xs/xsnet/consts.go

// consts.go - consts for xsnet

// Copyright (c) 2017-2019 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package xsnet

// KEX algorithm values
//
// Specified (in string form) as the extensions parameter
// to xsnet.Dial()
// Alg is sent in a uint8 so there are up to 256 possible
const (
	KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor
	KEX_HERRADURA512
	KEX_HERRADURA1024
	KEX_HERRADURA2048
	KEX_resvd4
	KEX_resvd5
	KEX_resvd6
	KEX_resvd7
	KEX_KYBER512
	KEX_KYBER768
	KEX_KYBER1024
	KEX_resvd11
	KEX_NEWHOPE
	KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
	KEX_resvd14
	KEX_resvd15
	KEX_invalid = 255
)

// Sent from client to server in order to specify which
// algo shall be used (see xsnet.KEX_HERRADURA256, ...)
type KEXAlg uint8

// Extended exit status codes - indicate comm/pty issues
// rather than remote end normal UNIX exit codes
const (
	CSENone            = 1024 + iota
	CSETruncCSO        // No CSOExitStatus in payload
	CSEStillOpen       // Channel closed unexpectedly
	CSEExecFail        // cmd.Start() (exec) failed
	CSEPtyExecFail     // pty.Start() (exec w/pty) failed
	CSEPtyGetNameFail  // failed to obtain pty name
	CSEKEXAlgDenied    // server rejected proposed KEX alg
	CSECipherAlgDenied // server rejected proposed Cipher alg
	CSEHMACAlgDenied   // server rejected proposed HMAC alg
)

// Extended (>255 UNIX exit status) codes
// This indicate channel-related or internal errors
type CSExtendedCode uint32

// Channel Status/Op bytes - packet types
const (
	// Main connection/session control
	CSONone        = iota // No error, normal packet
	CSOHmacInvalid        // HMAC mismatch detected on remote end
	CSOTermSize           // set term size (rows:cols)
	CSOExitStatus         // Remote cmd exit status
	CSOChaff              // Dummy packet, do not pass beyond decryption

	// Tunnel setup/control/status
	CSOTunSetup     // client -> server tunnel setup request (dstport)
	CSOTunSetupAck  // server -> client tunnel setup ack
	CSOTunRefused   // server -> client: tunnel rport connection refused
	CSOTunData      // packet contains tunnel data [rport:data]
	CSOTunKeepAlive // client tunnel heartbeat
	CSOTunDisconn   // server -> client: tunnel rport disconnected
	CSOTunHangup    // client -> server: tunnel lport hung up
)

// TunEndpoint.tunCtl control values - used to control workers for client
// or server tunnels depending on the code
const (
	TunCtl_Client_Listen = 'a'
	// [CSOTunAccept]
	// status: server has ack'd tun setup request
	// action: client should accept (after re-listening, if required) on lport

	TunCtl_Server_Dial = 'd' // server has dialled OK, client side can accept() conns
	// [CSOTunAccept]
	// status: client wants to open tunnel to rport
	// action:server side should dial() rport on client's behalf
)

// Channel status Op byte type (see CSONone, ... and CSENone, ...)
type CSOType uint32

//TODO: this should be small (max unfragmented packet size?)
const MAX_PAYLOAD_LEN = 4*1024*1024*1024 - 1

// Session symmetric crypto algs
const (
	CAlgAES256     = iota
	CAlgTwofish128 // golang.org/x/crypto/twofish
	CAlgBlowfish64 // golang.org/x/crypto/blowfish
	CAlgCryptMT1   //cryptmt using mtwist64
	CAlgWanderer   // inhouse experimental crypto alg
	CAlgNoneDisallowed
)

// Available ciphers for hkex.Conn
type CSCipherAlg uint32

// Session packet auth HMAC algs
const (
	HmacSHA256 = iota
	HmacSHA512
	HmacNoneDisallowed
)

// Available HMACs for hkex.Conn
type CSHmacAlg uint32
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`// consts.go - consts for xsnet`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`// Copyright (c) 2017-2019 Russell Magee`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`// Licensed under the terms of the MIT license (see LICENSE.mit in this`
			`// distribution)`
			`//`
			`// golang implementation by Russ Magee (rmagee_at_gmail.com)`
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`package xsnet`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00
Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`// KEX algorithm values`
			`//`
			`// Specified (in string form) as the extensions parameter`
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`// to xsnet.Dial()`
Made default deeper in init funcs HERRADURAKEX512 Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-09-15 05:56:03 +00:00			`// Alg is sent in a uint8 so there are up to 256 possible`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`const (`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00			`KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor`
			`KEX_HERRADURA512`
			`KEX_HERRADURA1024`
			`KEX_HERRADURA2048`
			`KEX_resvd4`
			`KEX_resvd5`
			`KEX_resvd6`
			`KEX_resvd7`
			`KEX_KYBER512`
Set up to handle Kyber768 KEM 2018-10-09 04:31:11 +00:00			`KEX_KYBER768`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00			`KEX_KYBER1024`
			`KEX_resvd11`
Added NEWHOPE and NEWHOPE_SIMPLE KEM algs Fixed some -h typos, missing H_SHA512 option randReader seed time.Now().UnixNano() Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-04-09 04:58:33 +00:00			`KEX_NEWHOPE`
Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00			`KEX_resvd14`
			`KEX_resvd15`
xsd: Added -aK,-aC,-aH to control accepted client proposals 2019-12-15 19:38:04 +00:00			`KEX_invalid = 255`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`)`
Set up to handle Kyber768 KEM 2018-10-09 04:31:11 +00:00
tightened up some const types 2018-09-18 06:07:04 +00:00			`// Sent from client to server in order to specify which`
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`// algo shall be used (see xsnet.KEX_HERRADURA256, ...)`
tightened up some const types 2018-09-18 06:07:04 +00:00			`type KEXAlg uint8`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00
Moved CSE (extended err types) back up out of UNIX shell status space 2018-10-26 05:49:08 +00:00			`// Extended exit status codes - indicate comm/pty issues`
			`// rather than remote end normal UNIX exit codes`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`const (`
xsd: Added -aK,-aC,-aH to control accepted client proposals 2019-12-15 19:38:04 +00:00			`CSENone = 1024 + iota`
			`CSETruncCSO // No CSOExitStatus in payload`
			`CSEStillOpen // Channel closed unexpectedly`
			`CSEExecFail // cmd.Start() (exec) failed`
			`CSEPtyExecFail // pty.Start() (exec w/pty) failed`
			`CSEPtyGetNameFail // failed to obtain pty name`
			`CSEKEXAlgDenied // server rejected proposed KEX alg`
			`CSECipherAlgDenied // server rejected proposed Cipher alg`
			`CSEHMACAlgDenied // server rejected proposed HMAC alg`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`)`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00
tightened up some const types 2018-09-18 06:07:04 +00:00			`// Extended (>255 UNIX exit status) codes`
			`// This indicate channel-related or internal errors`
			`type CSExtendedCode uint32`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00			`// Channel Status/Op bytes - packet types`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`const (`
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00			`// Main connection/session control`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`CSONone = iota // No error, normal packet`
			`CSOHmacInvalid // HMAC mismatch detected on remote end`
			`CSOTermSize // set term size (rows:cols)`
			`CSOExitStatus // Remote cmd exit status`
			`CSOChaff // Dummy packet, do not pass beyond decryption`
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00
			`// Tunnel setup/control/status`
Tunnel keepalives from client implemented. If client dies/exits unexpectedly the server tunnel will disconnect from rport in a timely manner. Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-11-12 06:46:39 +00:00			`CSOTunSetup // client -> server tunnel setup request (dstport)`
			`CSOTunSetupAck // server -> client tunnel setup ack`
			`CSOTunRefused // server -> client: tunnel rport connection refused`
			`CSOTunData // packet contains tunnel data [rport:data]`
			`CSOTunKeepAlive // client tunnel heartbeat`
			`CSOTunDisconn // server -> client: tunnel rport disconnected`
			`CSOTunHangup // client -> server: tunnel lport hung up`
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00			`)`

Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`// TunEndpoint.tunCtl control values - used to control workers for client`
			`// or server tunnels depending on the code`
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00			`const (`
WIP tunnel states, re-dial when not required needs debugging. 2018-11-08 03:35:32 +00:00			`TunCtl_Client_Listen = 'a'`
Corrected tun chan Ctl cmd comments 2018-11-12 04:25:34 +00:00			`// [CSOTunAccept]`
			`// status: server has ack'd tun setup request`
			`// action: client should accept (after re-listening, if required) on lport`
Tunnels with reconnect working. TODO: interactive client exit must collapse all open tunnels prior to exit. Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-11-12 02:56:08 +00:00
WIP tunnel states, re-dial when not required needs debugging. 2018-11-08 03:35:32 +00:00			`TunCtl_Server_Dial = 'd' // server has dialled OK, client side can accept() conns`
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00			`// [CSOTunAccept]`
Corrected tun chan Ctl cmd comments 2018-11-12 04:25:34 +00:00			`// status: client wants to open tunnel to rport`
(non-working) begin of total tunnel redesign 2018-10-31 16:15:28 +00:00			`// action:server side should dial() rport on client's behalf`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`)`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00
Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`// Channel status Op byte type (see CSONone, ... and CSENone, ...)`
tightened up some const types 2018-09-18 06:07:04 +00:00			`type CSOType uint32`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00
Set up to handle Kyber768 KEM 2018-10-09 04:31:11 +00:00			`//TODO: this should be small (max unfragmented packet size?)`
Split hkexsh and hkexnet consts into separate files 2018-09-18 00:27:13 +00:00			`const MAX_PAYLOAD_LEN = 410241024*1024 - 1`

Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`// Session symmetric crypto algs`
tightened up some const types 2018-09-18 06:07:04 +00:00			`const (`
			`CAlgAES256 = iota`
			`CAlgTwofish128 // golang.org/x/crypto/twofish`
			`CAlgBlowfish64 // golang.org/x/crypto/blowfish`
Added support for cryptMTv1 Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-24 07:15:33 +00:00			`CAlgCryptMT1 //cryptmt using mtwist64`
WIP integrating experimental WANDERER alg 2019-09-27 16:44:57 +00:00			`CAlgWanderer // inhouse experimental crypto alg`
tightened up some const types 2018-09-18 06:07:04 +00:00			`CAlgNoneDisallowed`
			`)`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00
tightened up some const types 2018-09-18 06:07:04 +00:00			`// Available ciphers for hkex.Conn`
			`type CSCipherAlg uint32`

Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`// Session packet auth HMAC algs`
tightened up some const types 2018-09-18 06:07:04 +00:00			`const (`
			`HmacSHA256 = iota`
Added HMAC_SHA512 2018-09-30 07:19:25 +00:00			`HmacSHA512`
tightened up some const types 2018-09-18 06:07:04 +00:00			`HmacNoneDisallowed`
			`)`
Added more (explicit) sizes for all KEX algs 2018-10-12 23:16:49 +00:00
Cleaned up/added commenting (hkexsh/, hkexnet/) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-05-10 05:46:08 +00:00			`// Available HMACs for hkex.Conn`
tightened up some const types 2018-09-18 06:07:04 +00:00			`type CSHmacAlg uint32`