From be9a0746fdf882965ea5a325e5bc403ec5b977a2 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 19 Sep 2017 00:11:54 +0200 Subject: refactored role and direction --- satp/crypto-kd-aesctr.go | 8 +++---- satp/crypto-kd-aesctr_test.go | 49 +++++++++++++++++++++++-------------------- satp/crypto-kd.go | 31 +++++++++++++++++++-------- satp/crypto-kd_test.go | 24 ++++++++++++++------- 4 files changed, 68 insertions(+), 44 deletions(-) (limited to 'satp') diff --git a/satp/crypto-kd-aesctr.go b/satp/crypto-kd-aesctr.go index 58a1c04..749e3dc 100644 --- a/satp/crypto-kd-aesctr.go +++ b/satp/crypto-kd-aesctr.go @@ -48,13 +48,13 @@ type AESCTRKeyDerivation struct { salt []byte } -func (kd *AESCTRKeyDerivation) generateCTR(dir KeyDirection, usage KeyUsage, sequenceNumber uint32, ctr []byte) { +func (kd *AESCTRKeyDerivation) generateCTR(role KDRole, dir Direction, usage KeyUsage, sequenceNumber uint32, ctr []byte) { ctr[aes.BlockSize-1] = 0 ctr[aes.BlockSize-2] = 0 subtle.ConstantTimeCopy(1, ctr[:len(kd.salt)], kd.salt) keyID := [8]byte{} - binary.BigEndian.PutUint32(keyID[:4], getKDLabel(dir, usage)) + binary.BigEndian.PutUint32(keyID[:4], getKDLabel(role, dir, usage)) binary.BigEndian.PutUint32(keyID[4:], sequenceNumber) // unfortunately crypto.xorBytes is not exported... @@ -65,11 +65,11 @@ func (kd *AESCTRKeyDerivation) generateCTR(dir KeyDirection, usage KeyUsage, seq } } -func (kd *AESCTRKeyDerivation) Generate(dir KeyDirection, usage KeyUsage, sequenceNumber uint32, out []byte) error { +func (kd *AESCTRKeyDerivation) Generate(role KDRole, dir Direction, usage KeyUsage, sequenceNumber uint32, out []byte) error { // this needs to stay in this function so that the go compiler can detect that it doesn't escape // from this function and whence will get allocated on the stack ctr := [aes.BlockSize]byte{} - kd.generateCTR(dir, usage, sequenceNumber, ctr[:]) + kd.generateCTR(role, dir, usage, sequenceNumber, ctr[:]) for i := range out { // unfortunately there is no memset-style function in go... out[i] = 0 } diff --git a/satp/crypto-kd-aesctr_test.go b/satp/crypto-kd-aesctr_test.go index 63ac57a..a36157c 100644 --- a/satp/crypto-kd-aesctr_test.go +++ b/satp/crypto-kd-aesctr_test.go @@ -71,20 +71,21 @@ func TestAESCTRKeyDerivationNew(t *testing.T) { func TestAESCTRKeyDerivationGenerateCtr(t *testing.T) { testvectors := []struct { salt []byte - dir KeyDirection + role KDRole + dir Direction usage KeyUsage sequenceNumber uint32 ctr []byte }{ - {[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, DirLeft, UsageEncryptKey, 0x12345678, + {[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, RoleLeft, Outbound, UsageEncryptKey, 0x12345678, []byte{0, 0, 0, 0, 0, 0, 0x35, 0x6A, 0x19, 0x2B, 0x12, 0x34, 0x56, 0x78, 0, 0}}, - {[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, DirRight, UsageEncryptSalt, 0x01020304, + {[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, RoleRight, Outbound, UsageEncryptSalt, 0x01020304, []byte{0, 0, 0, 0, 0, 0, 0x1B, 0x64, 0x53, 0x89, 0x01, 0x02, 0x03, 0x04, 0, 0}}, - {[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, DirLeft, UsageAuthKey, 0xdeadbeef, + {[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, RoleLeft, Outbound, UsageAuthKey, 0xdeadbeef, []byte{0, 0, 0, 0, 0, 0, 0xAC, 0x34, 0x78, 0xD6, 0xDE, 0xAD, 0xBE, 0xEF, 0, 0}}, - {[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}, DirLeft, UsageAuthKey, 0xdeadbeef, + {[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}, RoleLeft, Outbound, UsageAuthKey, 0xdeadbeef, []byte{0, 1, 2, 3, 4, 5, 0xAA, 0x33, 0x70, 0xDF, 0xD4, 0xA6, 0xB2, 0xE2, 0, 0}}, - {[]byte{0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC}, DirLeft, UsageEncryptSalt, 0x01020304, + {[]byte{0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC}, RoleLeft, Outbound, UsageEncryptSalt, 0x01020304, []byte{0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xA9, 0x2E, 0x7A, 0xEE, 0x57, 0x7A, 0x99, 0xB8, 0, 0}}, } @@ -97,7 +98,7 @@ func TestAESCTRKeyDerivationGenerateCtr(t *testing.T) { aesCTR := kd.(*AESCTRKeyDerivation) ctr := [aes.BlockSize]byte{} - aesCTR.generateCTR(vector.dir, vector.usage, vector.sequenceNumber, ctr[:]) + aesCTR.generateCTR(vector.role, vector.dir, vector.usage, vector.sequenceNumber, ctr[:]) if bytes.Compare(ctr[:], vector.ctr) != 0 { t.Fatalf("resulting ctr is invalid, is: '%v', should be '%v'", ctr[:], vector.ctr) } @@ -106,24 +107,25 @@ func TestAESCTRKeyDerivationGenerateCtr(t *testing.T) { func TestAESCTRKeyDerivationGenerate(t *testing.T) { testvectors := []struct { - dir KeyDirection + role KDRole + dir Direction usage KeyUsage sequenceNumber uint32 out []byte }{ - {DirLeft, UsageEncryptKey, 0, + {RoleLeft, Outbound, UsageEncryptKey, 0, []byte{0x46, 0x04, 0x12, 0x67, 0x0C, 0x7A, 0x20, 0x07, 0x67, 0xC5, 0x9A, 0xB4, 0xBE, 0x2E, 0xBE, 0x50, 0xE9, 0xBC, 0x04, 0x7C, 0x17, 0x54, 0x73, 0x02, 0x4A, 0x54, 0x28, 0x44, 0x6F, 0xFA, 0xD2, 0xB6}}, - {DirRight, UsageEncryptKey, 0x0012CA37, + {RoleLeft, Inbound, UsageEncryptKey, 0x0012CA37, []byte{0x93, 0xEE, 0xC4, 0xD4, 0x94, 0xDA, 0x29, 0x72, 0x0C, 0xF5, 0xB6, 0x1D, 0x45, 0x3F, 0xA1, 0x19, 0xB0, 0x31, 0xB1, 0x7D, 0xA3, 0x78, 0x2C, 0x7A, 0x72, 0x19, 0x39, 0x4E, 0xEE, 0x40, 0x52, 0xDA}}, - {DirRight, UsageEncryptSalt, 0x0012CA37, + {RoleRight, Outbound, UsageEncryptSalt, 0x0012CA37, []byte{0x7C, 0x20, 0x7D, 0x35, 0xAD, 0x9C, 0xED, 0xC6, 0xE6, 0x16, 0xE4, 0xA9, 0x36, 0x3C, 0x49, 0xAA, 0xF4, 0xA9, 0x59, 0x0D, 0x6A, 0xC1, 0x63, 0xAB, 0x17, 0x3D, 0xA8, 0x9F, 0x3F, 0xD7, 0x10, 0xC3}}, - {DirRight, UsageAuthKey, 0xE, + {RoleRight, Outbound, UsageAuthKey, 0xE, []byte{0xE3, 0x26, 0x29, 0x37, 0xED, 0xF1, 0x36, 0x80, 0xB4, 0x8E, 0x6C, 0xF7, 0x7C, 0xEE, 0x8C, 0x49, 0xEA, 0x70, 0x6D, 0x24, 0x25, 0x35, 0xAF, 0x79, 0x7F, 0x02, 0x7C, 0x59, 0x2C, 0x7E, 0x41, 0x55}}, - {DirLeft, UsageAuthKey, 0xC, + {RoleRight, Inbound, UsageAuthKey, 0xC, []byte{0x2C, 0xF9, 0x7A, 0x96, 0x17, 0x28, 0x52, 0xFD, 0xF6, 0x57, 0xC4, 0x86, 0x7D, 0xA8, 0x04, 0xE3, 0xB4, 0x23, 0xA6, 0xAE, 0x66, 0xF8, 0xB9, 0xCC, 0x79, 0x72, 0xA6, 0xB9, 0x54, 0x72, 0x7F, 0xF4}}, } @@ -137,7 +139,7 @@ func TestAESCTRKeyDerivationGenerate(t *testing.T) { for _, vector := range testvectors { out := [32]byte{} - kd.Generate(vector.dir, vector.usage, vector.sequenceNumber, out[:]) + kd.Generate(vector.role, vector.dir, vector.usage, vector.sequenceNumber, out[:]) if bytes.Compare(out[:], vector.out) != 0 { t.Fatalf("resulting key material is invalid, is: '%v', should be '%v'", out[:], vector.out) } @@ -151,15 +153,16 @@ func TestAESCTRKeyDerivationGenerateRepeat(t *testing.T) { testvectors := []struct { key []byte salt []byte - dir KeyDirection + role KDRole + dir Direction usage KeyUsage sequenceNumber uint32 length int }{ - {buffer[:16], buffer[16:30], DirLeft, UsageEncryptKey, 0x12345678, 23}, - {buffer[32:48], buffer[48:62], DirLeft, UsageEncryptKey, 0x1, 16}, - {buffer[64:80], buffer[80:94], DirLeft, UsageEncryptKey, 0x1, 20}, - {buffer[96:112], buffer[112:126], DirLeft, UsageEncryptKey, 0x1, 14}, + {buffer[:16], buffer[16:30], RoleLeft, Outbound, UsageEncryptKey, 0x12345678, 23}, + {buffer[32:48], buffer[48:62], RoleLeft, Inbound, UsageEncryptKey, 0x1, 16}, + {buffer[64:80], buffer[80:94], RoleRight, Outbound, UsageEncryptKey, 0x1, 20}, + {buffer[96:112], buffer[112:126], RoleRight, Outbound, UsageEncryptKey, 0x1, 14}, } for _, vector := range testvectors { @@ -170,8 +173,8 @@ func TestAESCTRKeyDerivationGenerateRepeat(t *testing.T) { out1 := make([]byte, vector.length) out2 := buffer[128 : 128+vector.length] - kd.Generate(vector.dir, vector.usage, vector.sequenceNumber, out1) - kd.Generate(vector.dir, vector.usage, vector.sequenceNumber, out2) + kd.Generate(vector.role, vector.dir, vector.usage, vector.sequenceNumber, out1) + kd.Generate(vector.role, vector.dir, vector.usage, vector.sequenceNumber, out2) if bytes.Compare(out1, out2) != 0 { t.Fatalf("result of 2 consecutive key generations differ, out1: '%v', out2: '%v'", out1, out2) @@ -197,7 +200,7 @@ func BenchmarkAESCTRKeyDerivationGenerateCtr(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - aesCTR.generateCTR(DirRight, UsageAuthKey, 0xAA55AA55, ctr) + aesCTR.generateCTR(RoleRight, Outbound, UsageAuthKey, 0xAA55AA55, ctr) } } @@ -214,6 +217,6 @@ func BenchmarkAESCTRKeyDerivationGenerate(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - kd.Generate(DirLeft, UsageEncryptKey, 0xdeadbeef, out) + kd.Generate(RoleLeft, Outbound, UsageEncryptKey, 0xdeadbeef, out) } } diff --git a/satp/crypto-kd.go b/satp/crypto-kd.go index 784080e..16f2192 100644 --- a/satp/crypto-kd.go +++ b/satp/crypto-kd.go @@ -30,13 +30,26 @@ package satp -type KeyDirection int +// TODO: move this to a more global place +type Direction int + +const ( + Inbound Direction = iota + Outbound +) + +type KDRole int type KeyUsage int type Label uint32 const ( - DirLeft KeyDirection = iota - DirRight + RoleLeft KDRole = iota + RoleRight + + RoleServer = RoleLeft + RoleClient = RoleRight + RoleAlice = RoleLeft + RoleBob = RoleRight UsageEncryptKey KeyUsage = iota UsageEncryptSalt @@ -51,26 +64,26 @@ const ( ) type KeyDerivation interface { - Generate(dir KeyDirection, usage KeyUsage, sequenceNumber uint32, out []byte) error + Generate(role KDRole, dir Direction, usage KeyUsage, sequenceNumber uint32, out []byte) error } -func getKDLabel(dir KeyDirection, usage KeyUsage) uint32 { +func getKDLabel(role KDRole, dir Direction, usage KeyUsage) uint32 { switch usage { case UsageEncryptKey: - if dir == DirLeft { + if (role == RoleLeft && dir == Outbound) || (role == RoleRight && dir == Inbound) { return LabelLeftEncrypt } return LabelRightEncrypt case UsageEncryptSalt: - if dir == DirLeft { + if (role == RoleLeft && dir == Outbound) || (role == RoleRight && dir == Inbound) { return LabelLeftEncryptSalt } return LabelRightEncryptSalt case UsageAuthKey: - if dir == DirLeft { + if (role == RoleLeft && dir == Outbound) || (role == RoleRight && dir == Inbound) { return LabelLeftAuthKey } return LabelRightAuthKey } - panic("Key-derivation: invalid direction and/or usage") + panic("Key-derivation: invalid role, direction and/or usage") } diff --git a/satp/crypto-kd_test.go b/satp/crypto-kd_test.go index 0ba2bf0..1c01fc9 100644 --- a/satp/crypto-kd_test.go +++ b/satp/crypto-kd_test.go @@ -36,20 +36,28 @@ import ( func TestKDGetLabel(t *testing.T) { testvectors := []struct { - dir KeyDirection + role KDRole + dir Direction usage KeyUsage label uint32 }{ - {DirLeft, UsageEncryptKey, 0x356A192B}, - {DirRight, UsageEncryptKey, 0xDA4B9237}, - {DirLeft, UsageEncryptSalt, 0x77DE68DA}, - {DirRight, UsageEncryptSalt, 0x1B645389}, - {DirLeft, UsageAuthKey, 0xAC3478D6}, - {DirRight, UsageAuthKey, 0xC1DFD96E}, + {RoleLeft, Outbound, UsageEncryptKey, 0x356A192B}, + {RoleRight, Outbound, UsageEncryptKey, 0xDA4B9237}, + {RoleAlice, Outbound, UsageEncryptSalt, 0x77DE68DA}, + {RoleBob, Outbound, UsageEncryptSalt, 0x1B645389}, + {RoleServer, Outbound, UsageAuthKey, 0xAC3478D6}, + {RoleClient, Outbound, UsageAuthKey, 0xC1DFD96E}, + + {RoleAlice, Inbound, UsageEncryptKey, 0xDA4B9237}, + {RoleBob, Inbound, UsageEncryptKey, 0x356A192B}, + {RoleServer, Inbound, UsageEncryptSalt, 0x1B645389}, + {RoleClient, Inbound, UsageEncryptSalt, 0x77DE68DA}, + {RoleLeft, Inbound, UsageAuthKey, 0xC1DFD96E}, + {RoleRight, Inbound, UsageAuthKey, 0xAC3478D6}, } for _, vector := range testvectors { - label := getKDLabel(vector.dir, vector.usage) + label := getKDLabel(vector.role, vector.dir, vector.usage) if label != vector.label { t.Fatalf("returned label is invalid, is: 0x%08X, should be 0x%08X", label, vector.label) } -- cgit v1.2.3