kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove reundancy and fix a race

This commit is contained in:
Qian Wang 2019-01-19 19:30:32 +00:00
parent a6e16b4f74
commit 17d024ac16
2 changed files with 10 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
internal/server/auth.go
View File

@ -12,16 +12,13 @@ import (
) )
// input ticket, return UID // input ticket, return UID
func decryptSessionTicket(staticPv crypto.PrivateKey, ticket []byte) ([]byte, uint32, error) { func decryptSessionTicket(staticPv crypto.PrivateKey, ticket []byte) ([]byte, uint32) {
ec := ecdh.NewCurve25519ECDH() ec := ecdh.NewCurve25519ECDH()
ephPub, _ := ec.Unmarshal(ticket[0:32]) ephPub, _ := ec.Unmarshal(ticket[0:32])
key, err := ec.GenerateSharedSecret(staticPv, ephPub) key, _ := ec.GenerateSharedSecret(staticPv, ephPub)
if err != nil {
return nil, 0, err
}
UIDsID := util.AESDecrypt(ticket[0:16], key, ticket[32:68]) UIDsID := util.AESDecrypt(ticket[0:16], key, ticket[32:68])
sessionID := binary.BigEndian.Uint32(UIDsID[32:36]) sessionID := binary.BigEndian.Uint32(UIDsID[32:36])
return UIDsID[0:32], sessionID, nil return UIDsID[0:32], sessionID
} }
func validateRandom(random []byte, UID []byte, time int64) bool { func validateRandom(random []byte, UID []byte, time int64) bool {
@ -39,22 +36,22 @@ func validateRandom(random []byte, UID []byte, time int64) bool {
func TouchStone(ch *ClientHello, sta *State) (isSS bool, UID []byte, sessionID uint32) { func TouchStone(ch *ClientHello, sta *State) (isSS bool, UID []byte, sessionID uint32) {
var random [32]byte var random [32]byte
copy(random[:], ch.random) copy(random[:], ch.random)
used := sta.getUsedRandom(random)
sta.usedRandomM.Lock()
used := sta.usedRandom[random]
sta.usedRandom[random] = int(sta.Now().Unix())
sta.usedRandomM.Unlock()
if used != 0 { if used != 0 {
log.Println("Replay! Duplicate random") log.Println("Replay! Duplicate random")
return false, nil, 0 return false, nil, 0
} }
sta.putUsedRandom(random)
ticket := ch.extensions[[2]byte{0x00, 0x23}] ticket := ch.extensions[[2]byte{0x00, 0x23}]
if len(ticket) < 68 { if len(ticket) < 68 {
return false, nil, 0 return false, nil, 0
} }
UID, sessionID, err := decryptSessionTicket(sta.staticPv, ticket) UID, sessionID = decryptSessionTicket(sta.staticPv, ticket)
if err != nil {
log.Printf("Decryptin SessionTicket: %v\n", err)
return false, nil, 0
}
isSS = validateRandom(ch.random, UID, sta.Now().Unix()) isSS = validateRandom(ch.random, UID, sta.Now().Unix())
if !isSS { if !isSS {
return false, nil, 0 return false, nil, 0

14
internal/server/state.go
View File

@ -117,20 +117,6 @@ func (sta *State) ParseConfig(conf string) (err error) {
return nil return nil
} }
func (sta *State) getUsedRandom(random [32]byte) int {
sta.usedRandomM.Lock()
defer sta.usedRandomM.Unlock()
return sta.usedRandom[random]
}
// PutUsedRandom adds a random field into map usedRandom
func (sta *State) putUsedRandom(random [32]byte) {
sta.usedRandomM.Lock()
sta.usedRandom[random] = int(sta.Now().Unix())
sta.usedRandomM.Unlock()
}
// UsedRandomCleaner clears the cache of used random fields every 12 hours // UsedRandomCleaner clears the cache of used random fields every 12 hours
func (sta *State) UsedRandomCleaner() { func (sta *State) UsedRandomCleaner() {
for { for {