2019-10-30 03:34:09 +00:00
|
|
|
// consts.go - consts for xsnet
|
2018-09-18 00:27:13 +00:00
|
|
|
|
2020-08-08 08:54:46 +00:00
|
|
|
// Copyright (c) 2017-2020 Russell Magee
|
2018-09-18 00:27:13 +00:00
|
|
|
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
|
|
|
// distribution)
|
|
|
|
//
|
|
|
|
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
2019-10-30 03:34:09 +00:00
|
|
|
package xsnet
|
2018-09-18 00:27:13 +00:00
|
|
|
|
2019-05-10 05:46:08 +00:00
|
|
|
// KEX algorithm values
|
|
|
|
//
|
|
|
|
// Specified (in string form) as the extensions parameter
|
2019-10-30 03:34:09 +00:00
|
|
|
// to xsnet.Dial()
|
2019-09-15 05:56:03 +00:00
|
|
|
// Alg is sent in a uint8 so there are up to 256 possible
|
2018-09-18 00:27:13 +00:00
|
|
|
const (
|
2018-10-12 23:16:49 +00:00
|
|
|
KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor
|
|
|
|
KEX_HERRADURA512
|
|
|
|
KEX_HERRADURA1024
|
|
|
|
KEX_HERRADURA2048
|
|
|
|
KEX_resvd4
|
|
|
|
KEX_resvd5
|
|
|
|
KEX_resvd6
|
|
|
|
KEX_resvd7
|
|
|
|
KEX_KYBER512
|
2018-10-09 04:31:11 +00:00
|
|
|
KEX_KYBER768
|
2018-10-12 23:16:49 +00:00
|
|
|
KEX_KYBER1024
|
|
|
|
KEX_resvd11
|
2019-04-09 04:58:33 +00:00
|
|
|
KEX_NEWHOPE
|
2019-05-10 05:46:08 +00:00
|
|
|
KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
|
2018-10-12 23:16:49 +00:00
|
|
|
KEX_resvd14
|
|
|
|
KEX_resvd15
|
2020-12-11 03:21:04 +00:00
|
|
|
KEX_FRODOKEM_1344AES
|
|
|
|
KEX_FRODOKEM_1344SHAKE
|
|
|
|
KEX_FRODOKEM_976AES
|
|
|
|
KEX_FRODOKEM_976SHAKE
|
2019-12-15 19:38:04 +00:00
|
|
|
KEX_invalid = 255
|
2018-09-18 00:27:13 +00:00
|
|
|
)
|
2018-10-09 04:31:11 +00:00
|
|
|
|
2018-09-18 06:07:04 +00:00
|
|
|
// Sent from client to server in order to specify which
|
2019-10-30 03:34:09 +00:00
|
|
|
// algo shall be used (see xsnet.KEX_HERRADURA256, ...)
|
2018-09-18 06:07:04 +00:00
|
|
|
type KEXAlg uint8
|
2018-09-18 00:27:13 +00:00
|
|
|
|
2018-10-26 05:49:08 +00:00
|
|
|
// Extended exit status codes - indicate comm/pty issues
|
|
|
|
// rather than remote end normal UNIX exit codes
|
2018-09-18 00:27:13 +00:00
|
|
|
const (
|
2019-12-15 19:38:04 +00:00
|
|
|
CSENone = 1024 + iota
|
|
|
|
CSETruncCSO // No CSOExitStatus in payload
|
|
|
|
CSEStillOpen // Channel closed unexpectedly
|
|
|
|
CSEExecFail // cmd.Start() (exec) failed
|
|
|
|
CSEPtyExecFail // pty.Start() (exec w/pty) failed
|
|
|
|
CSEPtyGetNameFail // failed to obtain pty name
|
|
|
|
CSEKEXAlgDenied // server rejected proposed KEX alg
|
|
|
|
CSECipherAlgDenied // server rejected proposed Cipher alg
|
|
|
|
CSEHMACAlgDenied // server rejected proposed HMAC alg
|
2023-11-05 22:58:24 +00:00
|
|
|
CSEConnDead // connection keepalives expired
|
2023-11-06 02:48:19 +00:00
|
|
|
CSELoginTimeout
|
2018-09-18 00:27:13 +00:00
|
|
|
)
|
2018-10-12 23:16:49 +00:00
|
|
|
|
2018-09-18 06:07:04 +00:00
|
|
|
// Extended (>255 UNIX exit status) codes
|
|
|
|
// This indicate channel-related or internal errors
|
|
|
|
type CSExtendedCode uint32
|
2018-09-18 00:27:13 +00:00
|
|
|
|
2018-10-31 16:15:28 +00:00
|
|
|
// Channel Status/Op bytes - packet types
|
2018-09-18 00:27:13 +00:00
|
|
|
const (
|
2018-10-31 16:15:28 +00:00
|
|
|
// Main connection/session control
|
2018-09-18 00:27:13 +00:00
|
|
|
CSONone = iota // No error, normal packet
|
|
|
|
CSOHmacInvalid // HMAC mismatch detected on remote end
|
|
|
|
CSOTermSize // set term size (rows:cols)
|
|
|
|
CSOExitStatus // Remote cmd exit status
|
|
|
|
CSOChaff // Dummy packet, do not pass beyond decryption
|
2020-07-25 04:47:29 +00:00
|
|
|
|
2018-10-31 16:15:28 +00:00
|
|
|
// Tunnel setup/control/status
|
2020-07-25 04:47:29 +00:00
|
|
|
CSOTunSetup // client -> server tunnel setup request (dstport)
|
2018-11-12 06:46:39 +00:00
|
|
|
CSOTunSetupAck // server -> client tunnel setup ack
|
|
|
|
CSOTunRefused // server -> client: tunnel rport connection refused
|
|
|
|
CSOTunData // packet contains tunnel data [rport:data]
|
|
|
|
CSOTunKeepAlive // client tunnel heartbeat
|
|
|
|
CSOTunDisconn // server -> client: tunnel rport disconnected
|
|
|
|
CSOTunHangup // client -> server: tunnel lport hung up
|
2023-11-05 22:58:24 +00:00
|
|
|
CSOKeepAlive // bidir keepalive packet to monitor main connection
|
2023-11-15 08:32:50 +00:00
|
|
|
CSORekey // TODO: rekey/re-select session cipher/hash algs
|
2018-10-31 16:15:28 +00:00
|
|
|
)
|
|
|
|
|
2019-05-10 05:46:08 +00:00
|
|
|
// TunEndpoint.tunCtl control values - used to control workers for client
|
|
|
|
// or server tunnels depending on the code
|
2018-10-31 16:15:28 +00:00
|
|
|
const (
|
2018-11-08 03:35:32 +00:00
|
|
|
TunCtl_Client_Listen = 'a'
|
2018-11-12 04:25:34 +00:00
|
|
|
// [CSOTunAccept]
|
|
|
|
// status: server has ack'd tun setup request
|
|
|
|
// action: client should accept (after re-listening, if required) on lport
|
2018-11-12 02:56:08 +00:00
|
|
|
|
2018-11-08 03:35:32 +00:00
|
|
|
TunCtl_Server_Dial = 'd' // server has dialled OK, client side can accept() conns
|
2018-10-31 16:15:28 +00:00
|
|
|
// [CSOTunAccept]
|
2018-11-12 04:25:34 +00:00
|
|
|
// status: client wants to open tunnel to rport
|
2018-10-31 16:15:28 +00:00
|
|
|
// action:server side should dial() rport on client's behalf
|
2018-09-18 00:27:13 +00:00
|
|
|
)
|
2018-10-12 23:16:49 +00:00
|
|
|
|
2019-05-10 05:46:08 +00:00
|
|
|
// Channel status Op byte type (see CSONone, ... and CSENone, ...)
|
2018-09-18 06:07:04 +00:00
|
|
|
type CSOType uint32
|
2018-09-18 00:27:13 +00:00
|
|
|
|
2023-11-05 22:58:24 +00:00
|
|
|
// TODO: this should be small (max unfragmented packet size?)
|
2021-01-11 06:04:52 +00:00
|
|
|
const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1
|
2018-09-18 00:27:13 +00:00
|
|
|
|
2019-05-10 05:46:08 +00:00
|
|
|
// Session symmetric crypto algs
|
2018-09-18 06:07:04 +00:00
|
|
|
const (
|
|
|
|
CAlgAES256 = iota
|
|
|
|
CAlgTwofish128 // golang.org/x/crypto/twofish
|
|
|
|
CAlgBlowfish64 // golang.org/x/crypto/blowfish
|
2018-10-24 07:15:33 +00:00
|
|
|
CAlgCryptMT1 //cryptmt using mtwist64
|
2020-02-22 01:21:19 +00:00
|
|
|
CAlgChaCha20_12
|
2021-11-13 04:39:44 +00:00
|
|
|
CAlgHopscotch
|
2018-09-18 06:07:04 +00:00
|
|
|
CAlgNoneDisallowed
|
|
|
|
)
|
2018-10-12 23:16:49 +00:00
|
|
|
|
2018-09-18 06:07:04 +00:00
|
|
|
// Available ciphers for hkex.Conn
|
|
|
|
type CSCipherAlg uint32
|
|
|
|
|
2019-05-10 05:46:08 +00:00
|
|
|
// Session packet auth HMAC algs
|
2018-09-18 06:07:04 +00:00
|
|
|
const (
|
|
|
|
HmacSHA256 = iota
|
2018-09-30 07:19:25 +00:00
|
|
|
HmacSHA512
|
2018-09-18 06:07:04 +00:00
|
|
|
HmacNoneDisallowed
|
|
|
|
)
|
2018-10-12 23:16:49 +00:00
|
|
|
|
2023-12-02 09:58:30 +00:00
|
|
|
// Conn opts outside of basic kex/cipher/hmac connect config
|
|
|
|
const (
|
|
|
|
CONone = iota
|
|
|
|
CORemodulateShields // if set, rekeying also reselects random cipher/hmac alg
|
|
|
|
)
|
|
|
|
|
|
|
|
type COValue uint32
|
|
|
|
|
2019-05-10 05:46:08 +00:00
|
|
|
// Available HMACs for hkex.Conn
|
2018-09-18 06:07:04 +00:00
|
|
|
type CSHmacAlg uint32
|
2023-12-02 09:58:30 +00:00
|
|
|
|
|
|
|
// Some bounds-checking consts
|
|
|
|
const (
|
|
|
|
REKEY_SECS_MIN = 1
|
2023-12-04 03:22:05 +00:00
|
|
|
REKEY_SECS_MAX = 28800 // 8 hours
|
2023-12-02 09:58:30 +00:00
|
|
|
CHAFF_FREQ_MSECS_MIN = 1
|
2023-12-04 03:22:05 +00:00
|
|
|
CHAFF_FREQ_MSECS_MAX = 300000 // 5 minutes
|
2023-12-02 09:58:30 +00:00
|
|
|
)
|