kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename a struct

This commit is contained in:
Andy Wang 2020-04-06 14:29:38 +01:00
parent 903a413afc
commit a161409577
4 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/server/TLS.go
View File

@ -19,7 +19,7 @@ func (TLS) String() string { return "TLS" }
func (TLS) HasRecordLayer() bool { return true } func (TLS) HasRecordLayer() bool { return true }
func (TLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadTLS } func (TLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadTLS }
func (TLS) handshake(clientHello []byte, privateKey crypto.PrivateKey, originalConn net.Conn) (ai authenticationInfo, finisher func([]byte) (net.Conn, error), err error) { func (TLS) handshake(clientHello []byte, privateKey crypto.PrivateKey, originalConn net.Conn) (fragments authFragments, finisher func([]byte) (net.Conn, error), err error) {
var ch *ClientHello var ch *ClientHello
ch, err = parseClientHello(clientHello) ch, err = parseClientHello(clientHello)
if err != nil { if err != nil {
@ -28,15 +28,15 @@ func (TLS) handshake(clientHello []byte, privateKey crypto.PrivateKey, originalC
return return
} }
ai, err = unmarshalClientHello(ch, privateKey) fragments, err = unmarshalClientHello(ch, privateKey)
if err != nil { if err != nil {
err = fmt.Errorf("failed to unmarshal ClientHello into authenticationInfo: %v", err) err = fmt.Errorf("failed to unmarshal ClientHello into authFragments: %v", err)
return return
} }
finisher = func(sessionKey []byte) (preparedConn net.Conn, err error) { finisher = func(sessionKey []byte) (preparedConn net.Conn, err error) {
preparedConn = originalConn preparedConn = originalConn
reply, err := composeReply(ch, ai.sharedSecret[:], sessionKey) reply, err := composeReply(ch, fragments.sharedSecret[:], sessionKey)
if err != nil { if err != nil {
err = fmt.Errorf("failed to compose TLS reply: %v", err) err = fmt.Errorf("failed to compose TLS reply: %v", err)
return return
@ -53,15 +53,15 @@ func (TLS) handshake(clientHello []byte, privateKey crypto.PrivateKey, originalC
return return
} }
func unmarshalClientHello(ch *ClientHello, staticPv crypto.PrivateKey) (ai authenticationInfo, err error) { func unmarshalClientHello(ch *ClientHello, staticPv crypto.PrivateKey) (fragments authFragments, err error) {
copy(ai.randPubKey[:], ch.random) copy(fragments.randPubKey[:], ch.random)
ephPub, ok := ecdh.Unmarshal(ai.randPubKey[:]) ephPub, ok := ecdh.Unmarshal(fragments.randPubKey[:])
if !ok { if !ok {
err = ErrInvalidPubKey err = ErrInvalidPubKey
return return
} }
copy(ai.sharedSecret[:], ecdh.GenerateSharedSecret(staticPv, ephPub)) copy(fragments.sharedSecret[:], ecdh.GenerateSharedSecret(staticPv, ephPub))
var keyShare []byte var keyShare []byte
keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}]) keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])
if err != nil { if err != nil {
@ -73,6 +73,6 @@ func unmarshalClientHello(ch *ClientHello, staticPv crypto.PrivateKey) (ai authe
err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(ctxTag)) err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(ctxTag))
return return
} }
copy(ai.ciphertextWithTag[:], ctxTag) copy(fragments.ciphertextWithTag[:], ctxTag)
return return
} }

16
internal/server/auth.go
View File

@ -21,7 +21,7 @@ type ClientInfo struct {
Transport Transport Transport Transport
} }
type authenticationInfo struct { type authFragments struct {
sharedSecret [32]byte sharedSecret [32]byte
randPubKey [32]byte randPubKey [32]byte
ciphertextWithTag [64]byte ciphertextWithTag [64]byte
@ -34,10 +34,10 @@ const (
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window") var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
var ErrUnreconisedProtocol = errors.New("unreconised protocol") var ErrUnreconisedProtocol = errors.New("unreconised protocol")
// touchStone checks if a the authenticationInfo are valid. It doesn't check if the UID is authorised // touchStone checks if a the authFragments are valid. It doesn't check if the UID is authorised
func touchStone(ai authenticationInfo, now func() time.Time) (info ClientInfo, err error) { func touchStone(fragments authFragments, now func() time.Time) (info ClientInfo, err error) {
var plaintext []byte var plaintext []byte
plaintext, err = util.AESGCMDecrypt(ai.randPubKey[0:12], ai.sharedSecret[:], ai.ciphertextWithTag[:]) plaintext, err = util.AESGCMDecrypt(fragments.randPubKey[0:12], fragments.sharedSecret[:], fragments.ciphertextWithTag[:])
if err != nil { if err != nil {
return return
} }
@ -80,19 +80,19 @@ func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info Clie
return return
} }
var ai authenticationInfo var fragments authFragments
ai, finisher, err = transport.handshake(firstPacket, sta.staticPv, conn) fragments, finisher, err = transport.handshake(firstPacket, sta.staticPv, conn)
if err != nil { if err != nil {
return return
} }
if sta.registerRandom(ai.randPubKey) { if sta.registerRandom(fragments.randPubKey) {
err = ErrReplay err = ErrReplay
return return
} }
info, err = touchStone(ai, sta.Now) info, err = touchStone(fragments, sta.Now)
if err != nil { if err != nil {
log.Debug(err) log.Debug(err)
err = fmt.Errorf("transport %v in correct format but not Cloak: %v", transport, err) err = fmt.Errorf("transport %v in correct format but not Cloak: %v", transport, err)

2
internal/server/transport.go
View File

@ -9,7 +9,7 @@ import (
type Transport interface { type Transport interface {
HasRecordLayer() bool HasRecordLayer() bool
UnitReadFunc() func(net.Conn, []byte) (int, error) UnitReadFunc() func(net.Conn, []byte) (int, error)
handshake(reqPacket []byte, privateKey crypto.PrivateKey, originalConn net.Conn) (authenticationInfo, func([]byte) (net.Conn, error), error) handshake(reqPacket []byte, privateKey crypto.PrivateKey, originalConn net.Conn) (authFragments, func([]byte) (net.Conn, error), error)
} }
var ErrInvalidPubKey = errors.New("public key has invalid format") var ErrInvalidPubKey = errors.New("public key has invalid format")

18
internal/server/websocket.go
View File

@ -19,7 +19,7 @@ func (WebSocket) String() string { return "We
func (WebSocket) HasRecordLayer() bool { return false } func (WebSocket) HasRecordLayer() bool { return false }
func (WebSocket) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadWebSocket } func (WebSocket) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadWebSocket }
func (WebSocket) handshake(reqPacket []byte, privateKey crypto.PrivateKey, originalConn net.Conn) (ai authenticationInfo, finisher func([]byte) (net.Conn, error), err error) { func (WebSocket) handshake(reqPacket []byte, privateKey crypto.PrivateKey, originalConn net.Conn) (fragments authFragments, finisher func([]byte) (net.Conn, error), err error) {
var req *http.Request var req *http.Request
req, err = http.ReadRequest(bufio.NewReader(bytes.NewBuffer(reqPacket))) req, err = http.ReadRequest(bufio.NewReader(bytes.NewBuffer(reqPacket)))
if err != nil { if err != nil {
@ -29,9 +29,9 @@ func (WebSocket) handshake(reqPacket []byte, privateKey crypto.PrivateKey, origi
var hiddenData []byte var hiddenData []byte
hiddenData, err = base64.StdEncoding.DecodeString(req.Header.Get("hidden")) hiddenData, err = base64.StdEncoding.DecodeString(req.Header.Get("hidden"))
ai, err = unmarshalHidden(hiddenData, privateKey) fragments, err = unmarshalHidden(hiddenData, privateKey)
if err != nil { if err != nil {
err = fmt.Errorf("failed to unmarshal hidden data from WS into authenticationInfo: %v", err) err = fmt.Errorf("failed to unmarshal hidden data from WS into authFragments: %v", err)
return return
} }
@ -47,7 +47,7 @@ func (WebSocket) handshake(reqPacket []byte, privateKey crypto.PrivateKey, origi
util.CryptoRandRead(nonce) util.CryptoRandRead(nonce)
// reply: [12 bytes nonce][32 bytes encrypted session key][16 bytes authentication tag] // reply: [12 bytes nonce][32 bytes encrypted session key][16 bytes authentication tag]
encryptedKey, err := util.AESGCMEncrypt(nonce, ai.sharedSecret[:], sessionKey) // 32 + 16 = 48 bytes encryptedKey, err := util.AESGCMEncrypt(nonce, fragments.sharedSecret[:], sessionKey) // 32 + 16 = 48 bytes
if err != nil { if err != nil {
err = fmt.Errorf("failed to encrypt reply: %v", err) err = fmt.Errorf("failed to encrypt reply: %v", err)
return return
@ -67,26 +67,26 @@ func (WebSocket) handshake(reqPacket []byte, privateKey crypto.PrivateKey, origi
var ErrBadGET = errors.New("non (or malformed) HTTP GET") var ErrBadGET = errors.New("non (or malformed) HTTP GET")
func unmarshalHidden(hidden []byte, staticPv crypto.PrivateKey) (ai authenticationInfo, err error) { func unmarshalHidden(hidden []byte, staticPv crypto.PrivateKey) (fragments authFragments, err error) {
if len(hidden) < 96 { if len(hidden) < 96 {
err = ErrBadGET err = ErrBadGET
return return
} }
copy(ai.randPubKey[:], hidden[0:32]) copy(fragments.randPubKey[:], hidden[0:32])
ephPub, ok := ecdh.Unmarshal(ai.randPubKey[:]) ephPub, ok := ecdh.Unmarshal(fragments.randPubKey[:])
if !ok { if !ok {
err = ErrInvalidPubKey err = ErrInvalidPubKey
return return
} }
copy(ai.sharedSecret[:], ecdh.GenerateSharedSecret(staticPv, ephPub)) copy(fragments.sharedSecret[:], ecdh.GenerateSharedSecret(staticPv, ephPub))
if len(hidden[32:]) != 64 { if len(hidden[32:]) != 64 {
err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(hidden[32:])) err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(hidden[32:]))
return return
} }
copy(ai.ciphertextWithTag[:], hidden[32:]) copy(fragments.ciphertextWithTag[:], hidden[32:])
return return
} }