mirror of https://gogs.blitter.com/RLabs/xs
misc. cleanup, LICENSE.{gpl,mit} updates
This commit is contained in:
parent
ae5a8cfa3b
commit
351f58b6c5
|
@ -0,0 +1,22 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2017 - 2018 Omar Alejandro Herrera Reyna (core HerraduraKEx)
|
||||
Copyright (c) 2017 - 2018 Russell Magee (hkexsh/hkexshd/hkexpasswd)
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
56
README.md
56
README.md
|
@ -1,10 +1,15 @@
|
|||
HKExSh
|
||||
--
|
||||
|
||||
'hkexsh' (HerraduraKEx shell) is a golang implementation of drop-in replacements for golang's
|
||||
standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept() and the net.Conn type),
|
||||
which automatically negotiate keying material for 'secure' sockets using the experimental
|
||||
HerraduraKEx key exchange algorithm first released at [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx).
|
||||
'hkexsh' (HerraduraKEx shell) is a golang implementation of a simple
|
||||
remote shell client and server, similar in role to ssh, offering
|
||||
encrypted interactive and non-interactive sessions. The client and server
|
||||
programs (hkexsh and hkexshd) use a mostly drop-in replacement for golang's
|
||||
standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept()
|
||||
and the net.Conn type), which automatically negotiate keying material for
|
||||
'secure' sockets using the experimental HerraduraKEx key exchange algorithm
|
||||
first released at
|
||||
[Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx).
|
||||
|
||||
One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
|
||||
net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
|
||||
|
@ -12,23 +17,27 @@ to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
|
|||
is initiated (whereby client and server independently derive the same
|
||||
keying material).
|
||||
|
||||
Above this layer, demo apps in this repository (demo/server/server.go and demo/client/client.go)
|
||||
then negotiate session settings (cipher/hmac algorithms, etc.) to be used for further communication.
|
||||
Above the hkex.Conn layer, the server and client apps in this repository
|
||||
(server/hkexshd and client/hkexsh) negotiate session settings (cipher/hmac
|
||||
algorithms, interactive/non-interactive, etc.) to be used for further
|
||||
communication.
|
||||
|
||||
NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to
|
||||
derive crypto keying material on each end, this algorithm and the
|
||||
demonstration remote shell client/server programs should be used with caution.
|
||||
As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to
|
||||
the level of security of the HerraduraKEx algorithm for purposes of session key
|
||||
exchange over an insecure channel has been rendered.
|
||||
It is hoped that such experts in the field will analyze the algorithm and
|
||||
determine if it is indeed a suitable one for use in situations where
|
||||
Diffie-Hellman and other key exchange algorithms are currently utilized.
|
||||
derive crypto keying material, this algorithm and the demonstration remote
|
||||
shell client/server programs should be used with caution and should definitely
|
||||
NOT be used for any sensitive applications, or at the very least at one's
|
||||
own risk.
|
||||
|
||||
Within the demo/ tree are client and servers implementing a simplified,
|
||||
ssh-like secure shell facility and a password-setting utility using its
|
||||
own user/password file separate from the system /etc/passwd, which is
|
||||
used by the server to authenticate clients.
|
||||
As of this time (Jan 2018) no verdict by acknowledged 'crypto experts' as to
|
||||
the level of security of the HerraduraKEx algorithm for purposes of session
|
||||
key exchange over an insecure channel has been rendered.
|
||||
It is hoped that experts in the field will analyze the algorithm and
|
||||
determine if it is indeed a suitable one for use in situations where
|
||||
Diffie-Hellman or other key exchange algorithms are currently utilized.
|
||||
|
||||
Finally, within the hkexpasswd/ directory is a password-setting utility
|
||||
using its own user/password file distinct from the system /etc/passwd, which
|
||||
is used by the hkexshd server to authenticate clients.
|
||||
|
||||
Dependencies:
|
||||
--
|
||||
|
@ -45,18 +54,15 @@ Get source code
|
|||
To build
|
||||
--
|
||||
* $ cd $GOPATH/src/github.com/Russtopia/hkexsh
|
||||
* $ go install .
|
||||
* $ go build demo/client/client.go && go build demo/server/server.go
|
||||
* $ go build demo/hkexpasswd/hkexpasswd.go
|
||||
* $ make clean all
|
||||
|
||||
To set accounts & passwords:
|
||||
--
|
||||
* $ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd
|
||||
* $ sudo ./hkexpasswd -u joebloggs
|
||||
* $ sudo hkexpasswd/hkexpasswd -u joebloggs
|
||||
* $ <enter a password, enter again to confirm>
|
||||
|
||||
Running Clent and Server. In separate shells:
|
||||
--
|
||||
* [A]$ sudo ./server &
|
||||
* [B]$ ./client -u joebloggs
|
||||
|
||||
* [A]$ sudo hkexshd/hkexshd &
|
||||
* [B]$ hkexsh/hkexsh -u joebloggs
|
||||
|
|
|
@ -5,11 +5,16 @@
|
|||
//
|
||||
// (https://github.com/Caume/HerraduraKEx)
|
||||
//
|
||||
// Demonstration server (hkexshd) and
|
||||
// client (hkexsh)
|
||||
|
||||
// The core HerraduraKEx algorithm is dual-licensed
|
||||
// by the author (Omar Alejandro Herrera Reyna)
|
||||
// under GPL3 and MIT licenses.
|
||||
// See LICENSE.gpl and LICENSE.mit in this distribution
|
||||
//
|
||||
// See README.md for full license info.
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
package hkexsh
|
||||
|
||||
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
// Authentication routines for the HKExSh
|
||||
//
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
|
||||
package hkexsh
|
||||
|
||||
|
|
|
@ -1,5 +1,11 @@
|
|||
package hkexsh
|
||||
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
|
||||
/* Support functions to set up encryption once an HKEx Conn has been
|
||||
established with FA exchange and support channel operations
|
||||
(echo, file-copy, remote-cmd, ...) */
|
||||
|
|
23
hkexnet.go
23
hkexnet.go
|
@ -1,20 +1,11 @@
|
|||
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
|
||||
Copyright (C) 2017 Omar Alejandro Herrera Reyna
|
||||
// hkexnet.go - net.Conn compatible channel setup with encrypted/HMAC
|
||||
// negotiation
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
golang implementation by Russ Magee (rmagee_at_gmail.com) */
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
|
||||
package hkexsh
|
||||
|
||||
|
|
|
@ -1,5 +1,11 @@
|
|||
// Util to generate/store passwords for users in a file akin to /etc/passwd
|
||||
// suitable for the demo hkexsh server, using bcrypt.
|
||||
//
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
package main
|
||||
|
||||
import (
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
// hkexsh client
|
||||
//
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
package main
|
||||
|
||||
import (
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
// hkexshd server
|
||||
//
|
||||
// Copyright (c) 2017-2018 Russell Magee
|
||||
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
||||
// distribution)
|
||||
//
|
||||
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
||||
package main
|
||||
|
||||
import (
|
||||
|
|
Loading…
Reference in New Issue