From 4cb535fcc9ff4db1452fa6f25596db5139db81bd Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Wed, 24 Oct 2018 00:15:33 -0700 Subject: [PATCH] Added support for cryptMTv1 Signed-off-by: Russ Magee --- hkexnet/consts.go | 1 + hkexnet/hkexchan.go | 8 ++++++++ hkexnet/hkexnet.go | 4 ++++ hkexsh/hkexsh.go | 2 +- 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hkexnet/consts.go b/hkexnet/consts.go index 4a732fa..25a91a6 100644 --- a/hkexnet/consts.go +++ b/hkexnet/consts.go @@ -61,6 +61,7 @@ const ( CAlgAES256 = iota CAlgTwofish128 // golang.org/x/crypto/twofish CAlgBlowfish64 // golang.org/x/crypto/blowfish + CAlgCryptMT1 //cryptmt using mtwist64 CAlgNoneDisallowed ) diff --git a/hkexnet/hkexchan.go b/hkexnet/hkexchan.go index d007728..8fbf47b 100644 --- a/hkexnet/hkexchan.go +++ b/hkexnet/hkexchan.go @@ -22,6 +22,7 @@ import ( "golang.org/x/crypto/blowfish" "golang.org/x/crypto/twofish" + "blitter.com/go/cryptmt" // hash algos must be manually imported thusly: // (Would be nice if the golang pkg docs were more clear // on this...) @@ -34,6 +35,9 @@ import ( // This is occasionally necessary for smaller modes of KEX algorithms // (eg., KEX_HERRADURA256); perhaps an indication these should be // avoided in favour of larger modes. +// +// This is used for block ciphers; stream ciphers should do their +// own key expansion. func expandKeyMat(keymat []byte, blocksize int) []byte { if len(keymat) < 2*blocksize { halg := crypto.SHA256 @@ -99,6 +103,10 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err rc = cipher.NewOFB(block, iv) log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts) break + case CAlgCryptMT1: + rc = cryptmt.NewCipher(keymat) + log.Printf("[cipher CRYPTMT1 (%d)]\n", copts) + break default: log.Printf("[invalid cipher (%d)]\n", copts) fmt.Printf("DOOFUS SET A VALID CIPHER ALG (%d)\n", copts) diff --git a/hkexnet/hkexnet.go b/hkexnet/hkexnet.go index c6a97e6..73c814e 100644 --- a/hkexnet/hkexnet.go +++ b/hkexnet/hkexnet.go @@ -230,6 +230,10 @@ func (hc *Conn) applyConnExtensions(extensions ...string) { log.Println("[extension arg = C_BLOWFISH_64]") hc.cipheropts &= (0xFFFFFF00) hc.cipheropts |= CAlgBlowfish64 + case "C_CRYPTMT1": + log.Println("[extension arg = C_CRYPTMT1]") + hc.cipheropts &= (0xFFFFFF00) + hc.cipheropts |= CAlgCryptMT1 case "H_SHA256": log.Println("[extension arg = H_SHA256]") hc.cipheropts &= (0xFFFF00FF) diff --git a/hkexsh/hkexsh.go b/hkexsh/hkexsh.go index 9600141..daac731 100755 --- a/hkexsh/hkexsh.go +++ b/hkexsh/hkexsh.go @@ -372,7 +372,7 @@ func main() { flag.BoolVar(&vopt, "v", false, "show version") flag.BoolVar(&dbg, "d", false, "debug logging") - flag.StringVar(&cAlg, "c", "C_AES_256", "`cipher` [\"C_AES_256\" | \"C_TWOFISH_128\" | \"C_BLOWFISH_64\"]") + flag.StringVar(&cAlg, "c", "C_AES_256", "`cipher` [\"C_AES_256\" | \"C_TWOFISH_128\" | \"C_BLOWFISH_64\" | \"C_CRYPTMT1\"]") flag.StringVar(&hAlg, "m", "H_SHA256", "`hmac` [\"H_SHA256\"]") flag.StringVar(&kAlg, "k", "KEX_HERRADURA256", "`kex` [\"KEX_HERRADURA{256/512/1024/2048}\" | \"KEX_KYBER{512/768/1024}\"]") flag.UintVar(&port, "p", 2000, "`port`")