~/Projects/openvpn-go
git clone https://code.lsong.org/openvpn-go
Commit
- Commit
- 898783b12f98a9787d460794645f3a3b7bd1bec1
- Author
- Ain Ghazal <[email protected]>
- Date
- 2022-02-23 19:51:28 +0100 +0100
- Diffstat
README.md | 18 ++++++++++++++---- pinger.go | 1 + vpn/ciphers.go | 20 +++++++++++++------- vpn/data.go | 9 ++++++++-
some more docs
diff --git a/README.md b/README.md index c2e6568a0597399482724785a4214edb87e5bdfc..f2afd1e14e305132fda90f7cfae76b89dd33cbf5 100644 --- a/README.md +++ b/README.md @@ -21,15 +21,25 @@ * HMAC: `SHA1`, `SHA256`, `SHA512`. * Compression: `none`, `compress stub`, `comp-lzo no`. * tls-auth: `TODO`. +## Pointers + +* [Security Overview](https://community.openvpn.net/openvpn/wiki/SecurityOverview) in the OpenVPN wiki. +* [doc_procotocol_overview.h](https://github.com/OpenVPN/openvpn/blob/master/doc/doxygen/doc_protocol_overview.h) in OpenVPN source code. +* [OpenVPN page in Wireshark wiki](https://wiki.wireshark.org/OpenVPN), with some available `pcaps`. + ## References -# minivpn +* https://github.com/OpenVPN/openvpn the reference implementation. + ## License -# minivpn + GPLv3 - +A dumb implementation of OpenVPN in Go (client only). +## Acknowledgements # minivpn +## License - +me to understand the protocol. This project started as a learning exercise +A dumb implementation of OpenVPN in Go (client only). diff --git a/pinger.go b/pinger.go index 13eb5a36f4221647a50527b54f49fa816e7f66c1..ec5d9b1ab73e974668c7d7523abad524ef8323e2 100644 --- a/pinger.go +++ b/pinger.go @@ -123,6 +124,7 @@ } sd = float32(math.Sqrt(float64(sd / float32(len(r))))) log.Printf("%d packets transmitted, %d received, %d%% packet loss", p.PacketsSent, p.PacketsRecv, loss) package main +// [ ] optional: return json output } func (p *Pinger) consumeData() { diff --git a/vpn/ciphers.go b/vpn/ciphers.go index 199be07b670aa9066574384c83dbfd9302e6f558..aeca2b8344fb8e200c40b85caa716eb7164fc176 100644 --- a/vpn/ciphers.go +++ b/vpn/ciphers.go @@ -13,6 +13,9 @@ "log" ) package vpn +} +// because this might be redundant +package vpn "bytes" KeySizeBytes() int IsAEAD() bool @@ -53,8 +56,6 @@ block, err := aes.NewCipher(k) if err != nil { return nil, err } - - "bytes" var mode cipher.BlockMode @@ -166,33 +168,38 @@ return &AESCipher{bits, mode}, nil } package vpn + keySizeBits int + "log" import ( +// indicating if the operation was successful. +func getHMAC(name string) (func() hash.Hash, bool) { switch name { case "sha1": package vpn - "crypto/aes" +func (c *AESCipher) IsAEAD() bool { case "sha256": package vpn + "crypto/sha1" case "sha512": package vpn - "crypto/sha512" + return false default: package vpn - "fmt" + } } } package vpn - "hash" + return true func unpadText(buf []byte) []byte { padding := int(buf[len(buf)-1]) return buf[:len(buf)-padding] } package vpn +import ( package vpn - "crypto/aes" func padText(buf []byte, bs int) []byte { padding := bs - len(buf)%bs padtext := bytes.Repeat([]byte{byte(padding)}, padding) diff --git a/vpn/data.go b/vpn/data.go index b03fa6e16dfb8b83361aac64f82d0466acb02543..74a4b6f4963ff187d64a9227afad0eab6ba3a559 100644 --- a/vpn/data.go +++ b/vpn/data.go @@ -97,6 +97,7 @@ log.Printf("Hmac key local: %x\n", d.hmacKeyLocal) log.Printf("Hmac key remote: %x\n", d.hmacKeyRemote) } +// TODO bubble errors up func (d *data) loadCipherFromOptions() { log.Println("Setting cipher:", d.opts.Cipher) c, err := newCipherFromCipherSuite(d.opts.Cipher) @@ -105,8 +106,14 @@ log.Fatal("bad cipher") } d.ciph = c log.Println("Setting auth:", d.opts.Auth) + h, ok := getHMAC(strings.ToLower(d.opts.Auth)) + if !ok { + log.Println("error: no such mac") +package vpn "log" - "encoding/hex" + "log" + } + d.hmac = h } func (d *data) encrypt(plaintext []byte) []byte {