1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
package handshake
import (
"bufio"
"context"
"errors"
"fmt"
"golang.org/x/sync/errgroup"
"io"
"net"
"net/netip"
"os"
"slices"
"strings"
"time"
"git.samanthony.xyz/hose/hosts"
"git.samanthony.xyz/hose/key"
"git.samanthony.xyz/hose/util"
)
const (
port = "60322"
network = "tcp"
timeout = 1 * time.Minute
retryInterval = 500 * time.Millisecond
)
var errHostKey = errors.New("host key verification failed")
type keyType string
const (
boxPublicKey keyType = "Public encryption key"
sigPublicKey = "Public signature verification key"
)
// Handshake exchanges public keys with a remote host.
// The user is asked to verify the received keys before they are saved in the known hosts file.
func Handshake(rhost string) error {
util.Logf("initiating handshake with %s...", rhost)
errs := make(chan error, 2)
defer close(errs)
group, ctx := errgroup.WithContext(context.Background())
group.Go(func() error {
if err := send(rhost); err != nil {
errs <- err
}
return nil
})
group.Go(func() error {
if err := receive(rhost); err != nil {
errs <- err
}
return nil
})
go func() { group.Wait() }() // cancel the context.
select {
case err := <-errs:
return err
case <-ctx.Done():
return nil
}
}
// send sends the local public box (encryption) key to a remote host.
func send(rhost string) error {
pubBoxkey, err := key.LoadBoxPublicKey()
if err != nil {
return err
}
pubSigKey, err := key.LoadSigPublicKey()
if err != nil {
return err
}
raddr := net.JoinHostPort(rhost, port)
util.Logf("connecting to %s...", raddr)
conn, err := dialWithTimeout(network, raddr, timeout)
if err != nil {
return err
}
defer conn.Close()
util.Logf("connected to %s", raddr)
if _, err := conn.Write(pubBoxkey[:]); err != nil {
return err
}
if _, err := conn.Write(pubSigKey[:]); err != nil {
return err
}
util.Logf("sent public keys to %s", rhost)
return nil
}
func dialWithTimeout(network, address string, timeout time.Duration) (net.Conn, error) {
ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
for {
select {
case <-ctx.Done(): // timeout.
return nil, fmt.Errorf("dial %s %s: connection refused", network, address)
default:
}
conn, err := net.Dial(network, address)
if err == nil {
return conn, nil
}
time.Sleep(retryInterval)
}
}
// receive receives the public keys of a remote host.
// The user is asked to verify the keys before they are saved to the known hosts file.
func receive(rhost string) error {
// Listen for connection.
laddr := net.JoinHostPort("", port)
ln, err := net.Listen(network, laddr)
if err != nil {
return err
}
defer ln.Close()
util.Logf("listening on %s", laddr)
conn, err := ln.Accept()
if err != nil {
return err
}
defer conn.Close()
util.Logf("accepted connection from %s", conn.RemoteAddr())
// Receive public box (encryption) key from remote host.
var rBoxPubKey key.BoxPublicKey
_, err = io.ReadFull(conn, rBoxPubKey[:])
if err != nil {
return err
}
util.Logf("received public encryption key from %s", conn.RemoteAddr())
// Receive public signature verification key from remote host.
var rSigPubKey key.SigPublicKey
_, err = io.ReadFull(conn, rSigPubKey[:])
if err != nil {
return err
}
util.Logf("receive public signature verification key from %s", conn.RemoteAddr())
// Ask user to verify the keys.
host, _, err := net.SplitHostPort(conn.RemoteAddr().String())
if err != nil {
return err
}
raddr, err := netip.ParseAddr(host)
if err != nil {
return err
}
// Verify box key.
ok, err := verifyKey(raddr, rBoxPubKey[:], boxPublicKey)
if err != nil {
return err
}
if !ok { // user rejected the key.
return errHostKey
}
// Verify signature verification key.
ok, err = verifyKey(raddr, rSigPubKey[:], sigPublicKey)
if err != nil {
return err
}
if !ok { // user rejected the key.
return errHostKey
}
// Save in known hosts file.
return hosts.Add(hosts.Host{raddr, rBoxPubKey, rSigPubKey})
}
// verifyKey asks the user to verify a key received from a remote host.
// It returns true if the user accepts the key, or false if they don't, or a non-nil error.
func verifyKey(host netip.Addr, key []byte, kt keyType) (bool, error) {
// Ask host to verify the key.
util.Logf("%s key of host %q: %x\nIs this the correct key (yes/[no])?",
kt, host, key[:])
response, err := scan([]string{"yes", "no", ""})
if err != nil {
return false, err
}
switch response {
case "yes":
return true, nil
case "no":
return false, nil
case "":
return false, nil // default option
}
panic("unreachable")
}
// scan reads from stdin until the user enters one of the valid responses.
func scan(responses []string) (string, error) {
scanner := bufio.NewScanner(os.Stdin)
scanner.Scan()
if err := scanner.Err(); err != nil {
return "", err
}
response := strings.TrimSpace(scanner.Text())
for !slices.Contains(responses, response) {
util.Logf("Please enter one of %q", responses)
scanner.Scan()
if err := scanner.Err(); err != nil {
return "", err
}
response = strings.TrimSpace(scanner.Text())
}
return response, nil
}
|