From 351f58b6c5115287a675086e258dcc3dbb536c3d Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Sat, 7 Apr 2018 13:04:10 -0700 Subject: [PATCH] misc. cleanup, LICENSE.{gpl,mit} updates --- LICENSE => LICENSE.gpl | 0 LICENSE.mit | 22 ++++++++++++++++ README.md | 56 ++++++++++++++++++++++------------------ herradurakex.go | 15 +++++++---- hkexauth.go | 6 +++++ hkexchan.go | 6 +++++ hkexnet.go | 23 +++++------------ hkexpasswd/hkexpasswd.go | 6 +++++ hkexsh/hkexsh.go | 7 +++++ hkexshd/hkexshd.go | 7 +++++ 10 files changed, 102 insertions(+), 46 deletions(-) rename LICENSE => LICENSE.gpl (100%) create mode 100644 LICENSE.mit diff --git a/LICENSE b/LICENSE.gpl similarity index 100% rename from LICENSE rename to LICENSE.gpl diff --git a/LICENSE.mit b/LICENSE.mit new file mode 100644 index 0000000..4acc92f --- /dev/null +++ b/LICENSE.mit @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2017 - 2018 Omar Alejandro Herrera Reyna (core HerraduraKEx) +Copyright (c) 2017 - 2018 Russell Magee (hkexsh/hkexshd/hkexpasswd) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 7b0560e..4cb99d0 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,15 @@ HKExSh -- -'hkexsh' (HerraduraKEx shell) is a golang implementation of drop-in replacements for golang's -standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept() and the net.Conn type), -which automatically negotiate keying material for 'secure' sockets using the experimental -HerraduraKEx key exchange algorithm first released at [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx). +'hkexsh' (HerraduraKEx shell) is a golang implementation of a simple +remote shell client and server, similar in role to ssh, offering +encrypted interactive and non-interactive sessions. The client and server +programs (hkexsh and hkexshd) use a mostly drop-in replacement for golang's +standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept() +and the net.Conn type), which automatically negotiate keying material for +'secure' sockets using the experimental HerraduraKEx key exchange algorithm +first released at +[Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx). One can simply replace calls to net.Dial() with hkex.Dial(), and likewise net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming @@ -12,23 +17,27 @@ to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange is initiated (whereby client and server independently derive the same keying material). -Above this layer, demo apps in this repository (demo/server/server.go and demo/client/client.go) -then negotiate session settings (cipher/hmac algorithms, etc.) to be used for further communication. +Above the hkex.Conn layer, the server and client apps in this repository +(server/hkexshd and client/hkexsh) negotiate session settings (cipher/hmac +algorithms, interactive/non-interactive, etc.) to be used for further +communication. NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to -derive crypto keying material on each end, this algorithm and the -demonstration remote shell client/server programs should be used with caution. -As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to -the level of security of the HerraduraKEx algorithm for purposes of session key -exchange over an insecure channel has been rendered. -It is hoped that such experts in the field will analyze the algorithm and -determine if it is indeed a suitable one for use in situations where -Diffie-Hellman and other key exchange algorithms are currently utilized. +derive crypto keying material, this algorithm and the demonstration remote +shell client/server programs should be used with caution and should definitely +NOT be used for any sensitive applications, or at the very least at one's +own risk. -Within the demo/ tree are client and servers implementing a simplified, -ssh-like secure shell facility and a password-setting utility using its -own user/password file separate from the system /etc/passwd, which is -used by the server to authenticate clients. +As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to +the level of security of the HerraduraKEx algorithm for purposes of session +key exchange over an insecure channel has been rendered. +It is hoped that experts in the field will analyze the algorithm and +determine if it is indeed a suitable one for use in situations where +Diffie-Hellman or other key exchange algorithms are currently utilized. + +Finally, within the hkexpasswd/ directory is a password-setting utility +using its own user/password file distinct from the system /etc/passwd, which +is used by the hkexshd server to authenticate clients. Dependencies: -- @@ -45,18 +54,15 @@ Get source code To build -- * $ cd $GOPATH/src/github.com/Russtopia/hkexsh -* $ go install . -* $ go build demo/client/client.go && go build demo/server/server.go -* $ go build demo/hkexpasswd/hkexpasswd.go +* $ make clean all To set accounts & passwords: -- * $ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd -* $ sudo ./hkexpasswd -u joebloggs +* $ sudo hkexpasswd/hkexpasswd -u joebloggs * $ Running Clent and Server. In separate shells: -- -* [A]$ sudo ./server & -* [B]$ ./client -u joebloggs - +* [A]$ sudo hkexshd/hkexshd & +* [B]$ hkexsh/hkexsh -u joebloggs diff --git a/herradurakex.go b/herradurakex.go index 1f57da5..9d59782 100644 --- a/herradurakex.go +++ b/herradurakex.go @@ -5,11 +5,16 @@ // // (https://github.com/Caume/HerraduraKEx) // -// Demonstration server (hkexshd) and -// client (hkexsh) - +// The core HerraduraKEx algorithm is dual-licensed +// by the author (Omar Alejandro Herrera Reyna) +// under GPL3 and MIT licenses. +// See LICENSE.gpl and LICENSE.mit in this distribution // -// See README.md for full license info. +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) package hkexsh /* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange. @@ -27,7 +32,7 @@ package hkexsh You should have received a copy of the GNU General Public License along with this program. If not, see . - + golang implementation by Russ Magee (rmagee_at_gmail.com) */ /* This is the core KEx algorithm. For client/server net support code, diff --git a/hkexauth.go b/hkexauth.go index f34db67..84c15d6 100644 --- a/hkexauth.go +++ b/hkexauth.go @@ -1,4 +1,10 @@ // Authentication routines for the HKExSh +// +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) package hkexsh diff --git a/hkexchan.go b/hkexchan.go index d3fdf46..52c79f9 100644 --- a/hkexchan.go +++ b/hkexchan.go @@ -1,5 +1,11 @@ package hkexsh +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) + /* Support functions to set up encryption once an HKEx Conn has been established with FA exchange and support channel operations (echo, file-copy, remote-cmd, ...) */ diff --git a/hkexnet.go b/hkexnet.go index 18e5b18..63a318b 100644 --- a/hkexnet.go +++ b/hkexnet.go @@ -1,20 +1,11 @@ -/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange. - Copyright (C) 2017 Omar Alejandro Herrera Reyna +// hkexnet.go - net.Conn compatible channel setup with encrypted/HMAC +// negotiation - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - golang implementation by Russ Magee (rmagee_at_gmail.com) */ +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) package hkexsh diff --git a/hkexpasswd/hkexpasswd.go b/hkexpasswd/hkexpasswd.go index 0e5f99b..e4ce1c5 100644 --- a/hkexpasswd/hkexpasswd.go +++ b/hkexpasswd/hkexpasswd.go @@ -1,5 +1,11 @@ // Util to generate/store passwords for users in a file akin to /etc/passwd // suitable for the demo hkexsh server, using bcrypt. +// +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) package main import ( diff --git a/hkexsh/hkexsh.go b/hkexsh/hkexsh.go index befe409..cd969b6 100644 --- a/hkexsh/hkexsh.go +++ b/hkexsh/hkexsh.go @@ -1,3 +1,10 @@ +// hkexsh client +// +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) package main import ( diff --git a/hkexshd/hkexshd.go b/hkexshd/hkexshd.go index 7237003..83e8557 100644 --- a/hkexshd/hkexshd.go +++ b/hkexshd/hkexshd.go @@ -1,3 +1,10 @@ +// hkexshd server +// +// Copyright (c) 2017-2018 Russell Magee +// Licensed under the terms of the MIT license (see LICENSE.mit in this +// distribution) +// +// golang implementation by Russ Magee (rmagee_at_gmail.com) package main import (