[sslh] [PATCH] Add SHS (Secret Handshake) protocol
cel at celehner.com
cel at celehner.com
Fri Nov 22 01:26:44 UTC 2019
Hi,
Here is a patch to add support for Secret Handshake (SHS) to sslh.
SHS is a protocol for authenticated key exchange, used by the Secure Scuttlebutt (SSB) network.
The handshake begins with the client and server exchanging 64 bytes of high-entropy
data. Subsequent data from the client depends on the server's first response.
More info:
- https://ssbc.github.io/scuttlebutt-protocol-guide/#handshake
- https://dominictarr.github.io/secret-handshake-paper/shs.pdf
- https://en.wikipedia.org/wiki/Secure_Scuttlebutt
Regards,
Charles Lehner
---
From 16353f3002bfa9cf4454bb93a872e9903a303349 Mon Sep 17 00:00:00 2001
From: cel <cel at f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>
Date: Sat, 12 Oct 2019 13:26:08 -0400
Subject: [PATCH] Add SHS (Secret Handshake) protocol
---
probe.c | 10 ++++++++++
sslhconf.cfg | 10 ++++++++++
2 files changed, 20 insertions(+)
diff --git a/probe.c b/probe.c
index ed54426..c4b21e9 100644
--- a/probe.c
+++ b/probe.c
@@ -41,6 +41,7 @@ static int is_http_protocol(const char *p, int len, struct sslhcfg_protocols_ite
static int is_tls_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
static int is_adb_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
static int is_socks5_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
+static int is_shs_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
static int is_true(const char *p, int len, struct sslhcfg_protocols_item* proto) { return 1; }
/* Table of protocols that have a built-in probe
@@ -56,6 +57,7 @@ static struct protocol_probe_desc builtins[] = {
{ "ssl", is_tls_protocol },
{ "adb", is_adb_protocol },
{ "socks5", is_socks5_protocol },
+ { "shs", is_shs_protocol },
{ "anyprot", is_true }
};
@@ -310,6 +312,14 @@ static int is_socks5_protocol(const char *p_in, int len, struct sslhcfg_protocol
return PROBE_MATCH;
}
+static int is_shs_protocol(const char *p_in, int len, struct sslhcfg_protocols_item* proto)
+{
+ if (len < 64)
+ return PROBE_AGAIN;
+
+ return len == 64;
+}
+
static int regex_probe(const char *p, int len, struct sslhcfg_protocols_item* proto)
{
#ifdef ENABLE_REGEX
diff --git a/sslhconf.cfg b/sslhconf.cfg
index a30abc7..364446a 100644
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@@ -198,5 +198,15 @@ cl_groups: (
{ path: "host"; value: "$1" },
{ path: "port"; value: "$2" }
);
+ },
+ { name: "shs"; pattern: "(.+):(\w+)"; description: "Set up SHS (Secret Handshake) target";
+ list: "protocols";
+ override: "name";
+ argdesc: "<host:port>";
+ targets: (
+ { path: "name"; value: "shs" },
+ { path: "host"; value: "$1" },
+ { path: "port"; value: "$2" }
+ );
}
)
--
2.17.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20191121/72c1870a/attachment.sig>
More information about the sslh
mailing list