Switched everything to include faster derived key instead of signature

go.mod

@@ -33,3 +33,5 @@ require (
 )
 
 replace crypto/sha256 => github.com/minio/sha256-simd v1.0.0
+
+replace math/rand => github.com/lukechampine/frand v1.4.2

pkg/message/message.go

@@ -1,4 +1,4 @@
-// Package packet provides a standard message binary serialised data format and
+// Package message provides a standard message binary serialised data format and
 // message segmentation scheme which includes address.Sender cloaked public
 // key and address.Receiver private keys for generating a shared cipher and applying
 // to messages/message segments.
@@ -135,9 +135,8 @@ func Encode(ep EP) (pkt []byte, e error) {
 //
 // After this, if the matching private key to the cloaked address returned is
 // found, it is combined with the public key to generate the cipher and the
-// entire packet should then be processed with ciph.Encipher (sans signature)
-// using the block cipher thus created from the shared secret, and the Decode
-// function will then decode a Message.
+// entire packet should then be decrypted, and the Decode function will then
+// decode a Message.
 func GetKeys(d []byte) (to address.Cloaked, from *pub.Key, e error) {
 	pktLen := len(d)
 	if pktLen < Overhead {

pkg/packet/packet.go

@@ -13,7 +13,6 @@ import (
 	"github.com/Indra-Labs/indra/pkg/key/address"
 	"github.com/Indra-Labs/indra/pkg/key/prv"
 	"github.com/Indra-Labs/indra/pkg/key/pub"
-	"github.com/Indra-Labs/indra/pkg/key/sig"
 	"github.com/Indra-Labs/indra/pkg/nonce"
 	"github.com/Indra-Labs/indra/pkg/sha256"
 	"github.com/Indra-Labs/indra/pkg/slice"
@@ -48,7 +47,7 @@ func (p *Packet) GetOverhead() int {
 // Overhead is the base overhead on a packet, use GetOverhead to add any extra
 // as found in a Packet.
 const Overhead = slice.Uint16Len +
-	slice.Uint32Len + 1 + SigEnd
+	slice.Uint32Len + 1 + KeyEnd
 
 // Packets is a slice of pointers to packets.
 type Packets []*Packet
@@ -84,7 +83,7 @@ const (
 	CheckEnd = 4
 	TypeEnd  = CheckEnd + 1
 	NonceEnd = TypeEnd + nonce.IVLen
-	SigEnd   = NonceEnd + sig.Len
+	KeyEnd   = NonceEnd + pub.KeyLen
 )
 
 // Encode creates a Packet, encrypts the payload using the given private from
@@ -107,23 +106,25 @@ func Encode(ep EP) (pkt []byte, e error) {
 	pkt = slice.Cat(
 		// f.Nonce[:],    // 16 bytes \
 		// f.To[:],       // 8 bytes   |
-		make([]byte, SigEnd),
+		make([]byte, KeyEnd),
 		Seq,    // 2 bytes
 		Length, // 4 bytes
 		parity, // 1 byte
 		ep.Data,
 	)
 	// Encrypt the encrypted part of the data.
-	ciph.Encipher(blk, nonc, pkt[SigEnd:])
-	// Sign the packet.
-	var s sig.Bytes
-	hash := sha256.Single(pkt[SigEnd:])
-	if s, e = sig.Sign(ep.From, hash); check(e) {
-		return
-	}
+	ciph.Encipher(blk, nonc, pkt[KeyEnd:])
+	// Append pubkey used for encryption key derivation.
+	k := pub.Derive(ep.From).ToBytes()
+	// // Sign the packet.
+	// var s sig.Bytes
+	// hash := sha256.Single(pkt[KeyEnd:])
+	// if s, e = sig.Sign(ep.From, hash); check(e) {
+	// 	return
+	// }
 	// Copy nonce, address, check and signature over top of the header.
 	copy(pkt[TypeEnd:NonceEnd], nonc)
-	copy(pkt[NonceEnd:SigEnd], s)
+	copy(pkt[NonceEnd:KeyEnd], k)
 	// last bot not least, the packet check header, which protects the
 	// entire packet.
 	checkBytes := sha256.Single(pkt[CheckEnd:])[:CheckEnd]
@@ -136,9 +137,8 @@ func Encode(ep EP) (pkt []byte, e error) {
 //
 // After this, if the matching private key to the cloaked address returned is
 // found, it is combined with the public key to generate the cipher and the
-// entire packet should then be processed with ciph.Encipher (sans signature)
-// using the block cipher thus created from the shared secret, and the Decode
-// function will then decode a Packet.
+// entire packet should then be decrypted, and the Decode function will then
+// decode a Message.
 func GetKeys(d []byte) (from *pub.Key, e error) {
 	pktLen := len(d)
 	if pktLen < Overhead {
@@ -150,18 +150,21 @@ func GetKeys(d []byte) (from *pub.Key, e error) {
 		return
 	}
 	// split off the signature and recover the public key
-	var s sig.Bytes
+	var k pub.Bytes
 	var chek []byte
 	chek = d[:CheckEnd]
-	s = d[NonceEnd:SigEnd]
+	k = d[NonceEnd:KeyEnd]
 	checkHash := sha256.Single(d[CheckEnd:])[:4]
 	if string(chek) != string(checkHash[:4]) {
 		e = fmt.Errorf("check failed: got '%v', expected '%v'",
 			chek, checkHash[:4])
 		return
 	}
-	hash := sha256.Single(d[SigEnd:])
-	if from, e = s.Recover(hash); check(e) {
+	// hash := sha256.Single(d[KeyEnd:])
+	// if from, e = k.Recover(hash); check(e) {
+	// 	return
+	// }
+	if from, e = pub.FromBytes(k); check(e) {
 		return
 	}
 	return
@@ -193,7 +196,7 @@ func Decode(d []byte, from *pub.Key, to *prv.Key) (f *Packet, e error) {
 	}
 	// This decrypts the rest of the packet, which is encrypted for
 	// security.
-	data := d[SigEnd:]
+	data := d[KeyEnd:]
 	ciph.Encipher(blk, nonc, data)
 	var seq slice.Size16
 	var length slice.Size32

pkg/packet/segcalc_test.go

@@ -8,31 +8,30 @@ import (
 var Expected = []string{
 	`
 	Segments{
-		Segment{ DStart: 0, DEnd: 192, PEnd: 256, SLen: 163, Last: 163},
-		Segment{ DStart: 256, DEnd: 448, PEnd: 512, SLen: 163, Last: 163},
-		Segment{ DStart: 512, DEnd: 704, PEnd: 768, SLen: 163, Last: 163},
-		Segment{ DStart: 768, DEnd: 960, PEnd: 1024, SLen: 163, Last: 163},
-		Segment{ DStart: 1024, DEnd: 1216, PEnd: 1280, SLen: 163, Last: 163},
-		Segment{ DStart: 1280, DEnd: 1472, PEnd: 1536, SLen: 163, Last: 163},
-		Segment{ DStart: 1536, DEnd: 1728, PEnd: 1792, SLen: 163, Last: 163},
-		Segment{ DStart: 1792, DEnd: 1984, PEnd: 2048, SLen: 163, Last: 163},
-		Segment{ DStart: 2048, DEnd: 2121, PEnd: 2145, SLen: 163, Last: 151},
+		Segment{ DStart: 0, DEnd: 192, PEnd: 256, SLen: 195, Last: 195},
+		Segment{ DStart: 256, DEnd: 448, PEnd: 512, SLen: 195, Last: 195},
+		Segment{ DStart: 512, DEnd: 704, PEnd: 768, SLen: 195, Last: 195},
+		Segment{ DStart: 768, DEnd: 960, PEnd: 1024, SLen: 195, Last: 195},
+		Segment{ DStart: 1024, DEnd: 1216, PEnd: 1280, SLen: 195, Last: 195},
+		Segment{ DStart: 1280, DEnd: 1472, PEnd: 1536, SLen: 195, Last: 195},
+		Segment{ DStart: 1536, DEnd: 1728, PEnd: 1792, SLen: 195, Last: 195},
+		Segment{ DStart: 1792, DEnd: 1793, PEnd: 1794, SLen: 195, Last: 175},
 	}
 `,
 	`
 	Segments{
-		Segment{ DStart: 0, DEnd: 131, PEnd: 131, SLen: 4003, Last: 3898},
+		Segment{ DStart: 0, DEnd: 130, PEnd: 130, SLen: 4035, Last: 3773},
 	}
 `,
 	`
 	Segments{
-		Segment{ DStart: 0, DEnd: 128, PEnd: 256, SLen: 4003, Last: 4003},
-		Segment{ DStart: 256, DEnd: 259, PEnd: 262, SLen: 4003, Last: 3898},
+		Segment{ DStart: 0, DEnd: 128, PEnd: 256, SLen: 4035, Last: 4035},
+		Segment{ DStart: 256, DEnd: 258, PEnd: 260, SLen: 4035, Last: 3773},
 	}
 `,
 	`
 	Segments{
-		Segment{ DStart: 0, DEnd: 66, PEnd: 66, SLen: 4003, Last: 1949},
+		Segment{ DStart: 0, DEnd: 65, PEnd: 65, SLen: 4035, Last: 3904},
 	}
 `,
 }

version.go

@@ -13,11 +13,11 @@ var (
 	// GitRef is the gitref, as in refs/heads/branchname.
 	GitRef = "refs/heads/main"
 	// ParentGitCommit is the commit hash of the parent HEAD.
-	ParentGitCommit = "090792e64f4eb27e10b82d29053cd5631d6ae982"
+	ParentGitCommit = "bde43adc4f17589a5629c0e412dcec6d980cb9b2"
 	// BuildTime stores the time when the current binary was built.
-	BuildTime = "2022-12-10T11:42:56+01:00"
+	BuildTime = "2022-12-10T13:20:31+01:00"
 	// SemVer lists the (latest) git tag on the build.
-	SemVer = "v0.0.174"
+	SemVer = "v0.0.175"
 	// PathBase is the path base returned from runtime caller.
 	PathBase = "/home/loki/src/github.com/Indra-Labs/indra/"
 	// Major is the major number from the tag.
@@ -25,7 +25,7 @@ var (
 	// Minor is the minor number from the tag.
 	Minor = 0
 	// Patch is the patch version number from the tag.
-	Patch = 174
+	Patch = 175
 )
 
 // Version returns a pretty printed version information string.