mirrors_public/schollz_croc
0
0
Fork 0
mirror of https://github.com/schollz/croc.git synced 2025-10-11 13:21:00 +02:00
Code Activity

Merge pull request #699 from schollz/issue596

Browse source 
fix: use more secure shared secret as room name
This commit is contained in:
Zack 2024-05-20 09:53:17 -07:00 committed by GitHub
commit 0f1ca436cd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/croc/croc.go
View file

@ -3,7 +3,9 @@ package croc
import ( import (
"bytes" "bytes"
"crypto/rand" "crypto/rand"
"crypto/sha256"
"encoding/binary" "encoding/binary"
"encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
@ -57,6 +59,7 @@ func Debug(debug bool) {
type Options struct { type Options struct {
IsSender bool IsSender bool
SharedSecret string SharedSecret string
RoomName string
Debug bool Debug bool
RelayAddress string RelayAddress string
RelayAddress6 string RelayAddress6 string
@ -188,6 +191,12 @@ func New(ops Options) (c *Client, err error) {
err = fmt.Errorf("code is too short") err = fmt.Errorf("code is too short")
return return
} }
// Create a hash of part of the shared secret to use as the room name
// add the current day and "croc" to the shared secret to make more resistant
// to rainbow tables
hashExtra := "croc" + time.Now().Format("2006-01-02")
roomNameBytes := sha256.Sum256([]byte(c.Options.SharedSecret[:4] + hashExtra))
c.Options.RoomName = hex.EncodeToString(roomNameBytes[:])
c.conn = make([]*comm.Comm, 16) c.conn = make([]*comm.Comm, 16)
@ -582,7 +591,7 @@ func (c *Client) transferOverLocalRelay(errchan chan<- error) {
time.Sleep(500 * time.Millisecond) time.Sleep(500 * time.Millisecond)
log.Debug("establishing connection") log.Debug("establishing connection")
var banner string var banner string
conn, banner, ipaddr, err := tcp.ConnectToTCPServer("127.0.0.1:"+c.Options.RelayPorts[0], c.Options.RelayPassword, c.Options.SharedSecret[:3]) conn, banner, ipaddr, err := tcp.ConnectToTCPServer("127.0.0.1:"+c.Options.RelayPorts[0], c.Options.RelayPassword, c.Options.RoomName)
log.Debugf("banner: %s", banner) log.Debugf("banner: %s", banner)
if err != nil { if err != nil {
err = fmt.Errorf("could not connect to 127.0.0.1:%s: %w", c.Options.RelayPorts[0], err) err = fmt.Errorf("could not connect to 127.0.0.1:%s: %w", c.Options.RelayPorts[0], err)
@ -670,7 +679,7 @@ func (c *Client) Send(filesInfo []FileInfo, emptyFoldersToTransfer []FileInfo, t
log.Debugf("got host '%v' and port '%v'", host, port) log.Debugf("got host '%v' and port '%v'", host, port)
address = net.JoinHostPort(host, port) address = net.JoinHostPort(host, port)
log.Debugf("trying connection to %s", address) log.Debugf("trying connection to %s", address)
conn, banner, ipaddr, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.SharedSecret[:3], durations[i]) conn, banner, ipaddr, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.RoomName, durations[i])
if err == nil { if err == nil {
c.Options.RelayAddress = address c.Options.RelayAddress = address
break break
@ -867,7 +876,7 @@ func (c *Client) Receive() (err error) {
log.Debugf("got host '%v' and port '%v'", host, port) log.Debugf("got host '%v' and port '%v'", host, port)
address = net.JoinHostPort(host, port) address = net.JoinHostPort(host, port)
log.Debugf("trying connection to %s", address) log.Debugf("trying connection to %s", address)
c.conn[0], banner, c.ExternalIP, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.SharedSecret[:3], durations[i]) c.conn[0], banner, c.ExternalIP, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.RoomName, durations[i])
if err == nil { if err == nil {
c.Options.RelayAddress = address c.Options.RelayAddress = address
break break
@ -925,7 +934,7 @@ func (c *Client) Receive() (err error) {
} }
serverTry := net.JoinHostPort(ip, port) serverTry := net.JoinHostPort(ip, port)
conn, banner2, externalIP, errConn := tcp.ConnectToTCPServer(serverTry, c.Options.RelayPassword, c.Options.SharedSecret[:3], 500*time.Millisecond) conn, banner2, externalIP, errConn := tcp.ConnectToTCPServer(serverTry, c.Options.RelayPassword, c.Options.RoomName, 500*time.Millisecond)
if errConn != nil { if errConn != nil {
log.Debug(errConn) log.Debug(errConn)
log.Debugf("could not connect to " + serverTry) log.Debugf("could not connect to " + serverTry)
@ -1291,7 +1300,7 @@ func (c *Client) processMessagePake(m message.Message) (err error) {
c.conn[j+1], _, _, err = tcp.ConnectToTCPServer( c.conn[j+1], _, _, err = tcp.ConnectToTCPServer(
server, server,
c.Options.RelayPassword, c.Options.RelayPassword,
fmt.Sprintf("%s-%d", utils.SHA256(c.Options.SharedSecret[:5])[:6], j), fmt.Sprintf("%s-%d", c.Options.RoomName, j),
) )
if err != nil { if err != nil {
panic(err) panic(err)

2
src/tcp/tcp.go
View file

@ -516,7 +516,7 @@ func ConnectToTCPServer(address, password, room string, timelimit ...time.Durati
} }
banner = strings.Split(string(data), "|||")[0] banner = strings.Split(string(data), "|||")[0]
ipaddr = strings.Split(string(data), "|||")[1] ipaddr = strings.Split(string(data), "|||")[1]
log.Debug("sending room") log.Debugf("sending room; %s", room)
bSend, err = crypt.Encrypt([]byte(room), strongKeyForEncryption) bSend, err = crypt.Encrypt([]byte(room), strongKeyForEncryption)
if err != nil { if err != nil {
log.Debug(err) log.Debug(err)