diff --git a/hkexnet/consts.go b/hkexnet/consts.go index 114d6b6..60b64db 100644 --- a/hkexnet/consts.go +++ b/hkexnet/consts.go @@ -13,9 +13,10 @@ const ( //KEX_DH //KEX_ETC ) +// Sent from client to server in order to specify which +// algo shall be used (eg., HerraduraKEx, [TODO: others...]) +type KEXAlg uint8 -// const CSExtendedCode - extended (>255 UNIX exit status) codes -// This indicate channel-related or internal errors const ( CSENone = 32 + iota CSEBadAuth // Failed login password @@ -24,6 +25,9 @@ const ( CSEExecFail // cmd.Start() (exec) failed CSEPtyExecFail // pty.Start() (exec w/pty) failed ) +// Extended (>255 UNIX exit status) codes +// This indicate channel-related or internal errors +type CSExtendedCode uint32 const ( CSONone = iota // No error, normal packet @@ -32,6 +36,23 @@ const ( CSOExitStatus // Remote cmd exit status CSOChaff // Dummy packet, do not pass beyond decryption ) +// Channel status type +type CSOType uint32 const MAX_PAYLOAD_LEN = 4*1024*1024*1024 - 1 +const ( + CAlgAES256 = iota + CAlgTwofish128 // golang.org/x/crypto/twofish + CAlgBlowfish64 // golang.org/x/crypto/blowfish + CAlgNoneDisallowed +) +// Available ciphers for hkex.Conn +type CSCipherAlg uint32 + +const ( + HmacSHA256 = iota + HmacNoneDisallowed +) +// Available HMACs for hkex.Conn (TODO: not currently used) +type CSHmacAlg uint32 diff --git a/hkexnet/hkexchan.go b/hkexnet/hkexchan.go index 2f75706..7f833e9 100644 --- a/hkexnet/hkexchan.go +++ b/hkexnet/hkexchan.go @@ -29,20 +29,6 @@ import ( _ "crypto/sha256" ) -// Available ciphers for hkex.Conn -const ( - CAlgAES256 = iota - CAlgTwofish128 // golang.org/x/crypto/twofish - CAlgBlowfish64 // golang.org/x/crypto/blowfish - CAlgNoneDisallowed -) - -// Available HMACs for hkex.Conn (TODO: not currently used) -const ( - HmacSHA256 = iota - HmacNoneDisallowed -) - /* Support functionality to set up encryption after a channel has been negotiated via hkexnet.go */ diff --git a/hkexnet/hkexnet.go b/hkexnet/hkexnet.go index 9a637c6..04312f5 100644 --- a/hkexnet/hkexnet.go +++ b/hkexnet/hkexnet.go @@ -48,10 +48,6 @@ import ( "blitter.com/go/hkexsh/herradurakex" ) -// KEx type - sent from client to server in order to specify which -// algo shall be used (eg., HerraduraKEx, [TODO: others...]) -type KEX uint8 - /*---------------------------------------------------------------------*/ type ( @@ -74,7 +70,7 @@ type ( // Conn is a HKex connection - a superset of net.Conn Conn struct { - kex KEX // KEX alg (typedef uint8) + kex KEXAlg m *sync.Mutex c net.Conn // which also implements io.Reader, io.Writer, ... h *hkex.HerraduraKEx // TODO: make an interface? @@ -86,7 +82,7 @@ type ( chaff ChaffConfig - closeStat *uint32 // close status (CSOExitStatus) + closeStat *CSOType // close status (CSOExitStatus) r cipher.Stream //read cipherStream rm hash.Hash w cipher.Stream //write cipherStream @@ -95,11 +91,11 @@ type ( } ) -func (hc Conn) GetStatus() uint32 { +func (hc Conn) GetStatus() CSOType { return *hc.closeStat } -func (hc *Conn) SetStatus(stat uint32) { +func (hc *Conn) SetStatus(stat CSOType) { *hc.closeStat = stat log.Println("closeStat:", *hc.closeStat) } @@ -263,7 +259,7 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e // NOTE: kex default of KEX_HERRADURA may be overridden by // future extension args to applyConnExtensions(), which is // called prior to Dial() - hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(uint32), h: hkex.New(0, 0), dBuf: new(bytes.Buffer)} + hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(CSOType), h: hkex.New(0, 0), dBuf: new(bytes.Buffer)} hc.applyConnExtensions(extensions...) // TODO: Factor out ALL params following this to helpers for @@ -297,7 +293,7 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e func (hc *Conn) Close() (err error) { hc.DisableChaff() s := make([]byte, 4) - binary.BigEndian.PutUint32(s, *hc.closeStat) + binary.BigEndian.PutUint32(s, uint32(*hc.closeStat)) log.Printf("** Writing closeStat %d at Close()\n", *hc.closeStat) hc.WritePacket(s, CSOExitStatus) err = hc.c.Close() @@ -395,13 +391,13 @@ func (hl *HKExListener) Accept() (hc Conn, err error) { // Open raw Conn c c, err := hl.l.Accept() if err != nil { - hc := Conn{m: &sync.Mutex{}, c: nil, h: nil, closeStat: new(uint32), cipheropts: 0, opts: 0, + hc := Conn{m: &sync.Mutex{}, c: nil, h: nil, closeStat: new(CSOType), cipheropts: 0, opts: 0, r: nil, w: nil} return hc, err } log.Println("[Accepted]") - hc = Conn{ /*kex: from client,*/ m: &sync.Mutex{}, c: c, h: hkex.New(0, 0), closeStat: new(uint32), WinCh: make(chan WinSize, 1), + hc = Conn{ /*kex: from client,*/ m: &sync.Mutex{}, c: c, h: hkex.New(0, 0), closeStat: new(CSOType), WinCh: make(chan WinSize, 1), dBuf: new(bytes.Buffer)} // TODO: Factor out ALL params following this to helpers for @@ -517,7 +513,7 @@ func (hc Conn) Read(b []byte) (n int, err error) { hc.WinCh <- WinSize{hc.Rows, hc.Cols} } else if ctrlStatOp == CSOExitStatus { if len(payloadBytes) > 0 { - hc.SetStatus(binary.BigEndian.Uint32(payloadBytes)) + hc.SetStatus(CSOType(binary.BigEndian.Uint32(payloadBytes))) } else { log.Println("[truncated payload, cannot determine CSOExitStatus]") hc.SetStatus(CSETruncCSO) diff --git a/hkexsh/hkexsh.go b/hkexsh/hkexsh.go index 49be663..fb72bef 100755 --- a/hkexsh/hkexsh.go +++ b/hkexsh/hkexsh.go @@ -191,7 +191,7 @@ func doCopyMode(conn *hkexnet.Conn, remoteDest bool, files string, rec *hkexsh.S // If local side status was OK, use remote side's status if exitStatus == 0 { - exitStatus = conn.GetStatus() + exitStatus = uint32(conn.GetStatus()) log.Println("Received remote exitStatus:", exitStatus) } log.Printf("*** client->server cp finished , status %d ***\n", conn.GetStatus()) diff --git a/hkexshd/hkexshd.go b/hkexshd/hkexshd.go index 6251ff7..6a1cca4 100755 --- a/hkexshd/hkexshd.go +++ b/hkexshd/hkexshd.go @@ -327,7 +327,7 @@ func runShellAs(who, ttype string, cmd string, interactive bool, conn hkexnet.Co log.Printf("Exit Status: %d", exitStatus) } } - conn.SetStatus(exitStatus) + conn.SetStatus(hkexnet.CSOType(exitStatus)) } wg.Wait() // Wait on pty->stdout completion to client } @@ -522,7 +522,7 @@ func main() { log.Printf("[Error generating autologin token for %s@%s]\n", rec.Who(), hname) } else { log.Printf("[Autologin token generation completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus) - hc.SetStatus(cmdStatus) + hc.SetStatus(hkexnet.CSOType(cmdStatus)) } } else if rec.Op()[0] == 'c' { // Non-interactive command @@ -539,7 +539,7 @@ func main() { log.Printf("[Error spawning cmd for %s@%s]\n", rec.Who(), hname) } else { log.Printf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus) - hc.SetStatus(cmdStatus) + hc.SetStatus(hkexnet.CSOType(cmdStatus)) } } else if rec.Op()[0] == 's' { // Interactive session @@ -559,7 +559,7 @@ func main() { log.Printf("[Error spawning shell for %s@%s]\n", rec.Who(), hname) } else { log.Printf("[Shell completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus) - hc.SetStatus(cmdStatus) + hc.SetStatus(hkexnet.CSOType(cmdStatus)) } } else if rec.Op()[0] == 'D' { // File copy (destination) operation - client copy to server @@ -576,7 +576,7 @@ func main() { } else { log.Printf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus) } - hc.SetStatus(cmdStatus) + hc.SetStatus(hkexnet.CSOType(cmdStatus)) // Send CSOExitStatus *before* client closes channel s := make([]byte, 4) @@ -598,7 +598,7 @@ func main() { } else { log.Printf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus) } - hc.SetStatus(cmdStatus) + hc.SetStatus(hkexnet.CSOType(cmdStatus)) //fmt.Println("Waiting for EOF from other end.") //_, _ = hc.Read(nil /*ackByte*/) //fmt.Println("Got remote end ack.")