misc. cleanup, LICENSE.{gpl,mit} updates

2024-08-14 10:26:42 +00:00 · 2018-04-07 13:04:10 -07:00 · 2018-04-07 13:04:10 -07:00 · 351f58b6c5
commit 351f58b6c5
parent ae5a8cfa3b
10 changed files with 102 additions and 46 deletions
--- a/LICENSE.gpl
+++ b/LICENSE.gpl
--- a/LICENSE.mit
+++ b/LICENSE.mit
@ -0,0 +1,22 @@
 MIT License
 Copyright (c) 2017 - 2018 Omar Alejandro Herrera Reyna (core HerraduraKEx)
 Copyright (c) 2017 - 2018 Russell Magee (hkexsh/hkexshd/hkexpasswd)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@ -1,10 +1,15 @@
 HKExSh
 --
-'hkexsh' (HerraduraKEx shell) is a golang implementation of drop-in replacements for golang's
+'hkexsh' (HerraduraKEx shell) is a golang implementation of a simple
-standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept() and the net.Conn type),
+remote shell client and server, similar in role to ssh, offering
-which automatically negotiate keying material for 'secure' sockets using the experimental
+encrypted interactive and non-interactive sessions. The client and server
-HerraduraKEx key exchange algorithm first released at [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx).
+programs (hkexsh and hkexshd) use a mostly drop-in replacement for golang's
 standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept()
 and the net.Conn type), which automatically negotiate keying material for
 'secure' sockets using the experimental HerraduraKEx key exchange algorithm
 first released at
 [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx).
 One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
 net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
@ -12,23 +17,27 @@ to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
 is initiated (whereby client and server independently derive the same
 keying material).
-Above this layer, demo apps in this repository (demo/server/server.go and demo/client/client.go)
+Above the hkex.Conn layer, the server and client apps in this repository
-then negotiate session settings (cipher/hmac algorithms, etc.) to be used for further communication.
+(server/hkexshd and client/hkexsh) negotiate session settings (cipher/hmac
 algorithms, interactive/non-interactive, etc.) to be used for further
 communication.
 NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to
-derive crypto keying material on each end, this algorithm and the
+derive crypto keying material, this algorithm and the demonstration remote
-demonstration remote shell client/server programs should be used with caution.
+shell client/server programs should be used with caution and should definitely
-As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to
+NOT be used for any sensitive applications, or at the very least at one's
-the level of security of the HerraduraKEx algorithm for purposes of session key
+own risk.
 exchange over an insecure channel has been rendered.
 It is hoped that such experts in the field will analyze the algorithm and
 determine if it is indeed a suitable one for use in situations where
 Diffie-Hellman and other key exchange algorithms are currently utilized.
-Within the demo/ tree are client and servers implementing a simplified,
+As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to
-ssh-like secure shell facility and a password-setting utility using its
+the level of security of the HerraduraKEx algorithm for purposes of session
-own user/password file separate from the system /etc/passwd, which is
+key exchange over an insecure channel has been rendered.
-used by the server to authenticate clients.
+It is hoped that experts in the field will analyze the algorithm and
 determine if it is indeed a suitable one for use in situations where
 Diffie-Hellman or other key exchange algorithms are currently utilized.
 Finally, within the hkexpasswd/ directory is a password-setting utility
 using its own user/password file distinct from the system /etc/passwd, which
 is used by the hkexshd server to authenticate clients.
 Dependencies:
 --
@ -45,18 +54,15 @@ Get source code
 To build
 --
 * $ cd $GOPATH/src/github.com/Russtopia/hkexsh
-* $ go install .
+* $ make clean all
 * $ go build demo/client/client.go && go build demo/server/server.go
 * $ go build demo/hkexpasswd/hkexpasswd.go
 To set accounts & passwords:
 --
 * $ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd
-* $ sudo ./hkexpasswd -u joebloggs
+* $ sudo hkexpasswd/hkexpasswd -u joebloggs
 * $ <enter a password, enter again to confirm>
 Running Clent and Server. In separate shells:
 --
-* [A]$ sudo ./server &
+* [A]$ sudo hkexshd/hkexshd &
-* [B]$ ./client -u joebloggs
+* [B]$ hkexsh/hkexsh -u joebloggs
--- a/herradurakex.go
+++ b/herradurakex.go
@ -5,11 +5,16 @@
 //
 // (https://github.com/Caume/HerraduraKEx)
 //
-// Demonstration server (hkexshd) and
+// The core HerraduraKEx algorithm is dual-licensed
-// client (hkexsh)
+// by the author (Omar Alejandro Herrera Reyna)
-
+// under GPL3 and MIT licenses.
 // See LICENSE.gpl and LICENSE.mit in this distribution
 //
-// See README.md for full license info.
+// Copyright (c) 2017-2018 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
 package hkexsh
 /*  Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
--- a/hkexauth.go
+++ b/hkexauth.go
@ -1,4 +1,10 @@
 // Authentication routines for the HKExSh
 //
 // Copyright (c) 2017-2018 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
 package hkexsh
--- a/hkexchan.go
+++ b/hkexchan.go
@ -1,5 +1,11 @@
 package hkexsh
 // Copyright (c) 2017-2018 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
 /* Support functions to set up encryption once an HKEx Conn has been
 established with FA exchange and support channel operations
 (echo, file-copy, remote-cmd, ...) */
--- a/hkexnet.go
+++ b/hkexnet.go
@ -1,20 +1,11 @@
-/*  Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
+// hkexnet.go - net.Conn compatible channel setup with encrypted/HMAC
-    Copyright (C) 2017 Omar Alejandro Herrera Reyna
+// negotiation
-    This program is free software: you can redistribute it and/or modify
+// Copyright (c) 2017-2018 Russell Magee
-    it under the terms of the GNU General Public License as published by
+// Licensed under the terms of the MIT license (see LICENSE.mit in this
-    the Free Software Foundation, either version 3 of the License, or
+// distribution)
-    (at your option) any later version.
+//
-
+// golang implementation by Russ Magee (rmagee_at_gmail.com)
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
    golang implementation by Russ Magee (rmagee_at_gmail.com) */
 package hkexsh
--- a/hkexpasswd/hkexpasswd.go
+++ b/hkexpasswd/hkexpasswd.go
@ -1,5 +1,11 @@
 // Util to generate/store passwords for users in a file akin to /etc/passwd
 // suitable for the demo hkexsh server, using bcrypt.
 //
 // Copyright (c) 2017-2018 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
 package main
 import (
--- a/hkexsh/hkexsh.go
+++ b/hkexsh/hkexsh.go
@ -1,3 +1,10 @@
 // hkexsh client
 //
 // Copyright (c) 2017-2018 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
 package main
 import (
--- a/hkexshd/hkexshd.go
+++ b/hkexshd/hkexshd.go
@ -1,3 +1,10 @@
 // hkexshd server
 //
 // Copyright (c) 2017-2018 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
 package main
 import (