From dcb42d43f10868903a6126db4be29f9852e77b59 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Mon, 10 Sep 2018 20:22:09 -0700 Subject: [PATCH] -BREAKING CHANGE: pre-KEx byte sent for KEx alg (default and only for now: KEX_HERRADURA) --- hkexnet/hkexnet.go | 52 ++++++++++++++++++++++++++++++++++++++++++++-- hkexsh/hkexsh.go | 2 +- 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/hkexnet/hkexnet.go b/hkexnet/hkexnet.go index 15dedd4..1d146bc 100644 --- a/hkexnet/hkexnet.go +++ b/hkexnet/hkexnet.go @@ -9,6 +9,14 @@ package hkexnet +// TODO: +// If key exchange algs other than the experimental HerraduraKEx are to +// be supported, the Dial() and Accept() methods should take a kex param, +// specifying which to use; and the client/server negotiation must then +// prefix the channel setup with this param over the wire in order to decide +// which is in use. +// + // Implementation of HKEx-wrapped versions of the golang standard // net package interfaces, allowing clients and servers to simply replace // 'net.Dial' and 'net.Listen' with 'hkex.Dial' and 'hkex.Listen' @@ -34,6 +42,17 @@ import ( "blitter.com/go/hkexsh/herradurakex" ) +// KEx type - sent from client to server in order to specify which +// algo shall be used (eg., HerraduraKEx, [TODO: others...]) +type KEX uint8 + +const ( + KEX_HERRADURA = iota // this MUST be first for default if omitted in ctor + //KEX_FOO + //KEX_DH + //KEX_ETC +) + // const CSExtendedCode - extended (>255 UNIX exit status) codes // This indicate channel-related or internal errors const ( @@ -76,6 +95,7 @@ type ( // Conn is a HKex connection - a superset of net.Conn Conn struct { + kex KEX m *sync.Mutex c net.Conn // which also implements io.Reader, io.Writer, ... h *hkex.HerraduraKEx @@ -146,6 +166,14 @@ func (hc *Conn) SetOpts(opts uint32) { func (hc *Conn) applyConnExtensions(extensions ...string) { for _, s := range extensions { switch s { + case "KEX_HERRADURA": + log.Println("[extension arg = KEX_HERRADURA]") + hc.kex = KEX_HERRADURA + break + //case "KEX_FOO": + // log.Println("[extension arg = KEX_FOO]") + // hc.kex = KEX_FOO + // break case "C_AES_256": log.Println("[extension arg = C_AES_256]") hc.cipheropts &= (0xFFFFFF00) @@ -173,7 +201,9 @@ func (hc *Conn) applyConnExtensions(extensions ...string) { } } -// Dial as net.Dial(), but with implicit HKEx PeerD read on connect +// Dial as net.Dial(), but with implicit key exchange to set up secure +// channel on connect +// // Can be called like net.Dial(), defaulting to C_AES_256/H_SHA256, // or additional option arguments can be passed amongst the following: // @@ -187,9 +217,17 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e return nil, err } // Init hkexnet.Conn hc over net.Conn c + // NOTE: kex default of KEX_HERRADURA may be overridden by + // future extension args to applyConnExtensions(), which is + // called prior to Dial() hc = &Conn{m: &sync.Mutex{}, c: c, closeStat: new(uint32), h: hkex.New(0, 0), dBuf: new(bytes.Buffer)} hc.applyConnExtensions(extensions...) + // TODO: Factor out ALL params following this to helpers for + // specific KEx algs + fmt.Fprintf(c, "%02x\n", hc.kex) + // -- + // Send hkexnet.Conn parameters to remote side // d is value for Herradura key exchange fmt.Fprintf(c, "0x%s\n%08x:%08x\n", hc.h.D().Text(16), @@ -326,9 +364,19 @@ func (hl *HKExListener) Accept() (hc Conn, err error) { } log.Println("[Accepted]") - hc = Conn{m: &sync.Mutex{}, c: c, h: hkex.New(0, 0), closeStat: new(uint32), WinCh: make(chan WinSize, 1), + hc = Conn{ /*kex: from client,*/ m: &sync.Mutex{}, c: c, h: hkex.New(0, 0), closeStat: new(uint32), WinCh: make(chan WinSize, 1), dBuf: new(bytes.Buffer)} + // TODO: Factor out ALL params following this to helpers for + // specific KEx algs + var kexAlg uint8 + _, err = fmt.Fscanln(c, &kexAlg) + if err != nil { + return hc, err + } + log.Printf("[KEx alg: %v]\n", kexAlg) + // -- + // Read in hkexnet.Conn parameters over raw Conn c // d is value for Herradura key exchange d := big.NewInt(0) diff --git a/hkexsh/hkexsh.go b/hkexsh/hkexsh.go index abc10e0..d8030da 100755 --- a/hkexsh/hkexsh.go +++ b/hkexsh/hkexsh.go @@ -478,7 +478,7 @@ func main() { } } - conn, err := hkexnet.Dial("tcp", server, cAlg, hAlg) + conn, err := hkexnet.Dial("tcp", server, /*[kexAlg eg. "KEX_HERRADURA"], */ cAlg, hAlg) if err != nil { fmt.Println("Err!") panic(err)