From 0bf84fb3f329b7cafd00090cf341c75af78a888a Mon Sep 17 00:00:00 2001
From: Mikkel Krautz <mikkel@krautz.dk>
Date: Sat, 20 Nov 2010 16:11:41 +0100
Subject: [PATCH] Use new crypto API.

---
 pkg/cryptstate/cryptstate.go      | 24 ++++++++++++------------
 pkg/cryptstate/cryptstate_test.go |  4 ++--
 pkg/mumbleproto/Makefile          |  3 ++-
 pkg/mumbleproto/Mumble.pb.go      |  4 +++-
 server.go                         | 15 ++++++++-------
 5 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/pkg/cryptstate/cryptstate.go b/pkg/cryptstate/cryptstate.go
index e857c9a..8ae3a06 100644
--- a/pkg/cryptstate/cryptstate.go
+++ b/pkg/cryptstate/cryptstate.go
@@ -80,7 +80,7 @@ func (cs *CryptState) SetKey(key []byte, eiv []byte, div[]byte) (err os.Error) {
 	return
 }
 
-func (cs *CryptState) Decrypt(src, dst []byte) (err os.Error) {
+func (cs *CryptState) Decrypt(dst, src []byte) (err os.Error) {
 	if len(src) < 4 {
 		err = os.NewError("Crypted length too short to decrypt")
 		return
@@ -177,7 +177,7 @@ func (cs *CryptState) Decrypt(src, dst []byte) (err os.Error) {
 		}
 	}
 
-	cs.OCBDecrypt(src[4:], dst[0:], cs.DecryptIV[0:], tag[0:])
+	cs.OCBDecrypt(dst[0:], src[4:], cs.DecryptIV[0:], tag[0:])
 
 	for i := 0; i < 3; i++ {
 		if tag[i] != src[i+1] {
@@ -208,7 +208,7 @@ func (cs *CryptState) Decrypt(src, dst []byte) (err os.Error) {
 	return
 }
 
-func (cs *CryptState) Encrypt(src, dst []byte) {
+func (cs *CryptState) Encrypt(dst, src []byte) {
 	var tag [AESBlockSize]byte
 
 	// First, increase our IV
@@ -219,7 +219,7 @@ func (cs *CryptState) Encrypt(src, dst []byte) {
 		}
 	}
 
-	cs.OCBEncrypt(src, dst[4:], cs.EncryptIV[0:], tag[0:])
+	cs.OCBEncrypt(dst[4:], src, cs.EncryptIV[0:], tag[0:])
 
 	dst[0] = cs.EncryptIV[0]
 	dst[1] = tag[0];
@@ -257,14 +257,14 @@ func times3(block []byte) {
 	block[AESBlockSize-1] ^= ((block[AESBlockSize-1] << 1) ^ (carry * 135))
 }
 
-func (cs *CryptState) OCBEncrypt(src []byte, dst []byte, nonce []byte, tag []byte) (err os.Error) {
+func (cs *CryptState) OCBEncrypt(dst []byte, src []byte, nonce []byte, tag []byte) (err os.Error) {
 	var delta [AESBlockSize]byte
 	var checksum [AESBlockSize]byte
 	var tmp [AESBlockSize]byte
 	var pad [AESBlockSize]byte
 	off := 0
 
-	cs.cipher.Encrypt(cs.EncryptIV[0:], delta[0:])
+	cs.cipher.Encrypt(delta[0:], cs.EncryptIV[0:])
 	zeros(checksum[0:])
 
 	remain := len(src)
@@ -284,7 +284,7 @@ func (cs *CryptState) OCBEncrypt(src []byte, dst []byte, nonce []byte, tag []byt
 	tmp[AESBlockSize-2] = uint8((uint32(num) >> 8) & 0xff)
 	tmp[AESBlockSize-1] = uint8(num & 0xff)
 	xor(tmp[0:], tmp[0:], delta[0:])
-	cs.cipher.Encrypt(tmp[0:], pad[0:])
+	cs.cipher.Encrypt(pad[0:], tmp[0:])
 	copied := copy(tmp[0:], src[off:])
 	if copied != remain {
 		err = os.NewError("Copy failed")
@@ -303,19 +303,19 @@ func (cs *CryptState) OCBEncrypt(src []byte, dst []byte, nonce []byte, tag []byt
 
 	times3(delta[0:])
 	xor(tmp[0:], delta[0:], checksum[0:])
-	cs.cipher.Encrypt(tmp[0:], tag[0:])
+	cs.cipher.Encrypt(tag[0:], tmp[0:])
 
 	return
 }
 
-func (cs *CryptState) OCBDecrypt(encrypted []byte, plain []byte, nonce []byte, tag []byte) (err os.Error) {
+func (cs *CryptState) OCBDecrypt(plain []byte, encrypted []byte, nonce []byte, tag []byte) (err os.Error) {
 	var checksum [AESBlockSize]byte
 	var delta [AESBlockSize]byte
 	var tmp [AESBlockSize]byte
 	var pad [AESBlockSize]byte
 	off := 0
 
-	cs.cipher.Encrypt(nonce[0:], delta[0:])
+	cs.cipher.Encrypt(delta[0:], nonce[0:])
 	zeros(checksum[0:])
 
 	remain := len(encrypted)
@@ -335,7 +335,7 @@ func (cs *CryptState) OCBDecrypt(encrypted []byte, plain []byte, nonce []byte, t
 	tmp[AESBlockSize-2] = uint8((uint32(num) >> 8) & 0xff)
 	tmp[AESBlockSize-1] = uint8(num & 0xff)
 	xor(tmp[0:], tmp[0:], delta[0:])
-	cs.cipher.Encrypt(tmp[0:], pad[0:])
+	cs.cipher.Encrypt(pad[0:], tmp[0:])
 	for i := 0; i < AESBlockSize; i++ {
 		tmp[i] = 0
 	}
@@ -354,7 +354,7 @@ func (cs *CryptState) OCBDecrypt(encrypted []byte, plain []byte, nonce []byte, t
 
 	times3(delta[0:])
 	xor(tmp[0:], delta[0:], checksum[0:])
-	cs.cipher.Encrypt(tmp[0:], tag[0:])
+	cs.cipher.Encrypt(tag[0:], tmp[0:])
 
 	return
 }
diff --git a/pkg/cryptstate/cryptstate_test.go b/pkg/cryptstate/cryptstate_test.go
index b185989..b7e517f 100644
--- a/pkg/cryptstate/cryptstate_test.go
+++ b/pkg/cryptstate/cryptstate_test.go
@@ -97,7 +97,7 @@ func TestEncrypt(t *testing.T) {
 
 	out := make([]byte, 19)
 	cs.SetKey(key[0:], eiv[0:], div[0:])
-	cs.Encrypt(msg[0:], out[0:])
+	cs.Encrypt(out[0:], msg[0:])
 
 	if BlockCompare(out[0:], expected[0:]) == false {
 		t.Errorf("Mismatch in output")
@@ -135,7 +135,7 @@ func TestDecrypt(t *testing.T) {
 
 	out := make([]byte, 15)
 	cs.SetKey(key[0:], div[0:], eiv[0:])
-	cs.Decrypt(crypted[0:], out[0:])
+	cs.Decrypt(out[0:], crypted[0:])
 
 	if BlockCompare(out[0:], expected[0:]) == false {
 		t.Errorf("Mismatch in output")
diff --git a/pkg/mumbleproto/Makefile b/pkg/mumbleproto/Makefile
index 973144d..00e455d 100644
--- a/pkg/mumbleproto/Makefile
+++ b/pkg/mumbleproto/Makefile
@@ -1,7 +1,8 @@
 include $(GOROOT)/src/Make.inc
 
 TARG = mumbleproto
-GOFILES = Mumble.pb.go
+GOFILES=\
+	Mumble.pb.go
 
 include $(GOROOT)/src/Make.pkg
 include $(GOROOT)/src/pkg/goprotobuf.googlecode.com/hg/Make.protobuf
diff --git a/pkg/mumbleproto/Mumble.pb.go b/pkg/mumbleproto/Mumble.pb.go
index 50f60cb..2a783ea 100644
--- a/pkg/mumbleproto/Mumble.pb.go
+++ b/pkg/mumbleproto/Mumble.pb.go
@@ -4,9 +4,11 @@
 package mumbleproto
 
 import proto "goprotobuf.googlecode.com/hg/proto"
+import "os"
 
-// Reference proto import to suppress error if it's not otherwise used.
+// Reference proto & os imports to suppress error if it's not otherwise used.
 var _ = proto.GetString
+var _ os.Error
 
 type Reject_RejectType int32
 const (
diff --git a/server.go b/server.go
index 5edb732..437868b 100644
--- a/server.go
+++ b/server.go
@@ -426,7 +426,7 @@ func (s *Server) SendUDP() {
 		if msg.client != nil {
 			// These are to be crypted...
 			crypted := make([]byte, len(msg.buf)+4)
-			msg.client.crypt.Encrypt(msg.buf, crypted)
+			msg.client.crypt.Encrypt(crypted, msg.buf)
 			//s.udpconn.WriteTo(crypted, msg.client.udpaddr)
 			b := make([]byte, 1)
 			s.udpconn.WriteTo(b, msg.client.udpaddr)
@@ -488,7 +488,7 @@ func (server *Server) ListenUDP() {
 			server.hmutex.Lock()
 			client, ok := server.hpclients[udpaddr.String()]
 			if ok {
-				err = client.crypt.Decrypt(buf[0:nread], plain[0:])
+				err = client.crypt.Decrypt(plain[0:], buf[0:nread])
 				if err != nil {
 					log.Panicf("Unable to decrypt incoming packet for client %v (host-port matched)", client)
 				}
@@ -497,25 +497,26 @@ func (server *Server) ListenUDP() {
 				host := udpaddr.IP.String()
 				hostclients := server.hclients[host]
 				for _, client := range hostclients {
-					err = client.crypt.Decrypt(buf[0:nread], plain[0:])
+					err = client.crypt.Decrypt(plain[0:], buf[0:nread])
 					if err != nil {
 						continue
 					} else {
 						match = client
 					}
 				}
+				if match != nil {
+					match.udpaddr = udpaddr
+					server.hpclients[udpaddr.String()] = match
+				}
 			}
 			server.hmutex.Unlock()
 
 			// No client found.
 			if match == nil {
-				log.Printf("No match found for packet. Discarding...")
+				log.Printf("Sender of UDP packet could not be determined. Packet dropped.")
 				continue
 			}
 
-			if match.udpaddr == nil {
-				match.udpaddr = udpaddr
-			}
 			match.udp = true
 			match.udprecv <- plain
 		}