Merge pull request #18 from cmason3/dev

Dev

.github/workflows/go-build.yml

@@ -20,19 +20,19 @@ jobs:
           go mod tidy
 
       - run: |
-          env GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath portfwd.go
+          env GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath main.go
           tar zcvf portfwd-${{ github.ref_name }}-linux-amd64.tar.gz portfwd
 
       - run: |
-          env GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath portfwd.go
+          env GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath main.go
           tar zcvf portfwd-${{ github.ref_name }}-macos-amd64.tar.gz portfwd
 
       - run: |
-          env GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath portfwd.go
+          env GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath main.go
           tar zcvf portfwd-${{ github.ref_name }}-macos-arm64.tar.gz portfwd
 
       - run: |
-          env GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd.exe -ldflags="-s -w" -trimpath portfwd.go
+          env GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd.exe -ldflags="-s -w" -trimpath main.go
           zip portfwd-${{ github.ref_name }}-windows-x86_64.zip portfwd.exe
 
       - uses: softprops/action-gh-release@v2

CHANGELOG.md

@@ -1,9 +1,8 @@
 ## CHANGELOG
 
-### [1.1.1] - March 4, 2024
-- Updates to Go files to adhere to Go best practices around modules and packages
-- Updated the TCP shutdown routine to pass the listener socket to avoid a function closure 
-- The `log` function will now lock the mutex for file and screen to avoid `stdout` merging
+### [1.1.2] - September 2, 2024
+- Updated `ternary` function so it is generic
+- Updated X-Wing KEM based on `draft-connolly-cfrg-xwing-kem-04`
 
 ### [1.1.0] - February 29, 2024
 - Added support for ChaCha20-Poly1305 encrypted TCP tunnels using PQC X-Wing Key Encapsulation Mechanism
@@ -40,6 +39,7 @@
 - Initial release
 
 
+[1.1.2]: https://github.com/cmason3/portfwd/compare/v1.1.1...v1.1.2
 [1.1.1]: https://github.com/cmason3/portfwd/compare/v1.1.0...v1.1.1
 [1.1.0]: https://github.com/cmason3/portfwd/compare/v1.0.7...v1.1.0
 [1.0.7]: https://github.com/cmason3/portfwd/compare/v1.0.6...v1.0.7

go.mod

@@ -3,8 +3,8 @@ module github.com/cmason3/portfwd
 go 1.21.3
 
 require (
-	filippo.io/mlkem768 v0.0.0-20240221181710-5ce91625fdc1
-	golang.org/x/crypto v0.22.0
+	filippo.io/mlkem768 v0.0.0-20240902154959-36b3023d41cf
+	golang.org/x/crypto v0.26.0
 )
 
-require golang.org/x/sys v0.19.0 // indirect
+require golang.org/x/sys v0.24.0 // indirect

go.sum

@@ -1,6 +1,8 @@
 filippo.io/mlkem768 v0.0.0-20240221181710-5ce91625fdc1 h1:xbdqh5aDZeO0XqW896qVjKnAqRji9nkIwmsBEEbCA10=
 filippo.io/mlkem768 v0.0.0-20240221181710-5ce91625fdc1/go.mod h1:mIEHrcJ2xBlJRQwnRO0ujmZ+Rt6m6eNeCPq8E3Wkths=
-golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
-golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+filippo.io/mlkem768 v0.0.0-20240902154959-36b3023d41cf h1:86axjPm1h3xNpCAFqQ4rw37BG4GhzFAnjn6ZCdZSytw=
+filippo.io/mlkem768 v0.0.0-20240902154959-36b3023d41cf/go.mod h1:IkpYfciLz5fI/S4/Z0NlhR4cpv6ubCMDnIwAe0XiojA=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=

portfwd.go → main.go

@@ -37,7 +37,7 @@ import (
   "golang.org/x/crypto/chacha20poly1305"
 )
 
-var Version = "1.1.1"
+var Version = "1.1.2"
 
 const (
   bufSize = 65535
@@ -60,7 +60,7 @@ type UDPConn struct {
 }
 
 type CryptoKeys struct {
-  public, private []byte
+  dk *xwing.DecapsulationKey
   encrypt, decrypt [2]cipher.AEAD
 }
 
@@ -203,13 +203,11 @@ func smatch(a string, b string, mlen int) bool {
   return false
 }
 
-func ternary(b bool, t string, f string) string {
-  if b {
+func ternary[T any](c bool, t, f T) T {
+  if c {
     return t
-
-  } else {
-    return f
   }
+  return f
 }
 
 func formatBytes(b float64) string {
@@ -466,22 +464,24 @@ func tcpForwarder(fwdr string, targets []string, wgf *sync.WaitGroup, args *Args
 
                 if srcStun || dstStun {
                   var err error
-                  if cryptoKeys.public, cryptoKeys.private, err = xwing.GenerateKey(); err == nil {
+
+                  if cryptoKeys.dk, err = xwing.GenerateKey(); err == nil {
                     hdr := []byte{0x01, 0x00, 0x00}
-                    binary.BigEndian.PutUint16(hdr[1:], uint16(len(cryptoKeys.public)))
+                    binary.BigEndian.PutUint16(hdr[1:], xwing.EncapsulationKeySize)
 
                     if srcStun {
                       sw := bufio.NewWriter(c)
-                      sw.Write(append(hdr, cryptoKeys.public...))
+                      sw.Write(append(hdr, cryptoKeys.dk.EncapsulationKey()...))
                       sw.Flush()
                       todo.Add(1)
                     }
                     if dstStun {
                       dw := bufio.NewWriter(t)
-                      dw.Write(append(hdr, cryptoKeys.public...))
+                      dw.Write(append(hdr, cryptoKeys.dk.EncapsulationKey()...))
                       dw.Flush()
                       todo.Add(1)
                     }
+
                   } else {
                     log(args, "- TCP: %s (Error: %v)\n", tcpFlowId(c, tcpAddr.String(), srcStun, dstStun), err)
                     return
@@ -634,7 +634,7 @@ func forwardTcp(src net.Conn, dst net.Conn, srcStun bool, dstStun bool, cryptoKe
           } else if pktSeqNum == 1 {
             todo.Done()
 
-            if skey, err := xwing.Decapsulate(cryptoKeys.private, buf[:n]); err == nil {
+            if skey, err := xwing.Decapsulate(cryptoKeys.dk, buf[:n]); err == nil {
               var err error
               if cryptoKeys.decrypt[keyId], err = chacha20poly1305.New(skey); err == nil {
                 src.SetReadDeadline(time.Time{})