kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change touchUp function signature

This commit is contained in:
Andy Wang 2019-08-16 23:56:46 +01:00
parent 52796ad0b1
commit b5c6d7fedc
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/server/TLS.go
View File

@ -216,6 +216,7 @@ func composeReply(ch *ClientHello, sharedSecret []byte, sessionKey []byte) ([]by
var ErrBadClientHello = errors.New("non (or malformed) ClientHello") var ErrBadClientHello = errors.New("non (or malformed) ClientHello")
var ErrNotCloak = errors.New("TLS but non-Cloak ClientHello") var ErrNotCloak = errors.New("TLS but non-Cloak ClientHello")
var ErrReplay = errors.New("duplicate random")
var ErrBadProxyMethod = errors.New("invalid proxy method") var ErrBadProxyMethod = errors.New("invalid proxy method")
func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info ClientInfo, finisher func([]byte) error, err error) { func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info ClientInfo, finisher func([]byte) error, err error) {
@ -226,8 +227,13 @@ func PrepareConnection(firstPacket []byte, sta *State, conn net.Conn) (info Clie
return return
} }
if sta.registerRandom(ch.random) {
err = ErrReplay
return
}
var sharedSecret []byte var sharedSecret []byte
info, sharedSecret, err = TouchStone(ch, sta) info, sharedSecret, err = touchStone(ch, sta.staticPv, sta.Now)
if err != nil { if err != nil {
log.Debug(err) log.Debug(err)
err = ErrNotCloak err = ErrNotCloak

14
internal/server/auth.go
View File

@ -2,6 +2,7 @@ package server
import ( import (
"bytes" "bytes"
"crypto"
"encoding/binary" "encoding/binary"
"errors" "errors"
"fmt" "fmt"
@ -22,25 +23,18 @@ const (
UNORDERED_FLAG = 0x01 // 0000 0001 UNORDERED_FLAG = 0x01 // 0000 0001
) )
var ErrReplay = errors.New("duplicate random")
var ErrInvalidPubKey = errors.New("public key has invalid format") var ErrInvalidPubKey = errors.New("public key has invalid format")
var ErrCiphertextLength = errors.New("ciphertext has the wrong length") var ErrCiphertextLength = errors.New("ciphertext has the wrong length")
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window") var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
func TouchStone(ch *ClientHello, sta *State) (info ClientInfo, sharedSecret []byte, err error) { func touchStone(ch *ClientHello, staticPv crypto.PrivateKey, now func() time.Time) (info ClientInfo, sharedSecret []byte, err error) {
if sta.registerRandom(ch.random) {
err = ErrReplay
return
}
ephPub, ok := ecdh.Unmarshal(ch.random) ephPub, ok := ecdh.Unmarshal(ch.random)
if !ok { if !ok {
err = ErrInvalidPubKey err = ErrInvalidPubKey
return return
} }
sharedSecret = ecdh.GenerateSharedSecret(sta.staticPv, ephPub) sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub)
var keyShare []byte var keyShare []byte
keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}]) keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])
if err != nil { if err != nil {
@ -69,7 +63,7 @@ func TouchStone(ch *ClientHello, sta *State) (info ClientInfo, sharedSecret []by
timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37])) timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
clientTime := time.Unix(timestamp, 0) clientTime := time.Unix(timestamp, 0)
serverTime := sta.Now() serverTime := now()
if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) { if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) {
err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp) err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
return return