完善密钥分发

2026-06-21 11:02:42 +08:00 · 2021-10-25 21:20:28 +08:00
parent 34d48859d9
commit 51b557f06f
7 changed files with 62 additions and 12 deletions
--- a/gold/head/packet.go
+++ b/gold/head/packet.go
@@ -1,6 +1,9 @@
 package head

-import "encoding/json"
+import (
+	"crypto/rand"
+	"encoding/json"
+)

 // Packet 是发送和接收的最小单位
 type Packet struct {
@@ -49,5 +52,6 @@ func (p *Packet) Mashal(src string, dst string) ([]byte, error) {
 	p.DataSZ = uint32(len(p.Data))
 	p.Src = src
 	p.Dst = dst
+	rand.Reader.Read(p.Hash[:])
 	return json.Marshal(p)
 }
--- a/gold/link/crypto.go
+++ b/gold/link/crypto.go
@@ -1,13 +1,15 @@
 package link

-import "net"
+import (
+	"net"
+)

 var (
 	// 本机私钥
 	// 利用 Curve25519 生成
 	// https://pkg.go.dev/golang.org/x/crypto/curve25519
 	// https://www.zhihu.com/question/266758647
-	privKey [32]byte
+	privKey []byte
 	// 本机虚拟 ip
 	me net.IP
 	// 本机 endpoint
@@ -15,7 +17,7 @@ var (
 )

 // SetMyself 设置本机参数
-func SetMyself(privateKey [32]byte, myIP string, myEndpoint string) {
+func SetMyself(privateKey []byte, myIP string, myEndpoint string) {
 	privKey = privateKey
 	var err error
 	myend, err = net.ResolveUDPAddr("udp", myEndpoint)
@@ -32,11 +34,31 @@ func SetMyself(privateKey [32]byte, myIP string, myEndpoint string) {
 // Encode 使用 ChaCha20-Poly1305 加密
 // https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
 func (l *Link) Encode(b []byte) (eb []byte, err error) {
-	return b, nil
+	if b == nil {
+		return
+	}
+	if l.key == nil {
+		eb = b
+	} else {
+		// 在此处填写加密逻辑，密钥是l.key，输入是b，输出是eb
+		// 不用写return，直接赋值给eb即可
+		eb = b
+	}
+	return
 }

 // Decode 使用 ChaCha20-Poly1305 解密
 // https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
 func (l *Link) Decode(b []byte) (db []byte, err error) {
-	return b, nil
+	if b == nil {
+		return
+	}
+	if l.key == nil {
+		db = b
+	} else {
+		// 在此处填写解密逻辑，密钥是l.key，输入是b，输出是db
+		// 不用写return，直接赋值给db即可
+		db = b
+	}
+	return
 }
--- a/gold/link/link.go
+++ b/gold/link/link.go
@@ -12,7 +12,7 @@ import (
 // Link 是本机到 peer 的连接抽象
 type Link struct {
 	// peer 的公钥
-	pubk [32]byte
+	pubk *[32]byte
 	// peer 的公网 ip:port
 	pep string
 	// 决定本机是否定时向 peer 发送 hello 保持 NAT。
@@ -32,6 +32,8 @@ type Link struct {
 	allowtrans bool
 	// 连接的状态，详见下方 const
 	status int
+	// 连接所用对称加密密钥
+	key *[]byte
 }

 const (
--- a/gold/link/peer.go
+++ b/gold/link/peer.go
@@ -3,11 +3,13 @@ package link
 import (
 	"net"

+	curve "github.com/fumiama/go-x25519"
+
 	"github.com/fumiama/WireGold/gold/head"
 )

 // AddPeer 添加一个 peer
-func AddPeer(peerip string, pubicKey [32]byte, endPoint string, allowedIPs []string, keepAlive int64, allowTrans bool) (l *Link) {
+func AddPeer(peerip string, pubicKey *[32]byte, endPoint string, allowedIPs []string, keepAlive int64, allowTrans bool) (l *Link) {
 	peerip = net.ParseIP(peerip).String()
 	var ok bool
 	l, ok = IsInPeer(peerip)
@@ -21,6 +23,13 @@ func AddPeer(peerip string, pubicKey [32]byte, endPoint string, allowedIPs []str
 		peerip:     net.ParseIP(peerip),
 		allowtrans: allowTrans,
 	}
+	if pubicKey != nil {
+		c := curve.Get(privKey)
+		k, err := c.Shared(pubicKey)
+		if err == nil {
+			l.key = &k
+		}
+	}
 	if endPoint != "" {
 		e, err := net.ResolveUDPAddr("udp", endPoint)
 		if err != nil {