diff --git a/.github/workflows/go-build.yml b/.github/workflows/go-build.yml index 1f795cb..1c7815b 100644 --- a/.github/workflows/go-build.yml +++ b/.github/workflows/go-build.yml @@ -20,19 +20,19 @@ jobs: go mod tidy - run: | - env GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath portfwd.go + env GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath main.go tar zcvf portfwd-${{ github.ref_name }}-linux-amd64.tar.gz portfwd - run: | - env GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath portfwd.go + env GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath main.go tar zcvf portfwd-${{ github.ref_name }}-macos-amd64.tar.gz portfwd - run: | - env GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath portfwd.go + env GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o portfwd -ldflags="-s -w" -trimpath main.go tar zcvf portfwd-${{ github.ref_name }}-macos-arm64.tar.gz portfwd - run: | - env GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd.exe -ldflags="-s -w" -trimpath portfwd.go + env GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o portfwd.exe -ldflags="-s -w" -trimpath main.go zip portfwd-${{ github.ref_name }}-windows-x86_64.zip portfwd.exe - uses: softprops/action-gh-release@v2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 46e0e68..4831573 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,8 @@ ## CHANGELOG -### [1.1.1] - March 4, 2024 -- Updates to Go files to adhere to Go best practices around modules and packages -- Updated the TCP shutdown routine to pass the listener socket to avoid a function closure -- The `log` function will now lock the mutex for file and screen to avoid `stdout` merging +### [1.1.2] - September 2, 2024 +- Updated `ternary` function so it is generic +- Updated X-Wing KEM based on `draft-connolly-cfrg-xwing-kem-04` ### [1.1.0] - February 29, 2024 - Added support for ChaCha20-Poly1305 encrypted TCP tunnels using PQC X-Wing Key Encapsulation Mechanism @@ -40,6 +39,7 @@ - Initial release +[1.1.2]: https://github.com/cmason3/portfwd/compare/v1.1.1...v1.1.2 [1.1.1]: https://github.com/cmason3/portfwd/compare/v1.1.0...v1.1.1 [1.1.0]: https://github.com/cmason3/portfwd/compare/v1.0.7...v1.1.0 [1.0.7]: https://github.com/cmason3/portfwd/compare/v1.0.6...v1.0.7 diff --git a/go.mod b/go.mod index b03c7b2..f2fab12 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/cmason3/portfwd go 1.21.3 require ( - filippo.io/mlkem768 v0.0.0-20240221181710-5ce91625fdc1 - golang.org/x/crypto v0.22.0 + filippo.io/mlkem768 v0.0.0-20240902154959-36b3023d41cf + golang.org/x/crypto v0.26.0 ) -require golang.org/x/sys v0.19.0 // indirect +require golang.org/x/sys v0.24.0 // indirect diff --git a/go.sum b/go.sum index 61925d3..c0c51a3 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,8 @@ filippo.io/mlkem768 v0.0.0-20240221181710-5ce91625fdc1 h1:xbdqh5aDZeO0XqW896qVjKnAqRji9nkIwmsBEEbCA10= filippo.io/mlkem768 v0.0.0-20240221181710-5ce91625fdc1/go.mod h1:mIEHrcJ2xBlJRQwnRO0ujmZ+Rt6m6eNeCPq8E3Wkths= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +filippo.io/mlkem768 v0.0.0-20240902154959-36b3023d41cf h1:86axjPm1h3xNpCAFqQ4rw37BG4GhzFAnjn6ZCdZSytw= +filippo.io/mlkem768 v0.0.0-20240902154959-36b3023d41cf/go.mod h1:IkpYfciLz5fI/S4/Z0NlhR4cpv6ubCMDnIwAe0XiojA= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/portfwd.go b/main.go similarity index 97% rename from portfwd.go rename to main.go index f606187..7dec1bd 100644 --- a/portfwd.go +++ b/main.go @@ -37,7 +37,7 @@ import ( "golang.org/x/crypto/chacha20poly1305" ) -var Version = "1.1.1" +var Version = "1.1.2" const ( bufSize = 65535 @@ -60,7 +60,7 @@ type UDPConn struct { } type CryptoKeys struct { - public, private []byte + dk *xwing.DecapsulationKey encrypt, decrypt [2]cipher.AEAD } @@ -203,13 +203,11 @@ func smatch(a string, b string, mlen int) bool { return false } -func ternary(b bool, t string, f string) string { - if b { +func ternary[T any](c bool, t, f T) T { + if c { return t - - } else { - return f } + return f } func formatBytes(b float64) string { @@ -466,22 +464,24 @@ func tcpForwarder(fwdr string, targets []string, wgf *sync.WaitGroup, args *Args if srcStun || dstStun { var err error - if cryptoKeys.public, cryptoKeys.private, err = xwing.GenerateKey(); err == nil { + + if cryptoKeys.dk, err = xwing.GenerateKey(); err == nil { hdr := []byte{0x01, 0x00, 0x00} - binary.BigEndian.PutUint16(hdr[1:], uint16(len(cryptoKeys.public))) + binary.BigEndian.PutUint16(hdr[1:], xwing.EncapsulationKeySize) if srcStun { sw := bufio.NewWriter(c) - sw.Write(append(hdr, cryptoKeys.public...)) + sw.Write(append(hdr, cryptoKeys.dk.EncapsulationKey()...)) sw.Flush() todo.Add(1) } if dstStun { dw := bufio.NewWriter(t) - dw.Write(append(hdr, cryptoKeys.public...)) + dw.Write(append(hdr, cryptoKeys.dk.EncapsulationKey()...)) dw.Flush() todo.Add(1) } + } else { log(args, "- TCP: %s (Error: %v)\n", tcpFlowId(c, tcpAddr.String(), srcStun, dstStun), err) return @@ -634,7 +634,7 @@ func forwardTcp(src net.Conn, dst net.Conn, srcStun bool, dstStun bool, cryptoKe } else if pktSeqNum == 1 { todo.Done() - if skey, err := xwing.Decapsulate(cryptoKeys.private, buf[:n]); err == nil { + if skey, err := xwing.Decapsulate(cryptoKeys.dk, buf[:n]); err == nil { var err error if cryptoKeys.decrypt[keyId], err = chacha20poly1305.New(skey); err == nil { src.SetReadDeadline(time.Time{})