mirror of
https://gogs.blitter.com/RLabs/xs
synced 2024-08-14 10:26:42 +00:00
Start of proto kexsh tool client/server
This commit is contained in:
parent
78edf1c130
commit
942b8865cf
5 changed files with 69 additions and 40 deletions
|
@ -11,10 +11,16 @@ import (
|
||||||
|
|
||||||
// Demo of a simple client that dials up to a simple test server to
|
// Demo of a simple client that dials up to a simple test server to
|
||||||
// send data.
|
// send data.
|
||||||
// Note this code is identical to standard tcp client code, save for
|
//
|
||||||
// declaring a 'hkex' rather than a 'net' Dialer Conn. The KEx and
|
// While conforming to the basic net.Conn interface HKex.Conn has extra
|
||||||
// encrypt/decrypt is done within the type.
|
// capabilities designed to allow apps to define connection options,
|
||||||
// Compare to 'clientp.go' in this directory to see the equivalence.
|
// encryption/hmac settings and operations across the encrypted channel.
|
||||||
|
//
|
||||||
|
// Initial setup is the same as using plain net.Dial(), but one may
|
||||||
|
// specify extra extension tags (strings) to set the cipher and hmac
|
||||||
|
// setting desired; as well as the intended operation mode for the
|
||||||
|
// connection (app-specific, passed through to the server to use or
|
||||||
|
// ignore at its discretion).
|
||||||
func main() {
|
func main() {
|
||||||
var cAlg string
|
var cAlg string
|
||||||
var hAlg string
|
var hAlg string
|
||||||
|
@ -30,6 +36,7 @@ func main() {
|
||||||
fmt.Println("Err!")
|
fmt.Println("Err!")
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
fmt.Fprintf(conn,"e") // tell server just to echo
|
||||||
_, err = io.Copy(conn, os.Stdin)
|
_, err = io.Copy(conn, os.Stdin)
|
||||||
if err != nil && err.Error() != "EOF" {
|
if err != nil && err.Error() != "EOF" {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
|
|
|
@ -16,16 +16,12 @@ import (
|
||||||
// encrypt/decrypt is done within the type.
|
// encrypt/decrypt is done within the type.
|
||||||
// Compare to 'clientp.go' in this directory to see the equivalence.
|
// Compare to 'clientp.go' in this directory to see the equivalence.
|
||||||
func main() {
|
func main() {
|
||||||
var cAlg string
|
|
||||||
var hAlg string
|
|
||||||
var server string
|
var server string
|
||||||
|
|
||||||
flag.StringVar(&cAlg, "c", "C_AES_256", "cipher [\"C_AES_256\" | \"C_TWOFISH_128\" | \"C_BLOWFISH_64\"]")
|
|
||||||
flag.StringVar(&hAlg, "h", "H_SHA256", "hmac [\"H_SHA256\"]")
|
|
||||||
flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]")
|
flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
conn, err := hkex.Dial("tcp", server, cAlg, hAlg)
|
conn, err := hkex.Dial("tcp", server)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println("Err!")
|
fmt.Println("Err!")
|
||||||
panic(err)
|
panic(err)
|
||||||
|
|
|
@ -45,6 +45,7 @@ func main() {
|
||||||
ch := make(chan []byte)
|
ch := make(chan []byte)
|
||||||
chN := 0
|
chN := 0
|
||||||
eCh := make(chan error)
|
eCh := make(chan error)
|
||||||
|
var connOp *byte = nil
|
||||||
|
|
||||||
// Start a goroutine to read from our net connection
|
// Start a goroutine to read from our net connection
|
||||||
go func(ch chan []byte, eCh chan error) {
|
go func(ch chan []byte, eCh chan error) {
|
||||||
|
@ -57,6 +58,17 @@ func main() {
|
||||||
eCh <- err
|
eCh <- err
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if connOp == nil {
|
||||||
|
// Initial xmit - get op byte
|
||||||
|
// (TODO: determine valid ops
|
||||||
|
// for now 'e' (echo), 'i' (interactive), 'x' (exec), ... ?)
|
||||||
|
connOp = new(byte)
|
||||||
|
*connOp = data[0]
|
||||||
|
data = data[1:]
|
||||||
|
chN -= 1
|
||||||
|
fmt.Printf("[* connOp '%c']\n", *connOp)
|
||||||
|
}
|
||||||
|
|
||||||
// send data if we read some.
|
// send data if we read some.
|
||||||
ch <- data[0:chN]
|
ch <- data[0:chN]
|
||||||
}
|
}
|
||||||
|
|
31
hkexchan.go
31
hkexchan.go
|
@ -1,25 +1,8 @@
|
||||||
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
|
|
||||||
Copyright (C) 2017 Omar Alejandro Herrera Reyna
|
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
golang implementation by Russ Magee (rmagee_at_gmail.com) */
|
|
||||||
|
|
||||||
package herradurakex
|
package herradurakex
|
||||||
|
|
||||||
/* Support functions to set up encryption once an HKEx Conn has been
|
/* Support functions to set up encryption once an HKEx Conn has been
|
||||||
established with FA exchange */
|
established with FA exchange and support channel operations
|
||||||
|
(echo, file-copy, remote-cmd, ...) */
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/aes"
|
"crypto/aes"
|
||||||
|
@ -46,6 +29,16 @@ const (
|
||||||
HmacNoneDisallowed
|
HmacNoneDisallowed
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type ChanOp uint8
|
||||||
|
|
||||||
|
const (
|
||||||
|
ChanOpNop = '.'
|
||||||
|
ChanOpEcho = 'e' // For testing - echo client data to stderr
|
||||||
|
//ChanOpFileWrite = "w"
|
||||||
|
//ChanOpFileRead = "r"
|
||||||
|
//ChanOpRemoteCmd = "x"
|
||||||
|
)
|
||||||
|
|
||||||
/*TODO: HMAC derived from HKEx FA.*/
|
/*TODO: HMAC derived from HKEx FA.*/
|
||||||
/* Support functionality to set up encryption after a channel has
|
/* Support functionality to set up encryption after a channel has
|
||||||
been negotiated via hkexnet.go
|
been negotiated via hkexnet.go
|
||||||
|
|
43
hkexnet.go
43
hkexnet.go
|
@ -36,7 +36,8 @@ type Conn struct {
|
||||||
c net.Conn // which also implements io.Reader, io.Writer, ...
|
c net.Conn // which also implements io.Reader, io.Writer, ...
|
||||||
h *HerraduraKEx
|
h *HerraduraKEx
|
||||||
cipheropts uint32 // post-KEx cipher/hmac options
|
cipheropts uint32 // post-KEx cipher/hmac options
|
||||||
opts uint32 // post-KEx protocol options
|
opts uint32 // post-KEx protocol options (caller-defined)
|
||||||
|
op uint8 // post-KEx 'op' (caller-defined)
|
||||||
r cipher.Stream
|
r cipher.Stream
|
||||||
w cipher.Stream
|
w cipher.Stream
|
||||||
}
|
}
|
||||||
|
@ -78,6 +79,26 @@ func (c *Conn) SetOpts(opts uint32) {
|
||||||
c.opts = opts
|
c.opts = opts
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Op returns the 'op' value, which is sent to the peer
|
||||||
|
// but is not itself part of the KEx or connection (cipher/hmac) setup.
|
||||||
|
//
|
||||||
|
// Consumers of this lib may use this to indicate connection-specific
|
||||||
|
// operations not part of the KEx or encryption info used by the connection.
|
||||||
|
func (c *Conn) Op() uint8 {
|
||||||
|
return c.op
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetOp sets the 'op' value, which is sent to the peer
|
||||||
|
// but is not itself part of the KEx or connection (cipher/hmac) setup.
|
||||||
|
//
|
||||||
|
// Consumers of this lib may use this to indicate connection-specific
|
||||||
|
// operations not part of the KEx or encryption info used by the connection.
|
||||||
|
//
|
||||||
|
// op - a uint8, caller-defined
|
||||||
|
func (c *Conn) SetOp(op uint8) {
|
||||||
|
c.op = op
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Conn) applyConnExtensions(extensions ...string) {
|
func (c *Conn) applyConnExtensions(extensions ...string) {
|
||||||
for _, s := range extensions {
|
for _, s := range extensions {
|
||||||
switch s {
|
switch s {
|
||||||
|
@ -120,20 +141,20 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
hc = &Conn{c: c, h: New(0, 0), cipheropts: 0, opts: 0, r: nil, w: nil}
|
hc = &Conn{c: c, h: New(0, 0), cipheropts: 0, opts: 0, op:0, r: nil, w: nil}
|
||||||
|
|
||||||
hc.applyConnExtensions(extensions...)
|
hc.applyConnExtensions(extensions...)
|
||||||
|
|
||||||
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.d.Text(16),
|
fmt.Fprintf(c, "0x%s\n%08x:%08x:%02x\n", hc.h.d.Text(16),
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts, hc.op)
|
||||||
|
|
||||||
d := big.NewInt(0)
|
d := big.NewInt(0)
|
||||||
_, err = fmt.Fscanln(c, d)
|
_, err = fmt.Fscanln(c, d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
_, err = fmt.Fscanf(c, "%08x:%08x\n",
|
_, err = fmt.Fscanf(c, "%08x:%08x:%02x\n",
|
||||||
&hc.cipheropts, &hc.opts)
|
&hc.cipheropts, &hc.opts, &hc.op)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -197,15 +218,15 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
|
||||||
}
|
}
|
||||||
fmt.Println("[Accepted]")
|
fmt.Println("[Accepted]")
|
||||||
|
|
||||||
hc = Conn{c: c, h: New(0, 0), cipheropts: 0, opts: 0, r: nil, w: nil}
|
hc = Conn{c: c, h: New(0, 0), cipheropts: 0, opts: 0, op:0, r: nil, w: nil}
|
||||||
|
|
||||||
d := big.NewInt(0)
|
d := big.NewInt(0)
|
||||||
_, err = fmt.Fscanln(c, d)
|
_, err = fmt.Fscanln(c, d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return hc, err
|
return hc, err
|
||||||
}
|
}
|
||||||
_, err = fmt.Fscanf(c, "%08x:%08x\n",
|
_, err = fmt.Fscanf(c, "%08x:%08x:%02x\n",
|
||||||
&hc.cipheropts, &hc.opts)
|
&hc.cipheropts, &hc.opts, &hc.op)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return hc, err
|
return hc, err
|
||||||
}
|
}
|
||||||
|
@ -215,8 +236,8 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
|
||||||
hc.h.FA()
|
hc.h.FA()
|
||||||
fmt.Printf("**(s)** FA:%s\n", hc.h.fa)
|
fmt.Printf("**(s)** FA:%s\n", hc.h.fa)
|
||||||
|
|
||||||
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.d.Text(16),
|
fmt.Fprintf(c, "0x%s\n%08x:%08x:%02x\n", hc.h.d.Text(16),
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts, hc.op)
|
||||||
|
|
||||||
hc.r = hc.getStream(hc.h.fa)
|
hc.r = hc.getStream(hc.h.fa)
|
||||||
hc.w = hc.getStream(hc.h.fa)
|
hc.w = hc.getStream(hc.h.fa)
|
||||||
|
|
Loading…
Reference in a new issue