Merge branch 'release/0.8.0'

.github/workflows/ci.yml

@@ -3,6 +3,32 @@ name: CI
 on: [push, pull_request]
 
 jobs:
+  build_multi_platform:
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v2
+        with:
+          go-version: ^1.15
+      - name: Build for multi-platform
+        run: |
+          set -xeu
+          DIST=dist
+          mkdir $DIST
+          # (from: https://www.digitalocean.com/community/tutorials/how-to-build-go-executables-for-multiple-platforms-on-ubuntu-16-04)
+          platforms=("linux/amd64" "darwin/amd64" "windows/amd64" "linux/arm")
+          for platform in "${platforms[@]}"
+          do
+              platform_split=(${platform//\// })
+              export GOOS=${platform_split[0]}
+              export GOARCH=${platform_split[1]}
+              [ $GOOS = "windows" ] && EXTENSION='.exe' || EXTENSION=''
+              BUILD_PATH=piping-tunnel-$GOOS-$GOARCH
+              mkdir $BUILD_PATH
+              # Build
+              CGO_ENABLED=0 go build -o "${BUILD_PATH}/piping-tunnel${EXTENSION}" main/main.go
+          done
   operational_test:
     runs-on: ubuntu-18.04
     steps:
@@ -40,24 +66,56 @@ jobs:
       uses: actions/setup-go@v2
       with:
         go-version: ^1.15
-    - run: go build -o piping-tunnel main/main.go
+    - run: CGO_ENABLED=0 go build -o piping-tunnel main/main.go
+
+    # Normal tunnel
     - run: ./piping-tunnel -s http://localhost:8080 server -p 2022 aaa bbb &
     - run: ./piping-tunnel -s http://localhost:8080 client -p 3322 aaa bbb &
     # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
     - run: ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
 
+    # Encrypt with AES-CTR
+    - run: ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa bbb &
+    - run: ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa bbb &
+    # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
+    - run: ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
+
+    # Multiplexing
     - name: Run server-host with yamux
-      run: ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux aaa-yamux bbb-yamux &
+      run: ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux aaa-yamux bbb-yamux & echo $! > pid1
     - name: Run client-host with yamux
-      run: ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux aaa-yamux bbb-yamux &
+      run: ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux aaa-yamux bbb-yamux & echo $! > pid2
     # Check whether ssh multiple times
     # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
     - run: ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost hostname
     - run: ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost ls -l /
+    - run: kill $(cat pid1) && kill $(cat pid2)
 
+    # Multiplexing (encrypt with AES-CTR)
+    - name: Run server-host with yamux (encrypt with AES-CTR)
+      run: ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-yamux bbb-yamux & echo $! > pid1
+    - name: Run client-host with yamux (encrypt with AES-CTR)
+      run: ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-yamux bbb-yamux & echo $! > pid2
+      # Check whether ssh multiple times
+      # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
+    - run: ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost hostname
+    - run: ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost ls -l /
+    - run: kill $(cat pid1) && kill $(cat pid2)
+
+    # SOCKS
     - name: Run socks with yamux
-      run: ./piping-tunnel -s http://localhost:8080 socks --yamux aaa-socks bbb-socks &
+      run: ./piping-tunnel -s http://localhost:8080 socks --yamux aaa-socks bbb-socks & echo $! > pid1
     - name: Run client-host with yamux
-      run: ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux aaa-socks bbb-socks &
+      run: ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux aaa-socks bbb-socks & echo $! > pid2
+    # NOTE: Depends on external resource: example.com
+    - run: curl -x socks5h://localhost:1081 https://example.com
+    - run: kill $(cat pid1) && kill $(cat pid2)
+
+    # SOCKS (encrypt with AES-CTR)
+    - name: Run socks with yamux (encrypt with AES-CTR)
+      run: ./piping-tunnel -s http://localhost:8080 socks --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-socks bbb-socks & echo $! > pid1
+    - name: Run client-host with yamux (encrypt with AES-CTR)
+      run: ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux --symmetric --cipher-type=aes-ctr --passphrase=mypass aaa-socks bbb-socks & echo $! > pid2
     # NOTE: Depends on external resource: example.com
     - run: curl -x socks5h://localhost:1081 https://example.com
+    - run: kill $(cat pid1) && kill $(cat pid2)

CHANGELOG.md

@@ -5,6 +5,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 
 ## [Unreleased]
 
+## [0.8.0] - 2021-01-01
+### Added
+* Add -c flag to symmetrically
+* Add a feature of encrypting with OpenPGP 
+* Add a feature of encrypting with AES-CTR
+* Add --cipher-type flag
+
 ## [0.7.0] - 2020-12-26
 ### Changed
 * Add examples to help
@@ -69,7 +76,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 ### Added
 * Initial release
 
-[Unreleased]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.7.0...HEAD
+[Unreleased]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.8.0...HEAD
+[0.8.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.6.0...v0.7.0
 [0.6.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.5.0...v0.6.0
 [0.5.0]: https://github.com/nwtgck/go-piping-tunnel/compare/v0.4.2...v0.5.0

README.md

@@ -1,5 +1,5 @@
 # piping-tunnel
-![CI](https://github.com/nwtgck/go-piping-tunnel/workflows/CI/badge.svg) [![CircleCI](https://circleci.com/gh/nwtgck/go-piping-tunnel.svg?style=shield)](https://app.circleci.com/pipelines/github/nwtgck/go-piping-tunnel)
+![CI](https://github.com/nwtgck/go-piping-tunnel/workflows/CI/badge.svg)  
 
 Tunneling over HTTP with [Piping Server](https://github.com/nwtgck/piping-server) 
 

cmd/client.go

@@ -8,7 +8,6 @@ import (
 	"github.com/nwtgck/go-piping-tunnel/util"
 	"github.com/spf13/cobra"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@@ -18,18 +17,30 @@ import (
 var clientHostPort int
 var clientServerToClientBufSize uint
 var clientYamux bool
+var clientSymmetricallyEncrypts bool
+var clientSymmetricallyEncryptPassphrase string
+var clientCipherType string
 
 func init() {
 	RootCmd.AddCommand(clientCmd)
 	clientCmd.Flags().IntVarP(&clientHostPort, "port", "p", 0, "TCP port of client host")
 	clientCmd.Flags().UintVarP(&clientServerToClientBufSize, "s-to-c-buf-size", "", 16, "Buffer size of server-to-client in bytes")
-	clientCmd.Flags().BoolVarP(&clientYamux, "yamux", "", false, "Multiplex connection by hashicorp/yamux")
+	clientCmd.Flags().BoolVarP(&clientYamux, yamuxFlagLongName, "", false, "Multiplex connection by hashicorp/yamux")
+	clientCmd.Flags().BoolVarP(&clientSymmetricallyEncrypts, symmetricallyEncryptsFlagLongName, symmetricallyEncryptsFlagShortName, false, "Encrypt symmetrically")
+	clientCmd.Flags().StringVarP(&clientSymmetricallyEncryptPassphrase, symmetricallyEncryptPassphraseFlagLongName, "", "", "Passphrase for encryption")
+	clientCmd.Flags().StringVarP(&clientCipherType, cipherTypeFlagLongName, "", defaultCipherType, fmt.Sprintf("Cipher type: %s, %s", cipherTypeAesCtr, cipherTypeOpenpgp))
 }
 
 var clientCmd = &cobra.Command{
 	Use:   "client",
 	Short: "Run client-host",
 	RunE: func(cmd *cobra.Command, args []string) error {
+		// Validate cipher-type
+		if clientSymmetricallyEncrypts {
+			if err := validateClientCipher(clientCipherType); err != nil {
+				return nil
+			}
+		}
 		clientToServerPath, serverToClientPath, err := generatePaths(args)
 		if err != nil {
 			return err
@@ -57,7 +68,13 @@ var clientCmd = &cobra.Command{
 		}
 		// Print hint
 		printHintForServerHost(ln, clientToServerUrl, serverToClientUrl, clientToServerPath, serverToClientPath)
-
+		// Make user input passphrase if it is empty
+		if clientSymmetricallyEncrypts {
+			err = makeUserInputPassphraseIfEmpty(&clientSymmetricallyEncryptPassphrase)
+			if err != nil {
+				return err
+			}
+		}
 		// Use multiplexer with yamux
 		if clientYamux {
 			fmt.Println("[INFO] Multiplexing with hashicorp/yamux")
@@ -70,9 +87,30 @@ var clientCmd = &cobra.Command{
 		fmt.Println("[INFO] accepted")
 		// Refuse another new connection
 		ln.Close()
+		// If encryption is enabled
+		if clientSymmetricallyEncrypts {
+			duplex, err := makeDuplexWithEncryptionAndProgressIfNeed(httpClient, headers, clientToServerUrl, serverToClientUrl, clientSymmetricallyEncrypts, clientSymmetricallyEncryptPassphrase, clientCipherType)
+			if err != nil {
+				return err
+			}
+			fin := make(chan error)
+			go func() {
+				// TODO: hard code
+				var buf = make([]byte, 16)
+				_, err := io.CopyBuffer(duplex, conn, buf)
+				fin <- err
+			}()
+			go func() {
+				// TODO: hard code
+				var buf = make([]byte, 16)
+				_, err := io.CopyBuffer(conn, duplex, buf)
+				fin <- err
+			}()
+			return util.CombineErrors(<-fin, <-fin)
+		}
 		var progress *io_progress.IOProgress = nil
 		if showProgress {
-			progress = io_progress.NewIOProgress(conn, ioutil.Discard, os.Stderr, makeProgressMessage)
+			progress = io_progress.NewIOProgress(conn, conn, os.Stderr, makeProgressMessage)
 		}
 		var reader io.Reader = conn
 		if progress != nil {
@@ -103,7 +141,7 @@ var clientCmd = &cobra.Command{
 		}
 		var writer io.Writer = conn
 		if progress != nil {
-			writer = io.MultiWriter(conn, progress)
+			writer = progress
 		}
 		var buf = make([]byte, clientServerToClientBufSize)
 		_, err = io.CopyBuffer(writer, res.Body, buf)
@@ -131,8 +169,14 @@ func printHintForServerHost(ln net.Listener, clientToServerUrl string, serverToC
 	}
 	fmt.Println("[INFO] Hint: Server host (piping-tunnel)")
 	flags := ""
+	if clientSymmetricallyEncrypts {
+		flags += fmt.Sprintf("-%s ", symmetricallyEncryptsFlagShortName)
+		if clientCipherType != defaultCipherType {
+			flags += fmt.Sprintf("--%s=%s ", cipherTypeFlagLongName, clientCipherType)
+		}
+	}
 	if clientYamux {
-		flags += "--yamux "
+		flags += fmt.Sprintf("--%s ", yamuxFlagLongName)
 	}
 	fmt.Printf(
 		"  piping-tunnel -s %s server -p <YOUR PORT> %s%s %s\n",
@@ -141,18 +185,22 @@ func printHintForServerHost(ln net.Listener, clientToServerUrl string, serverToC
 		clientToServerPath,
 		serverToClientPath,
 	)
+	fmt.Println("    OR")
+	fmt.Printf(
+		"  piping-tunnel -s %s socks %s%s %s\n",
+		serverUrl,
+		flags,
+		clientToServerPath,
+		serverToClientPath,
+	)
 }
 
 func clientHandleWithYamux(ln net.Listener, httpClient *http.Client, headers []piping_tunnel_util.KeyValue, clientToServerUrl string, serverToClientUrl string) error {
-	duplex, err := piping_tunnel_util.NewPipingDuplex(httpClient, headers, clientToServerUrl, serverToClientUrl)
+	duplex, err := makeDuplexWithEncryptionAndProgressIfNeed(httpClient, headers, clientToServerUrl, serverToClientUrl, clientSymmetricallyEncrypts, clientSymmetricallyEncryptPassphrase, clientCipherType)
 	if err != nil {
 		return err
 	}
-	var readWriteCloser io.ReadWriteCloser = duplex
-	if showProgress {
-		readWriteCloser = io_progress.NewIOProgress(duplex, duplex, os.Stderr, makeProgressMessage)
-	}
-	yamuxSession, err := yamux.Client(readWriteCloser, nil)
+	yamuxSession, err := yamux.Client(duplex, nil)
 	if err != nil {
 		return err
 	}
@@ -166,15 +214,25 @@ func clientHandleWithYamux(ln net.Listener, httpClient *http.Client, headers []p
 		if err != nil {
 			return err
 		}
+		fin := make(chan struct{})
 		go func() {
 			// TODO: hard code
 			var buf = make([]byte, 16)
 			io.CopyBuffer(yamuxStream, conn, buf)
+			fin <- struct{}{}
 		}()
 		go func() {
 			// TODO: hard code
 			var buf = make([]byte, 16)
 			io.CopyBuffer(conn, yamuxStream, buf)
+			fin <- struct{}{}
+		}()
+		go func() {
+			<-fin
+			<-fin
+			close(fin)
+			conn.Close()
+			yamuxStream.Close()
 		}()
 	}
 }