reorg to separate core KEx and net layer from app

This commit is contained in:
Russ Magee 2018-07-04 21:21:23 -07:00
parent 9291fdcff6
commit bd261a32e9
6 changed files with 85 additions and 31 deletions

View File

@ -1,6 +1,7 @@
.PHONY: clean lib client server passwd .PHONY: info clean lib client server passwd
SUBDIRS = hkexpasswd hkexsh hkexshd SUBDIRS = hkexnet herradurakex hkexpasswd hkexsh hkexshd
LIBS = hkexnet herradurakex
all: lib client server passwd all: lib client server passwd

17
herradurakex/Makefile Normal file
View File

@ -0,0 +1,17 @@
.PHONY: info clean all lib
all: lib
clean:
go clean .
lib: info
go install .
ifneq ($(MSYSTEM),)
info:
@echo "building for Windows (MSYS)"
else
info:
@echo "building for Linux"
endif

View File

@ -15,7 +15,7 @@
// distribution) // distribution)
// //
// golang implementation by Russ Magee (rmagee_at_gmail.com) // golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh package hkex
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange. /* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
Copyright (C) 2017 Omar Alejandro Herrera Reyna Copyright (C) 2017 Omar Alejandro Herrera Reyna
@ -52,7 +52,7 @@ type HerraduraKEx struct {
randctx *rand.Rand randctx *rand.Rand
a *big.Int a *big.Int
b *big.Int b *big.Int
d, PeerD *big.Int d, peerD *big.Int
fa *big.Int fa *big.Int
} }
@ -148,22 +148,37 @@ func (h *HerraduraKEx) fscxRevolve(x, y *big.Int, passes int) (result *big.Int)
// D returns the D (FSCX Revolved) value, input to generate FA // D returns the D (FSCX Revolved) value, input to generate FA
// (the value for peer KEx) // (the value for peer KEx)
func (h *HerraduraKEx) D() *big.Int { func (h HerraduraKEx) D() *big.Int {
return h.d return h.d
} }
// FA returns the FA value, which must be sent to peer for KEx. // PeerD returns the peer D value
func (h *HerraduraKEx) FA() { func (h HerraduraKEx) PeerD() *big.Int {
h.fa = h.fscxRevolve(h.PeerD, h.b, h.intSz-h.pubSz) return h.peerD
}
// SetPeerD stores the received peer's D value (contents, not ptr)
func (h *HerraduraKEx) SetPeerD(pd *big.Int) {
*h.peerD = *pd
}
// ComputeFA computes the FA value, which must be sent to peer for KEx.
func (h *HerraduraKEx) ComputeFA() {
h.fa = h.fscxRevolve(h.peerD, h.b, h.intSz-h.pubSz)
h.fa.Xor(h.fa, h.a) h.fa.Xor(h.fa, h.a)
} }
// FA returns the computed FA value
func (h HerraduraKEx) FA() *big.Int {
return h.fa
}
// Output HerraduraKEx type value as a string. Implements Stringer interface. // Output HerraduraKEx type value as a string. Implements Stringer interface.
func (h *HerraduraKEx) String() string { func (h *HerraduraKEx) String() string {
return fmt.Sprintf("s:%d p:%d\na:%s\nb:%s\nd:->%s\n<-PeerD:%s\nfa:%s", return fmt.Sprintf("s:%d p:%d\na:%s\nb:%s\nd:->%s\n<-peerD:%s\nfa:%s",
h.intSz, h.pubSz, h.intSz, h.pubSz,
h.a.Text(16), h.b.Text(16), h.a.Text(16), h.b.Text(16),
h.d.Text(16), h.d.Text(16),
h.PeerD.Text(16), h.peerD.Text(16),
h.fa.Text(16)) h.fa.Text(16))
} }

17
hkexnet/Makefile Normal file
View File

@ -0,0 +1,17 @@
.PHONY: info clean lib
all: lib
clean:
go clean .
lib: info
go install .
ifneq ($(MSYSTEM),)
info:
@echo "Building for Windows (MSYS)"
else
info:
@echo "Building for Linux"
endif

View File

@ -1,4 +1,4 @@
package hkexsh package hkexnet
// Copyright (c) 2017-2018 Russell Magee // Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this // Licensed under the terms of the MIT license (see LICENSE.mit in this

View File

@ -7,7 +7,7 @@
// //
// golang implementation by Russ Magee (rmagee_at_gmail.com) // golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh package hkexnet
// Implementation of HKEx-wrapped versions of the golang standard // Implementation of HKEx-wrapped versions of the golang standard
// net package interfaces, allowing clients and servers to simply replace // net package interfaces, allowing clients and servers to simply replace
@ -30,6 +30,8 @@ import (
"strings" "strings"
"sync" "sync"
"time" "time"
"blitter.com/go/hkexsh/herradurakex"
) )
const ( const (
@ -59,7 +61,7 @@ type ChaffConfig struct {
type Conn struct { type Conn struct {
m *sync.Mutex m *sync.Mutex
c net.Conn // which also implements io.Reader, io.Writer, ... c net.Conn // which also implements io.Reader, io.Writer, ...
h *HerraduraKEx h *hkex.HerraduraKEx
cipheropts uint32 // post-KEx cipher/hmac options cipheropts uint32 // post-KEx cipher/hmac options
opts uint32 // post-KEx protocol options (caller-defined) opts uint32 // post-KEx protocol options (caller-defined)
WinCh chan WinSize WinCh chan WinSize
@ -166,12 +168,12 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
return nil, err return nil, err
} }
// Init hkexnet.Conn hc over net.Conn c // Init hkexnet.Conn hc over net.Conn c
hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(uint8), h: New(0, 0), dBuf: new(bytes.Buffer)} hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(uint8), h: hkex.New(0, 0), dBuf: new(bytes.Buffer)}
hc.applyConnExtensions(extensions...) hc.applyConnExtensions(extensions...)
// Send hkexnet.Conn parameters to remote side // Send hkexnet.Conn parameters to remote side
// d is value for Herradura key exchange // d is value for Herradura key exchange
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.d.Text(16), fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.D().Text(16),
hc.cipheropts, hc.opts) hc.cipheropts, hc.opts)
d := big.NewInt(0) d := big.NewInt(0)
@ -179,20 +181,21 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
if err != nil { if err != nil {
return nil, err return nil, err
} }
// Read peer D over net.Conn (c)
_, err = fmt.Fscanf(c, "%08x:%08x\n", _, err = fmt.Fscanf(c, "%08x:%08x\n",
&hc.cipheropts, &hc.opts) &hc.cipheropts, &hc.opts)
if err != nil { if err != nil {
return nil, err return nil, err
} }
hc.h.PeerD = d hc.h.SetPeerD(d)
log.Printf("** D:%s\n", hc.h.d.Text(16)) log.Printf("** local D:%s\n", hc.h.D().Text(16))
log.Printf("**(c)** peerD:%s\n", hc.h.PeerD.Text(16)) log.Printf("**(c)** peer D:%s\n", hc.h.PeerD().Text(16))
hc.h.FA() hc.h.ComputeFA()
log.Printf("**(c)** FA:%s\n", hc.h.fa) log.Printf("**(c)** FA:%s\n", hc.h.FA())
hc.r, hc.rm, err = hc.getStream(hc.h.fa) hc.r, hc.rm, err = hc.getStream(hc.h.FA())
hc.w, hc.wm, err = hc.getStream(hc.h.fa) hc.w, hc.wm, err = hc.getStream(hc.h.FA())
*hc.closeStat = 99 // open or prematurely-closed status *hc.closeStat = 99 // open or prematurely-closed status
return return
@ -304,7 +307,7 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
} }
log.Println("[Accepted]") log.Println("[Accepted]")
hc = Conn{m: &sync.Mutex{}, c: c, h: New(0, 0), closeStat: new(uint8), WinCh: make(chan WinSize, 1), hc = Conn{m: &sync.Mutex{}, c: c, h: hkex.New(0, 0), closeStat: new(uint8), WinCh: make(chan WinSize, 1),
dBuf: new(bytes.Buffer)} dBuf: new(bytes.Buffer)}
// Read in hkexnet.Conn parameters over raw Conn c // Read in hkexnet.Conn parameters over raw Conn c
@ -321,17 +324,18 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
if err != nil { if err != nil {
return hc, err return hc, err
} }
hc.h.PeerD = d hc.h.SetPeerD(d)
log.Printf("** D:%s\n", hc.h.d.Text(16)) log.Printf("** D:%s\n", hc.h.D().Text(16))
log.Printf("**(s)** peerD:%s\n", hc.h.PeerD.Text(16)) log.Printf("**(s)** peerD:%s\n", hc.h.PeerD().Text(16))
hc.h.FA() hc.h.FA()
log.Printf("**(s)** FA:%s\n", hc.h.fa) log.Printf("**(s)** FA:%s\n", hc.h.FA())
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.d.Text(16), // Send D and cipheropts/conn_opts to peer
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.D().Text(16),
hc.cipheropts, hc.opts) hc.cipheropts, hc.opts)
hc.r, hc.rm, err = hc.getStream(hc.h.fa) hc.r, hc.rm, err = hc.getStream(hc.h.FA())
hc.w, hc.wm, err = hc.getStream(hc.h.fa) hc.w, hc.wm, err = hc.getStream(hc.h.FA())
return return
} }