Exemple #1
0
// OpenTPM opens a channel to the TPM at the given path. If the file is a
// device, then it treats it like a normal TPM device, and if the file is a
// Unix domain socket, then it opens a connection to the socket.
func OpenTPM(path string) (io.ReadWriteCloser, error) {
	// If it's a regular file, then open it
	var rwc io.ReadWriteCloser
	fi, err := os.Stat(path)
	if err != nil {
		return nil, err
	}

	if fi.Mode()&os.ModeDevice != 0 {
		var f *os.File
		f, err = os.OpenFile(path, os.O_RDWR, 0600)
		if err != nil {
			return nil, err
		}
		rwc = io.ReadWriteCloser(f)
	} else if fi.Mode()&os.ModeSocket != 0 {
		uc, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: path, Net: "unix"})
		if err != nil {
			return nil, err
		}
		rwc = io.ReadWriteCloser(uc)
	} else {
		return nil, fmt.Errorf("unsupported TPM file mode %s", fi.Mode().String())
	}

	return rwc, nil
}
func Obfs3fHandshake(wire net.Conn, is_server bool) (io.ReadWriteCloser, error) {
	var their_public dh_public_key
	var our_keypair = dh_gen_key(1536)
	var secret []byte
	var write_rc4, read_rc4 cipher.Stream
	their_public = make([]byte, 1536/8)
	if is_server {
		_, err := io.ReadFull(wire, their_public)
		if err != nil {
			return nil, err
		}
		_, err = wire.Write(our_keypair.Public)
		if err != nil {
			return nil, err
		}
		secret = dh_gen_secret(our_keypair.Private, their_public)
		write_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_downstr")))
		read_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_upstr")))
	} else {
		_, err := wire.Write(our_keypair.Public)
		if err != nil {
			return nil, err
		}
		_, err = io.ReadFull(wire, their_public)
		if err != nil {
			return nil, err
		}
		secret = dh_gen_secret(our_keypair.Private, their_public)
		write_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_upstr")))
		read_rc4, _ = rc4.NewCipher(KeyedHash(secret, []byte("obfs3f_downstr")))
	}
	read_rc4.XORKeyStream(make([]byte, 8192), make([]byte, 8192))
	write_rc4.XORKeyStream(make([]byte, 8192), make([]byte, 8192))

	toret := &Obfs3f{read_rc4, write_rc4, wire}
	thing := make(chan bool)
	go func() {
		randlen := make([]byte, 2)
		rand.Read(randlen)
		rlint := int(randlen[0])*256 + int(randlen[1])
		xaxa := make([]byte, rlint)
		toret.Write(randlen)
		toret.Write(xaxa)
		thing <- true
	}()

	randlen := make([]byte, 2)
	_, err := io.ReadFull(toret, randlen)
	if err != nil {
		return nil, err
	}
	_, err = io.ReadFull(toret, make([]byte, int(randlen[0])*256+int(randlen[1])))
	if err != nil {
		return nil, err
	}
	<-thing
	return io.ReadWriteCloser(toret), nil
}
Exemple #3
0
func KiSS_handshake_client(wire io.ReadWriteCloser, verify Verifier) (wr io.ReadWriteCloser, err error) {
	defer func() {
		if r := recover(); r != nil {
			err = errors.New(fmt.Sprint(r))
		}
	}()
	// our keys
	our_keypair := kicrypt.SecureDH_genpair()
	//LOG(LOG_DEBUG, "CPUB: %d", our_keypair.Public)
	// construct the client handshake
	our_greeting := KiSS_HS_Client{0x02, our_keypair.Public}
	our_greeting_packed := KiSS_Segment{K_HANDSHAKE_C, our_greeting.Pack()}
	// send across the client handshake
	_, err = wire.Write(our_greeting_packed.Bytes())
	if err != nil {
		return nil, errors.New("wtf")
	}
	//LOG(LOG_DEBUG, "our client greeting of sent")
	// obtain the server handshake
	their_handshake_raw, err2 := KiSS_read_segment(wire)
	//LOG(LOG_DEBUG, "their server greeting of got")
	if err2 != nil {
		return nil, err2
	}
	if their_handshake_raw.segment_type != K_HANDSHAKE_S {
		return nil, errors.New("wtf")
	}
	their_handshake, err3 := KiSS_unpack_server_handshake(their_handshake_raw.raw_payload, verify)
	if err3 != nil {
		return nil, err3
	}
	// obtain the shared secret
	secret := kicrypt.SecureDH_gensecret(our_keypair.Private, their_handshake.public_edh_key)
	secret = append(secret, kicrypt.SecureDH_gensecret(our_keypair.Private, their_handshake.public_dh_key)...)
	upkey := kicrypt.KeyedHash(secret, "kiss-2-up")
	downkey := kicrypt.KeyedHash(secret, "kiss-2-down")
	// get the cipher thingies
	read_ciph := __KISS_AS(downkey)
	write_ciph := __KISS_AS(upkey)
	bt := new([]byte)
	*bt = make([]byte, 0)
	toret := KiSS_State{read_ciph, write_ciph, secret, 0, 0, wire, bt}
	return io.ReadWriteCloser(toret), nil
}
Exemple #4
0
func KiSS_handshake_server(wire io.ReadWriteCloser, keys kicrypt.SecureDH_keypair) (wr io.ReadWriteCloser, err error) {
	defer func() {
		if r := recover(); r != nil {
			err = errors.New(fmt.Sprint(r))
		}
	}()
	// read their handshake
	their_greeting_packed, err1 := KiSS_read_segment(wire)
	if err1 != nil {
		return nil, err1
	}
	if their_greeting_packed.segment_type != K_HANDSHAKE_C {
		return nil, errors.New("client sent something other than a handshake")
	}
	// unpack their greeting
	their_greeting, err2 := KiSS_unpack_client_handshake(their_greeting_packed.raw_payload)
	if err2 != nil {
		return nil, err2
	}
	// send our handshake
	our_keypair := kicrypt.SecureDH_genpair()
	our_greeting := KiSS_Segment{K_HANDSHAKE_S, (KiSS_HS_Server{keys.Public,
		our_keypair.Public}).Pack()}
	_, err3 := wire.Write(our_greeting.Bytes())
	if err3 != nil {
		return nil, err3
	}
	// obtain the shared secret
	secret := kicrypt.SecureDH_gensecret(our_keypair.Private, their_greeting.public_edh_key)
	secret = append(secret, kicrypt.SecureDH_gensecret(keys.Private, their_greeting.public_edh_key)...)
	upkey := kicrypt.KeyedHash(secret, "kiss-2-up")
	downkey := kicrypt.KeyedHash(secret, "kiss-2-down")
	read_ciph := __KISS_AS(upkey)
	write_ciph := __KISS_AS(downkey)
	bt := new([]byte)
	*bt = make([]byte, 0)
	toret := KiSS_State{read_ciph, write_ciph, secret, 0, 0, wire, bt}
	//LOG(LOG_DEBUG, "keygens on server side of done")
	return io.ReadWriteCloser(toret), nil
}
Exemple #5
0
func (d *Dialer0) listen() os.Error {
	d.lk.Lock()
	fdlim := &d.fdlim
	d.lk.Unlock()
	for {
		d.lk.Lock()
		l := d.ltcp
		d.lk.Unlock()
		if l == nil {
			time.Sleep(10e9)
			continue
		}
		if fdlim == nil || fdlim.LockOrTimeout(10e9) == nil {
			c,err := l.Accept()
			if err != nil {
				if c != nil {
					c.Close()
				}
				if fdlim != nil {
					fdlim.Unlock()
				}
				l.Close()
				d.setError(err)
				time.Sleep(10e9)
				continue
			}
			rwc := io.ReadWriteCloser(c)
			if fdlim != nil {
				rwc = newRunOnClose(c, func(){ fdlim.Unlock() })
			}
			go d.accept(rwc)
			continue
		}
		//log.Stderrf("%#p d —— fd starvation", d)
		fmt.Fprintf(os.Stderr, "tonika: warn: file descriptor starvation\n")
	}
	panic("unreach")
}
Exemple #6
0
//ClientProxySSHProtocol builds on top of the base proxy
func ClientProxySSHProtocol(s *SSHProtocol, cmk ChannelMaker) (base *SSHProxyProtocol) {
	base = BaseProxySSHProtocol(s)

	base.NetworkOpen.Subscribe(func(b interface{}, sub *flux.Sub) {
		nc, ok := b.(*ChannelNetwork)

		if !ok {
			return
		}

		log.Println("Network Open received network packet, prepare.....")
		si, err := base.Sessions().GetSession(nc.Conn.RemoteAddr())

		if err != nil {
			log.Printf("Unable to find session client for (%+v)", nc.Conn.RemoteAddr())
			return
		}

		session, ok := si.(SSHSession)

		if !ok {
			return
		}

		log.Printf("Session retrieved: (%+v) (%+v)", nc.Conn.RemoteAddr(), session.User())

		// defer session.Connection().Close()

		pid := uuid.New()
		session.UseType(pid)

		client := session.Connection()

		log.Printf("Session connection gained: %s, OpenChannel for %s", client.RemoteAddr(), nc.MasterNewChan.ChannelType())

		rcChannel, rcReq, err := client.OpenChannel(nc.MasterNewChan.ChannelType(), nc.MasterNewChan.ExtraData())

		if err != nil {
			log.Printf("Error creating ClientChannel for %+v %+v", nc.MasterNewChan.ChannelType(), err)
			return
		}

		log.Println("Success Creating Client proxy channel:", err)

		replyMaker := func(rq *ssh.Request, dest ssh.Channel) {
			do, err := dest.SendRequest(rq.Type, rq.WantReply, rq.Payload)

			if err != nil {
				log.Printf("Request proxy failed on: (%s) (%+v) with error (%+v)", nc.Conn.RemoteAddr(), rq.Type, err)
			}

			if rq.WantReply {
				rq.Reply(do, nil)
			}
		}

		go func() {
		clientloop:
			for {
				select {
				case <-nc.ChanCloser:
					break clientloop
				case <-nc.MaseterCloser:
					break clientloop
				case mrq, ok := <-nc.MasterReqChannel:
					if !ok {
						break clientloop
					}

					replyMaker(mrq, rcChannel)

					switch mrq.Type {
					case "exit-status":
						break clientloop
					}

				case rq, ok := <-rcReq:
					if !ok {
						break clientloop
					}

					replyMaker(rq, nc.MasterChan)

					switch rq.Type {
					case "exit-status":
						break clientloop
					}

				default:
					//logit
				}

			}

			log.Println("Closing Client and Master Channels for:", session.Addr())
			rcChannel.Close()
			nc.MasterChan.Close()
		}()

		log.Println("Creating channel readers and connection")

		//handle closing and state management of copying op
		copyCloser := new(sync.Once)
		copyState := make(chan struct{})
		loopCloser := make(chan struct{})

		log.Println("Creating channel and sync.Closer")

		copyCloseFn := func() {
			log.Println("Closing copying channel and client Operation operation for:", session.Addr())
			close(copyState)
			close(loopCloser)
		}

		log.Println("Setting up Writers")
		wrapMaster := io.ReadCloser(nc.MasterChan)
		wrapSlave := io.ReadCloser(rcChannel)

		if cmk != nil {
			rw, err := cmk(nc, session, rcChannel)

			if err != nil {
				log.Println("Error creating custom reader for channel", err)
			} else {
				wrapSlave = rw
			}
		}

		log.Printf("Connecting Sessions for (%s) At (%s) Packet Snifers", session.User(), session.Addr())

		outwriter := io.ReadWriteCloser(session.Outgoing())
		inwriter := io.ReadWriteCloser(session.Incoming())

		mwriter := io.MultiWriter(nc.MasterChan, outwriter)
		swriter := io.MultiWriter(rcChannel, inwriter)

		go func() {
			// io.Copy(rcChannel, wrapMaster)
			// io.Copy(session.Incoming(), wrapMaster)
			defer copyCloser.Do(copyCloseFn)
			io.Copy(swriter, wrapMaster)
		}()

		go func() {
			// io.Copy(nc.MasterChan, wrapSlave)
			// io.Copy(session.Outgoing(), wrapSlave)
			defer copyCloser.Do(copyCloseFn)
			io.Copy(mwriter, wrapSlave)
		}()

		go func() {
			defer base.NetworkClose.Emit(nc)
			<-copyState
			log.Println("Closing Incoming and Outgoing monitory Channels!")

			log.Println("Closing all Channels!")
			wrapMaster.Close()
			wrapSlave.Close()

			log.Println("closing session connection")
			session.Connection().Close()
			session.Close()
		}()

		return
	})

	return
}
Exemple #7
0
package rs232

import "io"

var _ = io.ReadWriteCloser(&SerialPort{})