kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update some comments

This commit is contained in:
Andy Wang 2019-09-01 23:14:28 +01:00
parent 339b324946
commit 854dc422a2
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/multiplex/switchboard.go
View File

@ -19,7 +19,7 @@ type switchboardConfig struct {
strategy switchboardStrategy strategy switchboardStrategy
} }
// switchboard is responsible for keeping the reference of TLS connections between client and server // switchboard is responsible for keeping the reference of TCP connections between client and server
type switchboard struct { type switchboard struct {
session *Session session *Session

3
internal/server/auth.go
View File

@ -40,8 +40,7 @@ var ErrCiphertextLength = errors.New("ciphertext has the wrong length")
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window") var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
var ErrUnreconisedProtocol = errors.New("unreconised protocol") var ErrUnreconisedProtocol = errors.New("unreconised protocol")
// touchStone checks if a ClientHello came from a Cloak client by checking and decrypting the fields Cloak hides data in // touchStone checks if a the authenticationInfo are valid. It doesn't check if the UID is authorised
// It returns the ClientInfo, but it doesn't check if the UID is authorised
func touchStone(ai authenticationInfo, now func() time.Time) (info ClientInfo, err error) { func touchStone(ai authenticationInfo, now func() time.Time) (info ClientInfo, err error) {
var plaintext []byte var plaintext []byte
plaintext, err = util.AESGCMDecrypt(ai.nonce, ai.sharedSecret, ai.ciphertextWithTag) plaintext, err = util.AESGCMDecrypt(ai.nonce, ai.sharedSecret, ai.ciphertextWithTag)

6
internal/server/websocket.go
View File

@ -13,6 +13,9 @@ import (
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
// since we need to read the first packet from the client to identify its protocol, the first packet will no longer
// be in Conn's buffer. However, websocket.Upgrade relies on reading the first packet for handshake, so we must
// fake a conn that returns the first packet on first read
type firstBuffedConn struct { type firstBuffedConn struct {
net.Conn net.Conn
firstRead bool firstRead bool
@ -35,6 +38,8 @@ type wsAcceptor struct {
c *firstBuffedConn c *firstBuffedConn
} }
// net/http provides no method to serve an existing connection, we must feed in a net.Accept interface to get an
// http.Server. This is an acceptor that accepts only one Conn
func newWsAcceptor(conn net.Conn, first []byte) *wsAcceptor { func newWsAcceptor(conn net.Conn, first []byte) *wsAcceptor {
f := make([]byte, len(first)) f := make([]byte, len(first))
copy(f, first) copy(f, first)
@ -65,6 +70,7 @@ type wsHandshakeHandler struct {
finished chan struct{} finished chan struct{}
} }
// the handler to turn a net.Conn into a websocket.Conn
func newWsHandshakeHandler() *wsHandshakeHandler { func newWsHandshakeHandler() *wsHandshakeHandler {
return &wsHandshakeHandler{finished: make(chan struct{})} return &wsHandshakeHandler{finished: make(chan struct{})}
} }