misc. cleanup, LICENSE.{gpl,mit} updates

This commit is contained in:
Russ Magee 2018-04-07 13:04:10 -07:00
parent ae5a8cfa3b
commit 351f58b6c5
10 changed files with 102 additions and 46 deletions

22
LICENSE.mit Normal file
View file

@ -0,0 +1,22 @@
MIT License
Copyright (c) 2017 - 2018 Omar Alejandro Herrera Reyna (core HerraduraKEx)
Copyright (c) 2017 - 2018 Russell Magee (hkexsh/hkexshd/hkexpasswd)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -1,10 +1,15 @@
HKExSh
--
'hkexsh' (HerraduraKEx shell) is a golang implementation of drop-in replacements for golang's
standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept() and the net.Conn type),
which automatically negotiate keying material for 'secure' sockets using the experimental
HerraduraKEx key exchange algorithm first released at [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx).
'hkexsh' (HerraduraKEx shell) is a golang implementation of a simple
remote shell client and server, similar in role to ssh, offering
encrypted interactive and non-interactive sessions. The client and server
programs (hkexsh and hkexshd) use a mostly drop-in replacement for golang's
standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept()
and the net.Conn type), which automatically negotiate keying material for
'secure' sockets using the experimental HerraduraKEx key exchange algorithm
first released at
[Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx).
One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
@ -12,23 +17,27 @@ to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
is initiated (whereby client and server independently derive the same
keying material).
Above this layer, demo apps in this repository (demo/server/server.go and demo/client/client.go)
then negotiate session settings (cipher/hmac algorithms, etc.) to be used for further communication.
Above the hkex.Conn layer, the server and client apps in this repository
(server/hkexshd and client/hkexsh) negotiate session settings (cipher/hmac
algorithms, interactive/non-interactive, etc.) to be used for further
communication.
NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to
derive crypto keying material on each end, this algorithm and the
demonstration remote shell client/server programs should be used with caution.
As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to
the level of security of the HerraduraKEx algorithm for purposes of session key
exchange over an insecure channel has been rendered.
It is hoped that such experts in the field will analyze the algorithm and
determine if it is indeed a suitable one for use in situations where
Diffie-Hellman and other key exchange algorithms are currently utilized.
derive crypto keying material, this algorithm and the demonstration remote
shell client/server programs should be used with caution and should definitely
NOT be used for any sensitive applications, or at the very least at one's
own risk.
Within the demo/ tree are client and servers implementing a simplified,
ssh-like secure shell facility and a password-setting utility using its
own user/password file separate from the system /etc/passwd, which is
used by the server to authenticate clients.
As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to
the level of security of the HerraduraKEx algorithm for purposes of session
key exchange over an insecure channel has been rendered.
It is hoped that experts in the field will analyze the algorithm and
determine if it is indeed a suitable one for use in situations where
Diffie-Hellman or other key exchange algorithms are currently utilized.
Finally, within the hkexpasswd/ directory is a password-setting utility
using its own user/password file distinct from the system /etc/passwd, which
is used by the hkexshd server to authenticate clients.
Dependencies:
--
@ -45,18 +54,15 @@ Get source code
To build
--
* $ cd $GOPATH/src/github.com/Russtopia/hkexsh
* $ go install .
* $ go build demo/client/client.go && go build demo/server/server.go
* $ go build demo/hkexpasswd/hkexpasswd.go
* $ make clean all
To set accounts & passwords:
--
* $ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd
* $ sudo ./hkexpasswd -u joebloggs
* $ sudo hkexpasswd/hkexpasswd -u joebloggs
* $ <enter a password, enter again to confirm>
Running Clent and Server. In separate shells:
--
* [A]$ sudo ./server &
* [B]$ ./client -u joebloggs
* [A]$ sudo hkexshd/hkexshd &
* [B]$ hkexsh/hkexsh -u joebloggs

View file

@ -5,11 +5,16 @@
//
// (https://github.com/Caume/HerraduraKEx)
//
// Demonstration server (hkexshd) and
// client (hkexsh)
// The core HerraduraKEx algorithm is dual-licensed
// by the author (Omar Alejandro Herrera Reyna)
// under GPL3 and MIT licenses.
// See LICENSE.gpl and LICENSE.mit in this distribution
//
// See README.md for full license info.
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.

View file

@ -1,4 +1,10 @@
// Authentication routines for the HKExSh
//
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh

View file

@ -1,5 +1,11 @@
package hkexsh
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
/* Support functions to set up encryption once an HKEx Conn has been
established with FA exchange and support channel operations
(echo, file-copy, remote-cmd, ...) */

View file

@ -1,20 +1,11 @@
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
Copyright (C) 2017 Omar Alejandro Herrera Reyna
// hkexnet.go - net.Conn compatible channel setup with encrypted/HMAC
// negotiation
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
golang implementation by Russ Magee (rmagee_at_gmail.com) */
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh

View file

@ -1,5 +1,11 @@
// Util to generate/store passwords for users in a file akin to /etc/passwd
// suitable for the demo hkexsh server, using bcrypt.
//
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package main
import (

View file

@ -1,3 +1,10 @@
// hkexsh client
//
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package main
import (

View file

@ -1,3 +1,10 @@
// hkexshd server
//
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package main
import (