From ea027c6e4a8047ef1117544d4a80a77f70d56183 Mon Sep 17 00:00:00 2001 From: Dustin Stiles Date: Sun, 9 Mar 2025 17:09:21 -0400 Subject: [PATCH] refactoring time --- pkg/crypto/encryption/aead.go | 25 ++++++++- pkg/crypto/identity/ecdsa.go | 92 ++++++++++++++++++++----------- pkg/crypto/identity/ecdsa_test.go | 62 +++++++++++++++++++++ pkg/crypto/keyexchange/ecdh.go | 8 +-- pkg/frame/frame.go | 4 +- pkg/frame/frame_test.go | 4 +- pkg/handshake/bench.txt | 4 +- pkg/handshake/handshake.go | 52 ++++++++--------- pkg/handshake/handshake_test.go | 16 +++--- pkg/network/addr.go | 4 +- pkg/network/conn.go | 4 +- pkg/network/listener.go | 2 +- pkg/network/network.go | 2 +- tool/genkey/main.go | 2 +- 14 files changed, 196 insertions(+), 85 deletions(-) create mode 100644 pkg/crypto/identity/ecdsa_test.go diff --git a/pkg/crypto/encryption/aead.go b/pkg/crypto/encryption/aead.go index 03ab39e..d57eb00 100644 --- a/pkg/crypto/encryption/aead.go +++ b/pkg/crypto/encryption/aead.go @@ -8,8 +8,17 @@ import ( "io" ) -// Encrypt uses AES-GCM to encrypt the given plaintext with the given key. +//16 24 32 + +// Encrypt uses AES-GCM to encrypt the given plaintext with the given key. The +// plaintext is sealed with a 12-byte nonce, which is prepended to the ciphertext. func Encrypt(key, plaintext []byte) ([]byte, error) { + switch len(key) { + case 16, 24, 32: // AES-128, AES-192, AES-256 + default: + return nil, errors.New("invalid key length") + } + block, err := aes.NewCipher(key) if err != nil { return nil, err @@ -30,8 +39,20 @@ func Encrypt(key, plaintext []byte) ([]byte, error) { return ciphertext, nil } -// Decrypt uses AES-GCM to decrypt the given ciphertext with the given key. +// Decrypt uses AES-GCM to decrypt the given ciphertext with the given key. This +// function expects that the first 12 bytes of the ciphertext are the nonce that +// was used to encrypt the plaintext. func Decrypt(key, ciphertext []byte) ([]byte, error) { + switch len(key) { + case 16, 24, 32: // AES-128, AES-192, AES-256 + default: + return nil, errors.New("invalid key length") + } + + if len(ciphertext) < 12 { + return nil, errors.New("ciphertext too short") + } + block, err := aes.NewCipher(key) if err != nil { return nil, err diff --git a/pkg/crypto/identity/ecdsa.go b/pkg/crypto/identity/ecdsa.go index 5005af5..8b75b03 100644 --- a/pkg/crypto/identity/ecdsa.go +++ b/pkg/crypto/identity/ecdsa.go @@ -5,16 +5,16 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/x509" - "encoding/json" "encoding/pem" "fmt" - "math/big" "os" ) var ( // DefaultSigningCurve is the default elliptic curve used for signing. DefaultSigningCurve = elliptic.P384 + + ExportedPublicKeySize = 215 ) func LoadSigningKeyFromFile(filePath string) (*ecdsa.PrivateKey, error) { @@ -37,8 +37,8 @@ func LoadSigningKeyFromFile(filePath string) (*ecdsa.PrivateKey, error) { return masterKey, nil } -// GenerateSigningKey generates a new ECDSA private key for signing. -func GenerateSigningKey() (*ecdsa.PrivateKey, error) { +// Generate generates a new ECDSA private key for signing. +func Generate() (*ecdsa.PrivateKey, error) { return ecdsa.GenerateKey(DefaultSigningCurve(), rand.Reader) } @@ -52,35 +52,63 @@ func Verify(pub *ecdsa.PublicKey, data, signature []byte) bool { return ecdsa.VerifyASN1(pub, data, signature) } -// ExportPublicSigningKey exports the public key as a byte slice. -func ExportPublicSigningKey(pub *ecdsa.PublicKey) ([]byte, error) { - data := struct { - N []byte `json:"n"` - PubX []byte `json:"pub_x"` - PubY []byte `json:"pub_y"` - }{ - N: pub.Curve.Params().N.Bytes(), - PubX: pub.X.Bytes(), - PubY: pub.Y.Bytes(), - } - return json.Marshal(data) -} - -// ImportPublicSigningKey imports the public key from a byte slice. -func ImportPublicSigningKey(pubBytes []byte) (*ecdsa.PublicKey, error) { - var data struct { - N []byte `json:"n"` - PubX []byte `json:"pub_x"` - PubY []byte `json:"pub_y"` - } - if err := json.Unmarshal(pubBytes, &data); err != nil { +// ExportPrivateKey exports the private key as a byte slice. +func ExportPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) { + der, err := x509.MarshalECPrivateKey(key) + if err != nil { return nil, err } - params := new(ecdsa.PublicKey) - params.Curve = DefaultSigningCurve() - params.X = new(big.Int).SetBytes(data.PubX) - params.Y = new(big.Int).SetBytes(data.PubY) - - return params, nil + return pem.EncodeToMemory(&pem.Block{ + Type: "PRIVATE KEY", + Bytes: der, + }), nil +} + +// ExportPublicKey exports the public key as a byte slice. +func ExportPublicKey(key *ecdsa.PublicKey) ([]byte, error) { + der, err := x509.MarshalPKIXPublicKey(key) + if err != nil { + return nil, err + } + + return pem.EncodeToMemory(&pem.Block{ + Type: "PUBLIC KEY", + Bytes: der, + }), nil +} + +// ImportPrivateKey imports the private key from a byte slice. +func ImportPrivateKey(keyBytes []byte) (*ecdsa.PrivateKey, error) { + block, _ := pem.Decode(keyBytes) + if block == nil { + return nil, fmt.Errorf("failed to decode private key") + } + + privKey, err := x509.ParseECPrivateKey(block.Bytes) + if err != nil { + return nil, err + } + + return privKey, nil +} + +// ImportPublicKey imports the public key from a byte slice. +func ImportPublicKey(keyBytes []byte) (*ecdsa.PublicKey, error) { + block, _ := pem.Decode(keyBytes) + if block == nil { + return nil, fmt.Errorf("failed to decode public key") + } + + pubKeyAny, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return nil, err + } + + pubKey, ok := pubKeyAny.(*ecdsa.PublicKey) + if !ok { + return nil, fmt.Errorf("not an ECDSA public key") + } + + return pubKey, nil } diff --git a/pkg/crypto/identity/ecdsa_test.go b/pkg/crypto/identity/ecdsa_test.go new file mode 100644 index 0000000..65ae29c --- /dev/null +++ b/pkg/crypto/identity/ecdsa_test.go @@ -0,0 +1,62 @@ +package identity_test + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "log" + "testing" + + "koti.casa/numenor-labs/dsfx/pkg/crypto/identity" +) + +func TestImportExportPrivate(t *testing.T) { + key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + t.Fatalf("failed to generate key: %v", err) + return + } + + exported, err := identity.ExportPrivateKey(key) + if err != nil { + t.Fatalf("failed to export key: %v", err) + return + } + + imported, err := identity.ImportPrivateKey(exported) + if err != nil { + t.Fatalf("failed to import key: %v", err) + return + } + + if !key.Equal(imported) { + t.Fatalf("imported key does not match original") + return + } +} + +func TestImportExportPublic(t *testing.T) { + key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + t.Fatalf("failed to generate key: %v", err) + return + } + + exported, err := identity.ExportPublicKey(&key.PublicKey) + if err != nil { + t.Fatalf("failed to export key: %v", err) + return + } + + log.Println("keylen", len(exported)) + imported, err := identity.ImportPublicKey(exported) + if err != nil { + t.Fatalf("failed to import key: %v", err) + return + } + + if !key.PublicKey.Equal(imported) { + t.Fatalf("imported key does not match original") + return + } +} diff --git a/pkg/crypto/keyexchange/ecdh.go b/pkg/crypto/keyexchange/ecdh.go index 34ac89e..34375c8 100644 --- a/pkg/crypto/keyexchange/ecdh.go +++ b/pkg/crypto/keyexchange/ecdh.go @@ -32,12 +32,12 @@ func ComputeDHSecret(priv *ecdh.PrivateKey, pub *ecdh.PublicKey) ([]byte, error) return key, nil } -// ExportDHPublicKey exports the public key as a byte slice. -func ExportDHPublicKey(pub *ecdh.PublicKey) ([]byte, error) { +// ExportPublicKey exports the public key as a byte slice. +func ExportPublicKey(pub *ecdh.PublicKey) ([]byte, error) { return pub.Bytes(), nil } -// ImportDHPublicKey imports the public key from a byte slice. -func ImportDHPublicKey(data []byte) (*ecdh.PublicKey, error) { +// ImportPublicKey imports the public key from a byte slice. +func ImportPublicKey(data []byte) (*ecdh.PublicKey, error) { return DefaultDHCurve().NewPublicKey(data) } diff --git a/pkg/frame/frame.go b/pkg/frame/frame.go index 9cfa628..e28f8db 100644 --- a/pkg/frame/frame.go +++ b/pkg/frame/frame.go @@ -17,8 +17,8 @@ type Frame struct { contents []byte } -// NewFrame creates a new Frame with a length prefix. -func NewFrame(contents []byte) *Frame { +// New creates a new Frame with a length prefix. +func New(contents []byte) *Frame { return &Frame{ contents: contents, } diff --git a/pkg/frame/frame_test.go b/pkg/frame/frame_test.go index 593a801..f969620 100644 --- a/pkg/frame/frame_test.go +++ b/pkg/frame/frame_test.go @@ -16,7 +16,7 @@ func TestLenPrefixedWriteTo(t *testing.T) { // When ... - n, err := frame.NewFrame(msg).WriteTo(buf) + n, err := frame.New(msg).WriteTo(buf) // Then ... @@ -49,7 +49,7 @@ func TestLenPrefixedReadFrom(t *testing.T) { expectedBytesRead := len(msg) // When ... - f := frame.NewFrame(nil) + f := frame.New(nil) n, err := f.ReadFrom(buf) // Then ... diff --git a/pkg/handshake/bench.txt b/pkg/handshake/bench.txt index 49609ee..da6fc9a 100644 --- a/pkg/handshake/bench.txt +++ b/pkg/handshake/bench.txt @@ -2,6 +2,6 @@ goos: linux goarch: amd64 pkg: koti.casa/numenor-labs/dsfx/pkg/handshake cpu: Intel(R) Core(TM) Ultra 9 185H -BenchmarkHandshake-22 530 2233341 ns/op +BenchmarkHandshake-22 530 2267189 ns/op PASS -ok koti.casa/numenor-labs/dsfx/pkg/handshake 1.192s +ok koti.casa/numenor-labs/dsfx/pkg/handshake 1.212s diff --git a/pkg/handshake/handshake.go b/pkg/handshake/handshake.go index 3d3697a..9080bd5 100644 --- a/pkg/handshake/handshake.go +++ b/pkg/handshake/handshake.go @@ -29,9 +29,9 @@ const ( BoxedServerAuthMessageSize = 130 ) -// Handshake initiates the handshake process between the given actor +// Initiate initiates the handshake process between the given actor // and the remote actor. -func Handshake( +func Initiate( ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecdsa.PrivateKey, @@ -52,7 +52,7 @@ func Handshake( logger.DebugContext(ctx, "exporting dh key") // Export the public key of the actor's ECDH private key. - ourDHKeyRaw, err := keyexchange.ExportDHPublicKey(ourDHKey.PublicKey()) + ourDHKeyRaw, err := keyexchange.ExportPublicKey(ourDHKey.PublicKey()) if err != nil { return nil, err } @@ -60,7 +60,7 @@ func Handshake( // Write the actor's public key to the connection. logger.DebugContext(ctx, "sending dh key", slog.Int("key.size", len(ourDHKeyRaw))) - _, err = frame.NewFrame(ourDHKeyRaw).WriteTo(conn) + _, err = frame.New(ourDHKeyRaw).WriteTo(conn) if err != nil { return nil, err } @@ -70,7 +70,7 @@ func Handshake( // Read the remote actor's public key from the connection. logger.DebugContext(ctx, "waiting for server's dh key") - remoteDHKeyFrame := frame.NewFrame(nil) + remoteDHKeyFrame := frame.New(nil) _, err = remoteDHKeyFrame.ReadFrom(conn) if err != nil { return nil, err @@ -81,7 +81,7 @@ func Handshake( // Import the remote actor's public key. logger.DebugContext(ctx, "importing server's dh key") - remoteDHKey, err := keyexchange.ImportDHPublicKey(remoteDHKeyFrame.Contents()) + remoteDHKey, err := keyexchange.ImportPublicKey(remoteDHKeyFrame.Contents()) if err != nil { return nil, err } @@ -91,13 +91,13 @@ func Handshake( // Export the public key of the actor's signing key. logger.DebugContext(ctx, "exporting public signing key") - ourPublicKeyRaw, err := identity.ExportPublicSigningKey(&lPrivKey.PublicKey) + ourPublicKeyRaw, err := identity.ExportPublicKey(&lPrivKey.PublicKey) if err != nil { return nil, err } logger.DebugContext(ctx, "exporting remote public signing key") - remotePublicKeyRaw, err := identity.ExportPublicSigningKey(rPubKey) + remotePublicKeyRaw, err := identity.ExportPublicKey(rPubKey) if err != nil { return nil, err } @@ -143,7 +143,7 @@ func Handshake( // Write the boxed message to the connection. logger.DebugContext(ctx, "sending authentication message", slog.Int("message.size", len(boxedMsg))) - _, err = frame.NewFrame(boxedMsg).WriteTo(conn) + _, err = frame.New(boxedMsg).WriteTo(conn) if err != nil { return nil, err } @@ -153,7 +153,7 @@ func Handshake( // Read the authentication message from the connection. logger.DebugContext(ctx, "waiting for server's authentication message") - authMessageFrame := frame.NewFrame(nil) + authMessageFrame := frame.New(nil) n, err := authMessageFrame.ReadFrom(conn) if err != nil { return nil, err @@ -170,7 +170,7 @@ func Handshake( // The server authentication is just verifying the signature it created of // the client authentication message. logger.DebugContext(ctx, "importing server's public signing key") - remotePublicKey, err := identity.ImportPublicSigningKey(remotePublicKeyRaw) + remotePublicKey, err := identity.ImportPublicKey(remotePublicKeyRaw) if err != nil { return nil, err } @@ -183,7 +183,7 @@ func Handshake( // Finally, we need to let the server know that the handshake is complete. logger.DebugContext(ctx, "sending handshake complete message") handshakeCompleteMsg := []byte{0x01} - _, err = frame.NewFrame(handshakeCompleteMsg).WriteTo(conn) + _, err = frame.New(handshakeCompleteMsg).WriteTo(conn) if err != nil { return nil, err } @@ -192,9 +192,9 @@ func Handshake( return derivedKey, nil } -// AcceptHandshake accepts a handshake from the given actor and connection. It +// Accept accepts a handshake from the given actor and connection. It // returns the shared secret between the actor and the remote actor. -func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecdsa.PrivateKey) (*ecdsa.PublicKey, []byte, error) { +func Accept(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecdsa.PrivateKey) (*ecdsa.PublicKey, []byte, error) { logger := logging.FromContext(ctx).WithGroup("handshake") // ------------------------------------------------------------------------ @@ -202,7 +202,7 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd // Read the remote actor's public key from the connection. logger.DebugContext(ctx, "waiting for client's dh key") - remoteDHKeyFrame := frame.NewFrame(nil) + remoteDHKeyFrame := frame.New(nil) _, err := remoteDHKeyFrame.ReadFrom(conn) if err != nil { return nil, nil, err @@ -210,7 +210,7 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd // Import the remote actor's public key. logger.DebugContext(ctx, "importing client's dh key") - remoteDHKey, err := keyexchange.ImportDHPublicKey(remoteDHKeyFrame.Contents()) + remoteDHKey, err := keyexchange.ImportPublicKey(remoteDHKeyFrame.Contents()) if err != nil { return nil, nil, err } @@ -227,14 +227,14 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd // Export the public key of the actor's ECDH private key. logger.DebugContext(ctx, "exporting dh key") - ourDHKeyRaw, err := keyexchange.ExportDHPublicKey(ourDHKey.PublicKey()) + ourDHKeyRaw, err := keyexchange.ExportPublicKey(ourDHKey.PublicKey()) if err != nil { return nil, nil, err } // Write the actor's public key to the connection. logger.DebugContext(ctx, "sending dh key", slog.Int("key.size", len(ourDHKeyRaw))) - _, err = frame.NewFrame(ourDHKeyRaw).WriteTo(conn) + _, err = frame.New(ourDHKeyRaw).WriteTo(conn) if err != nil { return nil, nil, err } @@ -244,7 +244,7 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd // Read the authentication message from the connection. logger.DebugContext(ctx, "waiting for client's authentication message") - authMessageFrame := frame.NewFrame(nil) + authMessageFrame := frame.New(nil) n, err := authMessageFrame.ReadFrom(conn) if err != nil { return nil, nil, err @@ -264,12 +264,12 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd return nil, nil, err } - clientPublicKeyRaw := plaintext[:222] - signature := plaintext[222:] + clientPublicKeyRaw := plaintext[:identity.ExportedPublicKeySize] + signature := plaintext[identity.ExportedPublicKeySize:] // Verify the client's public key and signature. logger.DebugContext(ctx, "importing client's public signing key") - clientPublicKey, err := identity.ImportPublicSigningKey(clientPublicKeyRaw) + clientPublicKey, err := identity.ImportPublicKey(clientPublicKeyRaw) if err != nil { return nil, nil, err } @@ -309,14 +309,14 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd // Send the server's signature back to the client. logger.DebugContext(ctx, "sending authentication message", slog.Int("message.size", len(boxedMsg))) - _, err = frame.NewFrame(boxedMsg).WriteTo(conn) + _, err = frame.New(boxedMsg).WriteTo(conn) if err != nil { return nil, nil, err } logger.DebugContext(ctx, "waiting for handshake complete message") // Read the handshake complete message from the client. - handshakeCompleteFrame := frame.NewFrame(nil) + handshakeCompleteFrame := frame.New(nil) _, err = handshakeCompleteFrame.ReadFrom(conn) if err != nil { return nil, nil, err @@ -333,11 +333,11 @@ func AcceptHandshake(ctx context.Context, conn io.ReadWriteCloser, lPrivKey *ecd } func buildMessage(clientPubKey *ecdh.PublicKey, serverPubKey *ecdh.PublicKey) ([]byte, error) { - clientPubKeyRaw, err := keyexchange.ExportDHPublicKey(clientPubKey) + clientPubKeyRaw, err := keyexchange.ExportPublicKey(clientPubKey) if err != nil { return nil, err } - serverPubKeyRaw, err := keyexchange.ExportDHPublicKey(serverPubKey) + serverPubKeyRaw, err := keyexchange.ExportPublicKey(serverPubKey) if err != nil { return nil, err } diff --git a/pkg/handshake/handshake_test.go b/pkg/handshake/handshake_test.go index ac8a633..7bd4348 100644 --- a/pkg/handshake/handshake_test.go +++ b/pkg/handshake/handshake_test.go @@ -18,9 +18,9 @@ func TestHandshake(t *testing.T) { ctx := context.Background() // alice, represented by an ecdsa key pair. - alice, _ := identity.GenerateSigningKey() + alice, _ := identity.Generate() // bob, also represented by an ecdsa key pair. - bob, _ := identity.GenerateSigningKey() + bob, _ := identity.Generate() var ( // the secret that alice should arrive at on her own @@ -47,11 +47,11 @@ func TestHandshake(t *testing.T) { var wg sync.WaitGroup wg.Add(2) go func() { - aliceSecret, aliceErr = handshake.Handshake(ctx, client, alice, &bob.PublicKey) + aliceSecret, aliceErr = handshake.Initiate(ctx, client, alice, &bob.PublicKey) wg.Done() }() go func() { - discoveredAlicePublicKey, bobSecret, bobErr = handshake.AcceptHandshake(ctx, server, bob) + discoveredAlicePublicKey, bobSecret, bobErr = handshake.Accept(ctx, server, bob) wg.Done() }() wg.Wait() @@ -94,9 +94,9 @@ func runSimulation() error { ctx := context.Background() // alice, represented by an ecdsa key pair. - alice, _ := identity.GenerateSigningKey() + alice, _ := identity.Generate() // bob, also represented by an ecdsa key pair. - bob, _ := identity.GenerateSigningKey() + bob, _ := identity.Generate() var ( // the secret that alice should arrive at on her own @@ -123,11 +123,11 @@ func runSimulation() error { var wg sync.WaitGroup wg.Add(2) go func() { - _, aliceErr = handshake.Handshake(ctx, client, alice, &bob.PublicKey) + _, aliceErr = handshake.Initiate(ctx, client, alice, &bob.PublicKey) wg.Done() }() go func() { - _, _, bobErr = handshake.AcceptHandshake(ctx, server, bob) + _, _, bobErr = handshake.Accept(ctx, server, bob) wg.Done() }() wg.Wait() diff --git a/pkg/network/addr.go b/pkg/network/addr.go index 39fc799..970ed82 100644 --- a/pkg/network/addr.go +++ b/pkg/network/addr.go @@ -60,7 +60,7 @@ func ParseAddr(addrRaw string) (*Addr, error) { return nil, ErrInvalidFormat } - publicKey, err := identity.ImportPublicSigningKey(publicKeyBytes) + publicKey, err := identity.ImportPublicKey(publicKeyBytes) if err != nil { return nil, ErrInvalidFormat } @@ -86,7 +86,7 @@ func (a *Addr) Network() string { // String implements net.Addr. func (a *Addr) String() string { - exported, _ := identity.ExportPublicSigningKey(a.publicKey) + exported, _ := identity.ExportPublicKey(a.publicKey) exportedBase64 := base64.StdEncoding.EncodeToString(exported) return fmt.Sprintf("%s://%s:%d#%s", a.network, a.ip, a.port, exportedBase64) } diff --git a/pkg/network/conn.go b/pkg/network/conn.go index 083c441..8b7d986 100644 --- a/pkg/network/conn.go +++ b/pkg/network/conn.go @@ -28,7 +28,7 @@ func NewConn(conn *net.TCPConn, sessionKey []byte, localIdentity, remoteIdentity // The ciphertext that is actually transferred over the network is larger, so you // should not rely on this number as an indication of network metrics. func (c *Conn) Read(b []byte) (int, error) { - f := frame.NewFrame(nil) + f := frame.New(nil) _, err := f.ReadFrom(c.conn) if err != nil { return 0, err @@ -47,7 +47,7 @@ func (c *Conn) Write(b []byte) (int, error) { if err != nil { return 0, err } - _, err = frame.NewFrame(ciphertext).WriteTo(c.conn) + _, err = frame.New(ciphertext).WriteTo(c.conn) if err != nil { return 0, err } diff --git a/pkg/network/listener.go b/pkg/network/listener.go index a3da2c1..0ebd344 100644 --- a/pkg/network/listener.go +++ b/pkg/network/listener.go @@ -25,7 +25,7 @@ func (l *Listener) Accept() (net.Conn, error) { return nil, err } - clientIdentity, sessionKey, err := handshake.AcceptHandshake(ctx, conn, l.identity) + clientIdentity, sessionKey, err := handshake.Accept(ctx, conn, l.identity) if err != nil { return nil, err } diff --git a/pkg/network/network.go b/pkg/network/network.go index 0b0ed00..309ab4b 100644 --- a/pkg/network/network.go +++ b/pkg/network/network.go @@ -21,7 +21,7 @@ func Dial( return nil, err } - sessionKey, err := handshake.Handshake(ctx, conn, identity, raddr.PublicKey()) + sessionKey, err := handshake.Initiate(ctx, conn, identity, raddr.PublicKey()) if err != nil { return nil, err } diff --git a/tool/genkey/main.go b/tool/genkey/main.go index 08be656..676cad9 100644 --- a/tool/genkey/main.go +++ b/tool/genkey/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - key, err := identity.GenerateSigningKey() + key, err := identity.Generate() if err != nil { panic(err) }