You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

99 lines
3.0KB

  1. `(== 64 64)
  2. (seed (in "/dev/urandom" (rd 8)))
  3. (load "blake2s.l")
  4. (load "functions.l")
  5. # wg genkey | tee privatekey | wg pubkey > publickey
  6. # for both peers
  7. (setq
  8. *Pubi (154 108 43 117 98 96 69 36 205 12 89 138 107 175 219 237 218 223 2 25 78 197 229 42 161 22 45 60 130 106 169 102)
  9. *Privi (232 43 9 6 248 75 27 169 97 126 88 32 208 140 114 173 95 149 255 62 139 2 8 127 54 255 130 168 40 84 17 72)
  10. *Pubr (214 143 204 172 63 57 112 125 125 190 140 169 63 119 171 108 130 46 190 121 99 219 249 142 167 220 168 224 249 168 61 54)
  11. *Privr (248 148 179 185 130 100 196 122 238 78 101 10 230 150 76 244 2 227 25 212 241 42 21 240 122 207 198 61 28 22 35 123)
  12. # initiator
  13. *Ei (ephemrl-pair)
  14. *Ci (hash32 *CONSTRUCTION)
  15. *Hi (hash32 (append *Ci *IDENTIFIER))
  16. *Hi (hash32 (append *Hi *Pubr))
  17. *Empty T
  18. *Ki NIL
  19. # responder
  20. *Er (ephemrl-pair)
  21. *Cr (hash32 *CONSTRUCTION)
  22. *Hr (hash32 (append *Cr *IDENTIFIER))
  23. *Hr (hash32 (append *Hr *Pubr))
  24. *Plain NIL
  25. *Kr NIL)
  26. (de initiator NIL # write e, es, s, ss
  27. (make
  28. (link (pub *Ei))
  29. (setq
  30. *Ci (kdf1 *Ci (pub *Ei))
  31. *Hi (hash32 (append *Hi (pub *Ei)))
  32. @ (kdf2 *Ci (dh (prv *Ei) *Pubr))
  33. *Ci (car @)
  34. *Ki (cadr @) )
  35. (link (setq @ (lock_aead *Ki (nonce 0) *Pubi *Hi)))
  36. (setq *Hi (hash32 (append *Hi @))) ) )
  37. (de initiator2 (Lst) # read e, ee, se
  38. (let (Er (car Lst) Crypted (cadr Lst))
  39. (setq
  40. *Ci (kdf1 *Ci Er)
  41. *Hi (hash32 (append *Hi Er))
  42. *Ci (kdf1 *Ci (dh (prv *Ei) Er))
  43. *Ci (kdf1 *Ci (dh *Privi Er))
  44. @ (kdf3 *Ci (need 32 0)) # zero PSK
  45. *Ci (car @)
  46. *Ki (caddr @)
  47. *Hi (hash32 (append *Hi (cadr @)))
  48. *Empty (unlock_aead *Ki (nonce 0) Crypted *Hi)
  49. *Hi (hash32 (append *Hi Crypted)) ) ) )
  50. (de responder (Lst)
  51. (let (Ei (car Lst) Crypted (cadr Lst))
  52. (make
  53. # read e, es, s, ss
  54. (setq
  55. *Cr (kdf1 *Cr Ei)
  56. *Hr (hash32 (append *Hr Ei))
  57. @ (kdf2 *Cr (dh *Privr Ei))
  58. *Cr (car @)
  59. *Kr (cadr @)
  60. *Plain (unlock_aead *Kr (nonce 0) Crypted *Hr)
  61. *Hr (hash32 (append *Hr Crypted)) )
  62. # between phases values are equal
  63. (test *Ci *Cr)
  64. (test *Ki *Kr)
  65. (test *Hi *Hr)
  66. (test *Pubi *Plain)
  67. # write e, ee, se
  68. (link (pub *Er))
  69. (setq
  70. *Cr (kdf1 *Cr (pub *Er))
  71. *Hr (hash32 (append *Hr (pub *Er)))
  72. *Cr (kdf1 *Cr (dh (prv *Er) Ei))
  73. *Cr (kdf1 *Cr (dh (prv *Er) *Plain))
  74. @ (kdf3 *Cr (need 32 0)) # zero PSK
  75. *Cr (car @)
  76. *Kr (caddr @)
  77. *Hr (hash32 (append *Hr (cadr @))) )
  78. (link (setq @ (lock_aead *Kr (nonce 0) NIL *Hr)))
  79. (setq *Hr (hash32 (append *Hr @))) ) ) )
  80. # full handshake steps
  81. (initiator2
  82. (responder
  83. (initiator) ) )
  84. # after handshake values are equal too
  85. (test NIL *Empty) # empty payload
  86. (test *Hi *Hr)
  87. (test *Ki *Kr)
  88. (test *Ci *Cr)
  89. # ready for split keys
  90. (msg 'OK-phase1)