encrypt

3 files changed, 57 insertions, 8 deletions

diff --git a/go.mod b/go.mod
index b09be76..e19d6b6 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,8 @@ toolchain go1.23.6
 
 require (
 	github.com/adrg/xdg v0.5.3 // indirect
+	github.com/keybase/go-codec v0.0.0-20180928230036-164397562123 // indirect
+	github.com/keybase/saltpack v0.0.0-20250124001807-83b98d5a6acc // indirect
 	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
 	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/sync v0.13.0 // indirect
diff --git a/go.sum b/go.sum
index 844b772..7028881 100644
--- a/go.sum
+++ b/go.sum
@@ -2,6 +2,10 @@ code.cloudfoundry.org/bytefmt v0.29.0 h1:QaKuXtEY+gcSd1kXgdBN5U8h3mYmTvI2XyNh/5j
 code.cloudfoundry.org/bytefmt v0.29.0/go.mod h1:fVVUtTfimWCyT90RyJvmwZ0o8Q1d51RP8ByMvyceOXA=
 github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78=
 github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ=
+github.com/keybase/go-codec v0.0.0-20180928230036-164397562123 h1:yg56lYPqh9suJepqxOMd/liFgU/x+maRPiB30JNYykM=
+github.com/keybase/go-codec v0.0.0-20180928230036-164397562123/go.mod h1:r/eVVWCngg6TsFV/3HuS9sWhDkAzGG8mXhiuYA+Z/20=
+github.com/keybase/saltpack v0.0.0-20250124001807-83b98d5a6acc h1:/rG0QRbjq8mquwE5pXPiCVDbwv6WfmPwUL/SWpI0Jw8=
+github.com/keybase/saltpack v0.0.0-20250124001807-83b98d5a6acc/go.mod h1:kRahN9ZYWfpRaXu0czVmfvqXuzKoMKEEXM3pCd+KRJQ=
 github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0=
 github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea/go.mod h1:WPnis/6cRcDZSUvVmezrxJPkiO87ThFYsoUiMwWNDJk=
 golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
diff --git a/main.go b/main.go
index b27d1e8..f52f60e 100644
--- a/main.go
+++ b/main.go
@@ -2,17 +2,23 @@ package main
 
 import (
 	"flag"
+	"fmt"
+	"github.com/keybase/saltpack"
+	"github.com/keybase/saltpack/basic"
 	"github.com/tonistiigi/units"
 	"io"
 	"net"
+	"net/netip"
 	"os"
 
 	"git.samanthony.xyz/hose/handshake"
+	"git.samanthony.xyz/hose/hosts"
+	"git.samanthony.xyz/hose/key"
 	"git.samanthony.xyz/hose/util"
 )
 
 const (
-	port    = "60321"
+	port    = 60321
 	network = "tcp"
 	usage   = "Usage: hose <-handshake <rhost> | -r | -s <rhost>>"
 )
@@ -46,7 +52,7 @@ func main() {
 
 // recv pipes data from the remote host to stdout.
 func recv() error {
-	laddr := net.JoinHostPort("", port)
+	laddr := net.JoinHostPort("", fmt.Sprintf("%d", port))
 	ln, err := net.Listen(network, laddr)
 	if err != nil {
 		return err
@@ -67,17 +73,54 @@ func recv() error {
 }
 
 // send pipes data from stdin to the remote host.
-func send(rhost string) error {
-	raddr := net.JoinHostPort(rhost, port)
-	util.Logf("connecting to %s...", raddr)
-	conn, err := net.Dial(network, raddr)
+func send(rHostName string) error {
+	var keyCreator basic.EphemeralKeyCreator
+
+	// Load sender signing keypair.
+	util.Logf("loading signing key")
+	sigKeypair, err := key.LoadSigKeypair()
+	if err != nil {
+		return err
+	}
+
+	// Create symmetric session key.
+	sessionKey, err := key.NewReceiverSymmetricKey()
+	if err != nil {
+		return err
+	}
+
+	// Load receiver encryption key.
+	util.Logf("loading encryption key for %s", rHostName)
+	rAddr, err := netip.ParseAddr(rHostName)
+	if err != nil {
+		return err
+	}
+	rHost, err := hosts.Lookup(rAddr)
+	if err != nil {
+		return err
+	}
+
+	// Connect to remote host.
+	rAddrPort := netip.AddrPortFrom(rAddr, port)
+	util.Logf("connecting to %s", rAddrPort)
+	conn, err := net.Dial(network, rAddrPort.String())
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
-	util.Logf("connected to %s", raddr)
 
-	n, err := io.Copy(conn, os.Stdin)
+	// Create signcrypted stream.
+	util.Logf("signcrypting stream")
+	rcvrBoxKeys := []saltpack.BoxPublicKey{rHost.BoxPublicKey}
+	rcvrSymmetricKeys := []saltpack.ReceiverSymmetricKey{sessionKey}
+	plaintext, err := saltpack.NewSigncryptSealStream(conn, keyCreator, sigKeypair, rcvrBoxKeys, rcvrSymmetricKeys)
+	if err != nil {
+		return err
+	}
+	defer plaintext.Close()
+
+	// Send data.
+	n, err := io.Copy(plaintext, os.Stdin)
 	util.Logf("sent %.2f", units.Bytes(n)*units.B)
 	return err
 }