xs/xsnet/chan.go

package xsnet

// Copyright (c) 2017-2020 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)

/* Support functions to set up encryption once an HKEx Conn has been
established with FA exchange and support channel operations
(echo, file-copy, remote-cmd, ...) */

import (
	"crypto"
	"crypto/aes"
	"crypto/cipher"
	"encoding/hex"
	"errors"
	"fmt"
	"hash"
	"log"

	"blitter.com/go/cryptmt"
	"blitter.com/go/hopscotch"
	"github.com/aead/chacha20/chacha"
	"golang.org/x/crypto/blowfish"
	"golang.org/x/crypto/twofish"

	// hash algos must be manually imported thusly:
	// (Would be nice if the golang pkg docs were more clear
	// on this...)
	_ "crypto/sha256"
	_ "crypto/sha512"
)

// Expand keymat, if necessary, to a minimum of 2x(blocksize).
// Keymat is used for initial key and the IV, hence the 2x.
// This is occasionally necessary for smaller modes of KEX algorithms
// (eg., KEX_HERRADURA256); perhaps an indication these should be
// avoided in favour of larger modes.
//
// This is used for block ciphers; stream ciphers should do their
// own key expansion.
func expandKeyMat(keymat []byte, blocksize int) []byte {
	if len(keymat) < 2*blocksize {
		halg := crypto.SHA256
		mc := halg.New()
		if !halg.Available() {
			log.Fatal("hash not available!")
		}
		_, _ = mc.Write(keymat)
		var xpand []byte
		xpand = mc.Sum(xpand)
		keymat = append(keymat, xpand...)
		log.Println("[NOTE: keymat short - applying key expansion using SHA256]")
	}
	return keymat
}

/* Support functionality to set up encryption after a channel has
been negotiated via xsnet.go
*/
func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err error) {
	var key []byte
	var block cipher.Block
	var iv []byte
	var ivlen int

	copts := hc.cipheropts & 0xFF
	// TODO: each cipher alg case should ensure len(keymat.Bytes())
	// is >= 2*cipher.BlockSize (enough for both key and iv)
	switch copts {
	case CAlgAES256:
		keymat = expandKeyMat(keymat, aes.BlockSize)
		key = keymat[0:aes.BlockSize]
		block, err = aes.NewCipher(key)
		ivlen = aes.BlockSize
		iv = keymat[aes.BlockSize : aes.BlockSize+ivlen]
		rc = cipher.NewOFB(block, iv)
		log.Printf("[cipher AES_256 (%d)]\n", copts)
	case CAlgTwofish128:
		keymat = expandKeyMat(keymat, twofish.BlockSize)
		key = keymat[0:twofish.BlockSize]
		block, err = twofish.NewCipher(key)
		ivlen = twofish.BlockSize
		iv = keymat[twofish.BlockSize : twofish.BlockSize+ivlen]
		rc = cipher.NewOFB(block, iv)
		log.Printf("[cipher TWOFISH_128 (%d)]\n", copts)
	case CAlgBlowfish64:
		keymat = expandKeyMat(keymat, blowfish.BlockSize)
		key = keymat[0:blowfish.BlockSize]
		block, err = blowfish.NewCipher(key)
		ivlen = blowfish.BlockSize
		// N.b. Bounds enforcement of differing cipher algorithms
		// ------------------------------------------------------
		// cipher/aes and x/cipher/twofish appear to allow one to
		// pass an iv larger than the blockSize harmlessly to
		// cipher.NewOFB(); x/cipher/blowfish implementation will
		// segfault here if len(iv) is not exactly blowfish.BlockSize.
		//
		// I assume the other two check bounds and only
		// copy what's needed whereas blowfish does no such check.
		iv = keymat[blowfish.BlockSize : blowfish.BlockSize+ivlen]
		rc = cipher.NewOFB(block, iv)
		log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts)
	case CAlgCryptMT1:
		rc = cryptmt.New(nil, nil, keymat)
		log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)
	case CAlgHopscotch:
		rc = hopscotch.New(nil, nil, 4, keymat)
		log.Printf("[cipher HOPSCOTCH (%d)]\n", copts)
	case CAlgChaCha20_12:
		keymat = expandKeyMat(keymat, chacha.KeySize)
		key = keymat[0:chacha.KeySize]
		ivlen = chacha.INonceSize
		iv = keymat[chacha.KeySize : chacha.KeySize+ivlen]
		rc, err = chacha.NewCipher(iv, key, chacha.INonceSize)
		if err != nil {
			log.Printf("[ChaCha20 config error]\n")
			fmt.Printf("[ChaCha20 config error]\n")
		}
		// TODO: SetCounter() to something derived from key or nonce or extra keymat?
		log.Printf("[cipher CHACHA20_12 (%d)]\n", copts)
	default:
		log.Printf("[invalid cipher (%d)]\n", copts)
		fmt.Printf("DOOFUS SET A VALID CIPHER ALG (%d)\n", copts)
		err = errors.New("hkexchan: INVALID CIPHER ALG")
		//os.Exit(1)
	}

	hopts := (hc.cipheropts >> 8) & 0xFF
	switch hopts {
	case HmacSHA256:
		log.Printf("[hash HmacSHA256 (%d)]\n", hopts)
		halg := crypto.SHA256
		mc = halg.New()
		if !halg.Available() {
			log.Fatal("hash not available!")
		}
	case HmacSHA512:
		log.Printf("[hash HmacSHA512 (%d)]\n", hopts)
		halg := crypto.SHA512
		mc = halg.New()
		if !halg.Available() {
			log.Fatal("hash not available!")
		}
	default:
		log.Printf("[invalid hmac (%d)]\n", hopts)
		fmt.Printf("DOOFUS SET A VALID HMAC ALG (%d)\n", hopts)
		err = errors.New("hkexchan: INVALID HMAC ALG")
		return
		//os.Exit(1)
	}

	if err != nil {
		// Feed the IV into the hmac: all traffic in the connection must
		// feed its data into the hmac afterwards, so both ends can xor
		// that with the stream to detect corruption.
		_, _ = mc.Write(iv)
		var currentHash []byte
		currentHash = mc.Sum(currentHash)
		log.Printf("Channel init hmac(iv):%s\n", hex.EncodeToString(currentHash))
	}
	return
}
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`package xsnet`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00
2020 Copyright update; minor comment typo fixes Signed-off-by: Russ Magee <rmagee@gmail.com> 2020-08-08 08:54:46 +00:00			`// Copyright (c) 2017-2020 Russell Magee`
misc. cleanup, LICENSE.{gpl,mit} updates 2018-04-07 20:04:10 +00:00			`// Licensed under the terms of the MIT license (see LICENSE.mit in this`
			`// distribution)`
			`//`
			`// golang implementation by Russ Magee (rmagee_at_gmail.com)`

Added hkexchan.go w/o testing for StreamReader/StreamWriter 2018-01-09 07:08:58 +00:00			`/* Support functions to set up encryption once an HKEx Conn has been`
Start of proto kexsh tool client/server 2018-01-13 18:01:27 +00:00			`established with FA exchange and support channel operations`
			`(echo, file-copy, remote-cmd, ...) */`
Added hkexchan.go w/o testing for StreamReader/StreamWriter 2018-01-09 07:08:58 +00:00
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`import (`
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`"crypto"`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`"crypto/aes"`
			`"crypto/cipher"`
Initial experiments: HMAC on stream 2018-02-17 02:46:29 +00:00			`"encoding/hex"`
-Added error checking for all stages of hkex.Conn.Accept() and GetStream() -Server will log such errors without panic/exit -Const added but not yet used for 'chaff' packets 2018-04-28 23:05:33 +00:00			`"errors"`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`"fmt"`
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`"hash"`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`"log"`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00
WIP integrating experimental WANDERER alg 2019-09-27 16:44:57 +00:00			`"blitter.com/go/cryptmt"`
added hopscotch cipher 2021-11-13 04:39:44 +00:00			`"blitter.com/go/hopscotch"`
Initial aead/chacha20 support (ChaCha20_12) Signed-off-by: Russ Magee <rmagee@gmail.com> 2020-02-22 01:21:19 +00:00			`"github.com/aead/chacha20/chacha"`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`"golang.org/x/crypto/blowfish"`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`"golang.org/x/crypto/twofish"`
WIP integrating experimental WANDERER alg 2019-09-27 16:44:57 +00:00
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`// hash algos must be manually imported thusly:`
			`// (Would be nice if the golang pkg docs were more clear`
			`// on this...)`
			`_ "crypto/sha256"`
Added HMAC_SHA512 2018-09-30 07:19:25 +00:00			`_ "crypto/sha512"`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`)`

Added keymat expansion for smallest KEX modes Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-19 20:51:57 +00:00			`// Expand keymat, if necessary, to a minimum of 2x(blocksize).`
			`// Keymat is used for initial key and the IV, hence the 2x.`
			`// This is occasionally necessary for smaller modes of KEX algorithms`
			`// (eg., KEX_HERRADURA256); perhaps an indication these should be`
			`// avoided in favour of larger modes.`
Added support for cryptMTv1 Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-24 07:15:33 +00:00			`//`
			`// This is used for block ciphers; stream ciphers should do their`
			`// own key expansion.`
Added keymat expansion for smallest KEX modes Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-19 20:51:57 +00:00			`func expandKeyMat(keymat []byte, blocksize int) []byte {`
			`if len(keymat) < 2*blocksize {`
			`halg := crypto.SHA256`
			`mc := halg.New()`
			`if !halg.Available() {`
			`log.Fatal("hash not available!")`
			`}`
			`_, _ = mc.Write(keymat)`
			`var xpand []byte`
			`xpand = mc.Sum(xpand)`
			`keymat = append(keymat, xpand...)`
			`log.Println("[NOTE: keymat short - applying key expansion using SHA256]")`
			`}`
			`return keymat`
			`}`

Added hkexchan.go w/o testing for StreamReader/StreamWriter 2018-01-09 07:08:58 +00:00			`/* Support functionality to set up encryption after a channel has`
The Great Renaming: hkexsh -> xs (Xperimental Shell) Signed-off-by: Russ Magee <rmagee@gmail.com> 2019-10-30 03:34:09 +00:00			`been negotiated via xsnet.go`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`*/`
Fixed login timeout term handling/restoreState * NOTE breaking change to exit codes Also some value => ref fixes for Conn receiver methods Signed-off-by: Russ Magee <rmagee@gmail.com> 2020-07-22 04:52:58 +00:00			`func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err error) {`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`var key []byte`
			`var block cipher.Block`
Initial experiments: HMAC on stream 2018-02-17 02:46:29 +00:00			`var iv []byte`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`var ivlen int`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`copts := hc.cipheropts & 0xFF`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`// TODO: each cipher alg case should ensure len(keymat.Bytes())`
			`// is >= 2*cipher.BlockSize (enough for both key and iv)`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`switch copts {`
-Cleaned up lib code with gometalinter.v1 -Added -h opt to demo client (hmac) 2018-01-13 06:13:01 +00:00			`case CAlgAES256:`
Added keymat expansion for smallest KEX modes Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-19 20:51:57 +00:00			`keymat = expandKeyMat(keymat, aes.BlockSize)`
KYBER768 KEM works. :O 2018-10-11 04:12:38 +00:00			`key = keymat[0:aes.BlockSize]`
Added hkexchan.go w/o testing for StreamReader/StreamWriter 2018-01-09 07:08:58 +00:00			`block, err = aes.NewCipher(key)`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`ivlen = aes.BlockSize`
KYBER768 KEM works. :O 2018-10-11 04:12:38 +00:00			`iv = keymat[aes.BlockSize : aes.BlockSize+ivlen]`
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`rc = cipher.NewOFB(block, iv)`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`log.Printf("[cipher AES_256 (%d)]\n", copts)`
-Cleaned up lib code with gometalinter.v1 -Added -h opt to demo client (hmac) 2018-01-13 06:13:01 +00:00			`case CAlgTwofish128:`
Added keymat expansion for smallest KEX modes Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-19 20:51:57 +00:00			`keymat = expandKeyMat(keymat, twofish.BlockSize)`
KYBER768 KEM works. :O 2018-10-11 04:12:38 +00:00			`key = keymat[0:twofish.BlockSize]`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`block, err = twofish.NewCipher(key)`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`ivlen = twofish.BlockSize`
KYBER768 KEM works. :O 2018-10-11 04:12:38 +00:00			`iv = keymat[twofish.BlockSize : twofish.BlockSize+ivlen]`
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`rc = cipher.NewOFB(block, iv)`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`log.Printf("[cipher TWOFISH_128 (%d)]\n", copts)`
-Cleaned up lib code with gometalinter.v1 -Added -h opt to demo client (hmac) 2018-01-13 06:13:01 +00:00			`case CAlgBlowfish64:`
Added keymat expansion for smallest KEX modes Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-19 20:51:57 +00:00			`keymat = expandKeyMat(keymat, blowfish.BlockSize)`
KYBER768 KEM works. :O 2018-10-11 04:12:38 +00:00			`key = keymat[0:blowfish.BlockSize]`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`block, err = blowfish.NewCipher(key)`
			`ivlen = blowfish.BlockSize`
			`// N.b. Bounds enforcement of differing cipher algorithms`
			`// ------------------------------------------------------`
			`// cipher/aes and x/cipher/twofish appear to allow one to`
			`// pass an iv larger than the blockSize harmlessly to`
			`// cipher.NewOFB(); x/cipher/blowfish implementation will`
			`// segfault here if len(iv) is not exactly blowfish.BlockSize.`
			`//`
			`// I assume the other two check bounds and only`
			`// copy what's needed whereas blowfish does no such check.`
KYBER768 KEM works. :O 2018-10-11 04:12:38 +00:00			`iv = keymat[blowfish.BlockSize : blowfish.BlockSize+ivlen]`
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`rc = cipher.NewOFB(block, iv)`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts)`
Added support for cryptMTv1 Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-24 07:15:33 +00:00			`case CAlgCryptMT1:`
Updated intf to cryptmt Signed-off-by: Russ Magee <rmagee@gmail.com> 2020-02-07 02:56:36 +00:00			`rc = cryptmt.New(nil, nil, keymat)`
Added support for cryptMTv1 Signed-off-by: Russ Magee <rmagee@gmail.com> 2018-10-24 07:15:33 +00:00			`log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)`
added hopscotch cipher 2021-11-13 04:39:44 +00:00			`case CAlgHopscotch:`
			`rc = hopscotch.New(nil, nil, 4, keymat)`
			`log.Printf("[cipher HOPSCOTCH (%d)]\n", copts)`
Initial aead/chacha20 support (ChaCha20_12) Signed-off-by: Russ Magee <rmagee@gmail.com> 2020-02-22 01:21:19 +00:00			`case CAlgChaCha20_12:`
			`keymat = expandKeyMat(keymat, chacha.KeySize)`
			`key = keymat[0:chacha.KeySize]`
			`ivlen = chacha.INonceSize`
			`iv = keymat[chacha.KeySize : chacha.KeySize+ivlen]`
Fixed FrodoKEM neg bug (sending cipheropts,opts order) Also tweaked pad size random to use full range; removed some junk logging 2021-01-11 06:04:52 +00:00			`rc, err = chacha.NewCipher(iv, key, chacha.INonceSize)`
Initial aead/chacha20 support (ChaCha20_12) Signed-off-by: Russ Magee <rmagee@gmail.com> 2020-02-22 01:21:19 +00:00			`if err != nil {`
			`log.Printf("[ChaCha20 config error]\n")`
			`fmt.Printf("[ChaCha20 config error]\n")`
			`}`
			`// TODO: SetCounter() to something derived from key or nonce or extra keymat?`
			`log.Printf("[cipher CHACHA20_12 (%d)]\n", copts)`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`default:`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`log.Printf("[invalid cipher (%d)]\n", copts)`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`fmt.Printf("DOOFUS SET A VALID CIPHER ALG (%d)\n", copts)`
-Added error checking for all stages of hkex.Conn.Accept() and GetStream() -Server will log such errors without panic/exit -Const added but not yet used for 'chaff' packets 2018-04-28 23:05:33 +00:00			`err = errors.New("hkexchan: INVALID CIPHER ALG")`
			`//os.Exit(1)`
Added hkexchan.go w/o testing for StreamReader/StreamWriter 2018-01-09 07:08:58 +00:00			`}`

Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`hopts := (hc.cipheropts >> 8) & 0xFF`
			`switch hopts {`
-Cleaned up lib code with gometalinter.v1 -Added -h opt to demo client (hmac) 2018-01-13 06:13:01 +00:00			`case HmacSHA256:`
Merge of public work on github.com/Russtopia/hkexsh repo 2018-02-17 02:43:37 +00:00			`log.Printf("[hash HmacSHA256 (%d)]\n", hopts)`
			`halg := crypto.SHA256`
			`mc = halg.New()`
			`if !halg.Available() {`
			`log.Fatal("hash not available!")`
			`}`
Added HMAC_SHA512 2018-09-30 07:19:25 +00:00			`case HmacSHA512:`
			`log.Printf("[hash HmacSHA512 (%d)]\n", hopts)`
			`halg := crypto.SHA512`
			`mc = halg.New()`
			`if !halg.Available() {`
			`log.Fatal("hash not available!")`
			`}`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`default:`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`log.Printf("[invalid hmac (%d)]\n", hopts)`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`fmt.Printf("DOOFUS SET A VALID HMAC ALG (%d)\n", hopts)`
-Added error checking for all stages of hkex.Conn.Accept() and GetStream() -Server will log such errors without panic/exit -Const added but not yet used for 'chaff' packets 2018-04-28 23:05:33 +00:00			`err = errors.New("hkexchan: INVALID HMAC ALG")`
			`return`
			`//os.Exit(1)`
Dial() extensions to specify cipher/hmac alg and protocol options 2018-01-12 03:42:42 +00:00			`}`

Added hkexchan.go w/o testing for StreamReader/StreamWriter 2018-01-09 07:08:58 +00:00			`if err != nil {`
-Added error checking for all stages of hkex.Conn.Accept() and GetStream() -Server will log such errors without panic/exit -Const added but not yet used for 'chaff' packets 2018-04-28 23:05:33 +00:00			`// Feed the IV into the hmac: all traffic in the connection must`
			`// feed its data into the hmac afterwards, so both ends can xor`
			`// that with the stream to detect corruption.`
			`_, _ = mc.Write(iv)`
			`var currentHash []byte`
			`currentHash = mc.Sum(currentHash)`
			`log.Printf("Channel init hmac(iv):%s\n", hex.EncodeToString(currentHash))`
Added concept for cipher setup -- nonworking (hkexchan.gox) 2018-01-09 04:23:19 +00:00			`}`
			`return`
			`}`