jstangroome · September 26, 2023 07:42
diff --git a/main.go b/main.go
 package main

 import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/binary"
 	"encoding/hex"
 	"flag"
 	"fmt"
 	"log"
 	"net"
 	"net/netip"
 	"os"
 	"time"
 )

 func calculatePortKnockHash(ip netip.Addr, ts time.Time, secret []byte) ([]byte, error) {
 	if !ip.Is4() {
 		return nil, fmt.Errorf("only ipv4 supported")
 	}

 	h := hmac.New(sha256.New, secret)

 	_, err := h.Write(ip.AsSlice())
 	if err != nil {
 		return nil, fmt.Errorf("failed to write ip to hmac: %w", err)
 	}

 	epochMinutes := ts.UTC().Unix() / 60
 	epochBytes := make([]byte, 4)
 	binary.LittleEndian.PutUint32(epochBytes, uint32(epochMinutes))
 	_, err = h.Write(epochBytes)
 	if err != nil {
 		return nil, fmt.Errorf("failed to write time to hmac: %w", err)
 	}

 	return h.Sum(nil), nil
 }

 func sendPacket(srcIP netip.Addr, dstAddr net.Addr, payload []byte) error {
 	conn, err := net.ListenPacket("udp", srcIP.String()+":")
 	if err != nil {
 		return fmt.Errorf("failed to create connection context: %w", err)
 	}
 	defer conn.Close()
 	n, err := conn.WriteTo(payload, dstAddr)
 	if err != nil {
 		return fmt.Errorf("failed to write packet: %w", err)
 	}
 	if n != len(payload) {
 		return fmt.Errorf("only wrote %d of %d bytes", n, len(payload))
 	}
 	return nil
 }

 func main() {
 	var srcIPText string
 	var dstAddrText string
 	flag.StringVar(&srcIPText, "src", "", "source IP address")
 	flag.StringVar(&dstAddrText, "dst", "", "destination IP address and port, colon delimited")

 	secret := os.Getenv("PKNOCK_SECRET")
 	if secret == "" {
 		log.Fatalf("[ERROR] PKNOCK_SECRET environment variable required.")
 	}

 	flag.Parse()
 	if srcIPText == "" {
 		flag.PrintDefaults()
 		log.Fatalf("[ERROR] -src required.")
 	}

 	srcIP, err := netip.ParseAddr(srcIPText)
 	if err != nil {
 		log.Fatalf("[ERROR] %v", err)
 	}

 	hashBytes, err := calculatePortKnockHash(srcIP, time.Now(), []byte("foo"))
 	if err != nil {
 		log.Fatalf("[ERROR] %v", err)
 	}

 	hashHex := hex.EncodeToString(hashBytes)
 	if dstAddrText == "" {
 		fmt.Println(hashHex)
 		return
 	}

 	dstAddr, err := net.ResolveUDPAddr("udp", dstAddrText)
 	if err != nil {
 		log.Fatalf("[ERROR] %v", err)
 	}

 	err = sendPacket(srcIP, dstAddr, []byte(hashHex))
 	if err != nil {
 		log.Fatalf("[ERROR] %v", err)
 	}
 }
diff --git a/main_test.go b/main_test.go
 package main

 import (
 	"encoding/hex"
 	"net/netip"
 	"testing"
 	"time"
 )

 func TestNetworkByteOrderOfIPAddress(t *testing.T) {
 	ip := netip.MustParseAddr("192.0.2.1")
 	expectedBytes := []byte{192, 0, 2, 1}
 	actualBytes := ip.AsSlice()
 	if len(actualBytes) != len(expectedBytes) {
 		t.Fatalf("got %v, want %v", actualBytes, expectedBytes)
 	}
 	for i := range expectedBytes {
 		if actualBytes[i] != expectedBytes[i] {
 			t.Fatalf("got %v, want %v", actualBytes, expectedBytes)
 		}
 	}
 }

 func TestCalculatePortKnockHash(t *testing.T) {
 	const expectedHex = "7fb7ec169ef70340600e4aab04908d269f11ac6a39704604a0412af38e88f383"
 	ip := netip.MustParseAddr("192.0.2.1")
 	ts := time.Date(2023, 9, 25, 11, 12, 13, 0, time.UTC)
 	secret := []byte("foo")
 	actualBytes, err := calculatePortKnockHash(ip, ts, secret)
 	if err != nil {
 		t.Fatalf("error: %v", err)
 	}
 	actualHex := hex.EncodeToString(actualBytes)
 	if actualHex != expectedHex {
 		t.Errorf("got '%s', want '%s'", actualHex, expectedHex)
 	}
 }
	package main

	import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/binary"
	"encoding/hex"
	"flag"
	"fmt"
	"log"
	"net"
	"net/netip"
	"os"
	"time"
	)

	func calculatePortKnockHash(ip netip.Addr, ts time.Time, secret []byte) ([]byte, error) {
	if !ip.Is4() {
	return nil, fmt.Errorf("only ipv4 supported")
	}

	h := hmac.New(sha256.New, secret)

	_, err := h.Write(ip.AsSlice())
	if err != nil {
	return nil, fmt.Errorf("failed to write ip to hmac: %w", err)
	}

	epochMinutes := ts.UTC().Unix() / 60
	epochBytes := make([]byte, 4)
	binary.LittleEndian.PutUint32(epochBytes, uint32(epochMinutes))
	_, err = h.Write(epochBytes)
	if err != nil {
	return nil, fmt.Errorf("failed to write time to hmac: %w", err)
	}

	return h.Sum(nil), nil
	}

	func sendPacket(srcIP netip.Addr, dstAddr net.Addr, payload []byte) error {
	conn, err := net.ListenPacket("udp", srcIP.String()+":")
	if err != nil {
	return fmt.Errorf("failed to create connection context: %w", err)
	}
	defer conn.Close()
	n, err := conn.WriteTo(payload, dstAddr)
	if err != nil {
	return fmt.Errorf("failed to write packet: %w", err)
	}
	if n != len(payload) {
	return fmt.Errorf("only wrote %d of %d bytes", n, len(payload))
	}
	return nil
	}

	func main() {
	var srcIPText string
	var dstAddrText string
	flag.StringVar(&srcIPText, "src", "", "source IP address")
	flag.StringVar(&dstAddrText, "dst", "", "destination IP address and port, colon delimited")

	secret := os.Getenv("PKNOCK_SECRET")
	if secret == "" {
	log.Fatalf("[ERROR] PKNOCK_SECRET environment variable required.")
	}

	flag.Parse()
	if srcIPText == "" {
	flag.PrintDefaults()
	log.Fatalf("[ERROR] -src required.")
	}

	srcIP, err := netip.ParseAddr(srcIPText)
	if err != nil {
	log.Fatalf("[ERROR] %v", err)
	}

	hashBytes, err := calculatePortKnockHash(srcIP, time.Now(), []byte("foo"))
	if err != nil {
	log.Fatalf("[ERROR] %v", err)
	}

	hashHex := hex.EncodeToString(hashBytes)
	if dstAddrText == "" {
	fmt.Println(hashHex)
	return
	}

	dstAddr, err := net.ResolveUDPAddr("udp", dstAddrText)
	if err != nil {
	log.Fatalf("[ERROR] %v", err)
	}

	err = sendPacket(srcIP, dstAddr, []byte(hashHex))
	if err != nil {
	log.Fatalf("[ERROR] %v", err)
	}
	}