// OpenTPM opens a channel to the TPM at the given path. If the file is a
// device, then it treats it like a normal TPM device, and if the file is a
// Unix domain socket, then it opens a connection to the socket.
func OpenTPM(path string) (io.ReadWriteCloser, error) {
// If it's a regular file, then open it
var rwc io.ReadWriteCloser
fi, err := os.Stat(path)
if err != nil {
return nil, err
}
if fi.Mode()&os.ModeDevice != 0 {
var f *os.File
f, err = os.OpenFile(path, os.O_RDWR, 0600)
if err != nil {
return nil, err
}
rwc = io.ReadWriteCloser(f)
} else if fi.Mode()&os.ModeSocket != 0 {
uc, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: path, Net: "unix"})
if err != nil {
return nil, err
}
rwc = io.ReadWriteCloser(uc)
} else {
return nil, fmt.Errorf("unsupported TPM file mode %s", fi.Mode().String())
}
return rwc, nil
}
func Obfs3fHandshake(wire net.Conn, is_server bool) (io.ReadWriteCloser, error) {
var their_public dh_public_key
var our_keypair = dh_gen_key(1536)
var secret []byte
var write_rc4, read_rc4 cipher.Stream
their_public = make([]byte, 1536/8)
if is_server {
_, err := io.ReadFull(wire, their_public)
if err != nil {
return nil, err
}
_, err = wire.Write(our_keypair.Public)
if err != nil {
return nil, err
}
secret = dh_gen_secret(our_keypair.Private, their_public)
write_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_downstr")))
read_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_upstr")))
} else {
_, err := wire.Write(our_keypair.Public)
if err != nil {
return nil, err
}
_, err = io.ReadFull(wire, their_public)
if err != nil {
return nil, err
}
secret = dh_gen_secret(our_keypair.Private, their_public)
write_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_upstr")))
read_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_downstr")))
}
read_rc4.XORKeyStream(make([]byte, 8192), make([]byte, 8192))
write_rc4.XORKeyStream(make([]byte, 8192), make([]byte, 8192))
toret := &Obfs3f{read_rc4, write_rc4, wire}
thing := make(chan bool)
go func() {
randlen := make([]byte, 2)
rand.Read(randlen)
rlint := int(randlen[0])*256 + int(randlen[1])
xaxa := make([]byte, rlint)
toret.Write(randlen)
toret.Write(xaxa)
thing <- true
}()
randlen := make([]byte, 2)
_, err := io.ReadFull(toret, randlen)
if err != nil {
return nil, err
}
_, err = io.ReadFull(toret, make([]byte, int(randlen[0])*256+int(randlen[1])))
if err != nil {
return nil, err
}
<-thing
return io.ReadWriteCloser(toret), nil
}
func KiSS_handshake_client(wire io.ReadWriteCloser, verify Verifier) (wr io.ReadWriteCloser, err error) {
defer func() {
if r := recover(); r != nil {
err = errors.New(fmt.Sprint(r))
}
}()
// our keys
our_keypair := kicrypt.SecureDH_genpair()
//LOG(LOG_DEBUG, "CPUB: %d", our_keypair.Public)
// construct the client handshake
our_greeting := KiSS_HS_Client{0x02, our_keypair.Public}
our_greeting_packed := KiSS_Segment{K_HANDSHAKE_C, our_greeting.Pack()}
// send across the client handshake
_, err = wire.Write(our_greeting_packed.Bytes())
if err != nil {
return nil, errors.New("wtf")
}
//LOG(LOG_DEBUG, "our client greeting of sent")
// obtain the server handshake
their_handshake_raw, err2 := KiSS_read_segment(wire)
//LOG(LOG_DEBUG, "their server greeting of got")
if err2 != nil {
return nil, err2
}
if their_handshake_raw.segment_type != K_HANDSHAKE_S {
return nil, errors.New("wtf")
}
their_handshake, err3 := KiSS_unpack_server_handshake(their_handshake_raw.raw_payload, verify)
if err3 != nil {
return nil, err3
}
// obtain the shared secret
secret := kicrypt.SecureDH_gensecret(our_keypair.Private, their_handshake.public_edh_key)
secret = append(secret, kicrypt.SecureDH_gensecret(our_keypair.Private, their_handshake.public_dh_key)...)
upkey := kicrypt.KeyedHash(secret, "kiss-2-up")
downkey := kicrypt.KeyedHash(secret, "kiss-2-down")
// get the cipher thingies
read_ciph := __KISS_AS(downkey)
write_ciph := __KISS_AS(upkey)
bt := new([]byte)
*bt = make([]byte, 0)
toret := KiSS_State{read_ciph, write_ciph, secret, 0, 0, wire, bt}
return io.ReadWriteCloser(toret), nil
}
func KiSS_handshake_server(wire io.ReadWriteCloser, keys kicrypt.SecureDH_keypair) (wr io.ReadWriteCloser, err error) {
defer func() {
if r := recover(); r != nil {
err = errors.New(fmt.Sprint(r))
}
}()
// read their handshake
their_greeting_packed, err1 := KiSS_read_segment(wire)
if err1 != nil {
return nil, err1
}
if their_greeting_packed.segment_type != K_HANDSHAKE_C {
return nil, errors.New("client sent something other than a handshake")
}
// unpack their greeting
their_greeting, err2 := KiSS_unpack_client_handshake(their_greeting_packed.raw_payload)
if err2 != nil {
return nil, err2
}
// send our handshake
our_keypair := kicrypt.SecureDH_genpair()
our_greeting := KiSS_Segment{K_HANDSHAKE_S, (KiSS_HS_Server{keys.Public,
our_keypair.Public}).Pack()}
_, err3 := wire.Write(our_greeting.Bytes())
if err3 != nil {
return nil, err3
}
// obtain the shared secret
secret := kicrypt.SecureDH_gensecret(our_keypair.Private, their_greeting.public_edh_key)
secret = append(secret, kicrypt.SecureDH_gensecret(keys.Private, their_greeting.public_edh_key)...)
upkey := kicrypt.KeyedHash(secret, "kiss-2-up")
downkey := kicrypt.KeyedHash(secret, "kiss-2-down")
read_ciph := __KISS_AS(upkey)
write_ciph := __KISS_AS(downkey)
bt := new([]byte)
*bt = make([]byte, 0)
toret := KiSS_State{read_ciph, write_ciph, secret, 0, 0, wire, bt}
//LOG(LOG_DEBUG, "keygens on server side of done")
return io.ReadWriteCloser(toret), nil
}
func (d *Dialer0) listen() os.Error {
d.lk.Lock()
fdlim := &d.fdlim
d.lk.Unlock()
for {
d.lk.Lock()
l := d.ltcp
d.lk.Unlock()
if l == nil {
time.Sleep(10e9)
continue
}
if fdlim == nil || fdlim.LockOrTimeout(10e9) == nil {
c,err := l.Accept()
if err != nil {
if c != nil {
c.Close()
}
if fdlim != nil {
fdlim.Unlock()
}
l.Close()
d.setError(err)
time.Sleep(10e9)
continue
}
rwc := io.ReadWriteCloser(c)
if fdlim != nil {
rwc = newRunOnClose(c, func(){ fdlim.Unlock() })
}
go d.accept(rwc)
continue
}
//log.Stderrf("%#p d —— fd starvation", d)
fmt.Fprintf(os.Stderr, "tonika: warn: file descriptor starvation\n")
}
panic("unreach")
}
//ClientProxySSHProtocol builds on top of the base proxy
func ClientProxySSHProtocol(s *SSHProtocol, cmk ChannelMaker) (base *SSHProxyProtocol) {
base = BaseProxySSHProtocol(s)
base.NetworkOpen.Subscribe(func(b interface{}, sub *flux.Sub) {
nc, ok := b.(*ChannelNetwork)
if !ok {
return
}
log.Println("Network Open received network packet, prepare.....")
si, err := base.Sessions().GetSession(nc.Conn.RemoteAddr())
if err != nil {
log.Printf("Unable to find session client for (%+v)", nc.Conn.RemoteAddr())
return
}
session, ok := si.(SSHSession)
if !ok {
return
}
log.Printf("Session retrieved: (%+v) (%+v)", nc.Conn.RemoteAddr(), session.User())
// defer session.Connection().Close()
pid := uuid.New()
session.UseType(pid)
client := session.Connection()
log.Printf("Session connection gained: %s, OpenChannel for %s", client.RemoteAddr(), nc.MasterNewChan.ChannelType())
rcChannel, rcReq, err := client.OpenChannel(nc.MasterNewChan.ChannelType(), nc.MasterNewChan.ExtraData())
if err != nil {
log.Printf("Error creating ClientChannel for %+v %+v", nc.MasterNewChan.ChannelType(), err)
return
}
log.Println("Success Creating Client proxy channel:", err)
replyMaker := func(rq *ssh.Request, dest ssh.Channel) {
do, err := dest.SendRequest(rq.Type, rq.WantReply, rq.Payload)
if err != nil {
log.Printf("Request proxy failed on: (%s) (%+v) with error (%+v)", nc.Conn.RemoteAddr(), rq.Type, err)
}
if rq.WantReply {
rq.Reply(do, nil)
}
}
go func() {
clientloop:
for {
select {
case <-nc.ChanCloser:
break clientloop
case <-nc.MaseterCloser:
break clientloop
case mrq, ok := <-nc.MasterReqChannel:
if !ok {
break clientloop
}
replyMaker(mrq, rcChannel)
switch mrq.Type {
case "exit-status":
break clientloop
}
case rq, ok := <-rcReq:
if !ok {
break clientloop
}
replyMaker(rq, nc.MasterChan)
switch rq.Type {
case "exit-status":
break clientloop
}
default:
//logit
}
}
log.Println("Closing Client and Master Channels for:", session.Addr())
rcChannel.Close()
nc.MasterChan.Close()
}()
log.Println("Creating channel readers and connection")
//handle closing and state management of copying op
copyCloser := new(sync.Once)
copyState := make(chan struct{})
loopCloser := make(chan struct{})
log.Println("Creating channel and sync.Closer")
copyCloseFn := func() {
log.Println("Closing copying channel and client Operation operation for:", session.Addr())
close(copyState)
close(loopCloser)
}
log.Println("Setting up Writers")
wrapMaster := io.ReadCloser(nc.MasterChan)
wrapSlave := io.ReadCloser(rcChannel)
if cmk != nil {
rw, err := cmk(nc, session, rcChannel)
if err != nil {
log.Println("Error creating custom reader for channel", err)
} else {
wrapSlave = rw
}
}
log.Printf("Connecting Sessions for (%s) At (%s) Packet Snifers", session.User(), session.Addr())
outwriter := io.ReadWriteCloser(session.Outgoing())
inwriter := io.ReadWriteCloser(session.Incoming())
mwriter := io.MultiWriter(nc.MasterChan, outwriter)
swriter := io.MultiWriter(rcChannel, inwriter)
go func() {
// io.Copy(rcChannel, wrapMaster)
// io.Copy(session.Incoming(), wrapMaster)
defer copyCloser.Do(copyCloseFn)
io.Copy(swriter, wrapMaster)
}()
go func() {
// io.Copy(nc.MasterChan, wrapSlave)
// io.Copy(session.Outgoing(), wrapSlave)
defer copyCloser.Do(copyCloseFn)
io.Copy(mwriter, wrapSlave)
}()
go func() {
defer base.NetworkClose.Emit(nc)
<-copyState
log.Println("Closing Incoming and Outgoing monitory Channels!")
log.Println("Closing all Channels!")
wrapMaster.Close()
wrapSlave.Close()
log.Println("closing session connection")
session.Connection().Close()
session.Close()
}()
return
})
return
}
package rs232
import "io"
var _ = io.ReadWriteCloser(&SerialPort{})