From 32b669192b3c30155f9618ee9f6c1db5f6e382a0 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sat, 2 Dec 2023 01:58:30 -0800 Subject: [PATCH 01/19] Add optional cipher/hmac algo remodulate on rekey --- Makefile | 2 +- xs/xs.go | 12 ++++++++++-- xsd/xsd.go | 20 +++++++++++++++++++- xsnet/chan.go | 17 ++++++++++++++--- xsnet/consts.go | 14 ++++++++++++++ xsnet/net.go | 49 +++++++++++++++++++++++++++++++++++++++++++++---- 6 files changed, 103 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 0c7b358..8f7e048 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.9.6 +VERSION := 0.9.7 .PHONY: lint vis clean common client server passwd\ subpkgs install uninstall reinstall scc diff --git a/xs/xs.go b/xs/xs.go index e941b4c..b232afc 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -702,6 +702,7 @@ func main() { //nolint: funlen, gocyclo cmdStr string tunSpecStr string // lport1:rport1[,lport2:rport2,...] rekeySecs uint + remodRequested bool // true: when rekeying, switch to random cipher/hmac alg copySrc []byte copyDst string copyQuiet bool @@ -745,8 +746,9 @@ func main() { //nolint: funlen, gocyclo KEX_FRODOKEM_976AES KEX_FRODOKEM_976SHAKE`) flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP") //nolint:lll - flag.UintVar(&port, "p", 2000, "``port") //nolint:gomnd,lll + flag.UintVar(&port, "p", 2000, "``port") //nolint:gomnd,lll flag.UintVar(&rekeySecs, "r", 300, "rekey interval in `secs`") + flag.BoolVar(&remodRequested, "R", false, "Borg Countermeasures (remodulate cipher/hmac alg on each rekey)") //nolint:gocritic,nolintlint // flag.StringVar(&authCookie, "a", "", "auth cookie") flag.BoolVar(&chaffEnabled, "e", true, "enable chaff pkts") flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt freq min `msecs`") //nolint:gomnd @@ -967,7 +969,13 @@ func main() { //nolint: funlen, gocyclo if kcpMode != "unused" { proto = "kcp" } - conn, err := xsnet.Dial(proto, server, cipherAlg, hmacAlg, kexAlg, kcpMode) + + remodExtArg := "" + if remodRequested { + remodExtArg = "OPT_REMOD" + } + // Pass opt to Dial() via extensions arg + conn, err := xsnet.Dial(proto, server, cipherAlg, hmacAlg, kexAlg, kcpMode, remodExtArg) if err != nil { fmt.Println(err) exitWithStatus(XSNetDialFailed) diff --git a/xsd/xsd.go b/xsd/xsd.go index e7081c1..e90e3e3 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -530,12 +530,14 @@ func main() { //nolint:funlen,gocyclo var dbg bool var laddr string var rekeySecs uint + var remodSupported bool // true: when rekeying, switch to random cipher/hmac alg var useSystemPasswd bool flag.BoolVar(&vopt, "v", false, "show version") flag.UintVar(&rekeySecs, "r", 300, "rekey interval in `secs`") - flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen") //nolint:gomnd,lll + flag.BoolVar(&remodSupported, "R", false, "Borg Countermeasures (remodulate cipher/hmac alg on each rekey)") + flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen") //nolint:gomnd,lll flag.StringVar(&kcpMode, "K", "unused", `set to one of ["KCP_NONE","KCP_AES", "KCP_BLOWFISH", "KCP_CAST5", "KCP_SM4", "KCP_SALSA20", "KCP_SIMPLEXOR", "KCP_TEA", "KCP_3DES", "KCP_TWOFISH", "KCP_XTEA"] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP`) //nolint:lll flag.BoolVar(&useSysLogin, "L", false, "use system login") flag.BoolVar(&chaffEnabled, "e", true, "enable chaff pkts") @@ -702,6 +704,22 @@ func main() { //nolint:funlen,gocyclo } else { log.Println("Accepted client") + // Only enable cipher alg changes on re-key if we were told + // to support it (launching xsd with -R), *and* the client + // proposes to use it. + if !remodSupported { + if (conn.Opts() & xsnet.CORemodulateShields) != 0 { + logger.LogDebug("[client proposed cipher/hmac remod, but we don't support it.]") + conn.Close() + continue + } + } else { + if conn.Opts()&xsnet.CORemodulateShields != 0 { + logger.LogDebug("[cipher/hmac remodulation active]") + } else { + logger.LogDebug("[cipher/hmac remodulation inactive]") + } + } conn.RekeyHelper(rekeySecs) // Set up chaffing to client diff --git a/xsnet/chan.go b/xsnet/chan.go index 40babee..4b4e82d 100644 --- a/xsnet/chan.go +++ b/xsnet/chan.go @@ -22,6 +22,7 @@ import ( "blitter.com/go/cryptmt" "blitter.com/go/hopscotch" + "blitter.com/go/xs/logger" "github.com/aead/chacha20/chacha" "golang.org/x/crypto/blowfish" "golang.org/x/crypto/twofish" @@ -57,9 +58,19 @@ func expandKeyMat(keymat []byte, blocksize int) []byte { return keymat } -/* (Re-)initialize the keystream and hmac state for an xsnet.Conn, returning - a cipherStream and hash - */ +// Choose a cipher and hmac alg from supported sets, given two uint8 values +func getNewStreamAlgs(cb uint8, hb uint8) (config uint32) { + // Get new cipher and hash algs (clamped to valid values) based on + // the input rekeying data + c := (cb % CAlgNoneDisallowed) + h := (hb % HmacNoneDisallowed) + config = uint32(h<<8) | uint32(c) + logger.LogDebug(fmt.Sprintf("[Chose new algs [%d:%d]", h, c)) + return +} + +// (Re-)initialize the keystream and hmac state for an xsnet.Conn, returning +// a cipherStream and hash func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err error) { var key []byte var block cipher.Block diff --git a/xsnet/consts.go b/xsnet/consts.go index b491a87..87015b3 100644 --- a/xsnet/consts.go +++ b/xsnet/consts.go @@ -122,5 +122,19 @@ const ( HmacNoneDisallowed ) +// Conn opts outside of basic kex/cipher/hmac connect config +const ( + CONone = iota + CORemodulateShields // if set, rekeying also reselects random cipher/hmac alg +) + +type COValue uint32 + // Available HMACs for hkex.Conn type CSHmacAlg uint32 + +// Some bounds-checking consts +const ( + REKEY_SECS_MIN = 1 + CHAFF_FREQ_MSECS_MIN = 1 +) diff --git a/xsnet/net.go b/xsnet/net.go index 3a6789d..f200c63 100644 --- a/xsnet/net.go +++ b/xsnet/net.go @@ -241,7 +241,7 @@ func (hc *Conn) SetConnOpts(copts uint32) { // // Consumers of this lib may use this for protocol-level options not part // of the KEx or encryption info used by the connection. -func (hc Conn) Opts() uint32 { +func (hc *Conn) Opts() uint32 { return hc.opts } @@ -363,6 +363,9 @@ func (hc *Conn) applyConnExtensions(extensions ...string) { log.Println("[extension arg = H_SHA512]") hc.cipheropts &= (0xFFFF00FF) hc.cipheropts |= (HmacSHA512 << 8) + case "OPT_REMOD": + log.Println("[extension arg = OPT_REMOD]") + hc.opts |= CORemodulateShields //default: // log.Printf("[Dial ext \"%s\" ignored]\n", s) } @@ -1351,6 +1354,11 @@ func (hc *Conn) Read(b []byte) (n int, err error) { //logger.LogDebug(fmt.Sprintf("[Got rekey [%02x %02x %02x ...]\n", // payloadBytes[0], payloadBytes[1], payloadBytes[2])) rekeyData := payloadBytes + if (hc.opts & CORemodulateShields) != 0 { + hc.Lock() + hc.cipheropts = getNewStreamAlgs(rekeyData[0], rekeyData[1]) + hc.Unlock() + } hc.r, hc.rm, err = hc.getStream(rekeyData) case CSOTermSize: fmt.Sscanf(string(payloadBytes), "%d %d", &hc.Rows, &hc.Cols) @@ -1585,7 +1593,9 @@ func (hc *Conn) StartupChaff() { } func (hc *Conn) ShutdownChaff() { + hc.Lock() hc.chaff.shutdown = true + hc.Unlock() log.Println("Chaffing SHUTDOWN") } @@ -1596,16 +1606,28 @@ func (hc *Conn) SetupChaff(msecsMin uint, msecsMax uint, szMax uint) { } func (hc *Conn) ShutdownRekey() { + hc.Lock() hc.rekey = 0 + hc.Unlock() } func (hc *Conn) RekeyHelper(intervalSecs uint) { + if intervalSecs < REKEY_SECS_MIN { + intervalSecs = REKEY_SECS_MIN + } + go func() { + hc.Lock() hc.rekey = intervalSecs + hc.Unlock() + for { - if hc.rekey != 0 { + hc.Lock() + rekey := hc.rekey + hc.Unlock() + if rekey != 0 { //logger.LogDebug(fmt.Sprintf("[rekeyHelper Loop]\n")) - time.Sleep(time.Duration(hc.rekey) * time.Second) + time.Sleep(time.Duration(rekey) * time.Second) // Send rekey to other end rekeyData := make([]byte, 64) @@ -1615,6 +1637,9 @@ func (hc *Conn) RekeyHelper(intervalSecs uint) { //logger.LogDebug("[+rekeyHelper]") _, err = hc.WritePacket(rekeyData, CSORekey) hc.Lock() + if (hc.opts & CORemodulateShields) != 0 { + hc.cipheropts = getNewStreamAlgs(rekeyData[0], rekeyData[1]) + } hc.w, hc.wm, err = hc.getStream(rekeyData) //logger.LogDebug("[-rekeyHelper]") hc.Unlock() @@ -1631,11 +1656,21 @@ func (hc *Conn) RekeyHelper(intervalSecs uint) { // Helper routine to spawn a chaffing goroutine for each Conn func (hc *Conn) chaffHelper() { + // Enforce bounds on chaff frequency and pkt size + hc.Lock() + if hc.chaff.msecsMin < CHAFF_FREQ_MSECS_MIN { + hc.chaff.msecsMin = CHAFF_FREQ_MSECS_MIN + } + hc.Unlock() + go func() { var nextDuration int for { //logger.LogDebug(fmt.Sprintf("[chaffHelper Loop]\n")) - if !hc.chaff.shutdown { + hc.Lock() + shutdown := hc.chaff.shutdown + hc.Unlock() + if !shutdown { var bufTmp []byte bufTmp = make([]byte, rand.Intn(int(hc.chaff.szMax))) min := int(hc.chaff.msecsMin) @@ -1646,7 +1681,9 @@ func (hc *Conn) chaffHelper() { //logger.LogDebug("[-chaffHelper]") if err != nil { log.Println("[ *** error - chaffHelper shutting down *** ]") + hc.Lock() hc.chaff.shutdown = true + hc.Unlock() break } } else { @@ -1670,7 +1707,9 @@ func (hc *Conn) ShutdownKeepAlive() { } func (hc *Conn) ResetKeepAlive() { + hc.Lock() hc.keepalive = 3 + hc.Unlock() log.Println("KeepAlive RESET") } @@ -1689,7 +1728,9 @@ func (hc *Conn) keepaliveHelper() { break } time.Sleep(time.Duration(nextDuration) * time.Millisecond) + hc.Lock() hc.keepalive -= 1 + hc.Unlock() //logger.LogDebug(fmt.Sprintf("[keepAlive is now %d]\n", hc.keepalive)) //if rand.Intn(8) == 0 { From 6212119621a8285291fe00a1cef7e4e596f16676 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sun, 3 Dec 2023 19:22:05 -0800 Subject: [PATCH 02/19] Added max bounds for chaff, rekey intervals and random jitter for rekey interval --- Makefile | 2 +- xsnet/consts.go | 2 ++ xsnet/net.go | 27 ++++++++++++++++++++------- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 8f7e048..af6e51e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.9.7 +VERSION := 0.9.8 .PHONY: lint vis clean common client server passwd\ subpkgs install uninstall reinstall scc diff --git a/xsnet/consts.go b/xsnet/consts.go index 87015b3..5c03c15 100644 --- a/xsnet/consts.go +++ b/xsnet/consts.go @@ -136,5 +136,7 @@ type CSHmacAlg uint32 // Some bounds-checking consts const ( REKEY_SECS_MIN = 1 + REKEY_SECS_MAX = 28800 // 8 hours CHAFF_FREQ_MSECS_MIN = 1 + CHAFF_FREQ_MSECS_MAX = 300000 // 5 minutes ) diff --git a/xsnet/net.go b/xsnet/net.go index f200c63..0a576ab 100644 --- a/xsnet/net.go +++ b/xsnet/net.go @@ -1600,6 +1600,16 @@ func (hc *Conn) ShutdownChaff() { } func (hc *Conn) SetupChaff(msecsMin uint, msecsMax uint, szMax uint) { + // Enforce bounds on chaff frequency and pkt size + hc.Lock() + if hc.chaff.msecsMin < CHAFF_FREQ_MSECS_MIN { + hc.chaff.msecsMin = CHAFF_FREQ_MSECS_MIN + } + if hc.chaff.msecsMax > CHAFF_FREQ_MSECS_MAX { + hc.chaff.msecsMax = CHAFF_FREQ_MSECS_MAX + } + hc.Unlock() + hc.chaff.msecsMin = msecsMin //move these to params of chaffHelper() ? hc.chaff.msecsMax = msecsMax hc.chaff.szMax = szMax @@ -1615,6 +1625,9 @@ func (hc *Conn) RekeyHelper(intervalSecs uint) { if intervalSecs < REKEY_SECS_MIN { intervalSecs = REKEY_SECS_MIN } + if intervalSecs > REKEY_SECS_MAX { + intervalSecs = REKEY_SECS_MAX + } go func() { hc.Lock() @@ -1625,7 +1638,14 @@ func (hc *Conn) RekeyHelper(intervalSecs uint) { hc.Lock() rekey := hc.rekey hc.Unlock() + if rekey != 0 { + jitter := rand.Intn(int(rekey)) / 4 + rekey = rekey - uint(jitter) + if rekey < 1 { + rekey = 1 + } + //logger.LogDebug(fmt.Sprintf("[rekeyHelper Loop]\n")) time.Sleep(time.Duration(rekey) * time.Second) @@ -1656,13 +1676,6 @@ func (hc *Conn) RekeyHelper(intervalSecs uint) { // Helper routine to spawn a chaffing goroutine for each Conn func (hc *Conn) chaffHelper() { - // Enforce bounds on chaff frequency and pkt size - hc.Lock() - if hc.chaff.msecsMin < CHAFF_FREQ_MSECS_MIN { - hc.chaff.msecsMin = CHAFF_FREQ_MSECS_MIN - } - hc.Unlock() - go func() { var nextDuration int for { From 08cccb692974c15f90903251b414ec86439fa43f Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 29 Jan 2024 18:40:26 -0800 Subject: [PATCH 03/19] Moved .xs_id to ~/.config/xs --- xs/xs.go | 2 +- xsd/xsd.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xs/xs.go b/xs/xs.go index b232afc..dde5a66 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -887,7 +887,7 @@ func main() { //nolint: funlen, gocyclo if !gopt { // See if we can log in via an auth token u, _ := user.Current() - ab, aerr := os.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir)) + ab, aerr := os.ReadFile(fmt.Sprintf("%s/.config/xs/.xs_id", u.HomeDir)) if aerr == nil { for _, line := range strings.Split(string(ab), "\n") { line += "\n" diff --git a/xsd/xsd.go b/xsd/xsd.go index e90e3e3..8139235 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -841,7 +841,7 @@ func main() { //nolint:funlen,gocyclo hname := goutmp.GetHost(addr.String()) logger.LogNotice(fmt.Sprintf("[Generating autologin token for [%s@%s]]\n", rec.Who(), hname)) //nolint:errcheck token := GenAuthToken(string(rec.Who()), string(rec.ConnHost())) - tokenCmd := fmt.Sprintf("echo %q | tee -a ~/.xs_id", token) + tokenCmd := fmt.Sprintf("echo %q | tee -a ~/.config/xs/.xs_id", token) cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), tokenCmd, false, hc, chaffEnabled) // Returned hopefully via an EOF or exit/logout; // Clear current op so user can enter next, or EOF From 713f44086abac21b63549d55800c1885aa1a338a Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 29 Jan 2024 18:43:24 -0800 Subject: [PATCH 04/19] Bumped version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index af6e51e..9ec8725 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.9.8 +VERSION := 0.9.9 .PHONY: lint vis clean common client server passwd\ subpkgs install uninstall reinstall scc From 89ad0e0998313e196d76e19e5dba9927a57061d0 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 29 Jan 2024 18:56:21 -0800 Subject: [PATCH 05/19] Fixed missed authtoken file ref in auth.go --- auth.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth.go b/auth.go index 5f4f2ed..ecec371 100755 --- a/auth.go +++ b/auth.go @@ -154,7 +154,7 @@ func AuthUserByPasswd(ctx *AuthCtx, username string, auth string, fname string) // ------------- End xs-local passwd auth routine(s) ----------- // AuthUserByToken checks user login information against an auth token. -// Auth tokens are stored in each user's $HOME/.xs_id and are requested +// Auth tokens are stored in each user's $HOME/.config/xs/.xs_id and are requested // via the -g option. // The function also check system /etc/passwd to cross-check the user // actually exists. @@ -172,9 +172,9 @@ func AuthUserByToken(ctx *AuthCtx, username string, connhostname string, auth st return false } - b, e := ctx.reader(fmt.Sprintf("%s/.xs_id", u.HomeDir)) + b, e := ctx.reader(fmt.Sprintf("%s/.config/xs/.xs_id", u.HomeDir)) if e != nil { - log.Printf("INFO: Cannot read %s/.xs_id\n", u.HomeDir) + log.Printf("INFO: Cannot read %s/.config/xs/.xs_id\n", u.HomeDir) return false } From 17d7bc01ef30f582c89add38200b40da62e1d65b Mon Sep 17 00:00:00 2001 From: Russtopia Date: Mon, 29 Jan 2024 19:03:13 -0800 Subject: [PATCH 06/19] Update 'README.md' Updated references to .xs_id location --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 00aeb08..20f6af6 100644 --- a/README.md +++ b/README.md @@ -197,15 +197,17 @@ or is interrupted. ### Setting up an 'authtoken' for scripted (password-free) logins Use the -g option of xs to request a token from the remote server, which will return a -hostname:token string. Place this string into $HOME/.xs_id to allow logins without -entering a password (obviously, $HOME/.xs_id on both server and client for the user +hostname:token string. Place this string into $HOME/.config/xs/.xs_id to allow logins without +entering a password (obviously, $HOME/.config/xs/.xs_id on both server and client for the user should *not* be world-readable.) ``` -$ xs -g user@host.net >~/.xs_id +$ xs -g user@host.net >>~/.config/xs/.xs_id ``` -[enter password blindly, authtoken entry will be stored in ~/.xs_id] +[enter password blindly, authtoken entry will be stored in ~/.config/xs/.xs_id] +NOTE you may need to remove older entries for the same host if this is not the first time you have added +it to your .xs_id file. ### File Copying using xc From 8827d67cc6c415efbbe3208d05e254c27352ef4e Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 29 Jan 2024 21:37:07 -0800 Subject: [PATCH 07/19] unified refs to authtoken file to a const string --- auth.go | 5 +++-- xs/xs.go | 4 ++-- xsd/xsd.go | 2 +- xsnet/consts.go | 2 ++ 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/auth.go b/auth.go index ecec371..ebca33e 100755 --- a/auth.go +++ b/auth.go @@ -23,6 +23,7 @@ import ( "runtime" "strings" + "blitter.com/go/xs/xsnet" "github.com/jameskeane/bcrypt" passlib "gopkg.in/hlandau/passlib.v1" ) @@ -172,9 +173,9 @@ func AuthUserByToken(ctx *AuthCtx, username string, connhostname string, auth st return false } - b, e := ctx.reader(fmt.Sprintf("%s/.config/xs/.xs_id", u.HomeDir)) + b, e := ctx.reader(fmt.Sprintf("%s/%s", u.HomeDir, xsnet.XS_ID_AUTHTOKFILE)) if e != nil { - log.Printf("INFO: Cannot read %s/.config/xs/.xs_id\n", u.HomeDir) + log.Printf("INFO: Cannot read %s/%s\n", u.HomeDir, xsnet.XS_ID_AUTHTOKFILE) return false } diff --git a/xs/xs.go b/xs/xs.go index dde5a66..83c89c1 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -887,7 +887,7 @@ func main() { //nolint: funlen, gocyclo if !gopt { // See if we can log in via an auth token u, _ := user.Current() - ab, aerr := os.ReadFile(fmt.Sprintf("%s/.config/xs/.xs_id", u.HomeDir)) + ab, aerr := os.ReadFile(fmt.Sprintf("%s/%s", u.HomeDir, xsnet.XS_ID_AUTHTOKFILE)) if aerr == nil { for _, line := range strings.Split(string(ab), "\n") { line += "\n" @@ -905,7 +905,7 @@ func main() { //nolint: funlen, gocyclo _, _ = fmt.Fprintln(os.Stderr, "[no authtoken, use -g to request one from server]") } } else { - log.Printf("[cannot read %s/.xs_id]\n", u.HomeDir) + log.Printf("[cannot read %s/%s]\n", u.HomeDir, xsnet.XS_ID_AUTHTOKFILE) } } runtime.GC() diff --git a/xsd/xsd.go b/xsd/xsd.go index 8139235..346274b 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -841,7 +841,7 @@ func main() { //nolint:funlen,gocyclo hname := goutmp.GetHost(addr.String()) logger.LogNotice(fmt.Sprintf("[Generating autologin token for [%s@%s]]\n", rec.Who(), hname)) //nolint:errcheck token := GenAuthToken(string(rec.Who()), string(rec.ConnHost())) - tokenCmd := fmt.Sprintf("echo %q | tee -a ~/.config/xs/.xs_id", token) + tokenCmd := fmt.Sprintf("echo %q | tee -a ~/%s", token, xsnet.XS_ID_AUTHTOKFILE) cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), tokenCmd, false, hc, chaffEnabled) // Returned hopefully via an EOF or exit/logout; // Clear current op so user can enter next, or EOF diff --git a/xsnet/consts.go b/xsnet/consts.go index 5c03c15..1d7e9c8 100644 --- a/xsnet/consts.go +++ b/xsnet/consts.go @@ -140,3 +140,5 @@ const ( CHAFF_FREQ_MSECS_MIN = 1 CHAFF_FREQ_MSECS_MAX = 300000 // 5 minutes ) + +const XS_ID_AUTHTOKFILE = ".config/xs/.xs_id" From ae67ee620179dad28afd55c5e9a3a31c7f5b658e Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 29 Jan 2024 21:47:03 -0800 Subject: [PATCH 08/19] Fixed CI script --- bacillus/ci_pushbuild.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/bacillus/ci_pushbuild.sh b/bacillus/ci_pushbuild.sh index 9ecb3b6..c4a73f4 100755 --- a/bacillus/ci_pushbuild.sh +++ b/bacillus/ci_pushbuild.sh @@ -46,12 +46,12 @@ go test -v . ############ stage "Test(Authtoken)" ############ -if [ -f ~/.xs_id ]; then - echo "Clearing test user $USER ~/.xs_id file ..." - mv ~/.xs_id ~/.xs_id.bak +if [ -f ~/.config/xs/.xs_id ]; then + echo "Clearing test user $USER .xs_id file ..." + mv ~/.config/xs/.xs_id ~/.config/xs/.xs_id.bak fi -echo "Setting dummy authtoken in ~/.xs_id ..." -echo "localhost:${USER}:asdfasdfasdf" >~/.xs_id +echo "Setting dummy authtoken in .xs_id ..." +echo "localhost:${USER}:asdfasdfasdf" >~/.config/xs/.xs_id echo "Performing remote command on @localhost via authtoken login ..." tokentest=$(timeout 10 xs -x "echo -n FOO" @localhost) if [ "${tokentest}" != "FOO" ]; then @@ -91,9 +91,9 @@ stage "Test(xc C->S)" ############ echo "TODO ..." -if [ -f ~/.xs_id.bak ]; then - echo "Restoring test user $USER ~/.xs_id file ..." - mv ~/.xs_id.bak ~/.xs_id +if [ -f ~/.config/xs/.xs_id.bak ]; then + echo "Restoring test user $USER .xs_id file ..." + mv ~/.config/xs/.xs_id.bak ~/.config/xs/.xs_id fi ############ From 540cb8ff3ab7a4f7bf698c275ecf4037ba349a3f Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sun, 25 Feb 2024 21:14:00 -0800 Subject: [PATCH 09/19] gofmt --- xs/xs.go | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/xs/xs.go b/xs/xs.go index 83c89c1..c4ac922 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -689,24 +689,24 @@ func sendSessionParams(conn io.Writer /* *xsnet.Conn*/, rec *xs.Session) (e erro // TODO: reduce gocyclo func main() { //nolint: funlen, gocyclo var ( - isInteractive bool - vopt bool - gopt bool // true: login via password, asking server to generate authToken - dbg bool - shellMode bool // true: act as shell, false: file copier - cipherAlg string - hmacAlg string - kexAlg string - server string - port uint - cmdStr string - tunSpecStr string // lport1:rport1[,lport2:rport2,...] - rekeySecs uint - remodRequested bool // true: when rekeying, switch to random cipher/hmac alg - copySrc []byte - copyDst string - copyQuiet bool - copyLimitBPS uint + isInteractive bool + vopt bool + gopt bool // true: login via password, asking server to generate authToken + dbg bool + shellMode bool // true: act as shell, false: file copier + cipherAlg string + hmacAlg string + kexAlg string + server string + port uint + cmdStr string + tunSpecStr string // lport1:rport1[,lport2:rport2,...] + rekeySecs uint + remodRequested bool // true: when rekeying, switch to random cipher/hmac alg + copySrc []byte + copyDst string + copyQuiet bool + copyLimitBPS uint authCookie string chaffEnabled bool @@ -969,7 +969,7 @@ func main() { //nolint: funlen, gocyclo if kcpMode != "unused" { proto = "kcp" } - + remodExtArg := "" if remodRequested { remodExtArg = "OPT_REMOD" From 057a3c01c73ca78fd11aa37dba2cce2a9653ef06 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sun, 25 Feb 2024 21:14:20 -0800 Subject: [PATCH 10/19] Updated go.{mod,sum} --- go.mod | 24 +++++++++++------------- go.sum | 4 ---- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 0699d6f..f861aa2 100644 --- a/go.mod +++ b/go.mod @@ -3,36 +3,34 @@ module blitter.com/go/xs go 1.20 require ( - blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c blitter.com/go/cryptmt v1.0.2 blitter.com/go/goutmp v1.0.6 - blitter.com/go/groestl v0.0.0-20220410000905-c4decbf31d64 blitter.com/go/herradurakex v1.0.0 blitter.com/go/hopscotch v0.1.1 blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9 - blitter.com/go/mtwist v1.0.1 blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da github.com/creack/pty v1.1.18 github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f - github.com/klauspost/cpuid/v2 v2.2.5 - github.com/klauspost/reedsolomon v1.11.8 github.com/kuking/go-frodokem v1.0.2 github.com/mattn/go-isatty v0.0.19 - github.com/pkg/errors v0.9.1 - github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 - github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b - github.com/tjfoc/gmsm v1.4.1 github.com/xtaci/kcp-go v5.4.20+incompatible golang.org/x/crypto v0.13.0 - golang.org/x/net v0.15.0 golang.org/x/sys v0.12.0 - gopkg.in/hlandau/easymetric.v1 v1.0.0 - gopkg.in/hlandau/measurable.v1 v1.0.1 gopkg.in/hlandau/passlib.v1 v1.0.11 ) require ( + blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c // indirect + blitter.com/go/mtwist v1.0.1 // indirect + github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/klauspost/reedsolomon v1.11.8 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect + github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect + github.com/tjfoc/gmsm v1.4.1 // indirect github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.15.0 // indirect + gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect + gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect ) diff --git a/go.sum b/go.sum index a800c7a..188a92b 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,6 @@ blitter.com/go/cryptmt v1.0.2 h1:ZcLhQk7onUssXyQwG3GdXDXctCVnNL+b7aFuvwOdKXc= blitter.com/go/cryptmt v1.0.2/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84= blitter.com/go/goutmp v1.0.6 h1:jRKRw2WalVBza4T50etAfbvT2xp9G5uykIHTvyB5r0k= blitter.com/go/goutmp v1.0.6/go.mod h1:DnK/uLBu1/1yLFiuVlmwvWErzAWVp+pDv7t6ZaQRLNc= -blitter.com/go/groestl v0.0.0-20220410000905-c4decbf31d64 h1:SH6cZ4JiOTmWGeVd5hCgt8gsMvfPPHWpEwNdxfsBugM= -blitter.com/go/groestl v0.0.0-20220410000905-c4decbf31d64/go.mod h1:YMdIR/gCtFwU/a09jyWAwUu2J9CQejUFwkfD+PyVg+4= blitter.com/go/herradurakex v1.0.0 h1:6XaxY+JLT1HUWPF0gYJnjX3pVjrw4YhYZEzZ1U0wkyc= blitter.com/go/herradurakex v1.0.0/go.mod h1:m3+vYZX+2dDjdo+n/HDnXEYJX9pwmNeQLgAfJM8mtxw= blitter.com/go/hopscotch v0.1.1 h1:hh809THr3I52J5G5QozNhDSd+qGwXWGqLh3FJBGrp+o= @@ -110,8 +108,6 @@ golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= From e42645a2b3df619667585c1f643333efe461b748 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Fri, 1 Mar 2024 23:34:14 -0800 Subject: [PATCH 11/19] Refreshed go.{mod,sum} and bumped semver in Makefile --- Makefile | 4 ++-- go.mod | 16 ++++++++-------- go.sum | 28 ++++++++++++++-------------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/Makefile b/Makefile index 9ec8725..abbec41 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.9.9 +VERSION := 0.9.10 .PHONY: lint vis clean common client server passwd\ subpkgs install uninstall reinstall scc @@ -73,7 +73,7 @@ tools: common: $(GO) build . - go install . + go install -a . client: common diff --git a/go.mod b/go.mod index f861aa2..a47bc1d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module blitter.com/go/xs -go 1.20 +go 1.22.0 require ( blitter.com/go/cryptmt v1.0.2 @@ -10,27 +10,27 @@ require ( blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9 blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da - github.com/creack/pty v1.1.18 + github.com/creack/pty v1.1.21 github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f github.com/kuking/go-frodokem v1.0.2 - github.com/mattn/go-isatty v0.0.19 + github.com/mattn/go-isatty v0.0.20 github.com/xtaci/kcp-go v5.4.20+incompatible - golang.org/x/crypto v0.13.0 - golang.org/x/sys v0.12.0 + golang.org/x/crypto v0.20.0 + golang.org/x/sys v0.17.0 gopkg.in/hlandau/passlib.v1 v1.0.11 ) require ( blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c // indirect blitter.com/go/mtwist v1.0.1 // indirect - github.com/klauspost/cpuid/v2 v2.2.5 // indirect - github.com/klauspost/reedsolomon v1.11.8 // indirect + github.com/klauspost/cpuid/v2 v2.2.6 // indirect + github.com/klauspost/reedsolomon v1.12.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 // indirect - golang.org/x/net v0.15.0 // indirect + golang.org/x/net v0.21.0 // indirect gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect ) diff --git a/go.sum b/go.sum index 188a92b..30048ce 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSi github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= +github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -45,14 +45,14 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f h1:UWGE8Vi+1Agt0lrvnd7UsmvwqWKRzb9byK9iQmsbY0Y= github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f/go.mod h1:u+9Snq0w+ZdYKi8BBoaxnEwWu0fY4Kvu9ByFpM51t1s= -github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= -github.com/klauspost/reedsolomon v1.11.8 h1:s8RpUW5TK4hjr+djiOpbZJB4ksx+TdYbRH7vHQpwPOY= -github.com/klauspost/reedsolomon v1.11.8/go.mod h1:4bXRN+cVzMdml6ti7qLouuYi32KHJ5MGv0Qd8a47h6A= +github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= +github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/reedsolomon v1.12.1 h1:NhWgum1efX1x58daOBGCFWcxtEhOhXKKl1HAPQUp03Q= +github.com/klauspost/reedsolomon v1.12.1/go.mod h1:nEi5Kjb6QqtbofI6s+cbG/j1da11c96IBYBSnVGtuBs= github.com/kuking/go-frodokem v1.0.2 h1:sxdguENCyr6WnLbJ/cjz0AYCW75H1b+E6zXY2ldZnUU= github.com/kuking/go-frodokem v1.0.2/go.mod h1:83ZX1kHOd72ouCsvbffCqJIj7Ih83MQTAjH2QbqzLZk= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -79,8 +79,8 @@ golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= +golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -91,8 +91,8 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -104,8 +104,8 @@ golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 77c9b8654f98e98f38c2cdb1a5302d11974c684f Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sat, 2 Mar 2024 14:46:15 -0800 Subject: [PATCH 12/19] Left GOPROXY alone --- bacillus/ci_pushbuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bacillus/ci_pushbuild.sh b/bacillus/ci_pushbuild.sh index c4a73f4..ea20161 100755 --- a/bacillus/ci_pushbuild.sh +++ b/bacillus/ci_pushbuild.sh @@ -5,7 +5,7 @@ export GOPATH="${HOME}/go" export PATH=/usr/local/bin:/usr/bin:/usr/lib/ccache/bin:/bin:$GOPATH/bin unset GO111MODULE -export GOPROXY="direct" +#export GOPROXY="direct" #!# GOCACHE will be phased out in v1.12. [github.com/golang/go/issues/26809] #!export GOCACHE="${HOME}/.cache/go-build" From dbaa8b5b62b44bd197b7ba67a0c6ab4f5123a41a Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sat, 30 Mar 2024 00:48:46 -0700 Subject: [PATCH 13/19] Ensure auth fails if server is somehow built for unsupported platform --- auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth.go b/auth.go index ebca33e..cc3b042 100755 --- a/auth.go +++ b/auth.go @@ -53,7 +53,7 @@ func VerifyPass(ctx *AuthCtx, user, password string) (bool, error) { } else if runtime.GOOS == "freebsd" { pwFileName = "/etc/master.passwd" } else { - pwFileName = "unsupported" + return false, errors.New("Unsupported platform") } pwFileData, e := ctx.reader(pwFileName) if e != nil { From 952279a108168fc9b168020960e71e1f0c5028b9 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sat, 27 Apr 2024 22:01:43 -0700 Subject: [PATCH 14/19] Moved esc seq table out of copyBuffer to avoid redecls --- xs/xs.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/xs/xs.go b/xs/xs.go index c4ac922..4fa9b13 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -102,6 +102,14 @@ type ( escSeqs map[byte]escHandler ) +var ( + escs = escSeqs{ + 'i': func(io.Writer) { os.Stdout.Write([]byte("\x1b[s\x1b[2;1H\x1b[1;31m[HKEXSH]\x1b[39;49m\x1b[u")) }, + 't': func(io.Writer) { os.Stdout.Write([]byte("\x1b[1;32m[HKEXSH]\x1b[39;49m")) }, + 'B': func(io.Writer) { os.Stdout.Write([]byte("\x1b[1;32m" + bob + "\x1b[39;49m")) }, + } +) + // Copy copies from src to dst until either EOF is reached // on src or an error occurs. It returns the number of bytes // copied and the first error encountered while copying, if any. @@ -149,11 +157,6 @@ func copyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err er // or tunnel traffic indicator - note we cannot just spawn a goroutine // here, as copyBuffer() returns after each burst of data. Scope must // outlive individual copyBuffer calls). - escs := escSeqs{ - 'i': func(io.Writer) { os.Stdout.Write([]byte("\x1b[s\x1b[2;1H\x1b[1;31m[HKEXSH]\x1b[39;49m\x1b[u")) }, - 't': func(io.Writer) { os.Stdout.Write([]byte("\x1b[1;32m[HKEXSH]\x1b[39;49m")) }, - 'B': func(io.Writer) { os.Stdout.Write([]byte("\x1b[1;32m" + bob + "\x1b[39;49m")) }, - } /* // If the reader has a WriteTo method, use it to do the copy. From 91bb0778b21f134a7b349fc62ddeafbd58d18087 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Wed, 1 May 2024 23:43:24 -0700 Subject: [PATCH 15/19] Addition of WHIRLPOOL hash --- go.mod | 1 + go.sum | 2 ++ xs/xs.go | 3 ++- xsd/xsd.go | 3 ++- xsnet/chan.go | 5 ++++- xsnet/consts.go | 1 + xsnet/net.go | 6 ++++++ 7 files changed, 18 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a47bc1d..8437ff3 100644 --- a/go.mod +++ b/go.mod @@ -23,6 +23,7 @@ require ( require ( blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c // indirect blitter.com/go/mtwist v1.0.1 // indirect + github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004 // indirect github.com/klauspost/cpuid/v2 v2.2.6 // indirect github.com/klauspost/reedsolomon v1.12.1 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 30048ce..5d44f1f 100644 --- a/go.sum +++ b/go.sum @@ -45,6 +45,8 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f h1:UWGE8Vi+1Agt0lrvnd7UsmvwqWKRzb9byK9iQmsbY0Y= github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f/go.mod h1:u+9Snq0w+ZdYKi8BBoaxnEwWu0fY4Kvu9ByFpM51t1s= +github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004 h1:G+9t9cEtnC9jFiTxyptEKuNIAbiN5ZCQzX2a74lj3xg= +github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004/go.mod h1:KmHnJWQrgEvbuy0vcvj00gtMqbvNn1L+3YUZLK/B92c= github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/klauspost/reedsolomon v1.12.1 h1:NhWgum1efX1x58daOBGCFWcxtEhOhXKKl1HAPQUp03Q= diff --git a/xs/xs.go b/xs/xs.go index 4fa9b13..018c542 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -733,7 +733,8 @@ func main() { //nolint: funlen, gocyclo C_CHACHA20_12`) flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC`"+` H_SHA256 - H_SHA512`) + H_SHA512 + H_WHIRLPOOL`) flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg`"+` KEX_HERRADURA256 KEX_HERRADURA512 diff --git a/xsd/xsd.go b/xsd/xsd.go index 346274b..62f9a39 100755 --- a/xsd/xsd.go +++ b/xsd/xsd.go @@ -572,7 +572,8 @@ func main() { //nolint:funlen,gocyclo flag.Var(&aHMACAlgs, "aH", "Allowed `HMAC`s (eg. '-aH HMACAlgA -aH HMACAlgB ...')"+` H_all H_SHA256 - H_SHA512`) + H_SHA512 + H_WHIRLPOOL`) flag.StringVar(&cpuprofile, "cpuprofile", "", "write cpu profile to <`file`>") flag.StringVar(&memprofile, "memprofile", "", "write memory profile to <`file`>") diff --git a/xsnet/chan.go b/xsnet/chan.go index 4b4e82d..5847372 100644 --- a/xsnet/chan.go +++ b/xsnet/chan.go @@ -26,7 +26,7 @@ import ( "github.com/aead/chacha20/chacha" "golang.org/x/crypto/blowfish" "golang.org/x/crypto/twofish" - + whirlpool "github.com/jzelinskie/whirlpool" // hash algos must be manually imported thusly: // (Would be nice if the golang pkg docs were more clear // on this...) @@ -157,6 +157,9 @@ func (hc *Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err er if !halg.Available() { log.Fatal("hash not available!") } + case HmacWHIRLPOOL: + log.Printf("[hash HmacWHIRLPOOL (%d)]\n", hopts) + mc = whirlpool.New() default: log.Printf("[invalid hmac (%d)]\n", hopts) fmt.Printf("DOOFUS SET A VALID HMAC ALG (%d)\n", hopts) diff --git a/xsnet/consts.go b/xsnet/consts.go index 1d7e9c8..9c58d6e 100644 --- a/xsnet/consts.go +++ b/xsnet/consts.go @@ -119,6 +119,7 @@ type CSCipherAlg uint32 const ( HmacSHA256 = iota HmacSHA512 + HmacWHIRLPOOL HmacNoneDisallowed ) diff --git a/xsnet/net.go b/xsnet/net.go index 0a576ab..5bd423f 100644 --- a/xsnet/net.go +++ b/xsnet/net.go @@ -177,6 +177,8 @@ func (h *CSHmacAlg) String() string { return "H_SHA256" case HmacSHA512: return "H_SHA512" + case HmacWHIRLPOOL: + return "H_WHIRLPOOL" default: return "H_ERR_UNK" } @@ -363,6 +365,10 @@ func (hc *Conn) applyConnExtensions(extensions ...string) { log.Println("[extension arg = H_SHA512]") hc.cipheropts &= (0xFFFF00FF) hc.cipheropts |= (HmacSHA512 << 8) + case "H_WHIRLPOOL": + log.Println("[extension arg = H_WHIRLPOOL]") + hc.cipheropts &= (0xFFFF00FF) + hc.cipheropts |= (HmacWHIRLPOOL << 8) case "OPT_REMOD": log.Println("[extension arg = OPT_REMOD]") hc.opts |= CORemodulateShields From 7e4aeba93a882c72b57ee97826ffe772c57cac7d Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Wed, 1 May 2024 23:46:43 -0700 Subject: [PATCH 16/19] Add remote IP to net.Listener Accept logmsg --- xsnet/net.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xsnet/net.go b/xsnet/net.go index 0a576ab..75b3803 100644 --- a/xsnet/net.go +++ b/xsnet/net.go @@ -1115,7 +1115,7 @@ func (hl *HKExListener) Accept() (hc Conn, err error) { return Conn{}, err } - logger.LogDebug(fmt.Sprintln("[net.Listener Accepted]")) + logger.LogDebug(fmt.Sprintf("[net.Listener Accepted %v]\n", c.RemoteAddr())) } // Read KEx alg proposed by client var kexAlg KEXAlg From 136f37e209a06c3122260d3b03c7c1202da19a41 Mon Sep 17 00:00:00 2001 From: Russtopia Date: Wed, 1 May 2024 23:58:44 -0700 Subject: [PATCH 17/19] Update 'README.md' --- README.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 20f6af6..c7278f3 100644 --- a/README.md +++ b/README.md @@ -44,10 +44,12 @@ Currently supported session algorithms: * Blowfish-64 * CryptMTv1 (64bit) (https://eprint.iacr.org/2005/165.pdf) * ChaCha20 (https://github.com/aead/chacha20) +* HOPSCOTCH (https://gogs.blitter.com/Russtopia/hopscotch) [HMAC] * HMAC-SHA256 * HMAC-SHA512 +* WHIRLPOOL *** **A Note on 'cryptographic agility'** @@ -92,18 +94,6 @@ KYBER IND-CCA-2 KEM As of this time (Oct 2018) Kyber is one of the candidate algorithms submitted to the [NIST post-quantum cryptography project](https://csrc.nist.gov/Projects/Post-Quantum-Cryptography). The authors recommend using it in "... so-called hybrid mode in combination with established "pre-quantum" security; for example in combination with elliptic-curve Diffie-Hellman." THIS PROJECT DOES NOT DO THIS (in case you didn't notice yet, THIS PROJECT IS EXPERIMENTAL.) -### Dependencies: - -* Recent version of go (tested, at various times, with go-1.9 to go-1.12.4) -* [github.com/mattn/go-isatty](http://github.com/mattn/go-isatty) //terminal tty detection -* [github.com/kr/pty](http://github.com/kr/pty) //unix pty control (server pty connections) -* [github.com/jameskeane/bcrypt](http://github.com/jameskeane/bcrypt) //password storage/auth -* [blitter.com/go/goutmp](https://gogs.blitter.com/RLabs/goutmp) // wtmp/lastlog C bindings for user accounting -* [https://gitlab.com/yawning/kyber](https://gogs.blitter.com/RLabs/kyber) // golang Kyber KEM -* [https://gitlab.com/yawning/kyber](https://gogs.blitter.com/RLabs/newhope) // golang NEWHOPE,NEWHOPE-SIMPLE KEX -* [blitter.com/go/mtwist](https://gogs.blitter.com/RLabs/mtwist) // 64-bit Mersenne Twister PRNG -* [blitter.com/go/cryptmt](https://gogs.blitter.com/RLabs/cryptmt) // CryptMTv1 stream cipher - ### Installing From bfcd097a1476f31f8b406f9fff2769898793d2a1 Mon Sep 17 00:00:00 2001 From: Russtopia Date: Thu, 2 May 2024 00:48:50 -0700 Subject: [PATCH 18/19] Bump version to v0.9.11 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index abbec41..67eb22d 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.9.10 +VERSION := 0.9.11 .PHONY: lint vis clean common client server passwd\ subpkgs install uninstall reinstall scc From 12409319e7bca772ad68618057d0eccd9c1790c9 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 15 Jul 2024 02:06:26 -0700 Subject: [PATCH 19/19] Removed go.mod, go.sum --- bacillus/ci_pushbuild.sh | 3 + go.mod | 37 ---------- go.sum | 143 --------------------------------------- 3 files changed, 3 insertions(+), 180 deletions(-) delete mode 100644 go.mod delete mode 100644 go.sum diff --git a/bacillus/ci_pushbuild.sh b/bacillus/ci_pushbuild.sh index ea20161..8cfe45f 100755 --- a/bacillus/ci_pushbuild.sh +++ b/bacillus/ci_pushbuild.sh @@ -25,6 +25,9 @@ echo "Building most recent push on branch $branch" git checkout "$branch" ls +go mod init +go mod tidy + ############ stage "Build" ############ diff --git a/go.mod b/go.mod deleted file mode 100644 index 8437ff3..0000000 --- a/go.mod +++ /dev/null @@ -1,37 +0,0 @@ -module blitter.com/go/xs - -go 1.22.0 - -require ( - blitter.com/go/cryptmt v1.0.2 - blitter.com/go/goutmp v1.0.6 - blitter.com/go/herradurakex v1.0.0 - blitter.com/go/hopscotch v0.1.1 - blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9 - blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae - github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da - github.com/creack/pty v1.1.21 - github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f - github.com/kuking/go-frodokem v1.0.2 - github.com/mattn/go-isatty v0.0.20 - github.com/xtaci/kcp-go v5.4.20+incompatible - golang.org/x/crypto v0.20.0 - golang.org/x/sys v0.17.0 - gopkg.in/hlandau/passlib.v1 v1.0.11 -) - -require ( - blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c // indirect - blitter.com/go/mtwist v1.0.1 // indirect - github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004 // indirect - github.com/klauspost/cpuid/v2 v2.2.6 // indirect - github.com/klauspost/reedsolomon v1.12.1 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect - github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect - github.com/tjfoc/gmsm v1.4.1 // indirect - github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 // indirect - golang.org/x/net v0.21.0 // indirect - gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect - gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect -) diff --git a/go.sum b/go.sum deleted file mode 100644 index 5d44f1f..0000000 --- a/go.sum +++ /dev/null @@ -1,143 +0,0 @@ -blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7eOUST45fNLHJI5erq0gWZaDLCo= -blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo= -blitter.com/go/cryptmt v1.0.2 h1:ZcLhQk7onUssXyQwG3GdXDXctCVnNL+b7aFuvwOdKXc= -blitter.com/go/cryptmt v1.0.2/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84= -blitter.com/go/goutmp v1.0.6 h1:jRKRw2WalVBza4T50etAfbvT2xp9G5uykIHTvyB5r0k= -blitter.com/go/goutmp v1.0.6/go.mod h1:DnK/uLBu1/1yLFiuVlmwvWErzAWVp+pDv7t6ZaQRLNc= -blitter.com/go/herradurakex v1.0.0 h1:6XaxY+JLT1HUWPF0gYJnjX3pVjrw4YhYZEzZ1U0wkyc= -blitter.com/go/herradurakex v1.0.0/go.mod h1:m3+vYZX+2dDjdo+n/HDnXEYJX9pwmNeQLgAfJM8mtxw= -blitter.com/go/hopscotch v0.1.1 h1:hh809THr3I52J5G5QozNhDSd+qGwXWGqLh3FJBGrp+o= -blitter.com/go/hopscotch v0.1.1/go.mod h1:hCz7oE31KjaO9M6+s2DcyVNlAA8saE/AaVYKFs7hl1I= -blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9 h1:D45AnrNphtvczBXRp5JQicZRTgaK/Is5bgPDDvRKhTc= -blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9/go.mod h1:SK6QfGG72lIfKW1Td0wH7f0wwN5nSIhV3K+wvzGNjrw= -blitter.com/go/mtwist v1.0.1 h1:PxmoWexfMpLmc8neHP/PcRc3s17ct7iz4d5W/qJVt04= -blitter.com/go/mtwist v1.0.1/go.mod h1:aU82Nx8+b1v8oZRNqImfEDzDTPim81rY0ACKAIclV18= -blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMTv1VMPmaSXXz0RwKOTgMJYSRU= -blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0= -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= -github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= -github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f h1:UWGE8Vi+1Agt0lrvnd7UsmvwqWKRzb9byK9iQmsbY0Y= -github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f/go.mod h1:u+9Snq0w+ZdYKi8BBoaxnEwWu0fY4Kvu9ByFpM51t1s= -github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004 h1:G+9t9cEtnC9jFiTxyptEKuNIAbiN5ZCQzX2a74lj3xg= -github.com/jzelinskie/whirlpool v0.0.0-20201016144138-0675e54bb004/go.mod h1:KmHnJWQrgEvbuy0vcvj00gtMqbvNn1L+3YUZLK/B92c= -github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= -github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= -github.com/klauspost/reedsolomon v1.12.1 h1:NhWgum1efX1x58daOBGCFWcxtEhOhXKKl1HAPQUp03Q= -github.com/klauspost/reedsolomon v1.12.1/go.mod h1:nEi5Kjb6QqtbofI6s+cbG/j1da11c96IBYBSnVGtuBs= -github.com/kuking/go-frodokem v1.0.2 h1:sxdguENCyr6WnLbJ/cjz0AYCW75H1b+E6zXY2ldZnUU= -github.com/kuking/go-frodokem v1.0.2/go.mod h1:83ZX1kHOd72ouCsvbffCqJIj7Ih83MQTAjH2QbqzLZk= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 h1:89CEmDvlq/F7SJEOqkIdNDGJXrQIhuIx9D2DBXjavSU= -github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161/go.mod h1:wM7WEvslTq+iOEAMDLSzhVuOt5BRZ05WirO+b09GHQU= -github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b h1:fj5tQ8acgNUr6O8LEplsxDhUIe2573iLkJc+PqnzZTI= -github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4= -github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= -github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= -github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= -github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg= -github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE= -github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E= -github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= -golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/hlandau/easymetric.v1 v1.0.0 h1:ZbfbH7W3giuVDjWUoFhDOjjv20hiPr5HZ2yMV5f9IeE= -gopkg.in/hlandau/easymetric.v1 v1.0.0/go.mod h1:yh75hypuFzAxmvECh3ZKGCvFnIfapYJh2wv7ASaX2RE= -gopkg.in/hlandau/measurable.v1 v1.0.1 h1:wH5UZKCRUnRr1iD+xIZfwhtxhmr+bprRJttqA1Rklf4= -gopkg.in/hlandau/measurable.v1 v1.0.1/go.mod h1:6N+SYJGMTmetsx7wskULP+juuO+++tsHJkAgzvzsbuM= -gopkg.in/hlandau/passlib.v1 v1.0.11 h1:vKeHwGRdWBD9mm4bJ56GAAdBXpFUYvg/BYYkmphjnmA= -gopkg.in/hlandau/passlib.v1 v1.0.11/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=