Fixed FrodoKEM neg bug (sending cipheropts,opts order)

Also tweaked pad size random to use full range; removed some junk logging
2021-01-10 22:04:52 -08:00 · 2021-01-10 22:04:52 -08:00 · c23edc6874
parent 3193ede825
commit c23edc6874
7 changed files with 71 additions and 71 deletions
--- a/6
+++ b/6
@ -42,7 +42,7 @@ endif

 INSTPREFIX = /usr/local

-all: common client server
+all: common client server #seccheck

 clean:
 	@echo "Make: $(MAKE)"
@ -78,6 +78,10 @@ else
 	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C xsd
 endif

+#seccheck:
+#	grep -r "logPlainText.*true" .
+#	if [ $$? -eq 0 ]; then echo "WARNING plaintext debug is enabled"; exit 1; fi
+
 vis:
 	@which go-callvis >/dev/null 2>&1; \
 	stat=$$?; if [ $$stat -ne "0" ]; then \
--- a/go.mod
+++ b/go.mod
@ -10,9 +10,9 @@ require (
 	blitter.com/go/mtwist v1.0.1 // indirect
 	blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
+	github.com/creack/pty v1.1.11
 	github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
 	github.com/klauspost/reedsolomon v1.9.9 // indirect
-	github.com/kr/pty v1.1.8
 	github.com/kuking/go-frodokem v1.0.1
 	github.com/mattn/go-isatty v0.0.12
 	github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect
@ -21,6 +21,7 @@ require (
 	github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect
 	github.com/tjfoc/gmsm v1.3.1 // indirect
 	github.com/xtaci/kcp-go v5.4.20+incompatible
+	github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 // indirect
 	golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
 	golang.org/x/sys v0.0.0-20200523222454-059865788121
 	gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -2,10 +2,6 @@ blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7e
 blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo=
 blitter.com/go/cryptmt v1.0.2 h1:ZcLhQk7onUssXyQwG3GdXDXctCVnNL+b7aFuvwOdKXc=
 blitter.com/go/cryptmt v1.0.2/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84=
-blitter.com/go/goutmp v1.0.3 h1:4VPU9COXG36W5454pcV65FieVaaw64mdhvjuTVOuWTM=
-blitter.com/go/goutmp v1.0.3/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
-blitter.com/go/goutmp v1.0.4 h1:19Y4xgvdEbGESS0vuyWlPyZgjYNYxHkDfmbObKU5J6A=
-blitter.com/go/goutmp v1.0.4/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
 blitter.com/go/goutmp v1.0.5 h1:isP6bxSs1O06Oy7wB8u4y5SgLr22txfjg/gjG4qn0Og=
 blitter.com/go/goutmp v1.0.5/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
 blitter.com/go/herradurakex v1.0.0 h1:6XaxY+JLT1HUWPF0gYJnjX3pVjrw4YhYZEzZ1U0wkyc=
@ -18,21 +14,16 @@ blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMT
 blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
-github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
+github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f h1:UWGE8Vi+1Agt0lrvnd7UsmvwqWKRzb9byK9iQmsbY0Y=
 github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f/go.mod h1:u+9Snq0w+ZdYKi8BBoaxnEwWu0fY4Kvu9ByFpM51t1s=
-github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs=
-github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid v1.2.4 h1:EBfaK0SWSwk+fgk6efYFWdzl8MwRWoOO1gkmiaTXPW4=
 github.com/klauspost/cpuid v1.2.4/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
-github.com/klauspost/reedsolomon v1.9.4 h1:FB9jDBGqUNyhUg4Gszz384ulFqVSc61Pdap+HRPgnSo=
-github.com/klauspost/reedsolomon v1.9.4/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
 github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2GHND54=
 github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo=
-github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
-github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o=
 github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
@ -41,21 +32,23 @@ github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0s
 github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061/go.mod h1:wqKykBG2QzQDJEzvRkcS8x6MiSJkF52hXZsXcjaB3ls=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 h1:89CEmDvlq/F7SJEOqkIdNDGJXrQIhuIx9D2DBXjavSU=
 github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161/go.mod h1:wM7WEvslTq+iOEAMDLSzhVuOt5BRZ05WirO+b09GHQU=
 github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b h1:fj5tQ8acgNUr6O8LEplsxDhUIe2573iLkJc+PqnzZTI=
 github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4=
-github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA=
-github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
 github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
 github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4=
 github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ=
 github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg=
 github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE=
+github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
+github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 golang.org/x/arch v0.0.0-20190909030613-46d78d1859ac/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@ -63,10 +56,9 @@ golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
-golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@ -79,8 +71,6 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
-golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -91,6 +81,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/hlandau/easymetric.v1 v1.0.0 h1:ZbfbH7W3giuVDjWUoFhDOjjv20hiPr5HZ2yMV5f9IeE=
 gopkg.in/hlandau/easymetric.v1 v1.0.0/go.mod h1:yh75hypuFzAxmvECh3ZKGCvFnIfapYJh2wv7ASaX2RE=
@ -98,5 +89,6 @@ gopkg.in/hlandau/measurable.v1 v1.0.1 h1:wH5UZKCRUnRr1iD+xIZfwhtxhmr+bprRJttqA1R
 gopkg.in/hlandau/measurable.v1 v1.0.1/go.mod h1:6N+SYJGMTmetsx7wskULP+juuO+++tsHJkAgzvzsbuM=
 gopkg.in/hlandau/passlib.v1 v1.0.10 h1:q5xh9ZHp907XTjVw8/EqG03//fnlITnIYQmv4Gn7TpE=
 gopkg.in/hlandau/passlib.v1 v1.0.10/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
--- a/xsd/xsd.go
+++ b/xsd/xsd.go
@ -33,7 +33,7 @@ import (
 	xs "blitter.com/go/xs"
 	"blitter.com/go/xs/logger"
 	"blitter.com/go/xs/xsnet"
-	"github.com/kr/pty"
+	"github.com/creack/pty"
 )

 var (
@ -82,7 +82,7 @@ func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string,
 	os.Clearenv()
 	os.Setenv("HOME", u.HomeDir) // nolint: gosec,errcheck
 	os.Setenv("TERM", ttype)     // nolint: gosec,errcheck
-	os.Setenv("HKEXSH", "1")     // nolint: gosec,errcheck
+	os.Setenv("XS_SESSION", "1")     // nolint: gosec,errcheck

 	var c *exec.Cmd
 	cmdName := xs.GetTool("tar")
@ -187,7 +187,7 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string
 	os.Clearenv()
 	_ = os.Setenv("HOME", u.HomeDir) // nolint: gosec
 	_ = os.Setenv("TERM", ttype)     // nolint: gosec
-	_ = os.Setenv("HKEXSH", "1")     // nolint: gosec
+	_ = os.Setenv("XS_SESSION", "1")     // nolint: gosec

 	var c *exec.Cmd
 	cmdName := xs.GetTool("tar")
@ -278,7 +278,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
 	os.Clearenv()
 	_ = os.Setenv("HOME", u.HomeDir) // nolint: gosec
 	_ = os.Setenv("TERM", ttype)     // nolint: gosec
-	_ = os.Setenv("HKEXSH", "1")     // nolint: gosec
+	_ = os.Setenv("XS_SESSION", "1")     // nolint: gosec

 	var c *exec.Cmd
 	if interactive {
--- a/xsnet/chan.go
+++ b/xsnet/chan.go
@ -110,7 +110,7 @@ func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err er
 		key = keymat[0:chacha.KeySize]
 		ivlen = chacha.INonceSize
 		iv = keymat[chacha.KeySize : chacha.KeySize+ivlen]
-		rc, err = chacha.NewCipher(iv, key, 20)
+		rc, err = chacha.NewCipher(iv, key, chacha.INonceSize)
 		if err != nil {
 			log.Printf("[ChaCha20 config error]\n")
 			fmt.Printf("[ChaCha20 config error]\n")
--- a/xsnet/consts.go
+++ b/xsnet/consts.go
@ -98,7 +98,7 @@ const (
 type CSOType uint32

 //TODO: this should be small (max unfragmented packet size?)
-const MAX_PAYLOAD_LEN = 4*1024*1024*1024 - 1
+const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1

 // Session symmetric crypto algs
 const (
--- a/xsnet/net.go
+++ b/xsnet/net.go
@ -49,7 +49,7 @@ import (

 /*---------------------------------------------------------------------*/
 const PAD_SZ = 32     // max size of padding applied to each packet
-const HMAC_CHK_SZ = 4 // leading bytes of HMAC to xmit for verification
+const HMAC_CHK_SZ = 8 // leading bytes of HMAC to xmit for verification

 type (
 	WinSize struct {
@ -426,21 +426,25 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 		kem = frodo.Frodo976SHAKE()
 	}
 	pubA, secA := kem.Keygen() // pA
-	//log.Printf("[pubKeyAlice: %v]\n", pubA)

 	// Alice, step 2: Send the public key (na,ea) to Bob
-	fmt.Fprintf(c, "0x%x\n", pubA)
+	n, err := fmt.Fprintf(c, "0x%x\n", pubA)
+	if err != nil {
+		panic(err)
+	}
+	if n < len(pubA) {
+		panic(errors.New("incomplete Fprintf() of pubA"))
+	}

-	// (... and cipher, connection opts)
+	// (... and send cipher, connection opts)
 	fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)

 	// [Bob does the same and sends use a public key (nb, eb)
 	pubB_bigint := big.NewInt(0)
 	_, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint)
 	pubB := pubB_bigint.Bytes()
-	//log.Printf("[Got pubKeyBob[]:%v]\n", pubB)

-	// (... and cipher, connection opts)
+	// (... and sends us cipher, connection opts)
 	_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
 		&hc.cipheropts, &hc.opts)
 	if err != nil {
@ -460,12 +464,10 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	ctBtoA_bigint := big.NewInt(0)
 	_, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint)
 	ctBtoA := ctBtoA_bigint.Bytes()
-	log.Printf("[Got ctBob[]:%v]\n", ctBtoA)

 	// Alice, step 6: compute Bob's share
 	shareB, err := kem.Dencapsulate(secA, ctBtoA)
 	sessionKey := append(shareA, shareB...)
-	//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)

 	hc.r, hc.rm, err = hc.getStream(sessionKey)
 	hc.w, hc.wm, err = hc.getStream(sessionKey)
@ -521,7 +523,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	if err != nil {
 		panic(err)
 	}
-	//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
+	
 	hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
 	return
@ -565,7 +567,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	if err != nil {
 		panic(err)
 	}
-	//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
+	
 	hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
 	return
@ -616,7 +618,6 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
 	// Alice, step 3: Decrypt the KEM cipher text.
 	aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB)

-	//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
 	return
@ -680,27 +681,32 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 		kem = frodo.Frodo976SHAKE()
 	}
 	pubB, secB := kem.Keygen()
-	//log.Printf("[pubKeyBob: %v]\n", pubB)

-	// Bob, step 2: Send the public key (nb,eb) to Alice
-	fmt.Fprintf(*c, "0x%x\n", pubB)
-
-	// (... and cipher, connection opts)
-	fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
-
-	// [Alice does the same and sends use a public key (na, ea)
+	
+	// [Alice sends use a public key (na, ea)
 	pubA_bigint := big.NewInt(0)
 	_, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint)
 	pubA := pubA_bigint.Bytes()
-	//log.Printf("[Got pubKeyAlice[]:%v]\n", pubA)

-	// (... and cipher, connection opts)
+	// (... and sends us cipher, connection opts)
 	_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
 		&hc.cipheropts, &hc.opts)
 	if err != nil {
 		return err
 	}

+	// Bob, step 2: Send the public key (nb,eb) to Alice
+	n, err := fmt.Fprintf(*c, "0x%x\n", pubB)
+	if err != nil {
+		panic(err)
+	}
+	if n < len(pubB) {
+		panic(errors.New("incomplete Fprintf() of pubB"))
+	}
+
+	// (... and send cipher, connection opts)
+	fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
+	
 	// Bob, step 3: Create ctBtoA, shareB
 	ctBtoA, shareB, err := kem.Encapsulate(pubA)
 	if err != nil {
@ -714,12 +720,10 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	ctAtoB_bigint := big.NewInt(0)
 	_, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint)
 	ctAtoB := ctAtoB_bigint.Bytes()
-	log.Printf("[Got ctAlice[]:%v]\n", ctAtoB)

 	// Alice, step 6: compute Bob's share
 	shareA, err := kem.Dencapsulate(secB, ctAtoB)
 	sessionKey := append(shareA, shareB...)
-	//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)

 	hc.r, hc.rm, err = hc.getStream(sessionKey)
 	hc.w, hc.wm, err = hc.getStream(sessionKey)
@ -759,7 +763,6 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
 		hc.cipheropts, hc.opts)

-	//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
 	return
@ -798,7 +801,6 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
 		hc.cipheropts, hc.opts)

-	//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
 	return
@ -847,7 +849,6 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
 		hc.cipheropts, hc.opts)

-	//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
 	return
@ -1287,6 +1288,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 		if hc.logCipherText {
 			log.Printf("  <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
 		}
+		//fmt.Printf("  <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))

 		hc.rm.Write(payloadBytes) // Calc hmac on received data
 		hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
@ -1306,8 +1308,9 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 		// The caller isn't necessarily reading the full payload so we need
 		// to decrypt to an intermediate buffer, draining it on demand of caller
 		decryptN, err := rs.Read(payloadBytes)
+
 		if hc.logPlainText {
-			log.Printf("  <-ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
+			log.Printf("  <:ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
 		}
 		if err != nil {
 			log.Println("xsnet.Read():", err)
@ -1324,9 +1327,6 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 				payloadBytes = payloadBytes[0 : len(payloadBytes)-int(padLen)]
 			}

-			//fmt.Printf("padSide:%d padLen:%d payloadBytes:%s\n",
-			//	padSide, padLen, hex.Dump(payloadBytes))
-
 			// Throw away pkt if it's chaff (ie., caller to Read() won't see this data)
 			if ctrlStatOp == CSOChaff {
 				log.Printf("[Chaff pkt, discarded (len %d)]\n", decryptN)
@ -1435,6 +1435,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 	}

 	log.Printf("Read() got %d bytes\n", retN)
+
 	copy(b, hc.dBuf.Next(retN))
 	return retN, nil
 }
@ -1443,9 +1444,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 //
 // See go doc io.Writer
 func (hc Conn) Write(b []byte) (n int, err error) {
-	//fmt.Printf("WRITE(%d)\n", len(b))
 	n, err = hc.WritePacket(b, CSONone)
-	//fmt.Printf("WROTE(%d)\n", n)
 	return n, err
 }

@ -1460,27 +1459,23 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
 	}

 	//Padding prior to encryption
-	padSz := (rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2)
+	padSz := rand.Intn(PAD_SZ-1) + 1 /*(rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2)*/
 	padLen := padSz - ((len(b) + padSz) % padSz)
 	if padLen == padSz {
 		// No padding required
 		padLen = 0
 	}
+
 	padBytes := make([]byte, padLen)
 	rand.Read(padBytes)
 	// For a little more confusion let's support padding either before
 	// or after the payload.
 	padSide := rand.Intn(2)
-	//fmt.Printf("--\n")
-	//fmt.Printf("PRE_PADDING:%s\r\n", hex.Dump(b))
-	//fmt.Printf("padSide:%d padLen:%d\r\n", padSide, padLen)
 	if padSide == 0 {
 		b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(padBytes, b...)...)...)
 	} else {
 		b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(b, padBytes...)...)...)
 	}
-	//fmt.Printf("POST_PADDING:%s\r\n", hex.Dump(b))
-	//fmt.Printf("--\r\n")

 	// N.B. Originally this Lock() surrounded only the
 	// calls to binary.Write(hc.c ..) however there appears
@ -1492,9 +1487,8 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
 	// could be tightened.
 	hc.Lock()
 	payloadLen = uint32(len(b))
-	//!fmt.Printf("  --== payloadLen:%d\n", payloadLen)
 	if hc.logPlainText {
-		log.Printf("  :>ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen]))
+		log.Printf("  >:ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen]))
 	}

 	// NOTE releases prior to v0.9 used Authenticate-then-Encrypt,
@ -1514,14 +1508,19 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
 	// The StreamWriter acts like a pipe, forwarding whatever is
 	// written to it through the cipher, encrypting as it goes
 	ws := &cipher.StreamWriter{S: hc.w, W: &wb}
-	_, err = ws.Write(b[0:payloadLen])
+	wN, err := ws.Write(b[0:payloadLen])
 	if err != nil {
 		panic(err)
 	}
-	if hc.logCipherText {
-		log.Printf("  ->ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
+	if wN < int(payloadLen) {
+		panic("truncated Write to cipher *****")
 	}

+	if hc.logCipherText {
+		log.Printf("  >:ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
+	}
+	//fmt.Printf("  >:ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
+
 	// Calculate hmac on cipher payload
 	hc.wm.Write(wb.Bytes())
 	hmacOut = hc.wm.Sum(nil)[0:HMAC_CHK_SZ] //finalize
@ -1552,7 +1551,11 @@ func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {

 	// We must 'lie' to caller indicating the length of THEIR
 	// data written (ie., not including the padding and padding headers)
-	return n - 2 - int(padLen), err
+	retN := n - 2 - int(padLen)
+	if retN <= 0 {
+		retN = 0
+	}
+	return retN, err
 }

 func (hc *Conn) EnableChaff() {