From 423410bb406889022f22f8ebf043a66cfdc1e51e Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Fri, 27 Sep 2019 09:44:57 -0700 Subject: [PATCH] WIP integrating experimental WANDERER alg --- hkexnet/consts.go | 1 + hkexnet/hkexchan.go | 13 ++++++------- hkexnet/hkexnet.go | 4 ++++ hkexshd/hkexshd.go | 10 +++++----- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/hkexnet/consts.go b/hkexnet/consts.go index cd90130..1bfbda0 100644 --- a/hkexnet/consts.go +++ b/hkexnet/consts.go @@ -95,6 +95,7 @@ const ( CAlgTwofish128 // golang.org/x/crypto/twofish CAlgBlowfish64 // golang.org/x/crypto/blowfish CAlgCryptMT1 //cryptmt using mtwist64 + CAlgWanderer // inhouse experimental crypto alg CAlgNoneDisallowed ) diff --git a/hkexnet/hkexchan.go b/hkexnet/hkexchan.go index 8fbf47b..fafb96e 100644 --- a/hkexnet/hkexchan.go +++ b/hkexnet/hkexchan.go @@ -20,9 +20,11 @@ import ( "hash" "log" + "blitter.com/go/cryptmt" + "blitter.com/go/wanderer" "golang.org/x/crypto/blowfish" "golang.org/x/crypto/twofish" - "blitter.com/go/cryptmt" + // hash algos must be manually imported thusly: // (Would be nice if the golang pkg docs were more clear // on this...) @@ -75,7 +77,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err iv = keymat[aes.BlockSize : aes.BlockSize+ivlen] rc = cipher.NewOFB(block, iv) log.Printf("[cipher AES_256 (%d)]\n", copts) - break case CAlgTwofish128: keymat = expandKeyMat(keymat, twofish.BlockSize) key = keymat[0:twofish.BlockSize] @@ -84,7 +85,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err iv = keymat[twofish.BlockSize : twofish.BlockSize+ivlen] rc = cipher.NewOFB(block, iv) log.Printf("[cipher TWOFISH_128 (%d)]\n", copts) - break case CAlgBlowfish64: keymat = expandKeyMat(keymat, blowfish.BlockSize) key = keymat[0:blowfish.BlockSize] @@ -102,11 +102,12 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err iv = keymat[blowfish.BlockSize : blowfish.BlockSize+ivlen] rc = cipher.NewOFB(block, iv) log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts) - break case CAlgCryptMT1: rc = cryptmt.NewCipher(keymat) log.Printf("[cipher CRYPTMT1 (%d)]\n", copts) - break + case CAlgWanderer: + rc = wanderer.NewCodec(nil, nil, keymat, 3, 3) + log.Printf("[cipher WANDERER (%d)]\n", copts) default: log.Printf("[invalid cipher (%d)]\n", copts) fmt.Printf("DOOFUS SET A VALID CIPHER ALG (%d)\n", copts) @@ -123,7 +124,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err if !halg.Available() { log.Fatal("hash not available!") } - break case HmacSHA512: log.Printf("[hash HmacSHA512 (%d)]\n", hopts) halg := crypto.SHA512 @@ -131,7 +131,6 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err if !halg.Available() { log.Fatal("hash not available!") } - break default: log.Printf("[invalid hmac (%d)]\n", hopts) fmt.Printf("DOOFUS SET A VALID HMAC ALG (%d)\n", hopts) diff --git a/hkexnet/hkexnet.go b/hkexnet/hkexnet.go index ec1d7e1..7209a4e 100644 --- a/hkexnet/hkexnet.go +++ b/hkexnet/hkexnet.go @@ -258,6 +258,10 @@ func (hc *Conn) applyConnExtensions(extensions ...string) { log.Println("[extension arg = C_CRYPTMT1]") hc.cipheropts &= (0xFFFFFF00) hc.cipheropts |= CAlgCryptMT1 + case "C_WANDERER": + log.Println("[extension arg = C_WANDERER]") + hc.cipheropts &= (0xFFFFFF00) + hc.cipheropts |= CAlgWanderer case "H_SHA256": log.Println("[extension arg = H_SHA256]") hc.cipheropts &= (0xFFFF00FF) diff --git a/hkexshd/hkexshd.go b/hkexshd/hkexshd.go index 441c0d9..f780a0b 100755 --- a/hkexshd/hkexshd.go +++ b/hkexshd/hkexshd.go @@ -35,12 +35,12 @@ import ( ) var ( - version string - gitCommit string // set in -ldflags by build - + version string + gitCommit string // set in -ldflags by build + useSysLogin bool - kcpMode string // set to a valid KCP BlockCrypt alg tag to use rather than TCP - + kcpMode string // set to a valid KCP BlockCrypt alg tag to use rather than TCP + // Log - syslog output (with no -d) Log *logger.Writer )