mirror of https://gogs.blitter.com/RLabs/xs
Made server.go and serverp.go (plaintext net example) use same bufsize
This commit is contained in:
Russ Magee
parent
9054bcb89f
commit
aaa99360be
41
README.md
41
README.md
|
|
@ -1,16 +1,33 @@
|
||||||
This is an implementation of the 'HerraduraKEx' key exchange algorithm in golang.
|
This is a drop-in replacement for the golang/pkg/net facilities
|
||||||
See github.com/Caume/HerraduraKEx
|
(net.Dial(), net.Listen(), net.Accept() and net.Conn type) using the
|
||||||
|
experimental HerraduraKEx 'secure' key exchange algorithm, first released at
|
||||||
|
github.com/Caume/HerraduraKEx
|
||||||
|
|
||||||
package herradurakex is a simple golang library to manage key exchanges using the algorithm
|
One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
|
||||||
and (TODO) wraps/extends golang.org/pkg/net/, Listener interface, Dial/Accept methods by
|
net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
|
||||||
providing a HKexConn built on top of the vanilla Conn.
|
to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
|
||||||
|
is initiated (whereby client and server independently derive the same
|
||||||
|
keying material) and session algorithms to be used are exchanged allowing an
|
||||||
|
encrypted channel between client and server.
|
||||||
|
|
||||||
Theory:
|
NOTE: the terms 'secure' and 'securely' where used above are purposely
|
||||||
1. Build a standard pkg/net/ Conn c
|
enclosed in singled quotes due to the experimental nature of the HerraduraKEx
|
||||||
2. Build a HKexConn passing in Conn hc (HKexConn implements io.Reader,io.Writer)s
|
algorithm used to derive crypto keying material on each end.
|
||||||
3. Dial/Listen on hc (it will do the KEx and store session key, negotiate crypto alg.)
|
As of this time no verdict by acknowledged 'crypto experts' as to the true
|
||||||
4. Call any pkg/net ops as usual using HKexConn
|
security of the HerraduraKEx algorithm for purposes of session key exchange
|
||||||
|
over an insecure channel has been rendered.
|
||||||
|
It is hoped that such experts in the field will analyze the algorithm and
|
||||||
|
determine if it is indeed a suitable one for use in situations where
|
||||||
|
Diffie-Hellman key exchange is currently utilized.
|
||||||
|
|
||||||
|
To run
|
||||||
|
--
|
||||||
|
$ go get <tbd>/herradurakex.git
|
||||||
|
$ cd $GOPATH/src/<tbd>/herradurakex
|
||||||
|
$ go install .
|
||||||
|
$ cd demo/
|
||||||
|
$ go build client.go && go build server.go
|
||||||
|
|
||||||
? -rlm 2018-01-06
|
[ in separate shell windows ]
|
||||||
|
[A]$ ./server
|
||||||
|
[B]$ ./client
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ func main() {
|
||||||
go func(ch chan []byte, eCh chan error) {
|
go func(ch chan []byte, eCh chan error) {
|
||||||
for {
|
for {
|
||||||
// try to read the data
|
// try to read the data
|
||||||
data := make([]byte, 64)
|
data := make([]byte, 512)
|
||||||
chN, err = c.Read(data)
|
chN, err = c.Read(data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// send an error if it's encountered
|
// send an error if it's encountered
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue