mirror of https://gogs.blitter.com/RLabs/xs
143 lines
4.2 KiB
Go
143 lines
4.2 KiB
Go
// consts.go - consts for xsnet
|
|
|
|
// Copyright (c) 2017-2020 Russell Magee
|
|
// Licensed under the terms of the MIT license (see LICENSE.mit in this
|
|
// distribution)
|
|
//
|
|
// golang implementation by Russ Magee (rmagee_at_gmail.com)
|
|
package xsnet
|
|
|
|
// KEX algorithm values
|
|
//
|
|
// Specified (in string form) as the extensions parameter
|
|
// to xsnet.Dial()
|
|
// Alg is sent in a uint8 so there are up to 256 possible
|
|
const (
|
|
KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor
|
|
KEX_HERRADURA512
|
|
KEX_HERRADURA1024
|
|
KEX_HERRADURA2048
|
|
KEX_resvd4
|
|
KEX_resvd5
|
|
KEX_resvd6
|
|
KEX_resvd7
|
|
KEX_KYBER512
|
|
KEX_KYBER768
|
|
KEX_KYBER1024
|
|
KEX_resvd11
|
|
KEX_NEWHOPE
|
|
KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
|
|
KEX_resvd14
|
|
KEX_resvd15
|
|
KEX_FRODOKEM_1344AES
|
|
KEX_FRODOKEM_1344SHAKE
|
|
KEX_FRODOKEM_976AES
|
|
KEX_FRODOKEM_976SHAKE
|
|
KEX_invalid = 255
|
|
)
|
|
|
|
// Sent from client to server in order to specify which
|
|
// algo shall be used (see xsnet.KEX_HERRADURA256, ...)
|
|
type KEXAlg uint8
|
|
|
|
// Extended exit status codes - indicate comm/pty issues
|
|
// rather than remote end normal UNIX exit codes
|
|
const (
|
|
CSENone = 1024 + iota
|
|
CSETruncCSO // No CSOExitStatus in payload
|
|
CSEStillOpen // Channel closed unexpectedly
|
|
CSEExecFail // cmd.Start() (exec) failed
|
|
CSEPtyExecFail // pty.Start() (exec w/pty) failed
|
|
CSEPtyGetNameFail // failed to obtain pty name
|
|
CSEKEXAlgDenied // server rejected proposed KEX alg
|
|
CSECipherAlgDenied // server rejected proposed Cipher alg
|
|
CSEHMACAlgDenied // server rejected proposed HMAC alg
|
|
CSEConnDead // connection keepalives expired
|
|
CSELoginTimeout
|
|
)
|
|
|
|
// Extended (>255 UNIX exit status) codes
|
|
// This indicate channel-related or internal errors
|
|
type CSExtendedCode uint32
|
|
|
|
// Channel Status/Op bytes - packet types
|
|
const (
|
|
// Main connection/session control
|
|
CSONone = iota // No error, normal packet
|
|
CSOHmacInvalid // HMAC mismatch detected on remote end
|
|
CSOTermSize // set term size (rows:cols)
|
|
CSOExitStatus // Remote cmd exit status
|
|
CSOChaff // Dummy packet, do not pass beyond decryption
|
|
|
|
// Tunnel setup/control/status
|
|
CSOTunSetup // client -> server tunnel setup request (dstport)
|
|
CSOTunSetupAck // server -> client tunnel setup ack
|
|
CSOTunRefused // server -> client: tunnel rport connection refused
|
|
CSOTunData // packet contains tunnel data [rport:data]
|
|
CSOTunKeepAlive // client tunnel heartbeat
|
|
CSOTunDisconn // server -> client: tunnel rport disconnected
|
|
CSOTunHangup // client -> server: tunnel lport hung up
|
|
CSOKeepAlive // bidir keepalive packet to monitor main connection
|
|
CSORekey // TODO: rekey/re-select session cipher/hash algs
|
|
)
|
|
|
|
// TunEndpoint.tunCtl control values - used to control workers for client
|
|
// or server tunnels depending on the code
|
|
const (
|
|
TunCtl_Client_Listen = 'a'
|
|
// [CSOTunAccept]
|
|
// status: server has ack'd tun setup request
|
|
// action: client should accept (after re-listening, if required) on lport
|
|
|
|
TunCtl_Server_Dial = 'd' // server has dialled OK, client side can accept() conns
|
|
// [CSOTunAccept]
|
|
// status: client wants to open tunnel to rport
|
|
// action:server side should dial() rport on client's behalf
|
|
)
|
|
|
|
// Channel status Op byte type (see CSONone, ... and CSENone, ...)
|
|
type CSOType uint32
|
|
|
|
// TODO: this should be small (max unfragmented packet size?)
|
|
const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1
|
|
|
|
// Session symmetric crypto algs
|
|
const (
|
|
CAlgAES256 = iota
|
|
CAlgTwofish128 // golang.org/x/crypto/twofish
|
|
CAlgBlowfish64 // golang.org/x/crypto/blowfish
|
|
CAlgCryptMT1 //cryptmt using mtwist64
|
|
CAlgChaCha20_12
|
|
CAlgHopscotch
|
|
CAlgNoneDisallowed
|
|
)
|
|
|
|
// Available ciphers for hkex.Conn
|
|
type CSCipherAlg uint32
|
|
|
|
// Session packet auth HMAC algs
|
|
const (
|
|
HmacSHA256 = iota
|
|
HmacSHA512
|
|
HmacNoneDisallowed
|
|
)
|
|
|
|
// Conn opts outside of basic kex/cipher/hmac connect config
|
|
const (
|
|
CONone = iota
|
|
CORemodulateShields // if set, rekeying also reselects random cipher/hmac alg
|
|
)
|
|
|
|
type COValue uint32
|
|
|
|
// Available HMACs for hkex.Conn
|
|
type CSHmacAlg uint32
|
|
|
|
// Some bounds-checking consts
|
|
const (
|
|
REKEY_SECS_MIN = 1
|
|
REKEY_SECS_MAX = 28800 // 8 hours
|
|
CHAFF_FREQ_MSECS_MIN = 1
|
|
CHAFF_FREQ_MSECS_MAX = 300000 // 5 minutes
|
|
)
|