reorg to separate core KEx and net layer from app

This commit is contained in:
Russ Magee 2018-07-04 21:21:23 -07:00
parent 9291fdcff6
commit bd261a32e9
6 changed files with 85 additions and 31 deletions

View File

@ -1,6 +1,7 @@
.PHONY: clean lib client server passwd
.PHONY: info clean lib client server passwd
SUBDIRS = hkexpasswd hkexsh hkexshd
SUBDIRS = hkexnet herradurakex hkexpasswd hkexsh hkexshd
LIBS = hkexnet herradurakex
all: lib client server passwd

17
herradurakex/Makefile Normal file
View File

@ -0,0 +1,17 @@
.PHONY: info clean all lib
all: lib
clean:
go clean .
lib: info
go install .
ifneq ($(MSYSTEM),)
info:
@echo "building for Windows (MSYS)"
else
info:
@echo "building for Linux"
endif

View File

@ -15,7 +15,7 @@
// distribution)
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh
package hkex
/* Herradura - a Key exchange scheme in the style of Diffie-Hellman Key Exchange.
Copyright (C) 2017 Omar Alejandro Herrera Reyna
@ -52,7 +52,7 @@ type HerraduraKEx struct {
randctx *rand.Rand
a *big.Int
b *big.Int
d, PeerD *big.Int
d, peerD *big.Int
fa *big.Int
}
@ -148,22 +148,37 @@ func (h *HerraduraKEx) fscxRevolve(x, y *big.Int, passes int) (result *big.Int)
// D returns the D (FSCX Revolved) value, input to generate FA
// (the value for peer KEx)
func (h *HerraduraKEx) D() *big.Int {
func (h HerraduraKEx) D() *big.Int {
return h.d
}
// FA returns the FA value, which must be sent to peer for KEx.
func (h *HerraduraKEx) FA() {
h.fa = h.fscxRevolve(h.PeerD, h.b, h.intSz-h.pubSz)
// PeerD returns the peer D value
func (h HerraduraKEx) PeerD() *big.Int {
return h.peerD
}
// SetPeerD stores the received peer's D value (contents, not ptr)
func (h *HerraduraKEx) SetPeerD(pd *big.Int) {
*h.peerD = *pd
}
// ComputeFA computes the FA value, which must be sent to peer for KEx.
func (h *HerraduraKEx) ComputeFA() {
h.fa = h.fscxRevolve(h.peerD, h.b, h.intSz-h.pubSz)
h.fa.Xor(h.fa, h.a)
}
// FA returns the computed FA value
func (h HerraduraKEx) FA() *big.Int {
return h.fa
}
// Output HerraduraKEx type value as a string. Implements Stringer interface.
func (h *HerraduraKEx) String() string {
return fmt.Sprintf("s:%d p:%d\na:%s\nb:%s\nd:->%s\n<-PeerD:%s\nfa:%s",
return fmt.Sprintf("s:%d p:%d\na:%s\nb:%s\nd:->%s\n<-peerD:%s\nfa:%s",
h.intSz, h.pubSz,
h.a.Text(16), h.b.Text(16),
h.d.Text(16),
h.PeerD.Text(16),
h.peerD.Text(16),
h.fa.Text(16))
}

17
hkexnet/Makefile Normal file
View File

@ -0,0 +1,17 @@
.PHONY: info clean lib
all: lib
clean:
go clean .
lib: info
go install .
ifneq ($(MSYSTEM),)
info:
@echo "Building for Windows (MSYS)"
else
info:
@echo "Building for Linux"
endif

View File

@ -1,4 +1,4 @@
package hkexsh
package hkexnet
// Copyright (c) 2017-2018 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this

View File

@ -7,7 +7,7 @@
//
// golang implementation by Russ Magee (rmagee_at_gmail.com)
package hkexsh
package hkexnet
// Implementation of HKEx-wrapped versions of the golang standard
// net package interfaces, allowing clients and servers to simply replace
@ -30,6 +30,8 @@ import (
"strings"
"sync"
"time"
"blitter.com/go/hkexsh/herradurakex"
)
const (
@ -59,7 +61,7 @@ type ChaffConfig struct {
type Conn struct {
m *sync.Mutex
c net.Conn // which also implements io.Reader, io.Writer, ...
h *HerraduraKEx
h *hkex.HerraduraKEx
cipheropts uint32 // post-KEx cipher/hmac options
opts uint32 // post-KEx protocol options (caller-defined)
WinCh chan WinSize
@ -166,12 +168,12 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
return nil, err
}
// Init hkexnet.Conn hc over net.Conn c
hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(uint8), h: New(0, 0), dBuf: new(bytes.Buffer)}
hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(uint8), h: hkex.New(0, 0), dBuf: new(bytes.Buffer)}
hc.applyConnExtensions(extensions...)
// Send hkexnet.Conn parameters to remote side
// d is value for Herradura key exchange
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.d.Text(16),
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.D().Text(16),
hc.cipheropts, hc.opts)
d := big.NewInt(0)
@ -179,20 +181,21 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
if err != nil {
return nil, err
}
// Read peer D over net.Conn (c)
_, err = fmt.Fscanf(c, "%08x:%08x\n",
&hc.cipheropts, &hc.opts)
if err != nil {
return nil, err
}
hc.h.PeerD = d
log.Printf("** D:%s\n", hc.h.d.Text(16))
log.Printf("**(c)** peerD:%s\n", hc.h.PeerD.Text(16))
hc.h.FA()
log.Printf("**(c)** FA:%s\n", hc.h.fa)
hc.h.SetPeerD(d)
log.Printf("** local D:%s\n", hc.h.D().Text(16))
log.Printf("**(c)** peer D:%s\n", hc.h.PeerD().Text(16))
hc.h.ComputeFA()
log.Printf("**(c)** FA:%s\n", hc.h.FA())
hc.r, hc.rm, err = hc.getStream(hc.h.fa)
hc.w, hc.wm, err = hc.getStream(hc.h.fa)
hc.r, hc.rm, err = hc.getStream(hc.h.FA())
hc.w, hc.wm, err = hc.getStream(hc.h.FA())
*hc.closeStat = 99 // open or prematurely-closed status
return
@ -304,7 +307,7 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
}
log.Println("[Accepted]")
hc = Conn{m: &sync.Mutex{}, c: c, h: New(0, 0), closeStat: new(uint8), WinCh: make(chan WinSize, 1),
hc = Conn{m: &sync.Mutex{}, c: c, h: hkex.New(0, 0), closeStat: new(uint8), WinCh: make(chan WinSize, 1),
dBuf: new(bytes.Buffer)}
// Read in hkexnet.Conn parameters over raw Conn c
@ -321,17 +324,18 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
if err != nil {
return hc, err
}
hc.h.PeerD = d
log.Printf("** D:%s\n", hc.h.d.Text(16))
log.Printf("**(s)** peerD:%s\n", hc.h.PeerD.Text(16))
hc.h.SetPeerD(d)
log.Printf("** D:%s\n", hc.h.D().Text(16))
log.Printf("**(s)** peerD:%s\n", hc.h.PeerD().Text(16))
hc.h.FA()
log.Printf("**(s)** FA:%s\n", hc.h.fa)
log.Printf("**(s)** FA:%s\n", hc.h.FA())
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.d.Text(16),
// Send D and cipheropts/conn_opts to peer
fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.D().Text(16),
hc.cipheropts, hc.opts)
hc.r, hc.rm, err = hc.getStream(hc.h.fa)
hc.w, hc.wm, err = hc.getStream(hc.h.fa)
hc.r, hc.rm, err = hc.getStream(hc.h.FA())
hc.w, hc.wm, err = hc.getStream(hc.h.FA())
return
}