mirror of
https://github.com/malcolmseyd/natpunch-go.git
synced 2025-09-26 19:01:15 +08:00
9966b4c613
* integrate noise handshake it works! communication occurs over a secure channel now. ephemeral keys for confidentiality and static keys for authenticity. this means that the server has a public key in order to guarantee authenticity. * remove check for udp packet all packets recieved are UDP, no need to check the socket type is "ip4:udp" * add timestamp to handshakes to prevent replays without a timestamp, the handshake initiation packet can be replayed, discarding the current session keys and triggereing a response. this has terrible dos attack potential. by using an AEAD secured timestamp, a timestamp that is not new will cause the handshake to be discarded * add client-initiated key rotation after a fixed period, the client now initiates a new handshake. communication can only continue if the server responds to the handshake, so keys are rotated on both sides. if the handshake initiation or response packet is dropped, the connection will be broken until the next handshake * add sliding window package i borrowed wireguard-go's anti-replay algorithm implementation (see RFC 6479). i didn't just copy paste, i read through it line by line an littered it with comments, and i did reposition and rename some parts. i'm using this implementation because i couldn't find anything to improve on or optimize. * move go.mod to project root i was having difficulty sharing antireplay between client and server but using one go.mod in the project root did the trick. * integrate sliding window for nonces this migitates replay attacks and prevents attackers from holding packets indefinitely. nice. * update README.md to reflect command usage * slightly better error handling