xs/hkexsh/hkexsh.go

// hkexsh client
//
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package main

import (
	"flag"
	"fmt"
	"io"
	"io/ioutil"
	"log"
	"os"
	"os/user"
	"strings"
	"sync"

	hkexsh "blitter.com/hkexsh"
	isatty "github.com/mattn/go-isatty"
)

type cmdSpec struct {
	op         []byte
	who        []byte
	cmd        []byte
	authCookie []byte
	status     int
}

// Demo of a simple client that dials up to a simple test server to
// send data.
//
// While conforming to the basic net.Conn interface HKex.Conn has extra
// capabilities designed to allow apps to define connection options,
// encryption/hmac settings and operations across the encrypted channel.
//
// Initial setup is the same as using plain net.Dial(), but one may
// specify extra extension tags (strings) to set the cipher and hmac
// setting desired; as well as the intended operation mode for the
// connection (app-specific, passed through to the server to use or
// ignore at its discretion).
func main() {
	var wg sync.WaitGroup

	var dbg bool
	var cAlg string
	var hAlg string
	var server string
	var cmdStr string
	var altUser string
	var authCookie string
	isInteractive := false

	flag.StringVar(&cAlg, "c", "C_AES_256", "cipher [\"C_AES_256\" | \"C_TWOFISH_128\" | \"C_BLOWFISH_64\"]")
	flag.StringVar(&hAlg, "h", "H_SHA256", "hmac [\"H_SHA256\"]")
	flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]")
	flag.StringVar(&cmdStr, "x", "", "command to run (default empty - interactive shell)")
	flag.StringVar(&altUser, "u", "", "specify alternate user")
	flag.StringVar(&authCookie, "a", "", "auth cookie (MultiCheese3999(tm) 2FA cookie")
	flag.BoolVar(&dbg, "d", false, "debug logging")
	flag.Parse()

	if dbg {
		log.SetOutput(os.Stdout)
	} else {
		log.SetOutput(ioutil.Discard)
	}

	conn, err := hkexsh.Dial("tcp", server, cAlg, hAlg)
	if err != nil {
		fmt.Println("Err!")
		panic(err)
	}
	defer conn.Close()
	// From this point on, conn is a secure encrypted channel

	// Set stdin in raw mode if it's an interactive session
	// TODO: send flag to server side indicating this
	//  affects shell command used
	var oldState *hkexsh.State
	if isatty.IsTerminal(os.Stdin.Fd()) {
		oldState, err = hkexsh.MakeRaw(int(os.Stdin.Fd()))
		if err != nil {
			panic(err)
		}
		defer func() { _ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) }() // Best effort.
	} else {
		log.Println("NOT A TTY")
	}

	var uname string
	if len(altUser) == 0 {
		u, _ := user.Current()
		uname = u.Username
	} else {
		uname = altUser
	}

	var op []byte
	if len(cmdStr) == 0 {
		op = []byte{'s'}
		isInteractive = true
	} else if cmdStr == "-" {
		op = []byte{'c'}
		cmdStdin, err := ioutil.ReadAll(os.Stdin)
		if err != nil {
			panic(err)
		}
		cmdStr = strings.Trim(string(cmdStdin), "\r\n")
	} else {
		op = []byte{'c'}
	}

	if len(authCookie) == 0 {
		fmt.Printf("Gimme cookie:")
		ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))
		fmt.Printf("\r\n")
		if err != nil {
			panic(err)
		}
		authCookie = string(ab)
	}

	rec := &cmdSpec{
		op:         op,
		who:        []byte(uname),
		cmd:        []byte(cmdStr),
		authCookie: []byte(authCookie),
		status:     0}

	_, err = fmt.Fprintf(conn, "%d %d %d %d\n", len(rec.op), len(rec.who), len(rec.cmd), len(rec.authCookie))
	_, err = conn.Write(rec.op)
	_, err = conn.Write(rec.who)
	_, err = conn.Write(rec.cmd)
	_, err = conn.Write(rec.authCookie)

	//client reader (from server) goroutine
	wg.Add(1)
	go func() {
		// By deferring a call to wg.Done(),
		// each goroutine guarantees that it marks
		// its direction's stream as finished.
		//
		// Whichever direction's goroutine finishes first
		// will call wg.Done() once more, explicitly, to
		// hang up on the other side, so that this client
		// exits immediately on an EOF from either side.
		defer wg.Done()

		// io.Copy() expects EOF so this will
		// exit with inerr == nil
		_, inerr := io.Copy(os.Stdout, conn)
		if inerr != nil {
			if inerr.Error() != "EOF" {
				fmt.Println(inerr)
				_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // Best effort.
				os.Exit(1)
			}
		}

		if isInteractive {
			log.Println("[Got EOF]")
			wg.Done() // server hung up, close WaitGroup to exit client
		}
	}()

	if isInteractive {
		// client writer (to server) goroutine
		wg.Add(1)
		go func() {
			defer wg.Done()

			// io.Copy() expects EOF so this will
			// exit with outerr == nil
			_, outerr := io.Copy(conn, os.Stdin)
			if outerr != nil {
				log.Println(outerr)
				if outerr.Error() != "EOF" {
					fmt.Println(outerr)
					_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // Best effort.
					os.Exit(2)
				}
			}
			log.Println("[Sent EOF]")
			wg.Done() // client hung up, close WaitGroup to exit client
		}()
	}

	// Wait until both stdin and stdout goroutines finish
	wg.Wait()
}
misc. cleanup, LICENSE.{gpl,mit} updates 2018-04-07 20:04:10 +00:00			`// hkexsh client`
			`//`
			`// Copyright (c) 2017-2018 Russell Magee`
			`// Licensed under the terms of the MIT license (see LICENSE.mit in this`
			`// distribution)`
			`//`
			`// golang implementation by Russ Magee (rmagee_at_gmail.com)`
Initial commit 2018-01-06 15:30:56 +00:00			`package main`

			`import (`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`"flag"`
Initial commit 2018-01-06 15:30:56 +00:00			`"fmt"`
Tucked dbg{client/server} away for testing 2018-01-13 06:47:57 +00:00			`"io"`
Set lots of KEx Printfs to log.Printf (and off by default). Hacky non=tty shell works! 2018-01-18 05:27:00 +00:00			`"io/ioutil"`
			`"log"`
Tucked dbg{client/server} away for testing 2018-01-13 06:47:57 +00:00			`"os"`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`"os/user"`
			`"strings"`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`"sync"`
HKExConn captures net.Conn 2018-01-06 20:26:08 +00:00
MSYS+mintty support; pkg renaming to hkexsh 2018-04-04 22:43:27 +00:00			`hkexsh "blitter.com/hkexsh"`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`isatty "github.com/mattn/go-isatty"`
Initial commit 2018-01-06 15:30:56 +00:00			`)`

Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`type cmdSpec struct {`
			`op []byte`
			`who []byte`
			`cmd []byte`
			`authCookie []byte`
			`status int`
			`}`

Split core KEx and net support code 2018-01-09 03:16:55 +00:00			`// Demo of a simple client that dials up to a simple test server to`
			`// send data.`
Start of proto kexsh tool client/server 2018-01-13 18:01:27 +00:00			`//`
			`// While conforming to the basic net.Conn interface HKex.Conn has extra`
			`// capabilities designed to allow apps to define connection options,`
			`// encryption/hmac settings and operations across the encrypted channel.`
			`//`
			`// Initial setup is the same as using plain net.Dial(), but one may`
			`// specify extra extension tags (strings) to set the cipher and hmac`
			`// setting desired; as well as the intended operation mode for the`
			`// connection (app-specific, passed through to the server to use or`
			`// ignore at its discretion).`
Initial commit 2018-01-06 15:30:56 +00:00			`func main() {`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`var wg sync.WaitGroup`

Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`var dbg bool`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`var cAlg string`
-Cleaned up lib code with gometalinter.v1 -Added -h opt to demo client (hmac) 2018-01-13 06:13:01 +00:00			`var hAlg string`
Added client/server host:port, addr:port options 2018-01-13 06:24:40 +00:00			`var server string`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`var cmdStr string`
			`var altUser string`
Brought in ReadPassword from ssh/terminal, enabling entry of authCookie w/o term echo. TODO: consider methods of securing authCookie in auth file (salt+hash etc.) 2018-01-22 06:02:08 +00:00			`var authCookie string`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`isInteractive := false`
Tucked dbg{client/server} away for testing 2018-01-13 06:47:57 +00:00
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`flag.StringVar(&cAlg, "c", "C_AES_256", "cipher [\"C_AES_256\" \| \"C_TWOFISH_128\" \| \"C_BLOWFISH_64\"]")`
-Cleaned up lib code with gometalinter.v1 -Added -h opt to demo client (hmac) 2018-01-13 06:13:01 +00:00			`flag.StringVar(&hAlg, "h", "H_SHA256", "hmac [\"H_SHA256\"]")`
Added client/server host:port, addr:port options 2018-01-13 06:24:40 +00:00			`flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]")`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`flag.StringVar(&cmdStr, "x", "", "command to run (default empty - interactive shell)")`
			`flag.StringVar(&altUser, "u", "", "specify alternate user")`
Brought in ReadPassword from ssh/terminal, enabling entry of authCookie w/o term echo. TODO: consider methods of securing authCookie in auth file (salt+hash etc.) 2018-01-22 06:02:08 +00:00			`flag.StringVar(&authCookie, "a", "", "auth cookie (MultiCheese3999(tm) 2FA cookie")`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`flag.BoolVar(&dbg, "d", false, "debug logging")`
-Added client -c option to pass cipher alg -Note about blowfish iv len (lack of) bounds check in .NewOFB(); -TODO added to enforce keymat from HKex >= 2*chosen cipher blocksize (assuming keylen == blocksize -- might not be true for all future algs) 2018-01-12 07:01:39 +00:00			`flag.Parse()`

Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`if dbg {`
			`log.SetOutput(os.Stdout)`
			`} else {`
			`log.SetOutput(ioutil.Discard)`
			`}`
Set lots of KEx Printfs to log.Printf (and off by default). Hacky non=tty shell works! 2018-01-18 05:27:00 +00:00
MSYS+mintty support; pkg renaming to hkexsh 2018-04-04 22:43:27 +00:00			`conn, err := hkexsh.Dial("tcp", server, cAlg, hAlg)`
Initial commit 2018-01-06 15:30:56 +00:00			`if err != nil {`
Working client/server demos w/HEx and trivial XOR crypto test 2018-01-08 06:05:14 +00:00			`fmt.Println("Err!")`
Tucked dbg{client/server} away for testing 2018-01-13 06:47:57 +00:00			`panic(err)`
			`}`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`defer conn.Close()`
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`// From this point on, conn is a secure encrypted channel`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`// Set stdin in raw mode if it's an interactive session`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`// TODO: send flag to server side indicating this`
			`// affects shell command used`
Minimal hmac channel verification w/close on tampering 2018-04-15 19:58:24 +00:00			`var oldState *hkexsh.State`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`if isatty.IsTerminal(os.Stdin.Fd()) {`
Minimal hmac channel verification w/close on tampering 2018-04-15 19:58:24 +00:00			`oldState, err = hkexsh.MakeRaw(int(os.Stdin.Fd()))`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`if err != nil {`
			`panic(err)`
			`}`
MSYS+mintty support; pkg renaming to hkexsh 2018-04-04 22:43:27 +00:00			`defer func() { _ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) }() // Best effort.`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`} else {`
Brought in ReadPassword from ssh/terminal, enabling entry of authCookie w/o term echo. TODO: consider methods of securing authCookie in auth file (salt+hash etc.) 2018-01-22 06:02:08 +00:00			`log.Println("NOT A TTY")`
Added pty lib to give true terminal capability. raw mode/restore for client working 2018-01-19 02:57:37 +00:00			`}`

Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`var uname string`
			`if len(altUser) == 0 {`
			`u, _ := user.Current()`
			`uname = u.Username`
			`} else {`
			`uname = altUser`
			`}`

			`var op []byte`
			`if len(cmdStr) == 0 {`
			`op = []byte{'s'}`
			`isInteractive = true`
			`} else if cmdStr == "-" {`
			`op = []byte{'c'}`
			`cmdStdin, err := ioutil.ReadAll(os.Stdin)`
			`if err != nil {`
			`panic(err)`
			`}`
			`cmdStr = strings.Trim(string(cmdStdin), "\r\n")`
			`} else {`
			`op = []byte{'c'}`
			`}`

Brought in ReadPassword from ssh/terminal, enabling entry of authCookie w/o term echo. TODO: consider methods of securing authCookie in auth file (salt+hash etc.) 2018-01-22 06:02:08 +00:00			`if len(authCookie) == 0 {`
			`fmt.Printf("Gimme cookie:")`
MSYS+mintty support; pkg renaming to hkexsh 2018-04-04 22:43:27 +00:00			`ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))`
Added hkexpasswd util; moved minimal term stuff into hkexauth.go 2018-01-23 21:53:05 +00:00			`fmt.Printf("\r\n")`
Brought in ReadPassword from ssh/terminal, enabling entry of authCookie w/o term echo. TODO: consider methods of securing authCookie in auth file (salt+hash etc.) 2018-01-22 06:02:08 +00:00			`if err != nil {`
			`panic(err)`
			`}`
			`authCookie = string(ab)`
			`}`

Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`rec := &cmdSpec{`
			`op: op,`
			`who: []byte(uname),`
			`cmd: []byte(cmdStr),`
Brought in ReadPassword from ssh/terminal, enabling entry of authCookie w/o term echo. TODO: consider methods of securing authCookie in auth file (salt+hash etc.) 2018-01-22 06:02:08 +00:00			`authCookie: []byte(authCookie),`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`status: 0}`

			`_, err = fmt.Fprintf(conn, "%d %d %d %d\n", len(rec.op), len(rec.who), len(rec.cmd), len(rec.authCookie))`
			`_, err = conn.Write(rec.op)`
			`_, err = conn.Write(rec.who)`
			`_, err = conn.Write(rec.cmd)`
			`_, err = conn.Write(rec.authCookie)`
De-packetizing-rebuffering of Read() w/HMAC working, yay 2018-03-26 02:58:04 +00:00
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`//client reader (from server) goroutine`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`wg.Add(1)`
			`go func() {`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`// By deferring a call to wg.Done(),`
			`// each goroutine guarantees that it marks`
			`// its direction's stream as finished.`
			`//`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`// Whichever direction's goroutine finishes first`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`// will call wg.Done() once more, explicitly, to`
			`// hang up on the other side, so that this client`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`// exits immediately on an EOF from either side.`
			`defer wg.Done()`

			`// io.Copy() expects EOF so this will`
			`// exit with inerr == nil`
			`_, inerr := io.Copy(os.Stdout, conn)`
			`if inerr != nil {`
			`if inerr.Error() != "EOF" {`
			`fmt.Println(inerr)`
Minimal hmac channel verification w/close on tampering 2018-04-15 19:58:24 +00:00			`_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // Best effort.`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`os.Exit(1)`
			`}`
			`}`
De-packetizing-rebuffering of Read() w/HMAC working, yay 2018-03-26 02:58:04 +00:00
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`if isInteractive {`
Removed channel-based server loop goroutine, solving eaten initial byte issue. Made receivers on hkex.Conn mutators *Conn again (whoops) TODO: Consider: padding (? probably not, XORKeyStream OFB/CBC/etc. modes prevent constant header/crib exposure, and would add lots of complexity to Read/Write) TODO: Add CTR, other modes 2018-01-21 04:37:27 +00:00			`log.Println("[Got EOF]")`
			`wg.Done() // server hung up, close WaitGroup to exit client`
Some cleanup in prep for possible io.ReadFull() fixed-block session-cmd header to resolve the eaten-byte issue handing Accept off to cmdRunner 2018-01-19 05:17:57 +00:00			`}`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`}()`

Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`if isInteractive {`
			`// client writer (to server) goroutine`
			`wg.Add(1)`
			`go func() {`
			`defer wg.Done()`

			`// io.Copy() expects EOF so this will`
			`// exit with outerr == nil`
			`_, outerr := io.Copy(conn, os.Stdin)`
			`if outerr != nil {`
Fixed handling of -x non-interactive command runs and hangup of interactive session 2018-03-27 04:58:42 +00:00			`log.Println(outerr)`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`if outerr.Error() != "EOF" {`
			`fmt.Println(outerr)`
Minimal hmac channel verification w/close on tampering 2018-04-15 19:58:24 +00:00			`_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // Best effort.`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`os.Exit(2)`
			`}`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00			`}`
Added -u (user), -x (exec cmd) options, -d (dbg) for logging; detection of "-x -" for stdin/pipeline commands. 2018-01-21 23:46:40 +00:00			`log.Println("[Sent EOF]")`
			`wg.Done() // client hung up, close WaitGroup to exit client`
			`}()`
			`}`
Took a step back on cmd exec, just getting EOF/hangup on client/server ends working 2018-01-18 04:36:53 +00:00
			`// Wait until both stdin and stdout goroutines finish`
			`wg.Wait()`
Initial commit 2018-01-06 15:30:56 +00:00			`}`