint *Pairing) ServeHTTP(response http.ResponseWriter, request *http.Request) {
log.Printf("[VERB] %v POST /pairings", request.RemoteAddr)
response.Header().Set("Content-Type", netio.HTTPContentTypePairingTLV8)
var err error
var in util.Container
var out util.Container
if in, err = util.NewTLV8ContainerFromReader(request.Body); err == nil {
out, err = endpoint.controller.Handle(in)
}
if err != nil {
log.Println(err)
response.WriteHeader(http.StatusInternalServerError)
} else {
io.Copy(response, out.BytesBuffer())
// Send events based on pairing method type
b := in.GetByte(pair.TagPairingMethod)
switch pair.PairMethodType(b) {
case pair.PairingMethodDelete: // pairing removed
endpoint.emitter.Emit(event.DeviceUnpaired{})
case pair.PairingMethodAdd: // pairing added
endpoint.emitter.Emit(event.DevicePaired{})
}
}
}
开发者ID:smitterson,项目名称:hc,代码行数:30,代码来源:pairings.go
示例9: Handle
// Handle processes a container to pair with a new client without going through the pairing process.
func (c *PairingController) Handle(cont util.Container) (util.Container, error) {
method := pairMethodType(cont.GetByte(TagPairingMethod))
username := cont.GetString(TagUsername)
publicKey := cont.GetBytes(TagPublicKey)
log.Println("[VERB] -> Method:", method)
log.Println("[VERB] -> Username:", username)
log.Println("[VERB] -> LTPK:", publicKey)
entity := db.NewEntity(username, publicKey, nil)
switch method {
case PairingMethodDelete:
log.Printf("[INFO] Remove LTPK for client '%s'\n", username)
c.database.DeleteEntity(entity)
case PairingMethodAdd:
err := c.database.SaveEntity(entity)
if err != nil {
log.Println("[ERRO]", err)
return nil, err
}
default:
return nil, fmt.Errorf("Invalid pairing method type %v", method)
}
out := util.NewTLV8Container()
out.SetByte(TagSequence, 0x2)
return out, nil
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:31,代码来源:pairing_controller.go
示例10: ServeHTTP
func (endpoint *PairSetup) ServeHTTP(response http.ResponseWriter, request *http.Request) {
log.Debug.Printf("%v POST /pair-setup", request.RemoteAddr)
response.Header().Set("Content-Type", hap.HTTPContentTypePairingTLV8)
var err error
var in util.Container
var out util.Container
key := endpoint.context.GetConnectionKey(request)
session := endpoint.context.Get(key).(hap.Session)
ctrl := session.PairSetupHandler()
if ctrl == nil {
log.Debug.Println("Create new pair setup controller")
if ctrl, err = pair.NewSetupServerController(endpoint.device, endpoint.database); err != nil {
log.Info.Panic(err)
}
session.SetPairSetupHandler(ctrl)
}
if in, err = util.NewTLV8ContainerFromReader(request.Body); err == nil {
out, err = ctrl.Handle(in)
}
if err != nil {
log.Info.Println(err)
response.WriteHeader(http.StatusInternalServerError)
} else {
io.Copy(response, out.BytesBuffer())
// Send event when key exchange is done
b := out.GetByte(pair.TagSequence)
switch pair.PairStepType(b) {
case pair.PairStepKeyExchangeResponse:
endpoint.emitter.Emit(event.DevicePaired{})
}
}
}
开发者ID:brutella,项目名称:hklifx,代码行数:39,代码来源:pair-setup.go
示例11: Handle
// Handle processes a container to pair (exchange keys) with a client.
func (setup *SetupServerController) Handle(in util.Container) (out util.Container, err error) {
method := PairMethodType(in.GetByte(TagPairingMethod))
// It is valid that pair method is not sent
// If method set then it must be 0x00
if method != PairingMethodDefault {
return nil, errInvalidPairMethod(method)
}
seq := PairStepType(in.GetByte(TagSequence))
switch seq {
case PairStepStartRequest:
if setup.step != PairStepWaiting {
setup.reset()
return nil, errInvalidInternalPairStep(setup.step)
}
out, err = setup.handlePairStart(in)
case PairStepVerifyRequest:
if setup.step != PairStepStartResponse {
setup.reset()
return nil, errInvalidInternalPairStep(setup.step)
}
out, err = setup.handlePairVerify(in)
case PairStepKeyExchangeRequest:
if setup.step != PairStepVerifyResponse {
setup.reset()
return nil, errInvalidInternalPairStep(setup.step)
}
out, err = setup.handleKeyExchange(in)
default:
return nil, errInvalidPairStep(seq)
}
return out, err
}
开发者ID:brutella,项目名称:hklifx,代码行数:40,代码来源:setup_server_controller.go
示例12: handlePairStepStartResponse
// Server -> Client
// - B: server public key
// - s: salt
//
// Client -> Server
// - A: client public key
// - M1: proof
func (setup *SetupClientController) handlePairStepStartResponse(in util.Container) (util.Container, error) {
salt := in.GetBytes(TagSalt)
serverPublicKey := in.GetBytes(TagPublicKey)
if len(salt) != 16 {
return nil, fmt.Errorf("Salt is invalid (%d bytes)", len(salt))
}
if len(serverPublicKey) != 384 {
return nil, fmt.Errorf("B is invalid (%d bytes)", len(serverPublicKey))
}
fmt.Println("-> B:", hex.EncodeToString(serverPublicKey))
fmt.Println("-> s:", hex.EncodeToString(salt))
// Client
// 1) Receive salt `s` and public key `B` and generates `S` and `A`
err := setup.session.GenerateKeys(salt, serverPublicKey)
if err != nil {
return nil, err
}
fmt.Println(" S:", hex.EncodeToString(setup.session.PrivateKey))
// 2) Send public key `A` and proof `M1`
publicKey := setup.session.PublicKey // SRP public key
proof := setup.session.Proof // M1
fmt.Println("<- A:", hex.EncodeToString(publicKey))
fmt.Println("<- M1:", hex.EncodeToString(proof))
out := util.NewTLV8Container()
out.SetByte(TagPairingMethod, 0)
out.SetByte(TagSequence, PairStepVerifyRequest.Byte())
out.SetBytes(TagPublicKey, publicKey)
out.SetBytes(TagProof, proof)
return out, nil
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:45,代码来源:setup_client_controller.go
示例13: handlePairVerify
// Client -> Server
// - A: entity public key
// - M1: proof
//
// Server -> entity
// - M2: proof
// or
// - auth error
func (setup *SetupServerController) handlePairVerify(in util.Container) (util.Container, error) {
setup.step = PairStepVerifyResponse
out := util.NewTLV8Container()
out.SetByte(TagSequence, setup.step.Byte())
clientPublicKey := in.GetBytes(TagPublicKey)
log.Debug.Println("-> A:", hex.EncodeToString(clientPublicKey))
err := setup.session.SetupPrivateKeyFromClientPublicKey(clientPublicKey)
if err != nil {
return nil, err
}
clientProof := in.GetBytes(TagProof)
log.Debug.Println("-> M1:", hex.EncodeToString(clientProof))
proof, err := setup.session.ProofFromClientProof(clientProof)
if err != nil || len(proof) == 0 { // proof `M1` is wrong
log.Debug.Println("Proof M1 is wrong")
setup.reset()
out.SetByte(TagErrCode, ErrCodeAuthenticationFailed.Byte()) // return error 2
} else {
log.Debug.Println("Proof M1 is valid")
err := setup.session.SetupEncryptionKey([]byte("Pair-Setup-Encrypt-Salt"), []byte("Pair-Setup-Encrypt-Info"))
if err != nil {
return nil, err
}
// Return proof `M2`
out.SetBytes(TagProof, proof)
}
log.Debug.Println("<- M2:", hex.EncodeToString(out.GetBytes(TagProof)))
log.Debug.Println(" S:", hex.EncodeToString(setup.session.PrivateKey))
log.Debug.Println(" K:", hex.EncodeToString(setup.session.EncryptionKey[:]))
return out, nil
}
开发者ID:brutella,项目名称:hklifx,代码行数:46,代码来源:setup_server_controller.go
示例14: Handle
// Handle processes a container to verify if an accessory is paired correctly.
func (verify *VerifyClientController) Handle(in util.Container) (util.Container, error) {
var out util.Container
var err error
method := pairMethodType(in.GetByte(TagPairingMethod))
// It is valid that method is not sent
// If method is sent then it must be 0x00
if method != PairingMethodDefault {
return nil, errInvalidPairMethod(method)
}
seq := VerifyStepType(in.GetByte(TagSequence))
switch seq {
case VerifyStepStartResponse:
out, err = verify.handlePairStepVerifyResponse(in)
case VerifyStepFinishResponse:
out, err = verify.handlePairVerifyStepFinishResponse(in)
default:
return nil, errInvalidVerifyStep(seq)
}
return out, err
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:25,代码来源:verify_client_controller.go
示例15: handlePairVerifyFinish
// Server -> Client
// - only sequence number
// - error code (optional)
func (verify *VerifyServerController) handlePairVerifyFinish(in util.Container) (util.Container, error) {
verify.step = VerifyStepFinishResponse
data := in.GetBytes(TagEncryptedData)
message := data[:(len(data) - 16)]
var mac [16]byte
copy(mac[:], data[len(message):]) // 16 byte (MAC)
log.Debug.Println("-> Message:", hex.EncodeToString(message))
log.Debug.Println("-> MAC:", hex.EncodeToString(mac[:]))
decryptedBytes, err := chacha20poly1305.DecryptAndVerify(verify.session.EncryptionKey[:], []byte("PV-Msg03"), message, mac, nil)
out := util.NewTLV8Container()
out.SetByte(TagSequence, verify.step.Byte())
if err != nil {
verify.reset()
log.Info.Panic(err)
out.SetByte(TagErrCode, ErrCodeAuthenticationFailed.Byte()) // return error 2
} else {
in, err := util.NewTLV8ContainerFromReader(bytes.NewBuffer(decryptedBytes))
if err != nil {
return nil, err
}
username := in.GetString(TagUsername)
signature := in.GetBytes(TagSignature)
log.Debug.Println(" client:", username)
log.Debug.Println(" signature:", hex.EncodeToString(signature))
entity, err := verify.database.EntityWithName(username)
if err != nil {
return nil, fmt.Errorf("Client %s is unknown", username)
}
if len(entity.PublicKey) == 0 {
return nil, fmt.Errorf("No LTPK available for client %s", username)
}
var material []byte
material = append(material, verify.session.OtherPublicKey[:]...)
material = append(material, []byte(username)...)
material = append(material, verify.session.PublicKey[:]...)
if crypto.ValidateED25519Signature(entity.PublicKey, material, signature) == false {
log.Debug.Println("signature is invalid")
verify.reset()
out.SetByte(TagErrCode, ErrCodeUnknownPeer.Byte()) // return error 4
} else {
log.Debug.Println("signature is valid")
}
}
return out, nil
}
开发者ID:brutella,项目名称:hklifx,代码行数:58,代码来源:verify_server_controller.go
示例16: handlePairStepVerifyResponse
// Server -> Client
// - B: server public key
// - encrypted message
// - username
// - signature: from server session public key, server name, client session public key
//
// Client -> Server
// - encrypted message
// - username
// - signature: from client session public key, server name, server session public key,
func (verify *VerifyClientController) handlePairStepVerifyResponse(in util.Container) (util.Container, error) {
serverPublicKey := in.GetBytes(TagPublicKey)
if len(serverPublicKey) != 32 {
return nil, fmt.Errorf("Invalid server public key size %d", len(serverPublicKey))
}
var otherPublicKey [32]byte
copy(otherPublicKey[:], serverPublicKey)
verify.session.GenerateSharedKeyWithOtherPublicKey(otherPublicKey)
verify.session.SetupEncryptionKey([]byte("Pair-Verify-Encrypt-Salt"), []byte("Pair-Verify-Encrypt-Info"))
fmt.Println("Client")
fmt.Println("-> B:", hex.EncodeToString(serverPublicKey))
fmt.Println(" S:", hex.EncodeToString(verify.session.PrivateKey[:]))
fmt.Println("Shared:", hex.EncodeToString(verify.session.SharedKey[:]))
fmt.Println(" K:", hex.EncodeToString(verify.session.EncryptionKey[:]))
// Decrypt
data := in.GetBytes(TagEncryptedData)
message := data[:(len(data) - 16)]
var mac [16]byte
copy(mac[:], data[len(message):]) // 16 byte (MAC)
decryptedBytes, err := chacha20poly1305.DecryptAndVerify(verify.session.EncryptionKey[:], []byte("PV-Msg02"), message, mac, nil)
if err != nil {
return nil, err
}
decryptedIn, err := util.NewTLV8ContainerFromReader(bytes.NewBuffer(decryptedBytes))
if err != nil {
return nil, err
}
username := decryptedIn.GetString(TagUsername)
signature := decryptedIn.GetBytes(TagSignature)
fmt.Println(" Username:", username)
fmt.Println(" Signature:", hex.EncodeToString(signature))
// Validate signature
var material []byte
material = append(material, verify.session.OtherPublicKey[:]...)
material = append(material, username...)
material = append(material, verify.session.PublicKey[:]...)
entity := verify.database.EntityWithName(username)
if entity == nil {
return nil, fmt.Errorf("Server %s is unknown", username)
}
if len(entity.PublicKey()) == 0 {
return nil, fmt.Errorf("No LTPK available for client %s", username)
}
if crypto.ValidateED25519Signature(entity.PublicKey(), material, signature) == false {
return nil, fmt.Errorf("Could not validate signature")
}
out := util.NewTLV8Container()
out.SetByte(TagSequence, VerifyStepFinishRequest.Byte())
encryptedOut := util.NewTLV8Container()
encryptedOut.SetString(TagUsername, verify.client.Name())
material = make([]byte, 0)
material = append(material, verify.session.PublicKey[:]...)
material = append(material, verify.client.Name()...)
material = append(material, verify.session.OtherPublicKey[:]...)
signature, err = crypto.ED25519Signature(verify.client.PrivateKey(), material)
if err != nil {
return nil, err
}
encryptedOut.SetBytes(TagSignature, signature)
encryptedBytes, mac, _ := chacha20poly1305.EncryptAndSeal(verify.session.EncryptionKey[:], []byte("PV-Msg03"), encryptedOut.BytesBuffer().Bytes(), nil)
out.SetBytes(TagEncryptedData, append(encryptedBytes, mac[:]...))
return out, nil
}
开发者ID:tjbx,项目名称:X10Bridge,代码行数:92,代码来源:verify_client_controller.go
示例17: handleKeyExchange
// Client -> Server
// - encrypted tlv8: entity ltpk, entity name and signature (of H, entity name, ltpk)
// - auth tag (mac)
//
// Server
// - Validate signature of encrpyted tlv8
// - Read and store entity ltpk and name
//
// Server -> Client
// - encrpyted tlv8: bridge ltpk, bridge name, signature (of hash, bridge name, ltpk)
func (setup *SetupServerController) handleKeyExchange(in util.Container) (util.Container, error) {
out := util.NewTLV8Container()
setup.step = PairStepKeyExchangeResponse
out.SetByte(TagSequence, setup.step.Byte())
data := in.GetBytes(TagEncryptedData)
message := data[:(len(data) - 16)]
var mac [16]byte
copy(mac[:], data[len(message):]) // 16 byte (MAC)
log.Debug.Println("-> Message:", hex.EncodeToString(message))
log.Debug.Println("-> MAC:", hex.EncodeToString(mac[:]))
decrypted, err := chacha20poly1305.DecryptAndVerify(setup.session.EncryptionKey[:], []byte("PS-Msg05"), message, mac, nil)
if err != nil {
setup.reset()
log.Info.Panic(err)
out.SetByte(TagErrCode, ErrCodeUnknown.Byte()) // return error 1
} else {
decryptedBuf := bytes.NewBuffer(decrypted)
in, err := util.NewTLV8ContainerFromReader(decryptedBuf)
if err != nil {
return nil, err
}
username := in.GetString(TagUsername)
clientltpk := in.GetBytes(TagPublicKey)
signature := in.GetBytes(TagSignature)
log.Debug.Println("-> Username:", username)
log.Debug.Println("-> ltpk:", hex.EncodeToString(clientltpk))
log.Debug.Println("-> Signature:", hex.EncodeToString(signature))
// Calculate hash `H`
hash, _ := hkdf.Sha512(setup.session.PrivateKey, []byte("Pair-Setup-Controller-Sign-Salt"), []byte("Pair-Setup-Controller-Sign-Info"))
var material []byte
material = append(material, hash[:]...)
material = append(material, []byte(username)...)
material = append(material, clientltpk...)
if crypto.ValidateED25519Signature(clientltpk, material, signature) == false {
log.Debug.Println("ed25519 signature is invalid")
setup.reset()
out.SetByte(TagErrCode, ErrCodeAuthenticationFailed.Byte()) // return error 2
} else {
log.Debug.Println("ed25519 signature is valid")
// Store entity ltpk and name
entity := db.NewEntity(username, clientltpk, nil)
setup.database.SaveEntity(entity)
log.Debug.Printf("Stored ltpk '%s' for entity '%s'\n", hex.EncodeToString(clientltpk), username)
ltpk := setup.device.PublicKey()
ltsk := setup.device.PrivateKey()
// Send username, ltpk, signature as encrypted message
hash, err := hkdf.Sha512(setup.session.PrivateKey, []byte("Pair-Setup-Accessory-Sign-Salt"), []byte("Pair-Setup-Accessory-Sign-Info"))
material = make([]byte, 0)
material = append(material, hash[:]...)
material = append(material, []byte(setup.session.Username)...)
material = append(material, ltpk...)
signature, err := crypto.ED25519Signature(ltsk, material)
if err != nil {
log.Info.Panic(err)
return nil, err
}
tlvPairKeyExchange := util.NewTLV8Container()
tlvPairKeyExchange.SetBytes(TagUsername, setup.session.Username)
tlvPairKeyExchange.SetBytes(TagPublicKey, ltpk)
tlvPairKeyExchange.SetBytes(TagSignature, []byte(signature))
log.Debug.Println("<- Username:", tlvPairKeyExchange.GetString(TagUsername))
log.Debug.Println("<- ltpk:", hex.EncodeToString(tlvPairKeyExchange.GetBytes(TagPublicKey)))
log.Debug.Println("<- Signature:", hex.EncodeToString(tlvPairKeyExchange.GetBytes(TagSignature)))
encrypted, mac, _ := chacha20poly1305.EncryptAndSeal(setup.session.EncryptionKey[:], []byte("PS-Msg06"), tlvPairKeyExchange.BytesBuffer().Bytes(), nil)
out.SetByte(TagSequence, PairStepKeyExchangeRequest.Byte())
out.SetBytes(TagEncryptedData, append(encrypted, mac[:]...))
}
}
return out, nil
}
开发者ID:brutella,项目名称:hklifx,代码行数:95,代码来源:setup_server_controller.go
注:本文中的github.com/brutella/hc/util.Container类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论