// consts.go - consts for xsnet // Copyright (c) 2017-2020 Russell Magee // Licensed under the terms of the MIT license (see LICENSE.mit in this // distribution) // // golang implementation by Russ Magee (rmagee_at_gmail.com) package xsnet // KEX algorithm values // // Specified (in string form) as the extensions parameter // to xsnet.Dial() // Alg is sent in a uint8 so there are up to 256 possible const ( KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor KEX_HERRADURA512 KEX_HERRADURA1024 KEX_HERRADURA2048 KEX_resvd4 KEX_resvd5 KEX_resvd6 KEX_resvd7 KEX_KYBER512 KEX_KYBER768 KEX_KYBER1024 KEX_resvd11 KEX_NEWHOPE KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157 KEX_resvd14 KEX_resvd15 KEX_FRODOKEM_1344AES KEX_FRODOKEM_1344SHAKE KEX_FRODOKEM_976AES KEX_FRODOKEM_976SHAKE KEX_invalid = 255 ) // Sent from client to server in order to specify which // algo shall be used (see xsnet.KEX_HERRADURA256, ...) type KEXAlg uint8 // Extended exit status codes - indicate comm/pty issues // rather than remote end normal UNIX exit codes const ( CSENone = 1024 + iota CSETruncCSO // No CSOExitStatus in payload CSEStillOpen // Channel closed unexpectedly CSEExecFail // cmd.Start() (exec) failed CSEPtyExecFail // pty.Start() (exec w/pty) failed CSEPtyGetNameFail // failed to obtain pty name CSEKEXAlgDenied // server rejected proposed KEX alg CSECipherAlgDenied // server rejected proposed Cipher alg CSEHMACAlgDenied // server rejected proposed HMAC alg CSEConnDead // connection keepalives expired CSELoginTimeout ) // Extended (>255 UNIX exit status) codes // This indicate channel-related or internal errors type CSExtendedCode uint32 // Channel Status/Op bytes - packet types const ( // Main connection/session control CSONone = iota // No error, normal packet CSOHmacInvalid // HMAC mismatch detected on remote end CSOTermSize // set term size (rows:cols) CSOExitStatus // Remote cmd exit status CSOChaff // Dummy packet, do not pass beyond decryption // Tunnel setup/control/status CSOTunSetup // client -> server tunnel setup request (dstport) CSOTunSetupAck // server -> client tunnel setup ack CSOTunRefused // server -> client: tunnel rport connection refused CSOTunData // packet contains tunnel data [rport:data] CSOTunKeepAlive // client tunnel heartbeat CSOTunDisconn // server -> client: tunnel rport disconnected CSOTunHangup // client -> server: tunnel lport hung up CSOKeepAlive // bidir keepalive packet to monitor main connection CSORekey // TODO: rekey/re-select session cipher/hash algs ) // TunEndpoint.tunCtl control values - used to control workers for client // or server tunnels depending on the code const ( TunCtl_Client_Listen = 'a' // [CSOTunAccept] // status: server has ack'd tun setup request // action: client should accept (after re-listening, if required) on lport TunCtl_Server_Dial = 'd' // server has dialled OK, client side can accept() conns // [CSOTunAccept] // status: client wants to open tunnel to rport // action:server side should dial() rport on client's behalf ) // Channel status Op byte type (see CSONone, ... and CSENone, ...) type CSOType uint32 // TODO: this should be small (max unfragmented packet size?) const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1 // Session symmetric crypto algs const ( CAlgAES256 = iota CAlgTwofish128 // golang.org/x/crypto/twofish CAlgBlowfish64 // golang.org/x/crypto/blowfish CAlgCryptMT1 //cryptmt using mtwist64 CAlgChaCha20_12 CAlgHopscotch CAlgNoneDisallowed ) // Available ciphers for hkex.Conn type CSCipherAlg uint32 // Session packet auth HMAC algs const ( HmacSHA256 = iota HmacSHA512 HmacNoneDisallowed ) // Conn opts outside of basic kex/cipher/hmac connect config const ( CONone = iota CORemodulateShields // if set, rekeying also reselects random cipher/hmac alg ) type COValue uint32 // Available HMACs for hkex.Conn type CSHmacAlg uint32 // Some bounds-checking consts const ( REKEY_SECS_MIN = 1 REKEY_SECS_MAX = 28800 // 8 hours CHAFF_FREQ_MSECS_MIN = 1 CHAFF_FREQ_MSECS_MAX = 300000 // 5 minutes ) const XS_ID_AUTHTOKFILE = ".config/xs/.xs_id"