document castBoolToInt

secrethandshake/conn_test.go

@@ -130,13 +130,18 @@ func TestAuthWrong(t *testing.T) {
 
 	go func() {
 		err := Server(serverState, rwServer)
-		ch <- err
+		expErr := ErrProtocol{1}
+		if err != expErr {
+			ch <- errors.Wrap(err, "server failed differntly then expected")
+		} else {
+			ch <- nil
+		}
 		wServer.Close()
 	}()
 
 	go func() {
 		err := wrongClient(clientState, rwClient)
-		ch <- err
+		ch <- errors.Wrap(err, "client failed")
 		wClient.Close()
 	}()
 
@@ -190,9 +195,9 @@ func wrongClient(state *State, conn io.ReadWriter) (err error) {
 
 	// recv authentication vector? shouldn't get it
 	boxedSig := make([]byte, ServerAuthLength)
-	_, err = io.ReadFull(conn, boxedSig)
-	if err != io.ErrUnexpectedEOF {
-		return errors.Errorf("wrongClient: expected unepexcted EOF, got %s", err)
+	n, err = io.ReadFull(conn, boxedSig)
+	if err != io.EOF || n != 0 {
+		return errors.Errorf("wrongClient: expected unepexcted EOF, got %s %d", err, n)
 	}
 
 	return nil

secrethandshake/state.go

@@ -11,8 +11,6 @@ package secrethandshake
 
 import (
 	"bytes"
-	"unsafe" // ☢ ☣
-
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/sha256"
@@ -28,6 +26,13 @@ import (
 	"golang.org/x/crypto/nacl/box"
 )
 
+func init() {
+	err := testMemoryLayoutAssumption()
+	if err != nil {
+		panic(err)
+	}
+}
+
 // State is the state each peer holds during the handshake
 type State struct {
 	appKey, secHash           []byte
@@ -167,8 +172,6 @@ func (s *State) createClientAuth() []byte {
 	return out
 }
 
-var nullHello [ed25519.SignatureSize + ed25519.PublicKeySize]byte
-
 // verifyClientAuth returns whether a buffer contains a valid clientAuth message
 func (s *State) verifyClientAuth(data []byte) bool {
 	// this branch is okay because there are no secrets involved
@@ -193,16 +196,13 @@ func (s *State) verifyClientAuth(data []byte) bool {
 		nonce  [24]byte // always 0?
 		sig    [ed25519.SignatureSize]byte
 		public [ed25519.PublicKeySize]byte
+		openOk bool
 	)
 
-	_, openOk := box.OpenAfterPrecomputation(s.hello[:0], data, &nonce, &s.secret2)
-	// if !openOk && hello == nil {
-	// 	fmt.Println("warning: nil hello")
-	// }
+	_, openOk = box.OpenAfterPrecomputation(s.hello[:0], data, &nonce, &s.secret2)
 
-	// subtle API requires an int containing 0 or 1, we only have bool.
-	// we can't branch because openOk is secret.
-	okInt := int(*((*byte)(unsafe.Pointer(&openOk))))
+	// see unsafecast_test.go
+	okInt := castBoolToInt(&openOk)
 
 	subtle.ConstantTimeCopy(okInt, sig[:], s.hello[:ed25519.SignatureSize])
 	subtle.ConstantTimeCopy(okInt, public[:], s.hello[ed25519.SignatureSize:ed25519.SignatureSize+ed25519.PublicKeySize])

secrethandshake/unsafecast.go

@@ -0,0 +1,31 @@
+package secrethandshake
+
+import (
+	"errors"
+	"unsafe" // ☢ ☣
+)
+
+// the idea here is that the memory backed by bool
+// will be on byte and no other values than 0x00 and 0x01
+func castBoolToInt(bptr *bool) int {
+	uptr := unsafe.Pointer(bptr)
+	bytePtr := (*byte)(uptr)
+
+	return int(*bytePtr)
+}
+
+func testMemoryLayoutAssumption() error {
+	var boolTrue, boolFalse bool
+	boolTrue = true
+
+	okTrue := castBoolToInt(&boolTrue)
+	if okTrue != 1 {
+		return errors.New("expected bool to int cast failed on true")
+	}
+
+	okFalse := castBoolToInt(&boolFalse)
+	if okFalse != 0 {
+		return errors.New("expected bool to int cast failed on false")
+	}
+	return nil
+}

secrethandshake/unsafecast_test.go

@@ -0,0 +1,11 @@
+package secrethandshake
+
+import (
+	"testing"
+)
+
+func TestUnsafeBoolCase(t *testing.T) {
+	if err := testMemoryLayoutAssumption(); err != nil {
+		t.Fatal(err)
+	}
+}