Snider/Mining
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Mining/pkg/ueps/packet.go
Claude ea40c035b5
ax(ueps): expand MarshalAndSign comment to full usage example with error handling 
AX Principle 2: comments show concrete usage with realistic values, not
minimal call-site only. Single-line comment omitted error handling and
downstream use — now shows the complete call pattern.

Co-Authored-By: Charon <charon@lethean.io>
2026-04-02 13:45:50 +01:00

126 lines
5.2 KiB
Go
Raw Blame History

package ueps
import (
"bytes"
"crypto/hmac"
"crypto/sha256"
"encoding/binary"
"io"
)
// writeTLV(buffer, TagPayload, bytes.Repeat([]byte("x"), 256)) → errTLVValueTooLarge
// if err == errTLVValueTooLarge { /* value exceeded 255-byte TLV length limit */ }
var errTLVValueTooLarge = sentinelError("TLV value too large for 1-byte length header")
// var errNotFound = sentinelError("record not found"); if err == errNotFound { /* handle */ }
type sentinelError string
// var sentinel sentinelError = "thing not found"; sentinel.Error() == "thing not found"
func (sentinelErrorValue sentinelError) Error() string { return string(sentinelErrorValue) }
// writeTLV(buffer, TagVersion, []byte{0x09}); writeTLV(buffer, TagHMAC, hmacSignature); buffer.WriteByte(TagPayload)
const (
TagVersion = 0x01 // writeTLV(buffer, TagVersion, []byte{0x09})
TagCurrentLayer = 0x02 // writeTLV(buffer, TagCurrentLayer, []byte{5}) // 5 = Application
TagTargetLayer = 0x03 // writeTLV(buffer, TagTargetLayer, []byte{3}) // 3 = Network
TagIntent = 0x04 // writeTLV(buffer, TagIntent, []byte{0x01}) // 0x01 = ping, 0x02 = data, 0x03 = auth
TagThreatScore = 0x05 // writeTLV(buffer, TagThreatScore, []byte{0x00, 0x00}) // 0 = clean, 65535 = max threat
TagHMAC = 0x06 // writeTLV(buffer, TagHMAC, hmacSignature) — covers all preceding header TLVs + payload
TagPayload = 0xFF // buffer.WriteByte(TagPayload); buffer.Write(rawPayload) — no length prefix
)
// header := ueps.UEPSHeader{Version: 0x09, CurrentLayer: 5, TargetLayer: 3, IntentID: 0x01, ThreatScore: 0}
type UEPSHeader struct {
Version uint8 // header.Version = 0x09 // IPv9
CurrentLayer uint8 // header.CurrentLayer = 5 // Application; 3 = Network, 4 = Transport
TargetLayer uint8 // header.TargetLayer = 3 // Network; 5 = Application (loopback)
IntentID uint8 // header.IntentID = 0x01 (ping), 0x02 (data), 0x03 (auth)
ThreatScore uint16 // header.ThreatScore = 100 // elevated on HMAC mismatch; 0 = clean, 65535 = maximum threat
}
// builder := ueps.NewPacketBuilder(0x01, []byte("ping")); frame, _ := builder.MarshalAndSign([]byte("shared-secret"))
type PacketBuilder struct {
Header UEPSHeader // builder.Header.ThreatScore = 100; builder.Header.TargetLayer = 3
Payload []byte // builder.Payload = []byte("ping"); len(builder.Payload) == 4
}
// builder := ueps.NewPacketBuilder(0x01, []byte("hello"))
// builder.Header.ThreatScore = 100
// frame, err := builder.MarshalAndSign([]byte("my-shared-secret"))
func NewPacketBuilder(intentID uint8, payload []byte) *PacketBuilder {
return &PacketBuilder{
Header: UEPSHeader{
Version: 0x09, // IPv9
CurrentLayer: 5, // Application
TargetLayer: 5, // Application
IntentID: intentID,
ThreatScore: 0, // builder.Header.ThreatScore = 100 // elevated threat; 0 = clean
},
Payload: payload,
}
}
// frame, err := builder.MarshalAndSign([]byte("my-shared-secret"))
// if err != nil { return nil, err }
// conn.Write(frame) // send signed frame over network
func (builder *PacketBuilder) MarshalAndSign(sharedSecret []byte) ([]byte, error) {
frameBuffer := new(bytes.Buffer)
// writeTLV(frameBuffer, TagVersion, []byte{0x09}) → [0x01, 0x01, 0x09]
if err := writeTLV(frameBuffer, TagVersion, []byte{builder.Header.Version}); err != nil {
return nil, err
}
if err := writeTLV(frameBuffer, TagCurrentLayer, []byte{builder.Header.CurrentLayer}); err != nil {
return nil, err
}
if err := writeTLV(frameBuffer, TagTargetLayer, []byte{builder.Header.TargetLayer}); err != nil {
return nil, err
}
if err := writeTLV(frameBuffer, TagIntent, []byte{builder.Header.IntentID}); err != nil {
return nil, err
}
// binary.BigEndian.PutUint16(threatScoreBytes, 100) → [0x00, 0x64]
threatScoreBytes := make([]byte, 2)
binary.BigEndian.PutUint16(threatScoreBytes, builder.Header.ThreatScore)
if err := writeTLV(frameBuffer, TagThreatScore, threatScoreBytes); err != nil {
return nil, err
}
// messageAuthCode := hmac.New(sha256.New, []byte("shared-secret")); messageAuthCode.Write(frameBuffer.Bytes()); messageAuthCode.Write(payload)
messageAuthCode := hmac.New(sha256.New, sharedSecret)
messageAuthCode.Write(frameBuffer.Bytes())
messageAuthCode.Write(builder.Payload)
hmacSignature := messageAuthCode.Sum(nil)
// writeTLV(frameBuffer, TagHMAC, hmacSignature) → [0x06, 0x20, <32 bytes>]
if err := writeTLV(frameBuffer, TagHMAC, hmacSignature); err != nil {
return nil, err
}
// frameBuffer.Bytes() → [...headerTLVs..., 0x06, 0x20, <hmac32>, 0xFF, <payload...>]
frameBuffer.WriteByte(TagPayload)
frameBuffer.Write(builder.Payload)
return frameBuffer.Bytes(), nil
}
// if err := writeTLV(writer, TagVersion, []byte{0x09}); err != nil { return nil, err }
// if err := writeTLV(writer, TagIntent, []byte{0x01}); err != nil { return nil, err }
func writeTLV(writer io.Writer, tagType uint8, tagValue []byte) error {
// writeTLV(writer, TagVersion, bytes.Repeat([]byte("x"), 256)) → errTLVValueTooLarge
if len(tagValue) > 255 {
return errTLVValueTooLarge
}
if _, err := writer.Write([]byte{tagType}); err != nil {
return err
}
if _, err := writer.Write([]byte{uint8(len(tagValue))}); err != nil {
return err
}
if _, err := writer.Write(tagValue); err != nil {
return err
}
return nil
}
Reference in a new issue View git blame Copy permalink