From 12b7e525bff176d99125f0aaa754ff2debbb8af0 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Nov 2021 17:57:01 -0800 Subject: [PATCH 1/6] Help improvements --- xs/xs.go | 30 +++++++++++++++++++++++++++--- xsd/xsd.go | 6 +++--- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/xs/xs.go b/xs/xs.go index 5a1ab51..b63c795 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -710,9 +710,33 @@ func main() { flag.BoolVar(&vopt, "v", false, "show version") flag.BoolVar(&dbg, "d", false, "debug logging") - flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12 | C_HOPSCOTCH]") - flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]") - flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE | KEX_FRODOKEM_{1344|976}{AES|SHAKE}]") + flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher`"+` + C_all + C_AES_256 + C_TWOFISH_128 + C_BLOWFISH_64 + C_CRYPTMT1 + C_HOPSCOTCH + C_CHACHA20_12`) + flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC`"+` + H_all + H_SHA256 + H_SHA512`) + flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg`"+` + KEX_all + KEX_HERRADURA256 + KEX_HERRADURA512 + KEX_HERRADURA1024 + KEX_HERRADURA2048 + KEX_KYBER512 + KEX_KYBER768 + KEX_KYBER1024 + KEX_NEWHOPE + KEX_NEWHOPE_SIMPLE + KEX_FRODOKEM_1344AES + KEX_FRODOKEM_1344SHAKE + KEX_FRODOKEM_976AES + KEX_FRODOKEM_976SHAKE`) flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP") flag.UintVar(&port, "p", 2000, "``port") //flag.StringVar(&authCookie, "a", "", "auth cookie") diff --git a/xsd/xsd.go b/xsd/xsd.go index 5b931c3..98e83eb 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -527,7 +527,7 @@ func main() { flag.BoolVar(&useSystemPasswd, "s", true, "use system shadow passwds") flag.BoolVar(&dbg, "d", false, "debug logging") - flag.Var(&aKEXAlgs, "aK", `Allowed KEX algs (eg. '-aK KEXAlgA -aK KEXAlgB ...') (default: none) + flag.Var(&aKEXAlgs, "aK", "Allowed KEX `alg`s (eg. '-aK KEXAlgA -aK KEXAlgB ...')" + ` KEX_all KEX_HERRADURA256 KEX_HERRADURA512 @@ -542,7 +542,7 @@ func main() { KEX_FRODOKEM_1344SHAKE KEX_FRODOKEM_976AES KEX_FRODOKEM_976SHAKE`) - flag.Var(&aCipherAlgs, "aC", `Allowed ciphers (eg. '-aC CAlgA -aC CAlgB ...') (default: none) + flag.Var(&aCipherAlgs, "aC", "Allowed `cipher`s (eg. '-aC CAlgA -aC CAlgB ...')" + ` C_all C_AES_256 C_TWOFISH_128 @@ -550,7 +550,7 @@ func main() { C_CRYPTMT1 C_HOPSCOTCH C_CHACHA20_12`) - flag.Var(&aHMACAlgs, "aH", `Allowed HMACs (eg. '-aH HMACAlgA -aH HMACAlgB ...') (default: none) + flag.Var(&aHMACAlgs, "aH", "Allowed `HMAC`s (eg. '-aH HMACAlgA -aH HMACAlgB ...')" + ` H_all H_SHA256 H_SHA512`) From d837bd2583865ebb506206e30e1414893f54a7ad Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Nov 2021 17:57:01 -0800 Subject: [PATCH 2/6] xsd.initrc fix; help improvements --- xs/xs.go | 30 +++++++++++++++++++++++++++--- xsd.initrc | 4 ++-- xsd/xsd.go | 6 +++--- 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/xs/xs.go b/xs/xs.go index 5a1ab51..b63c795 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -710,9 +710,33 @@ func main() { flag.BoolVar(&vopt, "v", false, "show version") flag.BoolVar(&dbg, "d", false, "debug logging") - flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12 | C_HOPSCOTCH]") - flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]") - flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE | KEX_FRODOKEM_{1344|976}{AES|SHAKE}]") + flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher`"+` + C_all + C_AES_256 + C_TWOFISH_128 + C_BLOWFISH_64 + C_CRYPTMT1 + C_HOPSCOTCH + C_CHACHA20_12`) + flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC`"+` + H_all + H_SHA256 + H_SHA512`) + flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg`"+` + KEX_all + KEX_HERRADURA256 + KEX_HERRADURA512 + KEX_HERRADURA1024 + KEX_HERRADURA2048 + KEX_KYBER512 + KEX_KYBER768 + KEX_KYBER1024 + KEX_NEWHOPE + KEX_NEWHOPE_SIMPLE + KEX_FRODOKEM_1344AES + KEX_FRODOKEM_1344SHAKE + KEX_FRODOKEM_976AES + KEX_FRODOKEM_976SHAKE`) flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP") flag.UintVar(&port, "p", 2000, "``port") //flag.StringVar(&authCookie, "a", "", "auth cookie") diff --git a/xsd.initrc b/xsd.initrc index 955dbfd..b291ec6 100755 --- a/xsd.initrc +++ b/xsd.initrc @@ -6,7 +6,7 @@ XSD_USER=root XSD_HOME=/var/run INST_PREFIX=/usr/local COMMAND=$INST_PREFIX/sbin/xsd -ARGS="-L" +ARGS="-L -aK K_all -aC C_all -aH H_all" depend() { need net @@ -28,7 +28,7 @@ start() { -d ${XSD_HOME} \ --make-pidfile --pidfile ${XSD_PIDFILE} \ --start --quiet --background \ - --exec "${COMMAND}" -- "${ARGS}" + --exec "${COMMAND}" -- ${ARGS} eend $? } diff --git a/xsd/xsd.go b/xsd/xsd.go index 5b931c3..98e83eb 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -527,7 +527,7 @@ func main() { flag.BoolVar(&useSystemPasswd, "s", true, "use system shadow passwds") flag.BoolVar(&dbg, "d", false, "debug logging") - flag.Var(&aKEXAlgs, "aK", `Allowed KEX algs (eg. '-aK KEXAlgA -aK KEXAlgB ...') (default: none) + flag.Var(&aKEXAlgs, "aK", "Allowed KEX `alg`s (eg. '-aK KEXAlgA -aK KEXAlgB ...')" + ` KEX_all KEX_HERRADURA256 KEX_HERRADURA512 @@ -542,7 +542,7 @@ func main() { KEX_FRODOKEM_1344SHAKE KEX_FRODOKEM_976AES KEX_FRODOKEM_976SHAKE`) - flag.Var(&aCipherAlgs, "aC", `Allowed ciphers (eg. '-aC CAlgA -aC CAlgB ...') (default: none) + flag.Var(&aCipherAlgs, "aC", "Allowed `cipher`s (eg. '-aC CAlgA -aC CAlgB ...')" + ` C_all C_AES_256 C_TWOFISH_128 @@ -550,7 +550,7 @@ func main() { C_CRYPTMT1 C_HOPSCOTCH C_CHACHA20_12`) - flag.Var(&aHMACAlgs, "aH", `Allowed HMACs (eg. '-aH HMACAlgA -aH HMACAlgB ...') (default: none) + flag.Var(&aHMACAlgs, "aH", "Allowed `HMAC`s (eg. '-aH HMACAlgA -aH HMACAlgB ...')" + ` H_all H_SHA256 H_SHA512`) From ca4335df9e00be5b2a273016febd5b02b7fee450 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Nov 2021 19:25:30 -0800 Subject: [PATCH 3/6] Fixed typo in example xsd.initrc --- xsd.initrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xsd.initrc b/xsd.initrc index b291ec6..dc916a2 100755 --- a/xsd.initrc +++ b/xsd.initrc @@ -6,7 +6,7 @@ XSD_USER=root XSD_HOME=/var/run INST_PREFIX=/usr/local COMMAND=$INST_PREFIX/sbin/xsd -ARGS="-L -aK K_all -aC C_all -aH H_all" +ARGS="-L -aK KEX_all -aC C_all -aH H_all" depend() { need net From 20113653f740767722089f59779c5954c2f4193b Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Nov 2021 20:35:20 -0800 Subject: [PATCH 4/6] xsd.initrc require admin to set defaults --- xsd.initrc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xsd.initrc b/xsd.initrc index dc916a2..ee71029 100755 --- a/xsd.initrc +++ b/xsd.initrc @@ -6,7 +6,9 @@ XSD_USER=root XSD_HOME=/var/run INST_PREFIX=/usr/local COMMAND=$INST_PREFIX/sbin/xsd -ARGS="-L -aK KEX_all -aC C_all -aH H_all" +#ARGS="-L -aK KEX_all -aC C_all -aH H_all" +echo "SET ARGS in this script to define allow KEX, cipher and hmac algs" +exit 1 depend() { need net From 9c844938a9f434d4d726c2394f6267adbd55fd7d Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Nov 2021 20:46:49 -0800 Subject: [PATCH 5/6] Version bump -> v0.9.3 --- Makefile | 2 +- xs/xs.go | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 5754bd5..fc2efd0 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.9.3-pre +VERSION := 0.9.3 .PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall ## Tag version of binaries with build info wrt. diff --git a/xs/xs.go b/xs/xs.go index b63c795..1c8314d 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -711,7 +711,6 @@ func main() { flag.BoolVar(&vopt, "v", false, "show version") flag.BoolVar(&dbg, "d", false, "debug logging") flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher`"+` - C_all C_AES_256 C_TWOFISH_128 C_BLOWFISH_64 @@ -719,11 +718,9 @@ func main() { C_HOPSCOTCH C_CHACHA20_12`) flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC`"+` - H_all H_SHA256 H_SHA512`) flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg`"+` - KEX_all KEX_HERRADURA256 KEX_HERRADURA512 KEX_HERRADURA1024 From 02e379e50d0338bec5ed383f83e403d6759048f5 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Nov 2021 20:57:29 -0800 Subject: [PATCH 6/6] Updated README.md for v0.9.3 wrt. default accepted algs --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 716a713..e62a3c5 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,9 @@ An interesting question. See [this write-up for a discussion](https://paragonie. xs operates via the philosophy that **it is the server admin's prerogitive to configure local policy wrt. allowed cryptographic primitives**. The connection protocol makes no allowance for any sort of 'downgrades' or algo substitution during negotiation; there is no 'fallback' mode or two-way negotiation of what primitives to use, which would open the possibility of downgrade attacks. Unlike `ssh`, the server does not offer to clients a list of supported algorithms; the client can only offer a single configuration to the server, which it simply accepts or rejects without comment to the client. -In all releases to date, absent a specific whitelist of algs to allow, the server allows 'all' combinations of the above cryptographic primitives to be proposed by clients (but again, **only one** combination is proposed by the client in a single connect attempt). If the admin wishes to restrict the accepted algorithms now or at any future time, they may use the `-aK`, `-aC` and `-aH` options when launching the server to define a whitelist which excludes certain primitives. In future releases the default may be changed to accept *no* algs and such a whitelist shall be required. This will have no effect on the connection protocol itself. +In all releases prior to v0.9.3, absent a specific whitelist of algs to allow, the server allows 'all' combinations of the above cryptographic primitives to be proposed by clients (but again, **only one** combination is proposed by the client in a single connect attempt). If the admin wishes to restrict the accepted algorithms now or at any future time, they may use the `-aK`, `-aC` and `-aH` options when launching the server to define a whitelist which excludes certain primitives. + +As of release v0.9.3, the default when supplying no explicit KEX, cipher or HMAC algorithms to `xsd` results in *no* algs being accepted; so the admin must decide on a specific whitelist of algorithms. ***