Merge branch 'release/0.10.0'

nwtgck · Aug 9, 2021 · e61cab2 · e61cab2
2 parents 2c4b28f + 76e6033
commit e61cab2
Show file tree

Hide file tree

Showing 19 changed files with 1,178 additions and 870 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -100,8 +100,35 @@ jobs:
     - name: Encrypt with AES-CTR
       run: |
         set -eux
-        ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa bbb &
-        ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa bbb &
+        ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=aes-ctr --pass=mypass aesctraaa aesctrbbb &
+        ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=aes-ctr --pass=mypass aesctraaa aesctrbbb &
+        sleep 1
+        # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
+        ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
+
+    - name: Encrypt with OpenSSL-compabile AES-CTR
+      run: |
+        set -eux
+        ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl1aaa openssl1bbb & echo $! > pid1
+        ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl1aaa openssl1bbb & echo $! > pid2
+        sleep 1
+        # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
+        ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
+
+    - name: Encrypt with OpenSSL-compabile AES-CTR using real openssl in server host
+      run: |
+        set -eux
+        curl -sSN http://localhost:8080/openssl2aaa | stdbuf -i0 -o0 openssl aes-256-ctr -d -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | nc localhost 2022 | stdbuf -i0 -o0 openssl aes-256-ctr -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | curl -sSNT - http://localhost:8080/openssl2bbb &
+        ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl2aaa openssl2bbb &
+        sleep 1
+        # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
+        ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
+
+    - name: Encrypt with OpenSSL-compabile AES-CTR using real openssl in client host
+      run: |
+        set -eux
+        ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl3aaa openssl3bbb &
+        curl -NsS http://localhost:8080/openssl3bbb | stdbuf -i0 -o0 openssl aes-256-ctr -d -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | nc -l -p 3322 | stdbuf -i0 -o0 openssl aes-256-ctr -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | curl -NsST - http://localhost:8080/openssl3aaa &
         sleep 1
         # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
         ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
@@ -124,9 +151,9 @@ jobs:
       run: |
         set -eux
         # Run server-host with yamux (encrypt with AES-CTR)
-        ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-yamux bbb-yamux & echo $! > pid1
+        ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-yamux bbb-yamux & echo $! > pid1
         # Run client-host with yamux (encrypt with AES-CTR)
-        ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-yamux bbb-yamux & echo $! > pid2
+        ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-yamux bbb-yamux & echo $! > pid2
         sleep 1
         # Check whether ssh multiple times
         # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
@@ -150,9 +177,9 @@ jobs:
       run: |
         set -eux
         # Run socks with yamux (encrypt with AES-CTR)
-        ./piping-tunnel -s http://localhost:8080 socks --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-socks bbb-socks & echo $! > pid1
+        ./piping-tunnel -s http://localhost:8080 socks --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-socks bbb-socks & echo $! > pid1
         # Run client-host with yamux (encrypt with AES-CTR)
-        ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-socks bbb-socks & echo $! > pid2
+        ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-socks bbb-socks & echo $! > pid2
         sleep 1
         # NOTE: Depends on external resource: example.com
         curl -x socks5h://localhost:1081 https://example.com

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 
 ## [Unreleased]
 
+## [0.10.0] - 2021-08-09
+### Added
+* Add OpenSSL-compatible AES-CTR encryption 
+
+### Changed
+* (breaking change) Rename --passphrase flag to --pass flag
+
 ## [0.9.0] - 2021-04-23
 ### Added
 * Create pmux, which is a multiplexer specialized in Piping Server
@@ -90,7 +97,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 ### Added
 * Initial release
 
-[Unreleased]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.9.0...HEAD
+[Unreleased]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.10.0...HEAD
+[0.10.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.9.0...v0.10.0
 [0.9.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.8.0...v0.9.0
 [0.8.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.6.0...v0.7.0

diff --git a/README.md b/README.md
@@ -82,11 +82,12 @@ Usage:
   piping-tunnel server [flags]
 
 Flags:
-      --cipher-type string   Cipher type: aes-ctr, openpgp (default "aes-ctr")
+      --cipher-type string   Cipher type: aes-ctr, openssl-aes-128-ctr, openssl-aes-256-ctr, openpgp  (default "aes-ctr")
       --cs-buf-size uint     Buffer size of client-to-server in bytes (default 16)
   -h, --help                 help for server
       --host string          Target host (default "localhost")
-      --passphrase string    Passphrase for encryption
+      --pass string          Passphrase for encryption
+      --pbkdf2 string        e.g. {"iter":100000,"hash":"sha256"}
       --pmux                 Multiplex connection by pmux (experimental)
       --pmux-config string   pmux config in JSON (experimental) (default "{\"hb\": true}")
   -p, --port int             TCP port of server host
@@ -113,9 +114,10 @@ Usage:
   piping-tunnel client [flags]
 
 Flags:
-      --cipher-type string   Cipher type: aes-ctr, openpgp (default "aes-ctr")
+      --cipher-type string   Cipher type: aes-ctr, openssl-aes-128-ctr, openssl-aes-256-ctr, openpgp  (default "aes-ctr")
   -h, --help                 help for client
-      --passphrase string    Passphrase for encryption
+      --pass string          Passphrase for encryption
+      --pbkdf2 string        e.g. {"iter":100000,"hash":"sha256"}
       --pmux                 Multiplex connection by pmux (experimental)
       --pmux-config string   pmux config in JSON (experimental) (default "{\"hb\": true}")
   -p, --port int             TCP port of client host
@@ -144,9 +146,10 @@ Usage:
   piping-tunnel socks [flags]
 
 Flags:
-      --cipher-type string   Cipher type: aes-ctr, openpgp (default "aes-ctr")
+      --cipher-type string   Cipher type: aes-ctr, openssl-aes-128-ctr, openssl-aes-256-ctr, openpgp  (default "aes-ctr")
   -h, --help                 help for socks
-      --passphrase string    Passphrase for encryption
+      --pass string          Passphrase for encryption
+      --pbkdf2 string        e.g. {"iter":100000,"hash":"sha256"}
       --pmux                 Multiplex connection by pmux (experimental)
       --pmux-config string   pmux config in JSON (experimental) (default "{\"hb\": true}")
   -c, --symmetric            Encrypt symmetrically

diff --git a/crypto_duplex/aes_ctr.go → aes_ctr_duplex/aes_ctr_duplex.go b/crypto_duplex/aes_ctr.go → aes_ctr_duplex/aes_ctr_duplex.go
@@ -1,4 +1,4 @@
-package crypto_duplex
+package aes_ctr_duplex
 
 import (
 	"crypto"
@@ -19,7 +19,7 @@ type aesCtrDuplex struct {
 	closeBaseReader func() error
 }
 
-func EncryptDuplexWithAesCtr(baseWriter io.WriteCloser, baseReader io.ReadCloser, passphrase []byte) (*aesCtrDuplex, error) {
+func Duplex(baseWriter io.WriteCloser, baseReader io.ReadCloser, passphrase []byte) (*aesCtrDuplex, error) {
 	// Generate salt
 	salt1, err := util.GenerateRandomBytes(saltLen)
 	if err != nil {