HMAC calc w/no xmit or verification, working..?

This commit is contained in:
Russ Magee 2018-02-16 19:25:11 -08:00
parent 7c76e4d235
commit 744730ae23
3 changed files with 26 additions and 2 deletions

View file

@ -128,7 +128,9 @@ func main() {
_, err = conn.Write(rec.who) _, err = conn.Write(rec.who)
_, err = conn.Write(rec.cmd) _, err = conn.Write(rec.cmd)
_, err = conn.Write(rec.authCookie) _, err = conn.Write(rec.authCookie)
conn.EnableHMAC()
//client reader (from server) goroutine //client reader (from server) goroutine
wg.Add(1) wg.Add(1)
go func() { go func() {

View file

@ -210,7 +210,9 @@ func main() {
log.Println("[Bad cmdSpec.authCookie]") log.Println("[Bad cmdSpec.authCookie]")
return err return err
} }
conn.EnableHMAC()
log.Printf("[cmdSpec: op:%c who:%s cmd:%s auth:****]\n", log.Printf("[cmdSpec: op:%c who:%s cmd:%s auth:****]\n",
rec.op[0], string(rec.who), string(rec.cmd)) rec.op[0], string(rec.who), string(rec.cmd))

View file

@ -40,6 +40,8 @@ import (
type Conn struct { type Conn struct {
c net.Conn // which also implements io.Reader, io.Writer, ... c net.Conn // which also implements io.Reader, io.Writer, ...
h *HerraduraKEx h *HerraduraKEx
hmacOn bool // turned on once channel param negotiation is done
byteCount int
cipheropts uint32 // post-KEx cipher/hmac options cipheropts uint32 // post-KEx cipher/hmac options
opts uint32 // post-KEx protocol options (caller-defined) opts uint32 // post-KEx protocol options (caller-defined)
r cipher.Stream //read cipherStream r cipher.Stream //read cipherStream
@ -48,6 +50,10 @@ type Conn struct {
wm hash.Hash wm hash.Hash
} }
func (c *Conn) EnableHMAC() {
c.hmacOn = true
}
// ConnOpts returns the cipher/hmac options value, which is sent to the // ConnOpts returns the cipher/hmac options value, which is sent to the
// peer but is not itself part of the KEx. // peer but is not itself part of the KEx.
// //
@ -310,6 +316,13 @@ func (c Conn) Read(b []byte) (n int, err error) {
rs := &cipher.StreamReader{S: c.r, R: db} rs := &cipher.StreamReader{S: c.r, R: db}
n, err = rs.Read(b) n, err = rs.Read(b)
log.Printf(" <-ptext:\r\n%s\r\n", hex.Dump(b[:n])) //EncodeToString(b[:n])) log.Printf(" <-ptext:\r\n%s\r\n", hex.Dump(b[:n])) //EncodeToString(b[:n]))
if c.hmacOn {
c.rm.Write(b[:n])
c.byteCount += len(b[:n])
fmt.Printf("(%x) HMAC:%x\r\n", c.byteCount, c.rm.Sum(nil))
}
return return
} }
@ -319,6 +332,13 @@ func (c Conn) Read(b []byte) (n int, err error) {
func (c Conn) Write(b []byte) (n int, err error) { func (c Conn) Write(b []byte) (n int, err error) {
//log.Printf("[Encrypting...]\r\n") //log.Printf("[Encrypting...]\r\n")
log.Printf(" :>ptext:\r\n%s\r\n", hex.Dump(b)) //EncodeToString(b)) log.Printf(" :>ptext:\r\n%s\r\n", hex.Dump(b)) //EncodeToString(b))
if c.hmacOn {
c.wm.Write(b)
c.byteCount += len(b)
fmt.Printf("(%x) HMAC:%x\r\n", c.byteCount, c.wm.Sum(nil))
}
var wb bytes.Buffer var wb bytes.Buffer
// The StreamWriter acts like a pipe, forwarding whatever is // The StreamWriter acts like a pipe, forwarding whatever is
// written to it through the cipher, encrypting as it goes // written to it through the cipher, encrypting as it goes