grumble: add support for crypto mode negotiation.

client.go

@@ -71,6 +71,7 @@ type Client struct {
 	ClientName string
 	OSName     string
 	OSVersion  string
+	CryptoMode string
 
 	// Personal
 	Username        string
@@ -483,8 +484,9 @@ func (client *Client) tlsRecvLoop() {
 		// what version of the protocol it should speak.
 		if client.state == StateClientConnected {
 			version := &mumbleproto.Version{
-				Version: proto.Uint32(0x10203),
+				Version:     proto.Uint32(0x10205),
-				Release: proto.String("Grumble"),
+				Release:     proto.String("Grumble"),
+				CryptoModes: cryptstate.SupportedModes(),
 			}
 			if client.server.cfg.BoolValue("SendOSInfo") {
 				version.Os = proto.String(runtime.GOOS)
@@ -529,6 +531,32 @@ func (client *Client) tlsRecvLoop() {
 				client.OSVersion = *version.OsVersion
 			}
 
+			// Extract the client's supported crypto mode.
+			// If the client does not pick a crypto mode
+			// itself, use an invalid mode (the empty string)
+			// as its requested mode. This is effectively
+			// a flag asking for the default crypto mode.
+			requestedMode := ""
+			if len(version.CryptoModes) > 0 {
+				requestedMode = version.CryptoModes[0]
+			}
+
+			// Check if the requested crypto mode is supported
+			// by us. If not, fall back to the default crypto
+			// mode.
+			supportedModes := cryptstate.SupportedModes()
+			ok := false
+			for _, mode := range supportedModes {
+				if requestedMode == mode {
+					ok = true
+					break
+				}
+			}
+			if !ok {
+				requestedMode = "OCB2-AES128"
+			}
+
+			client.CryptoMode = requestedMode
 			client.state = StateClientSentVersion
 		}
 	}

pkg/cryptstate/cryptstate.go

@@ -36,6 +36,11 @@ type CryptState struct {
 	cipher cipher.Block
 }
 
+// SupportedModes returns the list of supported CryptoModes.
+func SupportedModes() []string {
+	return []string{"OCB2-AES128"}
+}
+
 func (cs *CryptState) GenerateKey() error {
 	_, err := io.ReadFull(rand.Reader, cs.RawKey[0:])
 	if err != nil {
@@ -239,4 +244,4 @@ func (cs *CryptState) Encrypt(dst, src []byte) {
 	dst[3] = tag[2]
 
 	return
-}
+}

pkg/mumbleproto/Mumble.pb.go

@@ -206,11 +206,12 @@ func (x *ContextActionModify_Operation) UnmarshalJSON(data []byte) error {
 }
 
 type Version struct {
-	Version          *uint32 `protobuf:"varint,1,opt,name=version" json:"version,omitempty"`
+	Version          *uint32  `protobuf:"varint,1,opt,name=version" json:"version,omitempty"`
-	Release          *string `protobuf:"bytes,2,opt,name=release" json:"release,omitempty"`
+	Release          *string  `protobuf:"bytes,2,opt,name=release" json:"release,omitempty"`
-	Os               *string `protobuf:"bytes,3,opt,name=os" json:"os,omitempty"`
+	Os               *string  `protobuf:"bytes,3,opt,name=os" json:"os,omitempty"`
-	OsVersion        *string `protobuf:"bytes,4,opt,name=os_version" json:"os_version,omitempty"`
+	OsVersion        *string  `protobuf:"bytes,4,opt,name=os_version" json:"os_version,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
+	CryptoModes      []string `protobuf:"bytes,5,rep,name=crypto_modes" json:"crypto_modes,omitempty"`
+	XXX_unrecognized []byte   `json:"-"`
 }
 
 func (this *Version) Reset()         { *this = Version{} }

pkg/mumbleproto/Mumble.proto

@@ -7,6 +7,7 @@ message	Version {
 	optional string release = 2;
 	optional string os = 3;
 	optional string os_version = 4;
+	repeated string crypto_modes = 5;
 }
 
 message UDPTunnel {