Documentation ¶
Index ¶
Constants ¶
const ( SSH_MAX_SERVER_LINE_LENGTH = 1024 SSH_PACKET_PREFIX_LENGTH = 5 // uint32 + byte SSH_MAX_PACKET_LENGTH = 256 * 1024 // OpenSSH max packet length SSH_MSG_NEWKEYS = 21 SSH_MAX_PADDING_LENGTH = 255 // RFC 4253 sec. 6 SSH_PADDING_MULTIPLE = 16 // Default cipher block size )
const ( OBFUSCATION_CONN_MODE_CLIENT = iota OBFUSCATION_CONN_MODE_SERVER )
const ( OBFUSCATION_READ_STATE_IDENTIFICATION_LINES = iota OBFUSCATION_READ_STATE_KEX_PACKETS OBFUSCATION_READ_STATE_FLUSH OBFUSCATION_READ_STATE_FINISHED )
const ( OBFUSCATION_WRITE_STATE_CLIENT_SEND_SEED_MESSAGE = iota OBFUSCATION_WRITE_STATE_SERVER_SEND_IDENTIFICATION_LINE_PADDING OBFUSCATION_WRITE_STATE_IDENTIFICATION_LINE OBFUSCATION_WRITE_STATE_KEX_PACKETS OBFUSCATION_WRITE_STATE_FINISHED )
const ( OBFUSCATE_SEED_LENGTH = 16 OBFUSCATE_KEY_LENGTH = 16 OBFUSCATE_HASH_ITERATIONS = 6000 OBFUSCATE_MAX_PADDING = 8192 OBFUSCATE_MAGIC_VALUE = 0x0BF5CA7E OBFUSCATE_CLIENT_TO_SERVER_IV = "client_to_server" OBFUSCATE_SERVER_TO_CLIENT_IV = "server_to_client" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ObfuscatedSshConn ¶
ObfuscatedSshConn wraps a Conn and applies the obfuscated SSH protocol to the traffic on the connection: https://github.com/brl/obfuscated-openssh/blob/master/README.obfuscation
ObfuscatedSshConn is used to add obfuscation to golang's stock ssh client and server without modification to that standard library code. The underlying connection must be used for SSH traffic. This code injects the obfuscated seed message, applies obfuscated stream cipher transformations, and performs minimal parsing of the SSH protocol to determine when to stop obfuscation (after the first SSH_MSG_NEWKEYS is sent and received).
WARNING: doesn't fully conform to net.Conn concurrency semantics: there's no synchronization of access to the read/writeBuffers, so concurrent calls to one of Read or Write will result in undefined behavior.
func NewObfuscatedSshConn ¶
func NewObfuscatedSshConn( mode ObfuscatedSshConnMode, conn net.Conn, obfuscationKeyword string, minPadding, maxPadding *int) (*ObfuscatedSshConn, error)
NewObfuscatedSshConn creates a new ObfuscatedSshConn. The underlying conn must be used for SSH traffic and must have transferred no traffic.
In client mode, NewObfuscatedSshConn does not block or initiate network I/O. The obfuscation seed message is sent when Write() is first called.
In server mode, NewObfuscatedSshConn cannot completely initialize itself without the seed message from the client to derive obfuscation keys. So NewObfuscatedSshConn blocks on reading the client seed message from the underlying conn.
type ObfuscatedSshConnMode ¶
type ObfuscatedSshConnMode int
type ObfuscatedSshReadState ¶
type ObfuscatedSshReadState int
type ObfuscatedSshWriteState ¶
type ObfuscatedSshWriteState int
type Obfuscator ¶
type Obfuscator struct {
// contains filtered or unexported fields
}
Obfuscator implements the seed message, key derivation, and stream ciphers for: https://github.com/brl/obfuscated-openssh/blob/master/README.obfuscation
func NewClientObfuscator ¶
func NewClientObfuscator( config *ObfuscatorConfig) (obfuscator *Obfuscator, err error)
NewClientObfuscator creates a new Obfuscator, staging a seed message to be sent to the server (by the caller) and initializing stream ciphers to obfuscate data.
func NewServerObfuscator ¶
func NewServerObfuscator( clientReader io.Reader, config *ObfuscatorConfig) (obfuscator *Obfuscator, err error)
NewServerObfuscator creates a new Obfuscator, reading a seed message directly from the clientReader and initializing stream ciphers to obfuscate data.
func (*Obfuscator) ObfuscateClientToServer ¶
func (obfuscator *Obfuscator) ObfuscateClientToServer(buffer []byte)
ObfuscateClientToServer applies the client RC4 stream to the bytes in buffer.
func (*Obfuscator) ObfuscateServerToClient ¶
func (obfuscator *Obfuscator) ObfuscateServerToClient(buffer []byte)
ObfuscateServerToClient applies the server RC4 stream to the bytes in buffer.
func (*Obfuscator) SendSeedMessage ¶
func (obfuscator *Obfuscator) SendSeedMessage() []byte
SendSeedMessage returns the seed message created in NewObfuscatorClient, removing the reference so that it may be garbage collected.