mirror of https://github.com/cbeuw/Cloak
Change touchUp function signature
This commit is contained in:
Andy Wang
parent
52796ad0b1
commit
b5c6d7fedc
|
|
@ -216,6 +216,7 @@ func composeReply(ch *ClientHello, sharedSecret []byte, sessionKey []byte) ([]by
|
|||
|
||||
var ErrBadClientHello = errors.New("non (or malformed) ClientHello")
|
||||
var ErrNotCloak = errors.New("TLS but non-Cloak ClientHello")
|
||||
var ErrReplay = errors.New("duplicate random")
|
||||
var ErrBadProxyMethod = errors.New("invalid proxy method")
|
||||
|
||||
func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info ClientInfo, finisher func([]byte) error, err error) {
|
||||
|
|
@ -226,8 +227,13 @@ func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info Clie
|
|||
return
|
||||
}
|
||||
|
||||
if sta.registerRandom(ch.random) {
|
||||
err = ErrReplay
|
||||
return
|
||||
}
|
||||
|
||||
var sharedSecret []byte
|
||||
info, sharedSecret, err = TouchStone(ch, sta)
|
||||
info, sharedSecret, err = touchStone(ch, sta.staticPv, sta.Now)
|
||||
if err != nil {
|
||||
log.Debug(err)
|
||||
err = ErrNotCloak
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package server
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
|
@ -22,25 +23,18 @@ const (
|
|||
UNORDERED_FLAG = 0x01 // 0000 0001
|
||||
)
|
||||
|
||||
var ErrReplay = errors.New("duplicate random")
|
||||
var ErrInvalidPubKey = errors.New("public key has invalid format")
|
||||
var ErrCiphertextLength = errors.New("ciphertext has the wrong length")
|
||||
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
|
||||
|
||||
func TouchStone(ch *ClientHello, sta *State) (info ClientInfo, sharedSecret []byte, err error) {
|
||||
|
||||
if sta.registerRandom(ch.random) {
|
||||
err = ErrReplay
|
||||
return
|
||||
}
|
||||
|
||||
func touchStone(ch *ClientHello, staticPv crypto.PrivateKey, now func() time.Time) (info ClientInfo, sharedSecret []byte, err error) {
|
||||
ephPub, ok := ecdh.Unmarshal(ch.random)
|
||||
if !ok {
|
||||
err = ErrInvalidPubKey
|
||||
return
|
||||
}
|
||||
|
||||
sharedSecret = ecdh.GenerateSharedSecret(sta.staticPv, ephPub)
|
||||
sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub)
|
||||
var keyShare []byte
|
||||
keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])
|
||||
if err != nil {
|
||||
|
|
@ -69,7 +63,7 @@ func TouchStone(ch *ClientHello, sta *State) (info ClientInfo, sharedSecret []by
|
|||
|
||||
timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
|
||||
clientTime := time.Unix(timestamp, 0)
|
||||
serverTime := sta.Now()
|
||||
serverTime := now()
|
||||
if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) {
|
||||
err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in New Issue