Commit 5bcbb0f8 authored by bernd's avatar bernd

Removed first port knocking attempt

parent 0eca397b
......@@ -56,7 +56,6 @@ $20 net2o: tmpnest ( $:string -- ) \ nested (temporary encrypted) command
ELSE ." don't store key: o=" o hex. .nnb F cr THEN ;
+net2o: map-request ( addrs ucode udata -- ) \ request mapping
knocked? 0= IF 64drop 64drop 64drop un-cmd EXIT THEN
2*64>n
nest[
?new-mykey ticker 64@ lit, set-cookie
......@@ -136,18 +135,16 @@ net2o-base
update-key all-ivs ;
+net2o: gen-reply ( -- ) \ generate a key request reply reply
own-crypt? knocked? or 0= ?EXIT
own-crypt? 0= ?EXIT
[: crypt( ." Reply key: " tmpkey@ .nnb F cr )
reply-key, cookie+request time-offset! context ]tmpnest
push-cmd ;] IS expect-reply? ;
+net2o: gen-punch-reply ( -- ) o? \ generate a key request reply reply
knocked? 0= ?EXIT
[: crypt( ." Reply key: " tmpkey@ .nnb F cr )
reply-key, gen-punchload gen-punch time-offset! context ]tmpnest
push-cmd ;] IS expect-reply? ;
\ !!TODO!! knock should use special default key
+net2o: knock ( $:challenge -- ) $> net2o:knock knock-val and validated or! ;
+net2o: knock ( $:challenge -- ) $> tmp-0key sec! ;
gen-table $freeze
......
......@@ -350,14 +350,6 @@ Defer search-key \ search if that is one of our pubkeys
THEN
2drop ;
\ port knocking
Variable knocks
: net2o:knock ( addr u -- flag )
0 -rot knocks [: 2over 2swap decrypt$ nip nip -rot 2>r or 2r>
;] $[]map 2drop ;
0 [IF]
Local Variables:
forth-local-words:
......
......@@ -2246,21 +2246,18 @@ $02 Constant own-crypt-val
$04 Constant login-val
$08 Constant cookie-val
$10 Constant tmp-crypt-val
$20 Constant knock-val
: crypt? ( -- flag ) validated @ crypt-val and ;
: own-crypt? ( -- flag ) validated @ own-crypt-val and ;
: login? ( -- flag ) validated @ login-val and ;
: cookie? ( -- flag ) validated @ cookie-val and ;
: tmp-crypt? ( -- flag ) validated @ tmp-crypt-val and ;
: knocked? ( -- flag ) validated @ knock-val and ;
: handle-cmd0 ( -- ) \ handle packet to address 0
cmd0( .time ." handle cmd0 " sockaddr alen @ .address cr )
0 >o rdrop \ address 0 has no job context!
0 inbuf-decrypt 0= IF
." invalid packet to 0" drop cr EXIT THEN
knocks $@len 0= knock-val and validated ! \ packets to address 0 are not really validated
inbuf packet-data queue-command ;
: handle-data ( addr -- ) parent @ >o
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment