diff --git a/cmd/ck-server/ck-server.go b/cmd/ck-server/ck-server.go index f000732..b607eb7 100644 --- a/cmd/ck-server/ck-server.go +++ b/cmd/ck-server/ck-server.go @@ -73,7 +73,7 @@ func dispatchConnection(conn net.Conn, sta *server.State) { var sessionKey [32]byte util.CryptoRandRead(sessionKey[:]) - obfuscator, err := mux.GenerateObfs(ci.EncryptionMethod, sessionKey, ci.Transport.HasRecordLayer()) + obfuscator, err := mux.MakeObfuscator(ci.EncryptionMethod, sessionKey, ci.Transport.HasRecordLayer()) if err != nil { log.Error(err) goWeb() diff --git a/go.mod b/go.mod index 3b9ae58..4da11a6 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.12 require ( github.com/Yawning/chacha20 v0.0.0-20170904085104-e3b1f968fc63 // indirect github.com/boltdb/bolt v1.3.1 - github.com/cbeuw/connutil v0.0.0-20200407140739-52c0cf88d537 + github.com/cbeuw/connutil v0.0.0-20200407195302-dc6b6ca97482 github.com/gorilla/mux v1.7.3 github.com/gorilla/websocket v1.4.1 github.com/juju/ratelimit v1.0.1 diff --git a/go.sum b/go.sum index 761cc10..f65cab0 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ github.com/Yawning/chacha20 v0.0.0-20170904085104-e3b1f968fc63 h1:I6/SJSN9wJMJ+Z github.com/Yawning/chacha20 v0.0.0-20170904085104-e3b1f968fc63/go.mod h1:nf+Komq6fVP4SwmKEaVGxHTyQGKREVlwjQKpvOV39yE= github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/cbeuw/connutil v0.0.0-20200407140739-52c0cf88d537 h1:7SLpz2OuAX3cQQKzxnHQ5+sYy5roT9etJTa7EHxYraQ= -github.com/cbeuw/connutil v0.0.0-20200407140739-52c0cf88d537/go.mod h1:6jR2SzckGv8hIIS9zWJ160mzGVVOYp4AXZMDtacL6LE= +github.com/cbeuw/connutil v0.0.0-20200407195302-dc6b6ca97482 h1:FHwIeZZdzILmajXl+o1ac3vjoOtaWKLR9wzw2eAELGU= +github.com/cbeuw/connutil v0.0.0-20200407195302-dc6b6ca97482/go.mod h1:6jR2SzckGv8hIIS9zWJ160mzGVVOYp4AXZMDtacL6LE= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw= diff --git a/internal/client/connector.go b/internal/client/connector.go index 6ece9a8..492b835 100644 --- a/internal/client/connector.go +++ b/internal/client/connector.go @@ -65,7 +65,7 @@ func MakeSession(connConfig *remoteConnConfig, authInfo *authInfo, isAdmin bool) log.Debug("All underlying connections established") sessionKey := _sessionKey.Load().([32]byte) - obfuscator, err := mux.GenerateObfs(authInfo.EncryptionMethod, sessionKey, connConfig.Transport.HasRecordLayer()) + obfuscator, err := mux.MakeObfuscator(authInfo.EncryptionMethod, sessionKey, connConfig.Transport.HasRecordLayer()) if err != nil { log.Fatal(err) } diff --git a/internal/multiplex/obfs.go b/internal/multiplex/obfs.go index 75667fd..dd60acc 100644 --- a/internal/multiplex/obfs.go +++ b/internal/multiplex/obfs.go @@ -27,6 +27,15 @@ const ( E_METHOD_CHACHA20_POLY1305 ) +// Obfuscator is responsible for the obfuscation and deobfuscation of frames +type Obfuscator struct { + // Used in Stream.Write. Add multiplexing headers, encrypt and add TLS header + Obfs Obfser + // Remove TLS header, decrypt and unmarshall frames + Deobfs Deobfser + SessionKey [32]byte +} + func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD, hasRecordLayer bool) Obfser { var rlLen int if hasRecordLayer { @@ -144,7 +153,7 @@ func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD, hasRecordLayer boo return deobfs } -func GenerateObfs(encryptionMethod byte, sessionKey [32]byte, hasRecordLayer bool) (obfuscator *Obfuscator, err error) { +func MakeObfuscator(encryptionMethod byte, sessionKey [32]byte, hasRecordLayer bool) (obfuscator *Obfuscator, err error) { var payloadCipher cipher.AEAD switch encryptionMethod { case E_METHOD_PLAIN: diff --git a/internal/multiplex/obfs_test.go b/internal/multiplex/obfs_test.go index c7c19b2..097bbf1 100644 --- a/internal/multiplex/obfs_test.go +++ b/internal/multiplex/obfs_test.go @@ -39,7 +39,7 @@ func TestGenerateObfs(t *testing.T) { } t.Run("plain", func(t *testing.T) { - obfuscator, err := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, err := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) if err != nil { t.Errorf("failed to generate obfuscator %v", err) } else { @@ -47,7 +47,7 @@ func TestGenerateObfs(t *testing.T) { } }) t.Run("plain no record layer", func(t *testing.T) { - obfuscator, err := GenerateObfs(E_METHOD_PLAIN, sessionKey, false) + obfuscator, err := MakeObfuscator(E_METHOD_PLAIN, sessionKey, false) if err != nil { t.Errorf("failed to generate obfuscator %v", err) } else { @@ -55,7 +55,7 @@ func TestGenerateObfs(t *testing.T) { } }) t.Run("aes-gcm", func(t *testing.T) { - obfuscator, err := GenerateObfs(E_METHOD_AES_GCM, sessionKey, true) + obfuscator, err := MakeObfuscator(E_METHOD_AES_GCM, sessionKey, true) if err != nil { t.Errorf("failed to generate obfuscator %v", err) } else { @@ -63,7 +63,7 @@ func TestGenerateObfs(t *testing.T) { } }) t.Run("aes-gcm no record layer", func(t *testing.T) { - obfuscator, err := GenerateObfs(E_METHOD_AES_GCM, sessionKey, false) + obfuscator, err := MakeObfuscator(E_METHOD_AES_GCM, sessionKey, false) if err != nil { t.Errorf("failed to generate obfuscator %v", err) } else { @@ -71,7 +71,7 @@ func TestGenerateObfs(t *testing.T) { } }) t.Run("chacha20-poly1305", func(t *testing.T) { - obfuscator, err := GenerateObfs(E_METHOD_CHACHA20_POLY1305, sessionKey, true) + obfuscator, err := MakeObfuscator(E_METHOD_CHACHA20_POLY1305, sessionKey, true) if err != nil { t.Errorf("failed to generate obfuscator %v", err) } else { @@ -79,7 +79,7 @@ func TestGenerateObfs(t *testing.T) { } }) t.Run("unknown encryption method", func(t *testing.T) { - _, err := GenerateObfs(0xff, sessionKey, true) + _, err := MakeObfuscator(0xff, sessionKey, true) if err == nil { t.Errorf("unknown encryption mehtod error expected") } diff --git a/internal/multiplex/session.go b/internal/multiplex/session.go index 64de8d6..7719925 100644 --- a/internal/multiplex/session.go +++ b/internal/multiplex/session.go @@ -19,20 +19,9 @@ const ( var ErrBrokenSession = errors.New("broken session") var errRepeatSessionClosing = errors.New("trying to close a closed session") -// Obfuscator is responsible for the obfuscation and deobfuscation of frames -type Obfuscator struct { - // Used in Stream.Write. Add multiplexing headers, encrypt and add TLS header - Obfs Obfser - // Remove TLS header, decrypt and unmarshall frames - Deobfs Deobfser - SessionKey [32]byte -} - type switchboardStrategy int type SessionConfig struct { - NoRecordLayer bool - *Obfuscator Valve diff --git a/internal/multiplex/session_test.go b/internal/multiplex/session_test.go index b4a0bcc..bd724cd 100644 --- a/internal/multiplex/session_test.go +++ b/internal/multiplex/session_test.go @@ -37,7 +37,7 @@ func TestRecvDataFromRemote(t *testing.T) { var sessionKey [32]byte rand.Read(sessionKey[:]) t.Run("plain ordered", func(t *testing.T) { - obfuscator, _ := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) @@ -64,7 +64,7 @@ func TestRecvDataFromRemote(t *testing.T) { } }) t.Run("aes-gcm ordered", func(t *testing.T) { - obfuscator, _ := GenerateObfs(E_METHOD_AES_GCM, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_AES_GCM, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) @@ -91,7 +91,7 @@ func TestRecvDataFromRemote(t *testing.T) { } }) t.Run("chacha20-poly1305 ordered", func(t *testing.T) { - obfuscator, _ := GenerateObfs(E_METHOD_CHACHA20_POLY1305, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_CHACHA20_POLY1305, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) @@ -119,7 +119,7 @@ func TestRecvDataFromRemote(t *testing.T) { }) t.Run("plain unordered", func(t *testing.T) { - obfuscator, _ := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) seshConfigUnordered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) @@ -156,7 +156,7 @@ func TestRecvDataFromRemote_Closing_InOrder(t *testing.T) { var sessionKey [32]byte rand.Read(sessionKey[:]) - obfuscator, _ := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) @@ -287,7 +287,7 @@ func TestRecvDataFromRemote_Closing_OutOfOrder(t *testing.T) { var sessionKey [32]byte rand.Read(sessionKey[:]) - obfuscator, _ := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) @@ -346,7 +346,7 @@ func TestParallel(t *testing.T) { var sessionKey [32]byte rand.Read(sessionKey[:]) - obfuscator, _ := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) @@ -417,7 +417,7 @@ func BenchmarkRecvDataFromRemote_Ordered(b *testing.B) { rand.Read(sessionKey[:]) b.Run("plain", func(b *testing.B) { - obfuscator, _ := GenerateObfs(E_METHOD_PLAIN, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_PLAIN, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) @@ -430,7 +430,7 @@ func BenchmarkRecvDataFromRemote_Ordered(b *testing.B) { }) b.Run("aes-gcm", func(b *testing.B) { - obfuscator, _ := GenerateObfs(E_METHOD_AES_GCM, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_AES_GCM, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) @@ -443,7 +443,7 @@ func BenchmarkRecvDataFromRemote_Ordered(b *testing.B) { }) b.Run("chacha20-poly1305", func(b *testing.B) { - obfuscator, _ := GenerateObfs(E_METHOD_CHACHA20_POLY1305, sessionKey, true) + obfuscator, _ := MakeObfuscator(E_METHOD_CHACHA20_POLY1305, sessionKey, true) seshConfigOrdered.Obfuscator = obfuscator sesh := MakeSession(0, seshConfigOrdered) n, _ := sesh.Obfs(f, obfsBuf) diff --git a/internal/multiplex/stream_test.go b/internal/multiplex/stream_test.go index b218adb..fc61cc2 100644 --- a/internal/multiplex/stream_test.go +++ b/internal/multiplex/stream_test.go @@ -14,7 +14,7 @@ import ( func setupSesh(unordered bool) *Session { var sessionKey [32]byte rand.Read(sessionKey[:]) - obfuscator, _ := GenerateObfs(0x00, sessionKey, true) + obfuscator, _ := MakeObfuscator(0x00, sessionKey, true) seshConfig := &SessionConfig{ Obfuscator: obfuscator, diff --git a/internal/server/activeuser_test.go b/internal/server/activeuser_test.go index 559bdaf..7968981 100644 --- a/internal/server/activeuser_test.go +++ b/internal/server/activeuser_test.go @@ -13,7 +13,7 @@ import ( func getSeshConfig(unordered bool) *mux.SessionConfig { var sessionKey [32]byte rand.Read(sessionKey[:]) - obfuscator, _ := mux.GenerateObfs(0x00, sessionKey, true) + obfuscator, _ := mux.MakeObfuscator(0x00, sessionKey, true) seshConfig := &mux.SessionConfig{ Obfuscator: obfuscator,