-Bumped version to 0.2pre to reflect protocol break w/0.1pre

-Added design principle note (no downgrade attack-enabling protocol features)
This commit is contained in:
Russ Magee 2018-09-10 20:28:41 -07:00
parent dcb42d43f1
commit bee0bececf
3 changed files with 8 additions and 2 deletions

View file

@ -16,6 +16,12 @@ package hkexnet
// prefix the channel setup with this param over the wire in order to decide // prefix the channel setup with this param over the wire in order to decide
// which is in use. // which is in use.
// //
// DESIGN PRINCIPLE: There shall be no protocol features which enable
// downgrade attacks. The server shall have final authority to accept or
// reject any and all proposed KEx and connection parameters proposed by
// clients at setup. Action on denial shall be a simple server disconnect
// with possibly a status code sent so client can determine why connection
// was denied (compare to how failed auth is communicated to client).
// Implementation of HKEx-wrapped versions of the golang standard // Implementation of HKEx-wrapped versions of the golang standard
// net package interfaces, allowing clients and servers to simply replace // net package interfaces, allowing clients and servers to simply replace

View file

@ -318,7 +318,7 @@ func rejectUserMsg() string {
// connection (app-specific, passed through to the server to use or // connection (app-specific, passed through to the server to use or
// ignore at its discretion). // ignore at its discretion).
func main() { func main() {
version := "0.1pre (NO WARRANTY)" version := "0.2pre (NO WARRANTY)"
var vopt bool var vopt bool
var dbg bool var dbg bool
var shellMode bool // if true act as shell, else file copier var shellMode bool // if true act as shell, else file copier

View file

@ -317,7 +317,7 @@ func runShellAs(who, ttype string, cmd string, interactive bool, conn hkexnet.Co
// Listener and Conns. The KEx and encrypt/decrypt is done within the type. // Listener and Conns. The KEx and encrypt/decrypt is done within the type.
// Compare to 'serverp.go' in this directory to see the equivalence. // Compare to 'serverp.go' in this directory to see the equivalence.
func main() { func main() {
version := "0.1pre (NO WARRANTY)" version := "0.2pre (NO WARRANTY)"
var vopt bool var vopt bool
var chaffEnabled bool var chaffEnabled bool
var chaffFreqMin uint var chaffFreqMin uint