2018-04-07 20:04:10 +00:00
|
|
|
// hkexnet.go - net.Conn compatible channel setup with encrypted/HMAC
|
|
|
|
// negotiation
|
|
|
|
|
|
|
|
// Copyright (c) 2017-2018 Russell Magee
|
|
|
|
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
|
|
|
// distribution)
|
|
|
|
//
|
|
|
|
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
2018-01-11 21:44:11 +00:00
|
|
|
|
2018-07-05 04:21:23 +00:00
|
|
|
package hkexnet
|
2018-01-09 03:16:55 +00:00
|
|
|
|
2018-09-11 03:22:09 +00:00
|
|
|
// TODO:
|
|
|
|
// If key exchange algs other than the experimental HerraduraKEx are to
|
|
|
|
// be supported, the Dial() and Accept() methods should take a kex param,
|
|
|
|
// specifying which to use; and the client/server negotiation must then
|
|
|
|
// prefix the channel setup with this param over the wire in order to decide
|
|
|
|
// which is in use.
|
|
|
|
//
|
2018-09-11 03:28:41 +00:00
|
|
|
// DESIGN PRINCIPLE: There shall be no protocol features which enable
|
|
|
|
// downgrade attacks. The server shall have final authority to accept or
|
|
|
|
// reject any and all proposed KEx and connection parameters proposed by
|
|
|
|
// clients at setup. Action on denial shall be a simple server disconnect
|
|
|
|
// with possibly a status code sent so client can determine why connection
|
|
|
|
// was denied (compare to how failed auth is communicated to client).
|
2018-09-11 03:22:09 +00:00
|
|
|
|
2018-01-09 07:08:58 +00:00
|
|
|
// Implementation of HKEx-wrapped versions of the golang standard
|
|
|
|
// net package interfaces, allowing clients and servers to simply replace
|
2018-06-30 02:23:11 +00:00
|
|
|
// 'net.Dial' and 'net.Listen' with 'hkex.Dial' and 'hkex.Listen'
|
|
|
|
// (though some extra methods are implemented and must be used
|
|
|
|
// for things outside of the scope of plain sockets).
|
2018-01-09 03:16:55 +00:00
|
|
|
import (
|
2018-01-11 06:50:13 +00:00
|
|
|
"bytes"
|
2018-01-09 07:26:24 +00:00
|
|
|
"crypto/cipher"
|
2018-03-26 02:58:04 +00:00
|
|
|
"encoding/binary"
|
2018-02-17 02:43:37 +00:00
|
|
|
"encoding/hex"
|
2018-04-15 20:29:06 +00:00
|
|
|
"errors"
|
2018-01-09 03:16:55 +00:00
|
|
|
"fmt"
|
2018-02-17 02:43:37 +00:00
|
|
|
"hash"
|
2018-03-26 02:58:04 +00:00
|
|
|
"io"
|
2018-10-26 05:14:18 +00:00
|
|
|
"io/ioutil"
|
2018-01-18 05:27:00 +00:00
|
|
|
"log"
|
2018-01-09 03:16:55 +00:00
|
|
|
"math/big"
|
2018-05-04 06:53:47 +00:00
|
|
|
"math/rand"
|
2018-01-09 03:16:55 +00:00
|
|
|
"net"
|
2018-02-17 02:46:29 +00:00
|
|
|
"strings"
|
2018-05-02 19:28:56 +00:00
|
|
|
"sync"
|
2018-01-17 02:30:57 +00:00
|
|
|
"time"
|
2018-07-05 04:21:23 +00:00
|
|
|
|
2018-12-07 01:20:43 +00:00
|
|
|
"blitter.com/go/herradurakex"
|
2018-10-26 23:05:01 +00:00
|
|
|
"blitter.com/go/hkexsh/logger"
|
2018-10-11 04:12:38 +00:00
|
|
|
kyber "git.schwanenlied.me/yawning/kyber.git"
|
2018-01-09 03:16:55 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
/*---------------------------------------------------------------------*/
|
2018-10-14 07:20:30 +00:00
|
|
|
const PAD_SZ = 32 // max size of padding applied to each packet
|
|
|
|
const HMAC_CHK_SZ = 4 // leading bytes of HMAC to xmit for verification
|
2018-01-09 03:16:55 +00:00
|
|
|
|
2018-12-01 08:22:56 +00:00
|
|
|
const Bob = string("\r\n\r\n" +
|
2018-12-01 06:52:57 +00:00
|
|
|
"@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" +
|
|
|
|
"@@@@@@^ ~^ @ @@ @ @ @ I ~^@@@@@@\r\n" +
|
|
|
|
"@@@@@ ~ ~~ ~I @@@@@\r\n" +
|
|
|
|
"@@@@' ' _,w@< @@@@\r\n" +
|
|
|
|
"@@@@ @@@@@@@@w___,w@@@@@@@@ @ @@@\r\n" +
|
|
|
|
"@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@\r\n" +
|
|
|
|
"@@@@ @@@@@@@@@@@@@@@@@@@@*@[ i @@@\r\n" +
|
|
|
|
"@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@\r\n" +
|
|
|
|
"@@@@ ~_,,_ ~@@@@@@@~ ____~ @ @@@\r\n" +
|
|
|
|
"@@@@ _~ , , `@@@~ _ _`@ ]L J@@@\r\n" +
|
|
|
|
"@@@@ , @@w@ww+ @@@ww``,,@w@ ][ @@@@\r\n" +
|
|
|
|
"@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@\r\n" +
|
|
|
|
"@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" +
|
|
|
|
"@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@\r\n" +
|
|
|
|
"@@@@@@@[ _ _J@@Tk ]]@@@@@@\r\n" +
|
|
|
|
"@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" +
|
|
|
|
"@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@\r\n" +
|
|
|
|
"@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@ @@@@@@@@@\r\n" +
|
|
|
|
"@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@\r\n" +
|
|
|
|
"@@@_xJ~ ~ , @@@@@@@P~_@@@@@@@@@@@@\r\n" +
|
|
|
|
"@@ @, ,@@@,_____ _,J@@@@@@@@@@@@@\r\n" +
|
|
|
|
"@@L `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" +
|
|
|
|
"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" +
|
|
|
|
"\r\n")
|
|
|
|
|
2018-07-20 05:39:06 +00:00
|
|
|
type (
|
|
|
|
WinSize struct {
|
|
|
|
Rows uint16
|
|
|
|
Cols uint16
|
|
|
|
}
|
2018-04-29 02:28:37 +00:00
|
|
|
|
2018-07-20 05:39:06 +00:00
|
|
|
// chaffconfig captures attributes used to send chaff packets betwixt
|
|
|
|
// client and server connections, to obscure true traffic timing and
|
|
|
|
// patterns
|
|
|
|
// see: https://en.wikipedia.org/wiki/chaff_(countermeasure)
|
|
|
|
ChaffConfig struct {
|
|
|
|
shutdown bool //set to inform chaffHelper to shut down
|
|
|
|
enabled bool
|
|
|
|
msecsMin uint //msecs min interval
|
|
|
|
msecsMax uint //msecs max interval
|
|
|
|
szMax uint // max size in bytes
|
|
|
|
}
|
2018-05-07 00:41:09 +00:00
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
// Conn is a connection wrapping net.Conn with KEX & session state
|
2018-07-20 05:39:06 +00:00
|
|
|
Conn struct {
|
2018-10-09 04:31:11 +00:00
|
|
|
kex KEXAlg // KEX/KEM propsal (client -> server)
|
|
|
|
m *sync.Mutex // (internal)
|
|
|
|
c *net.Conn // which also implements io.Reader, io.Writer, ...
|
2018-11-20 03:55:35 +00:00
|
|
|
immClose bool
|
2018-11-29 05:03:20 +00:00
|
|
|
cipheropts uint32 // post-KEx cipher/hmac options
|
|
|
|
opts uint32 // post-KEx protocol options (caller-defined)
|
2018-07-20 05:39:06 +00:00
|
|
|
WinCh chan WinSize
|
|
|
|
Rows uint16
|
|
|
|
Cols uint16
|
2018-05-04 06:53:47 +00:00
|
|
|
|
2018-10-02 03:35:50 +00:00
|
|
|
chaff ChaffConfig
|
2018-11-08 03:35:32 +00:00
|
|
|
tuns *map[uint16](*TunEndpoint)
|
2018-10-27 08:51:40 +00:00
|
|
|
|
2018-09-27 05:57:36 +00:00
|
|
|
closeStat *CSOType // close status (CSOExitStatus)
|
2018-07-20 05:39:06 +00:00
|
|
|
r cipher.Stream //read cipherStream
|
|
|
|
rm hash.Hash
|
|
|
|
w cipher.Stream //write cipherStream
|
|
|
|
wm hash.Hash
|
|
|
|
dBuf *bytes.Buffer //decrypt buffer for Read()
|
|
|
|
}
|
2018-12-01 06:52:57 +00:00
|
|
|
|
|
|
|
EscSeqs struct {
|
2018-12-01 08:22:56 +00:00
|
|
|
idx int
|
|
|
|
seqs []byte
|
|
|
|
outstr []string
|
2018-12-01 06:52:57 +00:00
|
|
|
}
|
2018-07-20 05:39:06 +00:00
|
|
|
)
|
2018-06-30 02:23:11 +00:00
|
|
|
|
2018-10-26 05:14:18 +00:00
|
|
|
var (
|
2018-10-26 23:05:01 +00:00
|
|
|
Log *logger.Writer // reg. syslog output (no -d)
|
2018-10-26 05:14:18 +00:00
|
|
|
)
|
|
|
|
|
2018-10-27 08:51:40 +00:00
|
|
|
// Return string (suitable as map key) for a tunnel endpoint
|
|
|
|
func (t *TunEndpoint) String() string {
|
2018-10-29 02:17:47 +00:00
|
|
|
return fmt.Sprintf("[%d:%s:%d]", t.Lport, t.Peer, t.Rport)
|
2018-10-27 08:51:40 +00:00
|
|
|
}
|
|
|
|
|
2018-10-26 23:05:01 +00:00
|
|
|
func _initLogging(d bool, c string, f logger.Priority) {
|
2018-10-26 05:14:18 +00:00
|
|
|
if Log == nil {
|
2018-10-26 23:05:01 +00:00
|
|
|
Log, _ = logger.New(f, fmt.Sprintf("%s:hkexnet", c))
|
2018-10-26 05:14:18 +00:00
|
|
|
}
|
|
|
|
if d {
|
|
|
|
log.SetFlags(0) // syslog will have date,time
|
|
|
|
log.SetOutput(Log)
|
|
|
|
} else {
|
|
|
|
log.SetOutput(ioutil.Discard)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-26 23:05:01 +00:00
|
|
|
func Init(d bool, c string, f logger.Priority) {
|
2018-10-26 05:14:18 +00:00
|
|
|
_initLogging(d, c, f)
|
|
|
|
}
|
|
|
|
|
2018-09-18 06:07:04 +00:00
|
|
|
func (hc Conn) GetStatus() CSOType {
|
2018-06-30 02:23:11 +00:00
|
|
|
return *hc.closeStat
|
|
|
|
}
|
|
|
|
|
2018-09-18 06:07:04 +00:00
|
|
|
func (hc *Conn) SetStatus(stat CSOType) {
|
2018-06-30 02:23:11 +00:00
|
|
|
*hc.closeStat = stat
|
2018-09-06 03:36:32 +00:00
|
|
|
log.Println("closeStat:", *hc.closeStat)
|
2018-02-17 03:25:11 +00:00
|
|
|
}
|
|
|
|
|
2018-11-20 03:55:35 +00:00
|
|
|
func (hc *Conn) SetImmClose() {
|
|
|
|
hc.immClose = true
|
|
|
|
}
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// ConnOpts returns the cipher/hmac options value, which is sent to the
|
|
|
|
// peer but is not itself part of the KEx.
|
|
|
|
//
|
2018-01-12 03:42:42 +00:00
|
|
|
// (Used for protocol-level negotiations after KEx such as
|
|
|
|
// cipher/HMAC algorithm options etc.)
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc Conn) ConnOpts() uint32 {
|
|
|
|
return hc.cipheropts
|
2018-01-12 03:42:42 +00:00
|
|
|
}
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// SetConnOpts sets the cipher/hmac options value, which is sent to the
|
|
|
|
// peer as part of KEx but not part of the KEx itself.
|
2018-01-12 03:42:42 +00:00
|
|
|
//
|
|
|
|
// opts - bitfields for cipher and hmac alg. to use after KEx
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) SetConnOpts(copts uint32) {
|
|
|
|
hc.cipheropts = copts
|
2018-01-12 03:42:42 +00:00
|
|
|
}
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// Opts returns the protocol options value, which is sent to the peer
|
|
|
|
// but is not itself part of the KEx or connection (cipher/hmac) setup.
|
2018-01-12 03:42:42 +00:00
|
|
|
//
|
|
|
|
// Consumers of this lib may use this for protocol-level options not part
|
|
|
|
// of the KEx or encryption info used by the connection.
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc Conn) Opts() uint32 {
|
|
|
|
return hc.opts
|
2018-01-12 03:42:42 +00:00
|
|
|
}
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// SetOpts sets the protocol options value, which is sent to the peer
|
|
|
|
// but is not itself part of the KEx or connection (cipher/hmac) setup.
|
|
|
|
//
|
2018-01-12 03:42:42 +00:00
|
|
|
// Consumers of this lib may use this for protocol-level options not part
|
|
|
|
// of the KEx of encryption info used by the connection.
|
|
|
|
//
|
|
|
|
// opts - a uint32, caller-defined
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) SetOpts(opts uint32) {
|
|
|
|
hc.opts = opts
|
2018-01-12 03:42:42 +00:00
|
|
|
}
|
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
func getkexalgnum(extensions ...string) (k KEXAlg) {
|
2018-10-12 23:16:49 +00:00
|
|
|
k = KEX_HERRADURA256 // default
|
2018-10-09 04:31:11 +00:00
|
|
|
for _, s := range extensions {
|
|
|
|
switch s {
|
2018-10-12 23:16:49 +00:00
|
|
|
case "KEX_HERRADURA256":
|
|
|
|
k = KEX_HERRADURA256
|
|
|
|
break //out of for
|
|
|
|
case "KEX_HERRADURA512":
|
|
|
|
k = KEX_HERRADURA512
|
|
|
|
break //out of for
|
|
|
|
case "KEX_HERRADURA1024":
|
|
|
|
k = KEX_HERRADURA1024
|
|
|
|
break //out of for
|
|
|
|
case "KEX_HERRADURA2048":
|
|
|
|
k = KEX_HERRADURA2048
|
|
|
|
break //out of for
|
|
|
|
case "KEX_KYBER512":
|
|
|
|
k = KEX_KYBER512
|
|
|
|
break //out of for
|
2018-10-09 04:31:11 +00:00
|
|
|
case "KEX_KYBER768":
|
|
|
|
k = KEX_KYBER768
|
2018-10-12 23:16:49 +00:00
|
|
|
break //out of for
|
|
|
|
case "KEX_KYBER1024":
|
|
|
|
k = KEX_KYBER1024
|
|
|
|
break //out of for
|
2018-10-09 04:31:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Return a new hkexnet.Conn
|
|
|
|
//
|
|
|
|
// Note this is internal: use Dial() or Accept()
|
|
|
|
func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
|
|
|
|
// Set up stuff common to all KEx/KEM types
|
|
|
|
hc = &Conn{kex: kexAlg,
|
|
|
|
m: &sync.Mutex{},
|
|
|
|
c: conn,
|
|
|
|
closeStat: new(CSOType),
|
|
|
|
WinCh: make(chan WinSize, 1),
|
|
|
|
dBuf: new(bytes.Buffer)}
|
2018-11-08 03:35:32 +00:00
|
|
|
tempMap := make(map[uint16]*TunEndpoint)
|
|
|
|
hc.tuns = &tempMap
|
2018-10-09 04:31:11 +00:00
|
|
|
|
|
|
|
*hc.closeStat = CSEStillOpen // open or prematurely-closed status
|
|
|
|
|
|
|
|
// Set up KEx/KEM-specifics
|
2018-10-12 23:16:49 +00:00
|
|
|
switch kexAlg {
|
|
|
|
case KEX_HERRADURA256:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA512:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA1024:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA2048:
|
2018-10-09 04:31:11 +00:00
|
|
|
log.Printf("[KEx alg %d accepted]\n", kexAlg)
|
2018-10-12 23:16:49 +00:00
|
|
|
case KEX_KYBER512:
|
|
|
|
fallthrough
|
2018-10-09 04:31:11 +00:00
|
|
|
case KEX_KYBER768:
|
2018-10-12 23:16:49 +00:00
|
|
|
fallthrough
|
|
|
|
case KEX_KYBER1024:
|
2018-10-11 04:12:38 +00:00
|
|
|
log.Printf("[KEx alg %d accepted]\n", kexAlg)
|
|
|
|
default:
|
2018-10-14 07:20:30 +00:00
|
|
|
// UNREACHABLE: _getkexalgnum() guarantees a valid KEX value
|
2018-10-12 23:16:49 +00:00
|
|
|
hc.kex = KEX_HERRADURA256
|
|
|
|
log.Printf("[KEx alg %d ?? defaults to %d]\n", kexAlg, hc.kex)
|
2018-10-09 04:31:11 +00:00
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) applyConnExtensions(extensions ...string) {
|
2018-01-12 03:42:42 +00:00
|
|
|
for _, s := range extensions {
|
|
|
|
switch s {
|
|
|
|
case "C_AES_256":
|
2018-01-18 05:27:00 +00:00
|
|
|
log.Println("[extension arg = C_AES_256]")
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.cipheropts &= (0xFFFFFF00)
|
|
|
|
hc.cipheropts |= CAlgAES256
|
2018-01-12 03:42:42 +00:00
|
|
|
case "C_TWOFISH_128":
|
2018-01-18 05:27:00 +00:00
|
|
|
log.Println("[extension arg = C_TWOFISH_128]")
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.cipheropts &= (0xFFFFFF00)
|
|
|
|
hc.cipheropts |= CAlgTwofish128
|
2018-01-12 07:01:39 +00:00
|
|
|
case "C_BLOWFISH_64":
|
2018-01-18 05:27:00 +00:00
|
|
|
log.Println("[extension arg = C_BLOWFISH_64]")
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.cipheropts &= (0xFFFFFF00)
|
|
|
|
hc.cipheropts |= CAlgBlowfish64
|
2018-10-24 07:15:33 +00:00
|
|
|
case "C_CRYPTMT1":
|
|
|
|
log.Println("[extension arg = C_CRYPTMT1]")
|
|
|
|
hc.cipheropts &= (0xFFFFFF00)
|
|
|
|
hc.cipheropts |= CAlgCryptMT1
|
2018-01-12 03:42:42 +00:00
|
|
|
case "H_SHA256":
|
2018-01-18 05:27:00 +00:00
|
|
|
log.Println("[extension arg = H_SHA256]")
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.cipheropts &= (0xFFFF00FF)
|
|
|
|
hc.cipheropts |= (HmacSHA256 << 8)
|
2018-09-30 07:19:25 +00:00
|
|
|
case "H_SHA512":
|
|
|
|
log.Println("[extension arg = H_SHA512]")
|
|
|
|
hc.cipheropts &= (0xFFFF00FF)
|
|
|
|
hc.cipheropts |= (HmacSHA512 << 8)
|
2018-10-12 23:16:49 +00:00
|
|
|
//default:
|
|
|
|
// log.Printf("[Dial ext \"%s\" ignored]\n", s)
|
2018-01-12 03:42:42 +00:00
|
|
|
}
|
|
|
|
}
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
|
|
|
|
2018-10-11 04:12:38 +00:00
|
|
|
// randReader wraps rand.Read() in a struct that implements io.Reader
|
|
|
|
// for use by the Kyber KEM methods.
|
|
|
|
type randReader struct {
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r randReader) Read(b []byte) (n int, e error) {
|
|
|
|
n, e = rand.Read(b)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-10-12 23:16:49 +00:00
|
|
|
func KyberDialSetup(c net.Conn, hc *Conn) (err error) {
|
2018-10-11 04:12:38 +00:00
|
|
|
// Send hkexnet.Conn parameters to remote side
|
|
|
|
|
|
|
|
// Alice, step 1: Generate a key pair.
|
|
|
|
r := new(randReader)
|
2018-10-12 23:16:49 +00:00
|
|
|
var alicePublicKey *kyber.PublicKey
|
|
|
|
var alicePrivateKey *kyber.PrivateKey
|
|
|
|
switch hc.kex {
|
|
|
|
case KEX_KYBER512:
|
|
|
|
alicePublicKey, alicePrivateKey, err = kyber.Kyber512.GenerateKeyPair(r)
|
|
|
|
case KEX_KYBER768:
|
|
|
|
alicePublicKey, alicePrivateKey, err = kyber.Kyber768.GenerateKeyPair(r)
|
|
|
|
case KEX_KYBER1024:
|
|
|
|
alicePublicKey, alicePrivateKey, err = kyber.Kyber1024.GenerateKeyPair(r)
|
|
|
|
default:
|
|
|
|
alicePublicKey, alicePrivateKey, err = kyber.Kyber768.GenerateKeyPair(r)
|
|
|
|
}
|
|
|
|
|
2018-10-11 04:12:38 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Alice, step 2: Send the public key to Bob
|
2018-10-19 03:44:23 +00:00
|
|
|
fmt.Fprintf(c, "0x%x\n0x%x:0x%x\n", alicePublicKey.Bytes(),
|
2018-10-11 04:12:38 +00:00
|
|
|
hc.cipheropts, hc.opts)
|
|
|
|
|
|
|
|
// [Bob, step 1-3], from which we read cipher text
|
2018-10-19 03:44:23 +00:00
|
|
|
cipherB := make([]byte, 4096)
|
|
|
|
fmt.Fscanf(c, "0x%x\n", &cipherB)
|
|
|
|
//if err != nil {
|
|
|
|
// return err
|
|
|
|
//}
|
|
|
|
log.Printf("[Got server ciphertext[]:%v]\n", cipherB)
|
2018-10-11 04:12:38 +00:00
|
|
|
|
|
|
|
// Read cipheropts, session opts
|
2018-10-19 03:44:23 +00:00
|
|
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
2018-10-11 04:12:38 +00:00
|
|
|
&hc.cipheropts, &hc.opts)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Alice, step 3: Decrypt the KEM cipher text.
|
2018-10-19 03:44:23 +00:00
|
|
|
aliceSharedSecret := alicePrivateKey.KEMDecrypt(cipherB)
|
2018-10-11 04:12:38 +00:00
|
|
|
|
|
|
|
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
|
|
|
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
|
|
|
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
|
|
|
return
|
2018-10-09 04:31:11 +00:00
|
|
|
}
|
|
|
|
|
2018-09-11 07:04:38 +00:00
|
|
|
func HKExDialSetup(c net.Conn, hc *Conn) (err error) {
|
2018-10-12 23:16:49 +00:00
|
|
|
var h *hkex.HerraduraKEx
|
|
|
|
switch hc.kex {
|
|
|
|
case KEX_HERRADURA256:
|
|
|
|
h = hkex.New(256, 64)
|
|
|
|
case KEX_HERRADURA512:
|
|
|
|
h = hkex.New(512, 128)
|
|
|
|
case KEX_HERRADURA1024:
|
|
|
|
h = hkex.New(1024, 256)
|
|
|
|
case KEX_HERRADURA2048:
|
|
|
|
h = hkex.New(2048, 512)
|
|
|
|
default:
|
|
|
|
h = hkex.New(256, 64)
|
|
|
|
}
|
|
|
|
|
2018-09-11 07:04:38 +00:00
|
|
|
// Send hkexnet.Conn parameters to remote side
|
|
|
|
// d is value for Herradura key exchange
|
2018-10-19 03:44:23 +00:00
|
|
|
fmt.Fprintf(c, "0x%s\n0x%x:0x%x\n", h.D().Text(16),
|
2018-09-11 07:04:38 +00:00
|
|
|
hc.cipheropts, hc.opts)
|
|
|
|
|
2018-10-19 03:44:23 +00:00
|
|
|
// Read peer D over net.Conn (c)
|
2018-09-11 07:04:38 +00:00
|
|
|
d := big.NewInt(0)
|
|
|
|
_, err = fmt.Fscanln(c, d)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-10-19 03:44:23 +00:00
|
|
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
2018-09-11 07:04:38 +00:00
|
|
|
&hc.cipheropts, &hc.opts)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
h.SetPeerD(d)
|
|
|
|
log.Printf("** local D:%s\n", h.D().Text(16))
|
|
|
|
log.Printf("**(c)** peer D:%s\n", h.PeerD().Text(16))
|
|
|
|
h.ComputeFA()
|
|
|
|
log.Printf("**(c)** FA:%s\n", h.FA())
|
2018-09-11 07:04:38 +00:00
|
|
|
|
2018-10-11 04:12:38 +00:00
|
|
|
hc.r, hc.rm, err = hc.getStream(h.FA().Bytes())
|
|
|
|
hc.w, hc.wm, err = hc.getStream(h.FA().Bytes())
|
2018-09-11 07:04:38 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-10-12 23:16:49 +00:00
|
|
|
func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
2018-10-11 04:12:38 +00:00
|
|
|
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
|
|
|
alicePublicKey := big.NewInt(0)
|
|
|
|
_, err = fmt.Fscanln(*c, alicePublicKey)
|
|
|
|
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-10-19 03:44:23 +00:00
|
|
|
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
|
2018-10-11 04:12:38 +00:00
|
|
|
&hc.cipheropts, &hc.opts)
|
|
|
|
log.Printf("[Got cipheropts, opts:%v, %v]", hc.cipheropts, hc.opts)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-10-12 23:16:49 +00:00
|
|
|
var peerPublicKey *kyber.PublicKey
|
|
|
|
switch hc.kex {
|
|
|
|
case KEX_KYBER512:
|
|
|
|
peerPublicKey, err = kyber.Kyber512.PublicKeyFromBytes(alicePublicKey.Bytes())
|
|
|
|
case KEX_KYBER768:
|
|
|
|
peerPublicKey, err = kyber.Kyber768.PublicKeyFromBytes(alicePublicKey.Bytes())
|
|
|
|
case KEX_KYBER1024:
|
|
|
|
peerPublicKey, err = kyber.Kyber1024.PublicKeyFromBytes(alicePublicKey.Bytes())
|
|
|
|
default:
|
|
|
|
peerPublicKey, err = kyber.Kyber768.PublicKeyFromBytes(alicePublicKey.Bytes())
|
|
|
|
}
|
|
|
|
|
2018-10-11 04:12:38 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bob, step 2: Generate the KEM cipher text and shared secret.
|
|
|
|
r := new(randReader)
|
|
|
|
cipherText, bobSharedSecret, err := peerPublicKey.KEMEncrypt(r)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2018-10-19 03:44:23 +00:00
|
|
|
// Bob, step 3: Send the cipher text to Alice.
|
|
|
|
//fmt.Println("cipherText:",cipherText)
|
|
|
|
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
|
2018-10-11 04:12:38 +00:00
|
|
|
hc.cipheropts, hc.opts)
|
|
|
|
|
|
|
|
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
|
|
|
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
|
|
|
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
|
|
|
return
|
2018-10-09 04:31:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func HKExAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
2018-10-12 23:16:49 +00:00
|
|
|
var h *hkex.HerraduraKEx
|
|
|
|
switch hc.kex {
|
|
|
|
case KEX_HERRADURA256:
|
|
|
|
h = hkex.New(256, 64)
|
|
|
|
case KEX_HERRADURA512:
|
|
|
|
h = hkex.New(512, 128)
|
|
|
|
case KEX_HERRADURA1024:
|
|
|
|
h = hkex.New(1024, 256)
|
|
|
|
case KEX_HERRADURA2048:
|
|
|
|
h = hkex.New(2048, 512)
|
|
|
|
default:
|
|
|
|
h = hkex.New(256, 64)
|
|
|
|
}
|
|
|
|
|
2018-09-11 07:04:38 +00:00
|
|
|
// Read in hkexnet.Conn parameters over raw Conn c
|
|
|
|
// d is value for Herradura key exchange
|
|
|
|
d := big.NewInt(0)
|
2018-10-09 04:31:11 +00:00
|
|
|
_, err = fmt.Fscanln(*c, d)
|
2018-09-11 07:04:38 +00:00
|
|
|
log.Printf("[Got d:%v]", d)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-10-19 03:44:23 +00:00
|
|
|
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
|
2018-09-11 07:04:38 +00:00
|
|
|
&hc.cipheropts, &hc.opts)
|
|
|
|
log.Printf("[Got cipheropts, opts:%v, %v]", hc.cipheropts, hc.opts)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-10-09 04:31:11 +00:00
|
|
|
h.SetPeerD(d)
|
|
|
|
log.Printf("** D:%s\n", h.D().Text(16))
|
|
|
|
log.Printf("**(s)** peerD:%s\n", h.PeerD().Text(16))
|
|
|
|
h.ComputeFA()
|
|
|
|
log.Printf("**(s)** FA:%s\n", h.FA())
|
2018-09-11 07:04:38 +00:00
|
|
|
|
|
|
|
// Send D and cipheropts/conn_opts to peer
|
2018-10-19 03:44:23 +00:00
|
|
|
fmt.Fprintf(*c, "0x%s\n0x%x:0x%x\n", h.D().Text(16),
|
2018-09-11 07:04:38 +00:00
|
|
|
hc.cipheropts, hc.opts)
|
|
|
|
|
2018-10-11 04:12:38 +00:00
|
|
|
hc.r, hc.rm, err = hc.getStream(h.FA().Bytes())
|
|
|
|
hc.w, hc.wm, err = hc.getStream(h.FA().Bytes())
|
2018-09-11 07:04:38 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-11 03:22:09 +00:00
|
|
|
// Dial as net.Dial(), but with implicit key exchange to set up secure
|
|
|
|
// channel on connect
|
|
|
|
//
|
2018-01-12 03:42:42 +00:00
|
|
|
// Can be called like net.Dial(), defaulting to C_AES_256/H_SHA256,
|
|
|
|
// or additional option arguments can be passed amongst the following:
|
|
|
|
//
|
|
|
|
// "C_AES_256" | "C_TWOFISH_128"
|
|
|
|
//
|
|
|
|
// "H_SHA256"
|
2018-09-29 19:15:53 +00:00
|
|
|
func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err error) {
|
2018-10-26 05:14:18 +00:00
|
|
|
if Log == nil {
|
2018-10-26 23:05:01 +00:00
|
|
|
Init(false, "client", logger.LOG_DAEMON|logger.LOG_DEBUG)
|
2018-10-26 05:14:18 +00:00
|
|
|
}
|
|
|
|
|
2018-03-25 17:40:23 +00:00
|
|
|
// Open raw Conn c
|
2018-01-09 03:16:55 +00:00
|
|
|
c, err := net.Dial(protocol, ipport)
|
|
|
|
if err != nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
return Conn{}, err
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
2018-10-11 04:12:38 +00:00
|
|
|
|
2018-03-25 17:40:23 +00:00
|
|
|
// Init hkexnet.Conn hc over net.Conn c
|
2018-10-09 04:31:11 +00:00
|
|
|
ret, err := _new(getkexalgnum(extensions...), &c)
|
|
|
|
if err != nil {
|
|
|
|
return Conn{}, err
|
|
|
|
}
|
|
|
|
hc = *ret
|
2018-09-11 03:22:09 +00:00
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
// Client has full control over Conn extensions. It's the server's
|
|
|
|
// responsibility to accept or reject the proposed parameters.
|
|
|
|
hc.applyConnExtensions(extensions...)
|
2018-01-09 03:16:55 +00:00
|
|
|
|
2018-09-11 07:04:38 +00:00
|
|
|
// Perform Key Exchange according to client-request algorithm
|
2018-10-09 04:31:11 +00:00
|
|
|
fmt.Fprintf(c, "%02x\n", hc.kex)
|
2018-09-11 07:04:38 +00:00
|
|
|
switch hc.kex {
|
2018-10-12 23:16:49 +00:00
|
|
|
case KEX_HERRADURA256:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA512:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA1024:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA2048:
|
|
|
|
log.Printf("[Setting up for KEX_HERRADURA %d]\n", hc.kex)
|
2018-09-29 19:15:53 +00:00
|
|
|
if HKExDialSetup(c, &hc) != nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
return Conn{}, nil
|
2018-09-11 07:04:38 +00:00
|
|
|
}
|
2018-10-12 23:16:49 +00:00
|
|
|
case KEX_KYBER512:
|
|
|
|
fallthrough
|
2018-10-09 04:31:11 +00:00
|
|
|
case KEX_KYBER768:
|
2018-10-12 23:16:49 +00:00
|
|
|
fallthrough
|
|
|
|
case KEX_KYBER1024:
|
|
|
|
log.Printf("[Setting up for KEX_KYBER %d]\n", hc.kex)
|
|
|
|
if KyberDialSetup(c, &hc) != nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
return Conn{}, nil
|
2018-09-11 07:04:38 +00:00
|
|
|
}
|
|
|
|
default:
|
2018-10-19 03:44:23 +00:00
|
|
|
return Conn{}, err
|
2018-01-12 03:42:42 +00:00
|
|
|
}
|
2018-01-09 03:16:55 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-01-11 21:44:11 +00:00
|
|
|
// Close a hkex.Conn
|
2018-09-05 05:24:16 +00:00
|
|
|
func (hc *Conn) Close() (err error) {
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.DisableChaff()
|
2018-09-06 20:50:56 +00:00
|
|
|
s := make([]byte, 4)
|
2018-09-18 06:07:04 +00:00
|
|
|
binary.BigEndian.PutUint32(s, uint32(*hc.closeStat))
|
2018-09-17 00:14:50 +00:00
|
|
|
log.Printf("** Writing closeStat %d at Close()\n", *hc.closeStat)
|
2018-11-21 02:50:09 +00:00
|
|
|
//(*hc.c).SetWriteDeadline(time.Now().Add(500 * time.Millisecond))
|
2018-09-06 20:50:56 +00:00
|
|
|
hc.WritePacket(s, CSOExitStatus)
|
2018-11-20 03:55:35 +00:00
|
|
|
// This avoids a bug where server side may not get its last packet of
|
|
|
|
// data through to a client for non-interactive commands which exit
|
|
|
|
// immediately. Avoiding the immediate close lets the client close its
|
|
|
|
// side first.
|
|
|
|
if hc.immClose {
|
|
|
|
err = (*hc.c).Close()
|
|
|
|
}
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[Conn Closing]"))
|
2018-01-09 03:16:55 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-01-18 00:39:01 +00:00
|
|
|
// LocalAddr returns the local network address.
|
2018-09-05 05:24:16 +00:00
|
|
|
func (hc *Conn) LocalAddr() net.Addr {
|
2018-10-09 04:31:11 +00:00
|
|
|
return (*hc.c).LocalAddr()
|
2018-01-18 00:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// RemoteAddr returns the remote network address.
|
2018-09-05 05:24:16 +00:00
|
|
|
func (hc *Conn) RemoteAddr() net.Addr {
|
2018-10-09 04:31:11 +00:00
|
|
|
return (*hc.c).RemoteAddr()
|
2018-01-18 00:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SetDeadline sets the read and write deadlines associated
|
|
|
|
// with the connection. It is equivalent to calling both
|
|
|
|
// SetReadDeadline and SetWriteDeadline.
|
|
|
|
//
|
|
|
|
// A deadline is an absolute time after which I/O operations
|
|
|
|
// fail with a timeout (see type Error) instead of
|
|
|
|
// blocking. The deadline applies to all future and pending
|
|
|
|
// I/O, not just the immediately following call to Read or
|
|
|
|
// Write. After a deadline has been exceeded, the connection
|
|
|
|
// can be refreshed by setting a deadline in the future.
|
|
|
|
//
|
|
|
|
// An idle timeout can be implemented by repeatedly extending
|
|
|
|
// the deadline after successful Read or Write calls.
|
|
|
|
//
|
|
|
|
// A zero value for t means I/O operations will not time out.
|
2018-09-05 05:24:16 +00:00
|
|
|
func (hc *Conn) SetDeadline(t time.Time) error {
|
2018-10-09 04:31:11 +00:00
|
|
|
return (*hc.c).SetDeadline(t)
|
2018-01-18 00:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SetWriteDeadline sets the deadline for future Write calls
|
|
|
|
// and any currently-blocked Write call.
|
|
|
|
// Even if write times out, it may return n > 0, indicating that
|
|
|
|
// some of the data was successfully written.
|
|
|
|
// A zero value for t means Write will not time out.
|
2018-09-05 05:24:16 +00:00
|
|
|
func (hc *Conn) SetWriteDeadline(t time.Time) error {
|
2018-10-09 04:31:11 +00:00
|
|
|
return (*hc.c).SetWriteDeadline(t)
|
2018-01-18 00:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SetReadDeadline sets the deadline for future Read calls
|
|
|
|
// and any currently-blocked Read call.
|
|
|
|
// A zero value for t means Read will not time out.
|
2018-09-05 05:24:16 +00:00
|
|
|
func (hc *Conn) SetReadDeadline(t time.Time) error {
|
2018-10-09 04:31:11 +00:00
|
|
|
return (*hc.c).SetReadDeadline(t)
|
2018-01-18 00:39:01 +00:00
|
|
|
}
|
|
|
|
|
2018-01-09 03:16:55 +00:00
|
|
|
/*---------------------------------------------------------------------*/
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// HKExListener is a Listener conforming to net.Listener
|
|
|
|
//
|
|
|
|
// See go doc net.Listener
|
2018-01-09 03:16:55 +00:00
|
|
|
type HKExListener struct {
|
|
|
|
l net.Listener
|
|
|
|
}
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// Listen for a connection
|
|
|
|
//
|
|
|
|
// See go doc net.Listen
|
2018-01-09 03:16:55 +00:00
|
|
|
func Listen(protocol string, ipport string) (hl HKExListener, e error) {
|
2018-10-26 05:14:18 +00:00
|
|
|
if Log == nil {
|
2018-10-26 23:05:01 +00:00
|
|
|
Init(false, "server", logger.LOG_DAEMON|logger.LOG_DEBUG)
|
2018-10-26 05:14:18 +00:00
|
|
|
}
|
|
|
|
|
2018-01-09 03:16:55 +00:00
|
|
|
l, err := net.Listen(protocol, ipport)
|
|
|
|
if err != nil {
|
|
|
|
return HKExListener{nil}, err
|
|
|
|
}
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintf("[Listening on %s]\n", ipport))
|
2018-01-09 03:16:55 +00:00
|
|
|
hl.l = l
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-01-27 00:15:39 +00:00
|
|
|
// Close a hkex Listener - closes the Listener.
|
|
|
|
// Any blocked Accept operations will be unblocked and return errors.
|
2018-01-13 06:13:01 +00:00
|
|
|
//
|
2018-01-27 00:15:39 +00:00
|
|
|
// See go doc net.Listener.Close
|
2018-01-18 00:39:01 +00:00
|
|
|
func (hl HKExListener) Close() error {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[Listener Closed]"))
|
2018-01-13 06:13:01 +00:00
|
|
|
return hl.l.Close()
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
|
|
|
|
2018-01-27 00:15:39 +00:00
|
|
|
// Addr returns a the listener's network address.
|
|
|
|
//
|
|
|
|
// See go doc net.Listener.Addr
|
|
|
|
func (hl HKExListener) Addr() net.Addr {
|
2018-02-17 02:43:37 +00:00
|
|
|
return hl.l.Addr()
|
2018-01-27 00:15:39 +00:00
|
|
|
}
|
|
|
|
|
2018-01-11 21:44:11 +00:00
|
|
|
// Accept a client connection, conforming to net.Listener.Accept()
|
2018-01-13 06:13:01 +00:00
|
|
|
//
|
|
|
|
// See go doc net.Listener.Accept
|
2018-09-29 19:15:53 +00:00
|
|
|
func (hl *HKExListener) Accept() (hc Conn, err error) {
|
2018-03-25 17:40:23 +00:00
|
|
|
// Open raw Conn c
|
2018-01-09 03:16:55 +00:00
|
|
|
c, err := hl.l.Accept()
|
|
|
|
if err != nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
return Conn{}, err
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[net.Listener Accepted]"))
|
2018-01-09 03:16:55 +00:00
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
// Read KEx alg proposed by client
|
|
|
|
var kexAlg KEXAlg
|
2018-10-12 23:16:49 +00:00
|
|
|
//! NB. Was using fmt.FScanln() here, but integers with a leading zero
|
|
|
|
// were being mis-scanned? (is it an octal thing? Investigate.)
|
|
|
|
_, err = fmt.Fscanf(c, "%02x\n", &kexAlg)
|
2018-09-11 03:22:09 +00:00
|
|
|
if err != nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
return Conn{}, err
|
2018-09-11 03:22:09 +00:00
|
|
|
}
|
2018-09-11 07:04:38 +00:00
|
|
|
log.Printf("[Client proposed KEx alg: %v]\n", kexAlg)
|
2018-09-11 03:22:09 +00:00
|
|
|
// --
|
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
ret, err := _new(kexAlg, &c)
|
|
|
|
if err != nil {
|
|
|
|
return Conn{}, err
|
|
|
|
}
|
|
|
|
hc = *ret
|
|
|
|
|
|
|
|
switch hc.kex {
|
2018-10-12 23:16:49 +00:00
|
|
|
case KEX_HERRADURA256:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA512:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA1024:
|
|
|
|
fallthrough
|
|
|
|
case KEX_HERRADURA2048:
|
|
|
|
log.Printf("[Setting up for KEX_HERRADURA %d]\n", hc.kex)
|
2018-10-09 04:31:11 +00:00
|
|
|
if HKExAcceptSetup(&c, &hc) != nil {
|
2018-10-19 03:44:23 +00:00
|
|
|
return Conn{}, err
|
2018-10-09 04:31:11 +00:00
|
|
|
}
|
2018-10-12 23:16:49 +00:00
|
|
|
case KEX_KYBER512:
|
|
|
|
fallthrough
|
2018-10-09 04:31:11 +00:00
|
|
|
case KEX_KYBER768:
|
2018-10-12 23:16:49 +00:00
|
|
|
fallthrough
|
|
|
|
case KEX_KYBER1024:
|
|
|
|
log.Printf("[Setting up for KEX_KYBER %d]\n", hc.kex)
|
|
|
|
if KyberAcceptSetup(&c, &hc) != nil {
|
2018-10-19 03:44:23 +00:00
|
|
|
return Conn{}, err
|
2018-09-11 07:04:38 +00:00
|
|
|
}
|
|
|
|
default:
|
2018-10-19 03:44:23 +00:00
|
|
|
return Conn{}, err
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
2018-10-09 04:31:11 +00:00
|
|
|
log.Println("[hc.Accept successful]")
|
2018-01-09 03:16:55 +00:00
|
|
|
return
|
|
|
|
}
|
2018-01-17 02:30:57 +00:00
|
|
|
|
2018-01-09 03:16:55 +00:00
|
|
|
/*---------------------------------------------------------------------*/
|
2018-01-13 06:13:01 +00:00
|
|
|
|
|
|
|
// Read into a byte slice
|
|
|
|
//
|
2018-12-01 06:52:57 +00:00
|
|
|
// In addition to regular io.Reader behaviour this does demultiplexing of
|
|
|
|
// secured terminal comms and (if defined) tunnel traffic and session control
|
|
|
|
// packet processing.
|
|
|
|
//
|
2018-01-13 06:13:01 +00:00
|
|
|
// See go doc io.Reader
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc Conn) Read(b []byte) (n int, err error) {
|
2018-03-26 02:58:04 +00:00
|
|
|
for {
|
2018-10-31 04:07:42 +00:00
|
|
|
if hc.dBuf.Len() > 0 {
|
2018-03-26 02:58:04 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
|
2018-04-15 20:29:06 +00:00
|
|
|
var ctrlStatOp uint8
|
2018-10-14 07:20:30 +00:00
|
|
|
var hmacIn [HMAC_CHK_SZ]uint8
|
2018-03-26 02:58:04 +00:00
|
|
|
var payloadLen uint32
|
|
|
|
|
2018-04-29 02:28:37 +00:00
|
|
|
// Read ctrl/status opcode (CSOHmacInvalid on hmac mismatch)
|
2018-10-09 04:31:11 +00:00
|
|
|
err = binary.Read(*hc.c, binary.BigEndian, &ctrlStatOp)
|
2018-10-31 04:07:42 +00:00
|
|
|
if err != nil {
|
|
|
|
if err.Error() == "EOF" {
|
|
|
|
return 0, io.EOF
|
|
|
|
}
|
|
|
|
if strings.HasSuffix(err.Error(), "use of closed network connection") {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[Client hung up]"))
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, io.EOF
|
|
|
|
}
|
|
|
|
etxt := fmt.Sprintf("** Failed read:%s (%s) **", "ctrlStatOp", err)
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(etxt)
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, errors.New(etxt)
|
|
|
|
}
|
2018-04-29 02:28:37 +00:00
|
|
|
log.Printf("[ctrlStatOp: %v]\n", ctrlStatOp)
|
|
|
|
if ctrlStatOp == CSOHmacInvalid {
|
2018-04-15 20:29:06 +00:00
|
|
|
// Other side indicated channel tampering, close channel
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.Close()
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, errors.New("** ALERT - remote end detected HMAC mismatch - possible channel tampering **")
|
2018-04-15 20:29:06 +00:00
|
|
|
}
|
|
|
|
|
2018-04-15 19:58:24 +00:00
|
|
|
// Read the hmac and payload len first
|
2018-10-09 04:31:11 +00:00
|
|
|
err = binary.Read(*hc.c, binary.BigEndian, &hmacIn)
|
2018-03-27 04:58:42 +00:00
|
|
|
if err != nil {
|
2018-10-31 04:07:42 +00:00
|
|
|
if err.Error() == "EOF" {
|
|
|
|
return 0, io.EOF
|
|
|
|
}
|
|
|
|
if strings.HasSuffix(err.Error(), "use of closed network connection") {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[Client hung up]"))
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, io.EOF
|
2018-03-26 04:47:38 +00:00
|
|
|
}
|
2018-10-31 04:07:42 +00:00
|
|
|
etxt := fmt.Sprintf("** Failed read:%s (%s) **", "HMAC", err)
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(etxt)
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, errors.New(etxt)
|
2018-03-26 02:58:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
err = binary.Read(*hc.c, binary.BigEndian, &payloadLen)
|
2018-03-26 02:58:04 +00:00
|
|
|
if err != nil {
|
2018-10-31 04:07:42 +00:00
|
|
|
if err.Error() == "EOF" {
|
|
|
|
return 0, io.EOF
|
2018-04-28 23:05:33 +00:00
|
|
|
}
|
2018-10-31 04:07:42 +00:00
|
|
|
if strings.HasSuffix(err.Error(), "use of closed network connection") {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[Client hung up]"))
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, io.EOF
|
|
|
|
}
|
|
|
|
etxt := fmt.Sprintf("** Failed read:%s (%s) **", "payloadLen", err)
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(etxt)
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, errors.New(etxt)
|
2018-03-26 02:58:04 +00:00
|
|
|
}
|
2018-04-28 23:05:33 +00:00
|
|
|
|
2018-09-03 02:58:13 +00:00
|
|
|
if payloadLen > MAX_PAYLOAD_LEN {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintf("[Insane payloadLen:%v]\n", payloadLen))
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.Close()
|
2018-04-28 23:05:33 +00:00
|
|
|
return 1, errors.New("Insane payloadLen")
|
2018-03-26 02:58:04 +00:00
|
|
|
}
|
2018-04-28 23:05:33 +00:00
|
|
|
|
2018-03-26 02:58:04 +00:00
|
|
|
var payloadBytes = make([]byte, payloadLen)
|
2018-10-09 04:31:11 +00:00
|
|
|
n, err = io.ReadFull(*hc.c, payloadBytes)
|
2018-10-31 04:07:42 +00:00
|
|
|
if err != nil {
|
|
|
|
if err.Error() == "EOF" {
|
|
|
|
return 0, io.EOF
|
|
|
|
}
|
|
|
|
if strings.HasSuffix(err.Error(), "use of closed network connection") {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[Client hung up]"))
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, io.EOF
|
2018-03-26 02:58:04 +00:00
|
|
|
}
|
2018-10-31 04:07:42 +00:00
|
|
|
etxt := fmt.Sprintf("** Failed read:%s (%s) **", "payloadBytes", err)
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(etxt)
|
2018-10-31 04:07:42 +00:00
|
|
|
return 0, errors.New(etxt)
|
2018-02-17 02:46:29 +00:00
|
|
|
}
|
2018-02-17 06:12:27 +00:00
|
|
|
|
2018-04-15 19:58:24 +00:00
|
|
|
log.Printf(" <:ctext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
|
2018-03-26 02:58:04 +00:00
|
|
|
|
|
|
|
db := bytes.NewBuffer(payloadBytes[:n]) //copying payloadBytes to db
|
|
|
|
// The StreamReader acts like a pipe, decrypting
|
|
|
|
// whatever is available and forwarding the result
|
|
|
|
// to the parameter of Read() as a normal io.Reader
|
2018-06-30 02:23:11 +00:00
|
|
|
rs := &cipher.StreamReader{S: hc.r, R: db}
|
2018-03-26 02:58:04 +00:00
|
|
|
// The caller isn't necessarily reading the full payload so we need
|
2018-10-02 03:35:50 +00:00
|
|
|
// to decrypt to an intermediate buffer, draining it on demand of caller
|
2018-03-26 02:58:04 +00:00
|
|
|
decryptN, err := rs.Read(payloadBytes)
|
2018-04-15 19:58:24 +00:00
|
|
|
log.Printf(" <-ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
|
2018-03-26 02:58:04 +00:00
|
|
|
if err != nil {
|
2018-09-17 00:14:50 +00:00
|
|
|
log.Println("hkexnet.Read():", err)
|
2018-09-06 07:16:44 +00:00
|
|
|
//panic(err)
|
|
|
|
} else {
|
2018-10-02 03:35:50 +00:00
|
|
|
hc.rm.Write(payloadBytes) // Calc hmac on received data
|
|
|
|
// Padding: Read padSide, padLen, (padding | d) or (d | padding)
|
|
|
|
padSide := payloadBytes[0]
|
|
|
|
padLen := payloadBytes[1]
|
|
|
|
|
|
|
|
payloadBytes = payloadBytes[2:]
|
|
|
|
if padSide == 0 {
|
|
|
|
payloadBytes = payloadBytes[padLen:]
|
|
|
|
} else {
|
|
|
|
payloadBytes = payloadBytes[0 : len(payloadBytes)-int(padLen)]
|
|
|
|
}
|
|
|
|
|
|
|
|
//fmt.Printf("padSide:%d padLen:%d payloadBytes:%s\n",
|
|
|
|
// padSide, padLen, hex.Dump(payloadBytes))
|
2018-04-28 23:05:33 +00:00
|
|
|
|
2018-09-06 07:16:44 +00:00
|
|
|
// Throw away pkt if it's chaff (ie., caller to Read() won't see this data)
|
|
|
|
if ctrlStatOp == CSOChaff {
|
|
|
|
log.Printf("[Chaff pkt, discarded (len %d)]\n", decryptN)
|
|
|
|
} else if ctrlStatOp == CSOTermSize {
|
|
|
|
fmt.Sscanf(string(payloadBytes), "%d %d", &hc.Rows, &hc.Cols)
|
|
|
|
log.Printf("[TermSize pkt: rows %v cols %v]\n", hc.Rows, hc.Cols)
|
|
|
|
hc.WinCh <- WinSize{hc.Rows, hc.Cols}
|
|
|
|
} else if ctrlStatOp == CSOExitStatus {
|
|
|
|
if len(payloadBytes) > 0 {
|
2018-09-18 06:07:04 +00:00
|
|
|
hc.SetStatus(CSOType(binary.BigEndian.Uint32(payloadBytes)))
|
2018-09-06 07:16:44 +00:00
|
|
|
} else {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[truncated payload, cannot determine CSOExitStatus]"))
|
2018-09-17 00:14:50 +00:00
|
|
|
hc.SetStatus(CSETruncCSO)
|
2018-09-05 05:24:16 +00:00
|
|
|
}
|
2018-11-20 03:55:35 +00:00
|
|
|
hc.SetImmClose() // clients can immediately close their end
|
2018-09-17 00:14:50 +00:00
|
|
|
hc.Close()
|
2018-10-31 16:15:28 +00:00
|
|
|
} else if ctrlStatOp == CSOTunSetup {
|
2018-11-01 03:11:00 +00:00
|
|
|
// server side tunnel setup in response to client
|
2018-11-02 01:52:01 +00:00
|
|
|
lport := binary.BigEndian.Uint16(payloadBytes[0:2])
|
2018-10-29 02:17:47 +00:00
|
|
|
rport := binary.BigEndian.Uint16(payloadBytes[2:4])
|
2018-11-08 03:35:32 +00:00
|
|
|
if _, ok := (*hc.tuns)[rport]; !ok {
|
|
|
|
// tunnel first-time open
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Server] Got Initial CSOTunSetup [%d:%d]", lport, rport))
|
|
|
|
hc.StartServerTunnel(lport, rport)
|
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Server] Got CSOTunSetup [%d:%d]", lport, rport))
|
|
|
|
}
|
|
|
|
(*hc.tuns)[rport].Ctl <- 'd' // Dial() rport
|
2018-11-01 03:11:00 +00:00
|
|
|
} else if ctrlStatOp == CSOTunSetupAck {
|
2018-11-02 01:52:01 +00:00
|
|
|
lport := binary.BigEndian.Uint16(payloadBytes[0:2])
|
2018-11-01 03:11:00 +00:00
|
|
|
rport := binary.BigEndian.Uint16(payloadBytes[2:4])
|
2018-11-08 03:35:32 +00:00
|
|
|
if _, ok := (*hc.tuns)[rport]; !ok {
|
|
|
|
// tunnel first-time open
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Client] Got Initial CSOTunSetupAck [%d:%d]", lport, rport))
|
|
|
|
hc.StartClientTunnel(lport, rport)
|
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Client] Got CSOTunSetupAck [%d:%d]", lport, rport))
|
|
|
|
}
|
|
|
|
(*hc.tuns)[rport].Ctl <- 'a' // Listen() for lport connection
|
2018-11-02 01:52:01 +00:00
|
|
|
} else if ctrlStatOp == CSOTunRefused {
|
2018-11-08 03:35:32 +00:00
|
|
|
// client side receiving CSOTunRefused means the remote side
|
|
|
|
// could not dial() rport. So we cannot yet listen()
|
|
|
|
// for client-side on lport.
|
2018-11-02 01:52:01 +00:00
|
|
|
lport := binary.BigEndian.Uint16(payloadBytes[0:2])
|
|
|
|
rport := binary.BigEndian.Uint16(payloadBytes[2:4])
|
2018-11-08 03:35:32 +00:00
|
|
|
logger.LogDebug(fmt.Sprintf("[Client] Got CSOTunRefused [%d:%d]", lport, rport))
|
2018-11-12 04:12:29 +00:00
|
|
|
if _, ok := (*hc.tuns)[rport]; ok {
|
|
|
|
(*hc.tuns)[rport].Died = true
|
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Client] CSOTunRefused on already-closed tun [%d:%d]", lport, rport))
|
|
|
|
}
|
2018-11-02 01:52:01 +00:00
|
|
|
} else if ctrlStatOp == CSOTunDisconn {
|
|
|
|
// server side's rport has disconnected (server lost)
|
|
|
|
lport := binary.BigEndian.Uint16(payloadBytes[0:2])
|
|
|
|
rport := binary.BigEndian.Uint16(payloadBytes[2:4])
|
2018-11-08 03:35:32 +00:00
|
|
|
logger.LogDebug(fmt.Sprintf("[Client] Got CSOTunDisconn [%d:%d]", lport, rport))
|
2018-11-12 02:56:08 +00:00
|
|
|
if _, ok := (*hc.tuns)[rport]; ok {
|
|
|
|
(*hc.tuns)[rport].Died = true
|
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Client] CSOTunDisconn on already-closed tun [%d:%d]", lport, rport))
|
|
|
|
}
|
2018-11-02 01:52:01 +00:00
|
|
|
} else if ctrlStatOp == CSOTunHangup {
|
|
|
|
// client side's lport has hung up
|
|
|
|
lport := binary.BigEndian.Uint16(payloadBytes[0:2])
|
|
|
|
rport := binary.BigEndian.Uint16(payloadBytes[2:4])
|
2018-11-08 03:35:32 +00:00
|
|
|
logger.LogDebug(fmt.Sprintf("[Server] Got CSOTunHangup [%d:%d]", lport, rport))
|
2018-11-12 02:56:08 +00:00
|
|
|
if _, ok := (*hc.tuns)[rport]; ok {
|
|
|
|
(*hc.tuns)[rport].Died = true
|
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Server] CSOTunHangup to already-closed tun [%d:%d]", lport, rport))
|
|
|
|
}
|
2018-10-29 02:17:47 +00:00
|
|
|
} else if ctrlStatOp == CSOTunData {
|
2018-11-02 01:52:01 +00:00
|
|
|
lport := binary.BigEndian.Uint16(payloadBytes[0:2])
|
2018-10-29 02:17:47 +00:00
|
|
|
rport := binary.BigEndian.Uint16(payloadBytes[2:4])
|
2018-10-31 04:07:42 +00:00
|
|
|
//fmt.Printf("[Got CSOTunData: [lport %d:rport %d] data:%v\n", lport, rport, payloadBytes[4:])
|
2018-11-08 03:35:32 +00:00
|
|
|
if _, ok := (*hc.tuns)[rport]; ok {
|
2018-11-02 05:14:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintf("[Writing data to rport [%d:%d]", lport, rport))
|
2018-11-08 03:35:32 +00:00
|
|
|
(*hc.tuns)[rport].Data <- payloadBytes[4:]
|
2018-11-02 05:14:01 +00:00
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Attempt to write data to closed tun [%d:%d]", lport, rport))
|
|
|
|
}
|
2018-11-12 06:46:39 +00:00
|
|
|
} else if ctrlStatOp == CSOTunKeepAlive {
|
2018-11-29 05:03:20 +00:00
|
|
|
// client side has sent keepalive for tunnels -- if client
|
|
|
|
// dies or exits unexpectedly the absence of this will
|
|
|
|
// let the server know to hang up on Dial()ed server rports.
|
2018-11-12 06:46:39 +00:00
|
|
|
_ = binary.BigEndian.Uint16(payloadBytes[0:2])
|
|
|
|
//logger.LogDebug(fmt.Sprintf("[Server] Got CSOTunKeepAlive"))
|
|
|
|
for _, t := range *hc.tuns {
|
|
|
|
t.KeepAlive = 0
|
|
|
|
}
|
2018-11-02 01:52:01 +00:00
|
|
|
} else if ctrlStatOp == CSONone {
|
2018-09-06 07:16:44 +00:00
|
|
|
hc.dBuf.Write(payloadBytes)
|
2018-11-02 01:52:01 +00:00
|
|
|
} else {
|
|
|
|
logger.LogDebug(fmt.Sprintf("[Unknown CSOType:%d]", ctrlStatOp))
|
2018-08-06 04:43:21 +00:00
|
|
|
}
|
2018-03-26 02:58:04 +00:00
|
|
|
|
2018-10-14 07:20:30 +00:00
|
|
|
hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
|
2018-09-06 07:16:44 +00:00
|
|
|
log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp)
|
2018-04-15 19:58:24 +00:00
|
|
|
|
2018-09-06 20:50:56 +00:00
|
|
|
if *hc.closeStat == CSETruncCSO {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]"))
|
2018-09-06 07:16:44 +00:00
|
|
|
} else {
|
|
|
|
// Log alert if hmac didn't match, corrupted channel
|
|
|
|
if !bytes.Equal(hTmp, []byte(hmacIn[0:])) /*|| hmacIn[0] > 0xf8*/ {
|
2018-11-02 01:52:01 +00:00
|
|
|
logger.LogDebug(fmt.Sprintln("** ALERT - detected HMAC mismatch, possible channel tampering **"))
|
2018-10-09 04:31:11 +00:00
|
|
|
_, _ = (*hc.c).Write([]byte{CSOHmacInvalid})
|
2018-09-06 07:16:44 +00:00
|
|
|
}
|
2018-08-06 04:43:21 +00:00
|
|
|
}
|
2018-04-15 19:58:24 +00:00
|
|
|
}
|
2018-02-17 03:25:11 +00:00
|
|
|
}
|
2018-04-28 23:05:33 +00:00
|
|
|
|
2018-06-30 02:23:11 +00:00
|
|
|
retN := hc.dBuf.Len()
|
2018-03-26 04:47:38 +00:00
|
|
|
if retN > len(b) {
|
|
|
|
retN = len(b)
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Printf("Read() got %d bytes\n", retN)
|
2018-06-30 02:23:11 +00:00
|
|
|
copy(b, hc.dBuf.Next(retN))
|
2018-03-26 04:47:38 +00:00
|
|
|
return retN, nil
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
|
|
|
|
2018-01-13 06:13:01 +00:00
|
|
|
// Write a byte slice
|
|
|
|
//
|
|
|
|
// See go doc io.Writer
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc Conn) Write(b []byte) (n int, err error) {
|
2018-10-02 03:35:50 +00:00
|
|
|
//fmt.Printf("WRITE(%d)\n", len(b))
|
2018-06-30 02:23:11 +00:00
|
|
|
n, err = hc.WritePacket(b, CSONone)
|
2018-10-02 03:35:50 +00:00
|
|
|
//fmt.Printf("WROTE(%d)\n", n)
|
2018-05-01 09:39:45 +00:00
|
|
|
return n, err
|
2018-04-29 02:28:37 +00:00
|
|
|
}
|
|
|
|
|
2018-11-01 03:11:00 +00:00
|
|
|
// Write a byte slice with specified ctrlStatOp byte
|
|
|
|
func (hc *Conn) WritePacket(b []byte, ctrlStatOp byte) (n int, err error) {
|
2018-02-17 02:46:29 +00:00
|
|
|
//log.Printf("[Encrypting...]\r\n")
|
2018-04-15 19:58:24 +00:00
|
|
|
var hmacOut []uint8
|
2018-03-26 02:58:04 +00:00
|
|
|
var payloadLen uint32
|
2018-09-17 00:14:50 +00:00
|
|
|
|
2018-09-11 07:04:38 +00:00
|
|
|
if hc.m == nil || hc.wm == nil {
|
2018-09-17 00:14:50 +00:00
|
|
|
return 0, errors.New("Secure chan not ready for writing")
|
2018-09-11 07:04:38 +00:00
|
|
|
}
|
2018-09-17 00:14:50 +00:00
|
|
|
|
2018-11-01 03:11:00 +00:00
|
|
|
//Padding prior to encryption
|
2018-10-02 18:03:10 +00:00
|
|
|
padSz := (rand.Intn(PAD_SZ) / 2) + (PAD_SZ / 2)
|
|
|
|
padLen := padSz - ((len(b) + padSz) % padSz)
|
|
|
|
if padLen == padSz {
|
2018-10-02 03:35:50 +00:00
|
|
|
// No padding required
|
|
|
|
padLen = 0
|
|
|
|
}
|
|
|
|
padBytes := make([]byte, padLen)
|
|
|
|
rand.Read(padBytes)
|
|
|
|
// For a little more confusion let's support padding either before
|
|
|
|
// or after the payload.
|
|
|
|
padSide := rand.Intn(2)
|
|
|
|
//fmt.Printf("--\n")
|
|
|
|
//fmt.Printf("PRE_PADDING:%s\r\n", hex.Dump(b))
|
|
|
|
//fmt.Printf("padSide:%d padLen:%d\r\n", padSide, padLen)
|
|
|
|
if padSide == 0 {
|
|
|
|
b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(padBytes, b...)...)...)
|
|
|
|
} else {
|
|
|
|
b = append([]byte{byte(padSide)}, append([]byte{byte(padLen)}, append(b, padBytes...)...)...)
|
|
|
|
}
|
|
|
|
//fmt.Printf("POST_PADDING:%s\r\n", hex.Dump(b))
|
|
|
|
//fmt.Printf("--\r\n")
|
|
|
|
|
2018-05-04 21:40:06 +00:00
|
|
|
// N.B. Originally this Lock() surrounded only the
|
2018-06-30 02:23:11 +00:00
|
|
|
// calls to binary.Write(hc.c ..) however there appears
|
2018-05-04 21:40:06 +00:00
|
|
|
// to be some other unshareable state in the Conn
|
|
|
|
// struct that must be protected to serialize main and
|
|
|
|
// chaff data written to it.
|
|
|
|
//
|
|
|
|
// Would be nice to determine if the mutex scope
|
|
|
|
// could be tightened.
|
2018-09-05 05:24:16 +00:00
|
|
|
hc.m.Lock()
|
|
|
|
payloadLen = uint32(len(b))
|
|
|
|
//!fmt.Printf(" --== payloadLen:%d\n", payloadLen)
|
|
|
|
log.Printf(" :>ptext:\r\n%s\r\n", hex.Dump(b[0:payloadLen]))
|
|
|
|
|
|
|
|
// Calculate hmac on payload
|
|
|
|
hc.wm.Write(b[0:payloadLen])
|
2018-10-14 07:20:30 +00:00
|
|
|
hmacOut = hc.wm.Sum(nil)[0:HMAC_CHK_SZ]
|
2018-09-05 05:24:16 +00:00
|
|
|
|
|
|
|
log.Printf(" (%04x> HMAC(o):%s\r\n", payloadLen, hex.EncodeToString(hmacOut))
|
|
|
|
|
|
|
|
var wb bytes.Buffer
|
|
|
|
// The StreamWriter acts like a pipe, forwarding whatever is
|
|
|
|
// written to it through the cipher, encrypting as it goes
|
|
|
|
ws := &cipher.StreamWriter{S: hc.w, W: &wb}
|
|
|
|
_, err = ws.Write(b[0:payloadLen])
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
log.Printf(" ->ctext:\r\n%s\r\n", hex.Dump(wb.Bytes()))
|
2018-09-03 02:58:13 +00:00
|
|
|
|
2018-10-09 04:31:11 +00:00
|
|
|
err = binary.Write(*hc.c, binary.BigEndian, &ctrlStatOp)
|
2018-09-05 05:24:16 +00:00
|
|
|
if err == nil {
|
|
|
|
// Write hmac LSB, payloadLen followed by payload
|
2018-10-09 04:31:11 +00:00
|
|
|
err = binary.Write(*hc.c, binary.BigEndian, hmacOut)
|
2018-05-04 06:53:47 +00:00
|
|
|
if err == nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
err = binary.Write(*hc.c, binary.BigEndian, payloadLen)
|
2018-05-04 06:53:47 +00:00
|
|
|
if err == nil {
|
2018-10-09 04:31:11 +00:00
|
|
|
n, err = (*hc.c).Write(wb.Bytes())
|
2018-09-05 05:24:16 +00:00
|
|
|
} else {
|
|
|
|
//fmt.Println("[c]WriteError!")
|
2018-05-04 06:53:47 +00:00
|
|
|
}
|
2018-09-05 05:24:16 +00:00
|
|
|
} else {
|
|
|
|
//fmt.Println("[b]WriteError!")
|
2018-05-04 06:53:47 +00:00
|
|
|
}
|
2018-09-05 05:24:16 +00:00
|
|
|
} else {
|
|
|
|
//fmt.Println("[a]WriteError!")
|
2018-01-13 06:13:01 +00:00
|
|
|
}
|
2018-09-05 05:24:16 +00:00
|
|
|
hc.m.Unlock()
|
2018-04-28 23:05:33 +00:00
|
|
|
|
2018-02-17 06:12:27 +00:00
|
|
|
if err != nil {
|
2018-03-27 04:58:42 +00:00
|
|
|
log.Println(err)
|
2018-02-17 06:12:27 +00:00
|
|
|
}
|
2018-10-02 03:35:50 +00:00
|
|
|
|
|
|
|
// We must 'lie' to caller indicating the length of THEIR
|
|
|
|
// data written (ie., not including the padding and padding headers)
|
|
|
|
return n - 2 - int(padLen), err
|
2018-01-09 03:16:55 +00:00
|
|
|
}
|
2018-05-02 19:28:56 +00:00
|
|
|
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) EnableChaff() {
|
|
|
|
hc.chaff.shutdown = false
|
|
|
|
hc.chaff.enabled = true
|
2018-05-07 00:41:09 +00:00
|
|
|
log.Println("Chaffing ENABLED")
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.chaffHelper()
|
2018-05-07 00:41:09 +00:00
|
|
|
}
|
2018-05-04 06:53:47 +00:00
|
|
|
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) DisableChaff() {
|
|
|
|
hc.chaff.enabled = false
|
2018-06-27 03:14:43 +00:00
|
|
|
log.Println("Chaffing DISABLED")
|
|
|
|
}
|
|
|
|
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) ShutdownChaff() {
|
|
|
|
hc.chaff.shutdown = true
|
2018-06-27 03:14:43 +00:00
|
|
|
log.Println("Chaffing SHUTDOWN")
|
|
|
|
}
|
|
|
|
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) SetupChaff(msecsMin uint, msecsMax uint, szMax uint) {
|
|
|
|
hc.chaff.msecsMin = msecsMin //move these to params of chaffHelper() ?
|
|
|
|
hc.chaff.msecsMax = msecsMax
|
|
|
|
hc.chaff.szMax = szMax
|
2018-05-04 06:53:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Helper routine to spawn a chaffing goroutine for each Conn
|
2018-06-30 02:23:11 +00:00
|
|
|
func (hc *Conn) chaffHelper() {
|
2018-05-04 06:53:47 +00:00
|
|
|
go func() {
|
|
|
|
for {
|
|
|
|
var nextDuration int
|
2018-06-30 02:23:11 +00:00
|
|
|
if hc.chaff.enabled {
|
2018-09-27 05:57:36 +00:00
|
|
|
var bufTmp []byte
|
2018-10-02 03:35:50 +00:00
|
|
|
bufTmp = make([]byte, rand.Intn(int(hc.chaff.szMax)))
|
2018-06-30 02:23:11 +00:00
|
|
|
min := int(hc.chaff.msecsMin)
|
|
|
|
nextDuration = rand.Intn(int(hc.chaff.msecsMax)-min) + min
|
2018-05-07 00:41:09 +00:00
|
|
|
_, _ = rand.Read(bufTmp)
|
2018-06-30 02:23:11 +00:00
|
|
|
_, err := hc.WritePacket(bufTmp, CSOChaff)
|
2018-05-04 06:53:47 +00:00
|
|
|
if err != nil {
|
2018-05-04 21:40:06 +00:00
|
|
|
log.Println("[ *** error - chaffHelper quitting *** ]")
|
2018-06-30 02:23:11 +00:00
|
|
|
hc.chaff.enabled = false
|
2018-05-04 06:53:47 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
time.Sleep(time.Duration(nextDuration) * time.Millisecond)
|
2018-06-30 02:23:11 +00:00
|
|
|
if hc.chaff.shutdown {
|
2018-06-27 03:14:43 +00:00
|
|
|
log.Println("*** chaffHelper shutting down")
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
2018-05-04 06:53:47 +00:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
2018-11-30 02:05:22 +00:00
|
|
|
|
|
|
|
////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
// Copy copies from src to dst until either EOF is reached
|
|
|
|
// on src or an error occurs. It returns the number of bytes
|
|
|
|
// copied and the first error encountered while copying, if any.
|
|
|
|
//
|
|
|
|
// A successful Copy returns err == nil, not err == EOF.
|
|
|
|
// Because Copy is defined to read from src until EOF, it does
|
|
|
|
// not treat an EOF from Read as an error to be reported.
|
|
|
|
//
|
|
|
|
// If src implements the WriterTo interface,
|
|
|
|
// the copy is implemented by calling src.WriteTo(dst).
|
|
|
|
// Otherwise, if dst implements the ReaderFrom interface,
|
|
|
|
// the copy is implemented by calling dst.ReadFrom(src).
|
|
|
|
func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
|
|
|
|
written, err = copyBuffer(dst, src, nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-12-01 06:52:57 +00:00
|
|
|
func escSeqScanner(s *EscSeqs, dst io.Writer, b byte) (passthru bool) {
|
|
|
|
passthru = true
|
|
|
|
if s.idx > 0 {
|
|
|
|
switch b {
|
|
|
|
case '~':
|
|
|
|
return
|
|
|
|
case s.seqs[0]:
|
2018-12-01 08:22:56 +00:00
|
|
|
dst.Write([]byte(s.outstr[0]))
|
2018-12-01 06:52:57 +00:00
|
|
|
passthru = false
|
|
|
|
b = '~'
|
|
|
|
case s.seqs[1]:
|
2018-12-01 08:22:56 +00:00
|
|
|
dst.Write([]byte(s.outstr[1]))
|
2018-12-01 06:52:57 +00:00
|
|
|
passthru = false
|
|
|
|
b = '~'
|
|
|
|
case s.seqs[2]:
|
2018-12-01 08:22:56 +00:00
|
|
|
dst.Write([]byte(s.outstr[2]))
|
2018-12-01 06:52:57 +00:00
|
|
|
passthru = false
|
|
|
|
b = '~'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if b == '~' {
|
|
|
|
s.idx++
|
|
|
|
} else {
|
|
|
|
s.idx = 0
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-30 02:05:22 +00:00
|
|
|
// copyBuffer is the actual implementation of Copy and CopyBuffer.
|
|
|
|
// if buf is nil, one is allocated.
|
|
|
|
func copyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err error) {
|
2018-12-01 06:52:57 +00:00
|
|
|
escs := &EscSeqs{idx: 0,
|
|
|
|
seqs: []byte{
|
|
|
|
'i',
|
|
|
|
't',
|
|
|
|
'B',
|
|
|
|
},
|
2018-12-01 08:22:56 +00:00
|
|
|
outstr: []string{
|
|
|
|
"\x1b[s\x1b[2;1H\x1b[1;31m[HKEXSH]\x1b[39;49m\x1b[u",
|
|
|
|
"\x1b[1;32m[HKEXSH]\x1b[39;49m",
|
|
|
|
"\x1b[1;32m" + Bob + "\x1b[39;49m",
|
|
|
|
},
|
2018-12-01 06:52:57 +00:00
|
|
|
}
|
|
|
|
|
2018-11-30 02:05:22 +00:00
|
|
|
// If the reader has a WriteTo method, use it to do the copy.
|
|
|
|
// Avoids an allocation and a copy.
|
|
|
|
if wt, ok := src.(io.WriterTo); ok {
|
|
|
|
return wt.WriteTo(dst)
|
|
|
|
}
|
|
|
|
// Similarly, if the writer has a ReadFrom method, use it to do the copy.
|
|
|
|
if rt, ok := dst.(io.ReaderFrom); ok {
|
|
|
|
return rt.ReadFrom(src)
|
|
|
|
}
|
|
|
|
if buf == nil {
|
|
|
|
size := 32 * 1024
|
|
|
|
if l, ok := src.(*io.LimitedReader); ok && int64(size) > l.N {
|
|
|
|
if l.N < 1 {
|
|
|
|
size = 1
|
|
|
|
} else {
|
|
|
|
size = int(l.N)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
buf = make([]byte, size)
|
|
|
|
}
|
|
|
|
for {
|
|
|
|
nr, er := src.Read(buf)
|
|
|
|
if nr > 0 {
|
2018-12-01 06:52:57 +00:00
|
|
|
// Look for sequences to trigger client-side diags
|
|
|
|
if escSeqScanner(escs, dst, buf[0]) {
|
|
|
|
nw, ew := dst.Write(buf[0:nr])
|
|
|
|
if nw > 0 {
|
|
|
|
written += int64(nw)
|
|
|
|
}
|
|
|
|
if ew != nil {
|
|
|
|
err = ew
|
|
|
|
break
|
|
|
|
}
|
|
|
|
if nr != nw {
|
|
|
|
err = io.ErrShortWrite
|
|
|
|
break
|
|
|
|
}
|
2018-11-30 02:05:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if er != nil {
|
|
|
|
if er != io.EOF {
|
|
|
|
err = er
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//_,_ = dst.Write([]byte{0x2f})
|
|
|
|
return written, err
|
|
|
|
}
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////
|