consts.go 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
  1. // consts.go - consts for xsnet
  2. // Copyright (c) 2017-2020 Russell Magee
  3. // Licensed under the terms of the MIT license (see LICENSE.mit in this
  4. // distribution)
  5. //
  6. // golang implementation by Russ Magee (rmagee_at_gmail.com)
  7. package xsnet
  8. // KEX algorithm values
  9. //
  10. // Specified (in string form) as the extensions parameter
  11. // to xsnet.Dial()
  12. // Alg is sent in a uint8 so there are up to 256 possible
  13. const (
  14. KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor
  15. KEX_HERRADURA512
  16. KEX_HERRADURA1024
  17. KEX_HERRADURA2048
  18. KEX_resvd4
  19. KEX_resvd5
  20. KEX_resvd6
  21. KEX_resvd7
  22. KEX_KYBER512
  23. KEX_KYBER768
  24. KEX_KYBER1024
  25. KEX_resvd11
  26. KEX_NEWHOPE
  27. KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
  28. KEX_resvd14
  29. KEX_resvd15
  30. KEX_FRODOKEM_1344AES
  31. KEX_FRODOKEM_1344SHAKE
  32. KEX_FRODOKEM_976AES
  33. KEX_FRODOKEM_976SHAKE
  34. KEX_invalid = 255
  35. )
  36. // Sent from client to server in order to specify which
  37. // algo shall be used (see xsnet.KEX_HERRADURA256, ...)
  38. type KEXAlg uint8
  39. // Extended exit status codes - indicate comm/pty issues
  40. // rather than remote end normal UNIX exit codes
  41. const (
  42. CSENone = 1024 + iota
  43. CSETruncCSO // No CSOExitStatus in payload
  44. CSEStillOpen // Channel closed unexpectedly
  45. CSEExecFail // cmd.Start() (exec) failed
  46. CSEPtyExecFail // pty.Start() (exec w/pty) failed
  47. CSEPtyGetNameFail // failed to obtain pty name
  48. CSEKEXAlgDenied // server rejected proposed KEX alg
  49. CSECipherAlgDenied // server rejected proposed Cipher alg
  50. CSEHMACAlgDenied // server rejected proposed HMAC alg
  51. )
  52. // Extended (>255 UNIX exit status) codes
  53. // This indicate channel-related or internal errors
  54. type CSExtendedCode uint32
  55. // Channel Status/Op bytes - packet types
  56. const (
  57. // Main connection/session control
  58. CSONone = iota // No error, normal packet
  59. CSOHmacInvalid // HMAC mismatch detected on remote end
  60. CSOTermSize // set term size (rows:cols)
  61. CSOExitStatus // Remote cmd exit status
  62. CSOChaff // Dummy packet, do not pass beyond decryption
  63. // Client side errors
  64. CSOLoginTimeout
  65. // Tunnel setup/control/status
  66. CSOTunSetup // client -> server tunnel setup request (dstport)
  67. CSOTunSetupAck // server -> client tunnel setup ack
  68. CSOTunRefused // server -> client: tunnel rport connection refused
  69. CSOTunData // packet contains tunnel data [rport:data]
  70. CSOTunKeepAlive // client tunnel heartbeat
  71. CSOTunDisconn // server -> client: tunnel rport disconnected
  72. CSOTunHangup // client -> server: tunnel lport hung up
  73. )
  74. // TunEndpoint.tunCtl control values - used to control workers for client
  75. // or server tunnels depending on the code
  76. const (
  77. TunCtl_Client_Listen = 'a'
  78. // [CSOTunAccept]
  79. // status: server has ack'd tun setup request
  80. // action: client should accept (after re-listening, if required) on lport
  81. TunCtl_Server_Dial = 'd' // server has dialled OK, client side can accept() conns
  82. // [CSOTunAccept]
  83. // status: client wants to open tunnel to rport
  84. // action:server side should dial() rport on client's behalf
  85. )
  86. // Channel status Op byte type (see CSONone, ... and CSENone, ...)
  87. type CSOType uint32
  88. //TODO: this should be small (max unfragmented packet size?)
  89. const MAX_PAYLOAD_LEN = 2*1024*1024*1024 - 1
  90. // Session symmetric crypto algs
  91. const (
  92. CAlgAES256 = iota
  93. CAlgTwofish128 // golang.org/x/crypto/twofish
  94. CAlgBlowfish64 // golang.org/x/crypto/blowfish
  95. CAlgCryptMT1 //cryptmt using mtwist64
  96. CAlgChaCha20_12
  97. CAlgNoneDisallowed
  98. )
  99. // Available ciphers for hkex.Conn
  100. type CSCipherAlg uint32
  101. // Session packet auth HMAC algs
  102. const (
  103. HmacSHA256 = iota
  104. HmacSHA512
  105. HmacNoneDisallowed
  106. )
  107. // Available HMACs for hkex.Conn
  108. type CSHmacAlg uint32