2021-09-20 02:03:47 +08:00
package ncutils
2021-08-31 03:58:23 +08:00
import (
2022-01-30 04:02:37 +08:00
"bytes"
2022-01-29 04:33:30 +08:00
crand "crypto/rand"
2021-09-18 23:01:34 +08:00
"crypto/tls"
2022-01-30 04:02:37 +08:00
"encoding/gob"
2021-08-31 03:58:23 +08:00
"errors"
"fmt"
2021-09-20 02:03:47 +08:00
"io"
2021-08-31 03:58:23 +08:00
"log"
"math/rand"
"net"
"net/http"
"os"
2021-09-20 02:03:47 +08:00
"os/exec"
2022-01-31 07:11:22 +08:00
"path/filepath"
2021-11-16 00:42:52 +08:00
"regexp"
2021-08-31 03:58:23 +08:00
"runtime"
"strconv"
"strings"
"time"
2021-11-12 21:53:50 +08:00
2022-01-26 23:40:39 +08:00
"github.com/gravitl/netmaker/models"
2022-01-30 04:02:37 +08:00
"golang.org/x/crypto/nacl/box"
2021-08-31 03:58:23 +08:00
"golang.zx2c4.com/wireguard/wgctrl"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
2021-09-18 23:01:34 +08:00
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
2021-08-31 03:58:23 +08:00
)
2021-12-09 05:52:32 +08:00
// MAX_NAME_LENGTH - maximum node name length
const MAX_NAME_LENGTH = 62
2021-10-09 03:07:12 +08:00
// NO_DB_RECORD - error message result
2021-08-31 03:58:23 +08:00
const NO_DB_RECORD = "no result found"
2021-10-09 03:07:12 +08:00
// NO_DB_RECORDS - error record result
2021-08-31 03:58:23 +08:00
const NO_DB_RECORDS = "could not find any records"
2021-10-09 03:07:12 +08:00
// LINUX_APP_DATA_PATH - linux path
2021-08-31 03:58:23 +08:00
const LINUX_APP_DATA_PATH = "/etc/netclient"
2021-10-09 03:07:12 +08:00
// WINDOWS_APP_DATA_PATH - windows path
2021-08-31 03:58:23 +08:00
const WINDOWS_APP_DATA_PATH = "C:\\ProgramData\\Netclient"
2021-10-09 03:07:12 +08:00
2021-11-15 05:50:20 +08:00
// WINDOWS_APP_DATA_PATH - windows path
2021-12-12 23:16:53 +08:00
const WINDOWS_WG_DPAPI_PATH = "C:\\Program Files\\WireGuard\\Data\\Configurations"
2021-11-15 05:50:20 +08:00
2021-10-09 03:07:12 +08:00
// WINDOWS_SVC_NAME - service name
2021-08-31 03:58:23 +08:00
const WINDOWS_SVC_NAME = "netclient"
2021-10-09 03:07:12 +08:00
// NETCLIENT_DEFAULT_PORT - default port
2021-09-11 03:48:18 +08:00
const NETCLIENT_DEFAULT_PORT = 51821
2021-10-09 03:07:12 +08:00
// DEFAULT_GC_PERCENT - garbage collection percent
2021-09-11 03:48:18 +08:00
const DEFAULT_GC_PERCENT = 10
2021-08-31 03:58:23 +08:00
2022-01-29 04:33:30 +08:00
// KEY_SIZE = ideal length for keys
2022-01-29 07:33:30 +08:00
const KEY_SIZE = 2048
2022-01-29 04:33:30 +08:00
2021-10-09 03:07:12 +08:00
// Log - logs a message
2021-08-31 03:58:23 +08:00
func Log ( message string ) {
log . SetFlags ( log . Flags ( ) &^ ( log . Llongfile | log . Lshortfile ) )
log . Println ( "[netclient]" , message )
}
2021-10-09 03:07:12 +08:00
// IsWindows - checks if is windows
2021-08-31 03:58:23 +08:00
func IsWindows ( ) bool {
return runtime . GOOS == "windows"
}
2021-10-09 03:07:12 +08:00
// IsMac - checks if is a mac
2021-09-18 23:01:34 +08:00
func IsMac ( ) bool {
2021-09-20 02:03:47 +08:00
return runtime . GOOS == "darwin"
2021-09-18 23:01:34 +08:00
}
2021-10-09 03:07:12 +08:00
// IsLinux - checks if is linux
2021-09-18 23:01:34 +08:00
func IsLinux ( ) bool {
return runtime . GOOS == "linux"
}
2021-11-11 00:59:03 +08:00
// IsLinux - checks if is linux
func IsFreeBSD ( ) bool {
return runtime . GOOS == "freebsd"
}
2021-10-09 03:07:12 +08:00
// GetWireGuard - checks if wg is installed
2021-09-22 09:35:52 +08:00
func GetWireGuard ( ) string {
userspace := os . Getenv ( "WG_QUICK_USERSPACE_IMPLEMENTATION" )
if userspace != "" && ( userspace == "boringtun" || userspace == "wireguard-go" ) {
return userspace
}
return "wg"
}
2021-10-09 03:07:12 +08:00
// IsKernel - checks if running kernel WireGuard
2021-09-20 02:03:47 +08:00
func IsKernel ( ) bool {
//TODO
//Replace && true with some config file value
//This value should be something like kernelmode, which should be 'on' by default.
2021-09-22 09:35:52 +08:00
return IsLinux ( ) && os . Getenv ( "WG_QUICK_USERSPACE_IMPLEMENTATION" ) == ""
2021-09-20 02:03:47 +08:00
}
2021-10-09 03:07:12 +08:00
// IsEmptyRecord - repeat from database
2021-08-31 03:58:23 +08:00
func IsEmptyRecord ( err error ) bool {
if err == nil {
return false
}
return strings . Contains ( err . Error ( ) , NO_DB_RECORD ) || strings . Contains ( err . Error ( ) , NO_DB_RECORDS )
}
//generate an access key value
2021-10-09 03:07:12 +08:00
// GenPass - generates a pass
2021-08-31 03:58:23 +08:00
func GenPass ( ) string {
var seededRand * rand . Rand = rand . New (
rand . NewSource ( time . Now ( ) . UnixNano ( ) ) )
length := 16
2021-12-13 07:04:41 +08:00
charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
2021-08-31 03:58:23 +08:00
b := make ( [ ] byte , length )
for i := range b {
b [ i ] = charset [ seededRand . Intn ( len ( charset ) ) ]
}
return string ( b )
}
2021-10-09 03:07:12 +08:00
// GetPublicIP - gets public ip
2021-08-31 03:58:23 +08:00
func GetPublicIP ( ) ( string , error ) {
2021-11-17 22:04:55 +08:00
iplist := [ ] string { "https://ip.client.gravitl.com" , "https://ifconfig.me" , "https://api.ipify.org" , "https://ipinfo.io/ip" }
2021-08-31 03:58:23 +08:00
endpoint := ""
var err error
for _ , ipserver := range iplist {
resp , err := http . Get ( ipserver )
if err != nil {
continue
}
defer resp . Body . Close ( )
if resp . StatusCode == http . StatusOK {
2022-01-07 04:05:38 +08:00
bodyBytes , err := io . ReadAll ( resp . Body )
2021-08-31 03:58:23 +08:00
if err != nil {
continue
}
endpoint = string ( bodyBytes )
break
}
}
if err == nil && endpoint == "" {
err = errors . New ( "public address not found" )
}
return endpoint , err
}
2021-10-09 03:07:12 +08:00
// GetMacAddr - get's mac address
2021-08-31 03:58:23 +08:00
func GetMacAddr ( ) ( [ ] string , error ) {
ifas , err := net . Interfaces ( )
if err != nil {
return nil , err
}
var as [ ] string
for _ , ifa := range ifas {
a := ifa . HardwareAddr . String ( )
if a != "" {
as = append ( as , a )
}
}
return as , nil
}
func parsePeers ( keepalive int32 , peers [ ] wgtypes . PeerConfig ) ( string , error ) {
peersString := ""
if keepalive <= 0 {
2022-01-22 02:15:54 +08:00
keepalive = 0
2021-08-31 03:58:23 +08:00
}
2021-10-26 04:51:26 +08:00
2021-08-31 03:58:23 +08:00
for _ , peer := range peers {
2021-10-26 04:51:26 +08:00
endpointString := ""
2021-10-15 21:29:55 +08:00
if peer . Endpoint != nil && peer . Endpoint . String ( ) != "" {
endpointString += "Endpoint = " + peer . Endpoint . String ( )
}
2021-08-31 03:58:23 +08:00
newAllowedIps := [ ] string { }
for _ , allowedIP := range peer . AllowedIPs {
newAllowedIps = append ( newAllowedIps , allowedIP . String ( ) )
}
peersString += fmt . Sprintf ( ` [ Peer ]
PublicKey = % s
AllowedIps = % s
PersistentKeepAlive = % s
2021-10-15 21:29:55 +08:00
% s
2021-08-31 03:58:23 +08:00
` ,
peer . PublicKey . String ( ) ,
strings . Join ( newAllowedIps , "," ) ,
strconv . Itoa ( int ( keepalive ) ) ,
2021-10-15 21:29:55 +08:00
endpointString ,
2021-08-31 03:58:23 +08:00
)
}
return peersString , nil
}
2021-10-09 03:07:12 +08:00
// GetLocalIP - gets local ip of machine
2021-08-31 03:58:23 +08:00
func GetLocalIP ( localrange string ) ( string , error ) {
_ , localRange , err := net . ParseCIDR ( localrange )
if err != nil {
return "" , err
}
ifaces , err := net . Interfaces ( )
if err != nil {
return "" , err
}
var local string
found := false
for _ , i := range ifaces {
if i . Flags & net . FlagUp == 0 {
continue // interface down
}
if i . Flags & net . FlagLoopback != 0 {
continue // loopback interface
}
addrs , err := i . Addrs ( )
if err != nil {
return "" , err
}
for _ , addr := range addrs {
var ip net . IP
switch v := addr . ( type ) {
case * net . IPNet :
if ! found {
ip = v . IP
local = ip . String ( )
found = localRange . Contains ( ip )
}
case * net . IPAddr :
if ! found {
ip = v . IP
local = ip . String ( )
found = localRange . Contains ( ip )
}
}
}
}
if ! found || local == "" {
return "" , errors . New ( "Failed to find local IP in range " + localrange )
}
return local , nil
}
2022-01-16 08:57:07 +08:00
//GetNetworkIPMask - Pulls the netmask out of the network
2021-11-15 08:17:30 +08:00
func GetNetworkIPMask ( networkstring string ) ( string , string , error ) {
ip , ipnet , err := net . ParseCIDR ( networkstring )
if err != nil {
return "" , "" , err
}
ipstring := ip . String ( )
2021-11-18 12:45:40 +08:00
mask := ipnet . Mask
maskstring := fmt . Sprintf ( "%d.%d.%d.%d" , mask [ 0 ] , mask [ 1 ] , mask [ 2 ] , mask [ 3 ] )
//maskstring := ipnet.Mask.String()
2021-11-15 08:17:30 +08:00
return ipstring , maskstring , err
}
2021-10-09 03:07:12 +08:00
// GetFreePort - gets free port of machine
2021-08-31 03:58:23 +08:00
func GetFreePort ( rangestart int32 ) ( int32 , error ) {
2021-09-11 03:48:18 +08:00
if rangestart == 0 {
rangestart = NETCLIENT_DEFAULT_PORT
}
2021-08-31 03:58:23 +08:00
wgclient , err := wgctrl . New ( )
if err != nil {
return 0 , err
}
2021-12-11 04:01:10 +08:00
defer wgclient . Close ( )
2021-08-31 03:58:23 +08:00
devices , err := wgclient . Devices ( )
if err != nil {
return 0 , err
}
2021-10-27 22:02:39 +08:00
2021-09-11 03:48:18 +08:00
for x := rangestart ; x <= 65535 ; x ++ {
2021-08-31 03:58:23 +08:00
conflict := false
for _ , i := range devices {
if int32 ( i . ListenPort ) == x {
conflict = true
break
}
}
if conflict {
continue
}
2021-09-11 03:48:18 +08:00
return int32 ( x ) , nil
2021-08-31 03:58:23 +08:00
}
2021-09-11 03:48:18 +08:00
return rangestart , err
2021-08-31 03:58:23 +08:00
}
// == OS PATH FUNCTIONS ==
2021-10-09 03:07:12 +08:00
// GetHomeDirWindows - gets home directory in windows
2021-08-31 03:58:23 +08:00
func GetHomeDirWindows ( ) string {
if IsWindows ( ) {
home := os . Getenv ( "HOMEDRIVE" ) + os . Getenv ( "HOMEPATH" )
if home == "" {
home = os . Getenv ( "USERPROFILE" )
}
return home
}
return os . Getenv ( "HOME" )
}
2021-10-09 03:07:12 +08:00
// GetNetclientPath - gets netclient path locally
2021-08-31 03:58:23 +08:00
func GetNetclientPath ( ) string {
if IsWindows ( ) {
return WINDOWS_APP_DATA_PATH
2021-09-20 02:03:47 +08:00
} else if IsMac ( ) {
return "/etc/netclient/"
2021-08-31 03:58:23 +08:00
} else {
return LINUX_APP_DATA_PATH
}
}
2021-10-09 03:07:12 +08:00
// GetNetclientPathSpecific - gets specific netclient config path
2021-08-31 03:58:23 +08:00
func GetNetclientPathSpecific ( ) string {
if IsWindows ( ) {
return WINDOWS_APP_DATA_PATH + "\\"
2021-09-20 02:03:47 +08:00
} else if IsMac ( ) {
2021-10-03 00:28:17 +08:00
return "/etc/netclient/config/"
2021-08-31 03:58:23 +08:00
} else {
2021-10-03 00:28:17 +08:00
return LINUX_APP_DATA_PATH + "/config/"
2021-08-31 03:58:23 +08:00
}
}
2021-09-11 03:48:18 +08:00
2022-01-16 07:46:57 +08:00
// GetNewIface - Gets the name of the real interface created on Mac
2022-01-12 07:28:41 +08:00
func GetNewIface ( dir string ) ( string , error ) {
2022-01-16 07:46:57 +08:00
files , _ := os . ReadDir ( dir )
2022-01-12 07:28:41 +08:00
var newestFile string
var newestTime int64 = 0
var err error
for _ , f := range files {
fi , err := os . Stat ( dir + f . Name ( ) )
if err != nil {
return "" , err
}
currTime := fi . ModTime ( ) . Unix ( )
if currTime > newestTime && strings . Contains ( f . Name ( ) , ".sock" ) {
newestTime = currTime
newestFile = f . Name ( )
}
}
resultArr := strings . Split ( newestFile , "." )
if resultArr [ 0 ] == "" {
err = errors . New ( "sock file does not exist" )
}
return resultArr [ 0 ] , err
}
2022-01-16 07:46:57 +08:00
// GetFileAsString - returns the string contents of a given file
2022-01-12 07:28:41 +08:00
func GetFileAsString ( path string ) ( string , error ) {
content , err := os . ReadFile ( path )
if err != nil {
return "" , err
}
2022-01-16 07:46:57 +08:00
return string ( content ) , err
2022-01-12 07:28:41 +08:00
}
2021-11-15 05:50:20 +08:00
// GetNetclientPathSpecific - gets specific netclient config path
func GetWGPathSpecific ( ) string {
if IsWindows ( ) {
2021-12-12 23:16:53 +08:00
return WINDOWS_APP_DATA_PATH + "\\"
2021-11-15 05:50:20 +08:00
} else {
return "/etc/wireguard/"
}
}
2021-10-09 03:07:12 +08:00
// GRPCRequestOpts - gets grps request opts
2021-09-11 03:48:18 +08:00
func GRPCRequestOpts ( isSecure string ) grpc . DialOption {
var requestOpts grpc . DialOption
requestOpts = grpc . WithInsecure ( )
if isSecure == "on" {
h2creds := credentials . NewTLS ( & tls . Config { NextProtos : [ ] string { "h2" } } )
requestOpts = grpc . WithTransportCredentials ( h2creds )
}
return requestOpts
}
2021-09-20 02:03:47 +08:00
2021-10-09 03:07:12 +08:00
// Copy - copies a src file to dest
2021-11-12 21:53:50 +08:00
func Copy ( src , dst string ) error {
2021-09-20 02:03:47 +08:00
sourceFileStat , err := os . Stat ( src )
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
if ! sourceFileStat . Mode ( ) . IsRegular ( ) {
2021-11-12 21:53:50 +08:00
return errors . New ( src + " is not a regular file" )
2021-09-20 02:03:47 +08:00
}
source , err := os . Open ( src )
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
defer source . Close ( )
destination , err := os . Create ( dst )
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
defer destination . Close ( )
2021-11-12 21:53:50 +08:00
_ , err = io . Copy ( destination , source )
2021-09-20 02:03:47 +08:00
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
2021-11-12 21:53:50 +08:00
err = os . Chmod ( dst , 0755 )
return err
2021-09-20 02:03:47 +08:00
}
2021-10-09 03:07:12 +08:00
// RunsCmds - runs cmds
2021-09-20 02:03:47 +08:00
func RunCmds ( commands [ ] string , printerr bool ) error {
var err error
for _ , command := range commands {
args := strings . Fields ( command )
out , err := exec . Command ( args [ 0 ] , args [ 1 : ] ... ) . CombinedOutput ( )
if err != nil && printerr {
log . Println ( "error running command:" , command )
log . Println ( strings . TrimSuffix ( string ( out ) , "\n" ) )
}
}
return err
}
2021-10-09 03:07:12 +08:00
// FileExists - checks if file exists locally
2021-09-20 02:03:47 +08:00
func FileExists ( f string ) bool {
info , err := os . Stat ( f )
if os . IsNotExist ( err ) {
return false
}
2021-10-27 04:12:13 +08:00
if err != nil && strings . Contains ( err . Error ( ) , "not a directory" ) {
return false
}
if err != nil {
Log ( "error reading file: " + f + ", " + err . Error ( ) )
}
2021-09-20 02:03:47 +08:00
return ! info . IsDir ( )
}
2021-10-09 03:07:12 +08:00
// PrintLog - prints log
2021-09-20 02:03:47 +08:00
func PrintLog ( message string , loglevel int ) {
log . SetFlags ( log . Flags ( ) &^ ( log . Llongfile | log . Lshortfile ) )
if loglevel < 2 {
log . Println ( "[netclient]" , message )
}
}
2021-10-06 03:02:09 +08:00
2021-10-09 03:07:12 +08:00
// GetSystemNetworks - get networks locally
2021-10-06 03:02:09 +08:00
func GetSystemNetworks ( ) ( [ ] string , error ) {
2022-02-01 01:58:51 +08:00
var networks [ ] string
2022-01-31 07:11:22 +08:00
files , err := filepath . Glob ( GetNetclientPathSpecific ( ) + "netconfig-*" )
2021-10-06 03:02:09 +08:00
if err != nil {
2022-01-31 07:11:22 +08:00
return nil , err
2021-10-06 03:02:09 +08:00
}
2022-01-31 07:11:22 +08:00
for _ , file := range files {
//don't want files such as *.bak, *.swp
2022-02-01 01:58:51 +08:00
if filepath . Ext ( file ) != "" {
continue
2021-10-06 03:02:09 +08:00
}
2022-02-01 01:58:51 +08:00
file := filepath . Base ( file )
temp := strings . Split ( file , "-" )
2022-02-01 05:36:37 +08:00
networks = append ( networks , strings . Join ( temp [ 1 : ] , "-" ) )
2021-10-06 03:02:09 +08:00
}
2022-02-01 01:58:51 +08:00
return networks , nil
2021-10-06 03:02:09 +08:00
}
func stringAfter ( original string , substring string ) string {
position := strings . LastIndex ( original , substring )
if position == - 1 {
return ""
}
adjustedPosition := position + len ( substring )
if adjustedPosition >= len ( original ) {
return ""
}
2021-10-09 03:07:12 +08:00
return original [ adjustedPosition : ]
}
2021-11-16 00:42:52 +08:00
2022-01-16 08:57:07 +08:00
// ShortenString - Brings string down to specified length. Stops names from being too long
2021-11-16 00:42:52 +08:00
func ShortenString ( input string , length int ) string {
output := input
if len ( input ) > length {
output = input [ 0 : length ]
}
return output
}
2022-01-16 08:57:07 +08:00
// DNSFormatString - Formats a string with correct usage for DNS
2021-11-16 00:42:52 +08:00
func DNSFormatString ( input string ) string {
reg , err := regexp . Compile ( "[^a-zA-Z0-9-]+" )
if err != nil {
Log ( "error with regex: " + err . Error ( ) )
return ""
}
return reg . ReplaceAllString ( input , "" )
}
2021-12-09 05:52:32 +08:00
2022-01-16 08:57:07 +08:00
// GetHostname - Gets hostname of machine
2021-12-09 05:52:32 +08:00
func GetHostname ( ) string {
hostname , err := os . Hostname ( )
if err != nil {
return ""
}
if len ( hostname ) > MAX_NAME_LENGTH {
hostname = hostname [ 0 : MAX_NAME_LENGTH ]
}
return hostname
}
2022-01-16 08:57:07 +08:00
// CheckUID - Checks to make sure user has root privileges
2021-12-09 05:52:32 +08:00
func CheckUID ( ) {
// start our application
out , err := RunCmd ( "id -u" , true )
if err != nil {
log . Fatal ( out , err )
}
id , err := strconv . Atoi ( string ( out [ : len ( out ) - 1 ] ) )
if err != nil {
log . Fatal ( err )
}
if id != 0 {
log . Fatal ( "This program must be run with elevated privileges (sudo). This program installs a SystemD service and configures WireGuard and networking rules. Please re-run with sudo/root." )
}
}
// CheckWG - Checks if WireGuard is installed. If not, exit
func CheckWG ( ) {
var _ , err = exec . LookPath ( "wg" )
uspace := GetWireGuard ( )
if err != nil {
if uspace == "wg" {
PrintLog ( err . Error ( ) , 0 )
log . Fatal ( "WireGuard not installed. Please install WireGuard (wireguard-tools) and try again." )
}
PrintLog ( "Running with userspace wireguard: " + uspace , 0 )
} else if uspace != "wg" {
log . Println ( "running userspace WireGuard with " + uspace )
}
}
2022-01-26 11:14:31 +08:00
2022-01-30 04:02:37 +08:00
// ConvertKeyToBytes - util to convert a key to bytes to use elsewhere
func ConvertKeyToBytes ( key * [ 32 ] byte ) ( [ ] byte , error ) {
var buffer bytes . Buffer
var enc = gob . NewEncoder ( & buffer )
if err := enc . Encode ( key ) ; err != nil {
return nil , err
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
return buffer . Bytes ( ) , nil
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
// ConvertBytesToKey - util to convert bytes to a key to use elsewhere
func ConvertBytesToKey ( data [ ] byte ) ( * [ 32 ] byte , error ) {
var buffer = bytes . NewBuffer ( data )
var dec = gob . NewDecoder ( buffer )
var result = new ( [ 32 ] byte )
var err = dec . Decode ( result )
if err != nil {
return nil , err
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
return result , err
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
// ServerAddrSliceContains - sees if a string slice contains a string element
func ServerAddrSliceContains ( slice [ ] models . ServerAddr , item models . ServerAddr ) bool {
for _ , s := range slice {
if s . Address == item . Address && s . IsLeader == item . IsLeader {
return true
2022-01-29 13:11:11 +08:00
}
}
2022-01-30 04:02:37 +08:00
return false
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
// BoxEncrypt - encrypts traffic box
func BoxEncrypt ( message [ ] byte , recipientPubKey * [ 32 ] byte , senderPrivateKey * [ 32 ] byte ) ( [ ] byte , error ) {
var nonce [ 24 ] byte // 192 bits of randomization
if _ , err := io . ReadFull ( crand . Reader , nonce [ : ] ) ; err != nil {
2022-01-29 04:33:30 +08:00
return nil , err
}
2022-01-29 13:11:11 +08:00
2022-01-30 04:02:37 +08:00
encrypted := box . Seal ( nonce [ : ] , message , & nonce , recipientPubKey , senderPrivateKey )
return encrypted , nil
2022-01-29 04:33:30 +08:00
}
2022-01-30 04:02:37 +08:00
// BoxDecrypt - decrypts traffic box
func BoxDecrypt ( encrypted [ ] byte , senderPublicKey * [ 32 ] byte , recipientPrivateKey * [ 32 ] byte ) ( [ ] byte , error ) {
var decryptNonce [ 24 ] byte
copy ( decryptNonce [ : ] , encrypted [ : 24 ] )
decrypted , ok := box . Open ( nil , encrypted [ 24 : ] , & decryptNonce , senderPublicKey , recipientPrivateKey )
if ! ok {
return nil , fmt . Errorf ( "could not decrypt message" )
2022-01-29 04:33:30 +08:00
}
2022-01-30 04:02:37 +08:00
return decrypted , nil
2022-01-29 04:33:30 +08:00
}