[sslh] [PATCH] Add SHS (Secret Handshake) protocol

cel at celehner.com cel at celehner.com
Fri Nov 22 01:26:44 UTC 2019 

Hi,

Here is a patch to add support for Secret Handshake (SHS) to sslh.

SHS is a protocol for authenticated key exchange, used by the Secure Scuttlebutt (SSB) network.

The handshake begins with the client and server exchanging 64 bytes of high-entropy
data. Subsequent data from the client depends on the server's first response.

More info:
- https://ssbc.github.io/scuttlebutt-protocol-guide/#handshake
- https://dominictarr.github.io/secret-handshake-paper/shs.pdf
- https://en.wikipedia.org/wiki/Secure_Scuttlebutt

Regards,
Charles Lehner

---
From 16353f3002bfa9cf4454bb93a872e9903a303349 Mon Sep 17 00:00:00 2001
From: cel <cel at f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>
Date: Sat, 12 Oct 2019 13:26:08 -0400
Subject: [PATCH] Add SHS (Secret Handshake) protocol

---
 probe.c      | 10 ++++++++++
 sslhconf.cfg | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/probe.c b/probe.c
index ed54426..c4b21e9 100644
--- a/probe.c
+++ b/probe.c
@@ -41,6 +41,7 @@ static int is_http_protocol(const char *p, int len, struct sslhcfg_protocols_ite
 static int is_tls_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
 static int is_adb_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
 static int is_socks5_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
+static int is_shs_protocol(const char *p, int len, struct sslhcfg_protocols_item*);
 static int is_true(const char *p, int len, struct sslhcfg_protocols_item* proto) { return 1; }
 
 /* Table of protocols that have a built-in probe
@@ -56,6 +57,7 @@ static struct protocol_probe_desc builtins[] = {
     { "ssl",        is_tls_protocol },
     { "adb",        is_adb_protocol },
     { "socks5",     is_socks5_protocol },
+    { "shs",        is_shs_protocol },
     { "anyprot",    is_true }
 };
 
@@ -310,6 +312,14 @@ static int is_socks5_protocol(const char *p_in, int len, struct sslhcfg_protocol
     return PROBE_MATCH;
 }
 
+static int is_shs_protocol(const char *p_in, int len, struct sslhcfg_protocols_item* proto)
+{
+    if (len < 64)
+        return PROBE_AGAIN;
+
+    return len == 64;
+}
+
 static int regex_probe(const char *p, int len, struct sslhcfg_protocols_item* proto)
 {
 #ifdef ENABLE_REGEX
diff --git a/sslhconf.cfg b/sslhconf.cfg
index a30abc7..364446a 100644
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@@ -198,5 +198,15 @@ cl_groups: (
         { path: "host"; value: "$1" },
         { path: "port"; value: "$2" }
         );
+    },
+    { name: "shs"; pattern: "(.+):(\w+)"; description: "Set up SHS (Secret Handshake) target";
+        list: "protocols";
+        override: "name";
+        argdesc: "<host:port>";
+        targets: (
+        { path: "name"; value: "shs" },
+        { path: "host"; value: "$1" },
+        { path: "port"; value: "$2" }
+        );
     }
 )
-- 
2.17.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20191121/72c1870a/attachment.sig>

More information about the sslh mailing list