From 648c41d7074cdd91e6d170e68501c571352b36e2 Mon Sep 17 00:00:00 2001 From: Zack Scholl Date: Mon, 18 Nov 2019 07:53:57 -0800 Subject: [PATCH] use siec --- go.mod | 3 ++- go.sum | 3 +++ src/croc/croc.go | 55 ++++++++++++++++++++++++------------------ src/message/message.go | 18 ++++++++------ 4 files changed, 48 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 114378e..e78e4b0 100644 --- a/go.mod +++ b/go.mod @@ -16,12 +16,13 @@ require ( github.com/schollz/logger v1.0.1 github.com/schollz/mnemonicode v1.0.1 github.com/schollz/pake v1.1.1 + github.com/schollz/pake/v2 v2.0.2 github.com/schollz/peerdiscovery v1.4.1 github.com/schollz/progressbar/v2 v2.14.2 github.com/schollz/spinner v0.0.0-20180925172146-6bbc5f7804f9 github.com/spaolacci/murmur3 v1.1.0 // indirect github.com/stretchr/testify v1.4.0 - github.com/tscholl2/siec v0.0.0-20191103131401-2e0c53a9e212 // indirect + github.com/tscholl2/siec v0.0.0-20191103131401-2e0c53a9e212 github.com/urfave/cli v1.22.1 golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f golang.org/x/net v0.0.0-20191116160921-f9c825593386 // indirect diff --git a/go.sum b/go.sum index ad412e5..4510d73 100644 --- a/go.sum +++ b/go.sum @@ -43,6 +43,8 @@ github.com/schollz/mnemonicode v1.0.1 h1:LiH5hwADZwjwnfXsaD4xgnMyTAtaKHN+e5AyjRU github.com/schollz/mnemonicode v1.0.1/go.mod h1:cl4UAOhUV0mkdjMj/QYaUZbZZdF8BnOqoz8rHMzwboY= github.com/schollz/pake v1.1.1 h1:QKeojDWzdAdtRC4m89b6HAxw/8gjqrVu7r4SAOxOFg8= github.com/schollz/pake v1.1.1/go.mod h1:aWMxQ1jwqZRwk3StflHcdyzPR+CyW5W7+WIZD6Y3dEY= +github.com/schollz/pake/v2 v2.0.2 h1:p9y4Gocc5PWueyhhR7OH+Gwpu2xkP5BM9Pepl9krVfo= +github.com/schollz/pake/v2 v2.0.2/go.mod h1:3uXB571UYJ8Eqh2EEohXe/aO32QID+Varb4GeYA//yw= github.com/schollz/peerdiscovery v1.4.1 h1:xtZ/D8/4eq9O6UEhRupZZiJm4BA8+u1IVUgeHo5VPm4= github.com/schollz/peerdiscovery v1.4.1/go.mod h1:WDdk0/JVyVHVIA/bmhzTkUg32dhJ20O4tExNqV1u6sk= github.com/schollz/progressbar/v2 v2.13.2 h1:3L9bP5KQOGEnFP8P5V8dz+U0yo5I29iY5Oa9s9EAwn0= @@ -71,6 +73,7 @@ github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= diff --git a/src/croc/croc.go b/src/croc/croc.go index 63358d5..64c6b13 100644 --- a/src/croc/croc.go +++ b/src/croc/croc.go @@ -2,7 +2,6 @@ package croc import ( "bytes" - "crypto/elliptic" "crypto/rand" "encoding/binary" "encoding/json" @@ -27,10 +26,11 @@ import ( "github.com/schollz/croc/v6/src/tcp" "github.com/schollz/croc/v6/src/utils" log "github.com/schollz/logger" - "github.com/schollz/pake" + "github.com/schollz/pake/v2" "github.com/schollz/peerdiscovery" "github.com/schollz/progressbar/v2" "github.com/schollz/spinner" + "github.com/tscholl2/siec" ) func init() { @@ -48,22 +48,23 @@ func Debug(debug bool) { // Options specifies user specific options type Options struct { - IsSender bool - SharedSecret string - Debug bool - RelayAddress string - RelayPorts []string - Stdout bool - NoPrompt bool - DisableLocal bool - Ask bool + IsSender bool + SharedSecret string + Debug bool + RelayAddress string + RelayPorts []string + Stdout bool + NoPrompt bool + NoMultiplexing bool + DisableLocal bool + Ask bool } // Client holds the state of the croc transfer type Client struct { Options Options Pake *pake.Pake - Key crypt.Encryption + Key []byte ExternalIP, ExternalIPConnected string // steps involved in forming relationship @@ -147,17 +148,11 @@ func New(ops Options) (c *Client, err error) { c.conn = make([]*comm.Comm, 16) - // use default key (no encryption, until PAKE succeeds) - c.Key, err = crypt.New(nil, nil) - if err != nil { - return - } - // initialize pake if c.Options.IsSender { - c.Pake, err = pake.Init([]byte(c.Options.SharedSecret), 1, elliptic.P521(), 1*time.Microsecond) + c.Pake, err = pake.Init([]byte(c.Options.SharedSecret), 1, siec.SIEC255(), 1*time.Microsecond) } else { - c.Pake, err = pake.Init([]byte(c.Options.SharedSecret), 0, elliptic.P521(), 1*time.Microsecond) + c.Pake, err = pake.Init([]byte(c.Options.SharedSecret), 0, siec.SIEC255(), 1*time.Microsecond) } if err != nil { return @@ -292,6 +287,10 @@ func (c *Client) transferOverLocalRelay(options TransferOptions, errchan chan<- log.Debug("exchanged header message") c.Options.RelayAddress = "localhost" c.Options.RelayPorts = strings.Split(banner, ",") + if c.Options.NoMultiplexing { + log.Debug("no multiplexing") + c.Options.RelayPorts = []string{c.Options.RelayPorts[0]} + } c.ExternalIP = ipaddr errchan <- c.transfer(options) } @@ -369,6 +368,10 @@ func (c *Client) Send(options TransferOptions) (err error) { c.conn[0] = conn c.Options.RelayPorts = strings.Split(banner, ",") + if c.Options.NoMultiplexing { + log.Debug("no multiplexing") + c.Options.RelayPorts = []string{c.Options.RelayPorts[0]} + } c.ExternalIP = ipaddr log.Debug("exchanged header message") errchan <- c.transfer(options) @@ -470,6 +473,10 @@ func (c *Client) Receive() (err error) { c.conn[0].Send([]byte("handshake")) c.Options.RelayPorts = strings.Split(banner, ",") + if c.Options.NoMultiplexing { + log.Debug("no multiplexing") + c.Options.RelayPorts = []string{c.Options.RelayPorts[0]} + } log.Debug("exchanged header message") fmt.Fprintf(os.Stderr, "\rsecuring channel...") return c.transfer(TransferOptions{}) @@ -648,10 +655,11 @@ func (c *Client) processMessageSalt(m message.Message) (done bool, err error) { if err != nil { return true, err } - c.Key, err = crypt.New(key, m.Bytes) + c.Key, _, err = crypt.New(key, m.Bytes) if err != nil { return true, err } + log.Debugf("key = %+x", c.Key) if c.ExternalIPConnected == "" { // it can be preset by the local relay c.ExternalIPConnected = m.Message @@ -1040,7 +1048,7 @@ func (c *Client) receiveData(i int) { break } - data, err = c.Key.Decrypt(data) + data, err = crypt.Decrypt(data, c.Key) if err != nil { panic(err) } @@ -1126,10 +1134,11 @@ func (c *Client) sendData(i int) { posByte := make([]byte, 8) binary.LittleEndian.PutUint64(posByte, pos) - dataToSend, err := c.Key.Encrypt( + dataToSend, err := crypt.Encrypt( compress.Compress( append(posByte, data[:n]...), ), + c.Key, ) if err != nil { panic(err) diff --git a/src/message/message.go b/src/message/message.go index 2f0abb6..d46f983 100644 --- a/src/message/message.go +++ b/src/message/message.go @@ -23,7 +23,7 @@ func (m Message) String() string { } // Send will send out -func Send(c *comm.Comm, key crypt.Encryption, m Message) (err error) { +func Send(c *comm.Comm, key []byte, m Message) (err error) { mSend, err := Encode(key, m) if err != nil { return @@ -34,21 +34,25 @@ func Send(c *comm.Comm, key crypt.Encryption, m Message) (err error) { } // Encode will convert to bytes -func Encode(key crypt.Encryption, m Message) (b []byte, err error) { +func Encode(key []byte, m Message) (b []byte, err error) { b, err = json.Marshal(m) if err != nil { return } b = compress.Compress(b) - b, err = key.Encrypt(b) + if key != nil { + b, err = crypt.Encrypt(b, key) + } return } // Decode will convert from bytes -func Decode(key crypt.Encryption, b []byte) (m Message, err error) { - b, err = key.Decrypt(b) - if err != nil { - return +func Decode(key []byte, b []byte) (m Message, err error) { + if key != nil { + b, err = crypt.Decrypt(b, key) + if err != nil { + return + } } b = compress.Decompress(b) err = json.Unmarshal(b, &m)