From e75c713385dccf4e9d89d42351ed5c844fa90117 Mon Sep 17 00:00:00 2001
From: Qian Wang <cbeuw.andy@gmail.com>
Date: Fri, 2 Aug 2019 16:37:48 +0100
Subject: [PATCH] Refactor session struct's obfs fields

---
 cmd/ck-client/ck-client.go        |  4 +--
 cmd/ck-server/ck-server.go        |  6 ++--
 internal/client/state.go          |  2 +-
 internal/multiplex/session.go     | 26 +++++++++--------
 internal/multiplex/stream.go      |  4 +--
 internal/multiplex/stream_test.go | 47 +++----------------------------
 internal/multiplex/switchboard.go |  6 ++--
 internal/server/activeuser.go     |  4 +--
 internal/util/util.go             | 11 +++++---
 9 files changed, 38 insertions(+), 72 deletions(-)

diff --git a/cmd/ck-client/ck-client.go b/cmd/ck-client/ck-client.go
index 32cec10..e177924 100644
--- a/cmd/ck-client/ck-client.go
+++ b/cmd/ck-client/ck-client.go
@@ -116,11 +116,11 @@ func makeSession(sta *client.State) *mux.Session {
 	wg.Wait()
 
 	sessionKey := _sessionKey.Load().([]byte)
-	obfs, deobfs, err := util.GenerateObfs(sta.EncryptionMethod, sessionKey)
+	obfuscator, err := util.GenerateObfs(sta.EncryptionMethod, sessionKey)
 	if err != nil {
 		log.Fatal(err)
 	}
-	sesh := mux.MakeSession(sta.SessionID, mux.UNLIMITED_VALVE, obfs, deobfs, sessionKey, util.ReadTLS)
+	sesh := mux.MakeSession(sta.SessionID, mux.UNLIMITED_VALVE, obfuscator, util.ReadTLS)
 
 	for i := 0; i < sta.NumConn; i++ {
 		conn := <-connsCh
diff --git a/cmd/ck-server/ck-server.go b/cmd/ck-server/ck-server.go
index 437bd5e..4dfdd3a 100644
--- a/cmd/ck-server/ck-server.go
+++ b/cmd/ck-server/ck-server.go
@@ -119,13 +119,13 @@ func dispatchConnection(conn net.Conn, sta *server.State) {
 
 	sessionKey := make([]byte, 32)
 	rand.Read(sessionKey)
-	obfs, deobfs, err := util.GenerateObfs(encryptionMethod, sessionKey)
+	obfuscator, err := util.GenerateObfs(encryptionMethod, sessionKey)
 	if err != nil {
 		log.Error(err)
 		goWeb()
 	}
 
-	sesh, existing, err := user.GetSession(sessionID, obfs, deobfs, sessionKey, util.ReadTLS)
+	sesh, existing, err := user.GetSession(sessionID, obfuscator, util.ReadTLS)
 	if err != nil {
 		user.DelSession(sessionID)
 		log.Error(err)
@@ -151,7 +151,7 @@ func dispatchConnection(conn net.Conn, sta *server.State) {
 			log.Error(err)
 			return
 		}
-		sesh := mux.MakeSession(0, mux.UNLIMITED_VALVE, obfs, deobfs, sessionKey, util.ReadTLS)
+		sesh := mux.MakeSession(0, mux.UNLIMITED_VALVE, obfuscator, util.ReadTLS)
 		sesh.AddConnection(conn)
 		//TODO: Router could be nil in cnc mode
 		err = http.Serve(sesh, sta.LocalAPIRouter)
diff --git a/internal/client/state.go b/internal/client/state.go
index d20f44a..56418c3 100644
--- a/internal/client/state.go
+++ b/internal/client/state.go
@@ -73,7 +73,7 @@ func ssvToJson(ssv string) (ret []byte) {
 		value := sp[1]
 		// JSON doesn't like quotation marks around int
 		// Yes this is extremely ugly but it's still better than writing a tokeniser
-		if key == "TicketTimeHint" || key == "NumConn" {
+		if key == "NumConn" {
 			ret = append(ret, []byte(`"`+key+`":`+value+`,`)...)
 		} else {
 			ret = append(ret, []byte(`"`+key+`":"`+value+`",`)...)
diff --git a/internal/multiplex/session.go b/internal/multiplex/session.go
index 7bd2df9..c146b26 100644
--- a/internal/multiplex/session.go
+++ b/internal/multiplex/session.go
@@ -15,17 +15,21 @@ const (
 var ErrBrokenSession = errors.New("broken session")
 var errRepeatSessionClosing = errors.New("trying to close a closed session")
 
+type Obfuscator struct {
+	// Used in Stream.Write. Add multiplexing headers, encrypt and add TLS header
+	Obfs Obfser
+	// Remove TLS header, decrypt and unmarshall frames
+	Deobfs     Deobfser
+	SessionKey []byte
+}
+
 type Session struct {
 	id uint32
 
-	// Used in Stream.Write. Add multiplexing headers, encrypt and add TLS header
-	obfs Obfser
-	// Remove TLS header, decrypt and unmarshall multiplexing headers
-	deobfs Deobfser
-	// This is supposed to read one TLS message, the same as GoQuiet's ReadTillDrain
-	obfsedRead func(net.Conn, []byte) (int, error)
+	*Obfuscator
 
-	SessionKey []byte
+	// This is supposed to read one TLS message, the same as GoQuiet's ReadTillDrain
+	unitRead func(net.Conn, []byte) (int, error)
 
 	// atomic
 	nextStreamID uint32
@@ -46,14 +50,12 @@ type Session struct {
 	terminalMsg atomic.Value
 }
 
-func MakeSession(id uint32, valve *Valve, obfs Obfser, deobfs Deobfser, sessionKey []byte, obfsedRead func(net.Conn, []byte) (int, error)) *Session {
+func MakeSession(id uint32, valve *Valve, obfuscator *Obfuscator, unitReader func(net.Conn, []byte) (int, error)) *Session {
 	sesh := &Session{
 		id:           id,
-		obfsedRead:   obfsedRead,
+		unitRead:     unitReader,
 		nextStreamID: 1,
-		obfs:         obfs,
-		deobfs:       deobfs,
-		SessionKey:   sessionKey,
+		Obfuscator:   obfuscator,
 		streams:      make(map[uint32]*Stream),
 		acceptCh:     make(chan *Stream, acceptBacklog),
 	}
diff --git a/internal/multiplex/stream.go b/internal/multiplex/stream.go
index c9f9009..02c8d73 100644
--- a/internal/multiplex/stream.go
+++ b/internal/multiplex/stream.go
@@ -93,7 +93,7 @@ func (s *Stream) Write(in []byte) (n int, err error) {
 		Payload:  in,
 	}
 
-	tlsRecord, err := s.session.obfs(f)
+	tlsRecord, err := s.session.Obfs(f)
 	if err != nil {
 		return 0, err
 	}
@@ -136,7 +136,7 @@ func (s *Stream) Close() error {
 		Closing:  1,
 		Payload:  pad,
 	}
-	tlsRecord, _ := s.session.obfs(f)
+	tlsRecord, _ := s.session.Obfs(f)
 	s.session.sb.send(tlsRecord)
 
 	s._close()
diff --git a/internal/multiplex/stream_test.go b/internal/multiplex/stream_test.go
index dd2e0f2..66ecdf8 100644
--- a/internal/multiplex/stream_test.go
+++ b/internal/multiplex/stream_test.go
@@ -11,14 +11,10 @@ import (
 )
 
 func setupSesh() *Session {
-	UID := make([]byte, 16)
-	rand.Read(UID)
-	tthKey := make([]byte, 32)
-	rand.Read(tthKey)
-	crypto := &Plain{}
-	obfs := MakeObfs(tthKey, crypto)
-	deobfs := MakeDeobfs(tthKey, crypto)
-	return MakeSession(0, UNLIMITED_VALVE, obfs, deobfs, util.ReadTLS)
+	sessionKey := make([]byte, 32)
+	rand.Read(sessionKey)
+	obfuscator, _ := util.GenerateObfs(0x00, sessionKey)
+	return MakeSession(0, UNLIMITED_VALVE, obfuscator, util.ReadTLS)
 }
 
 type blackhole struct {
@@ -66,38 +62,3 @@ func BenchmarkStream_Write(b *testing.B) {
 		b.SetBytes(PAYLOAD_LEN)
 	}
 }
-
-/*
-func BenchmarkStream_Write(b *testing.B) {
-	mc := mock_conn.NewConn()
-	go func(){
-		w := bufio.NewWriter(ioutil.Discard)
-		for {
-			_, err := w.ReadFrom(mc.Server)
-			if err != nil {
-				log.Println(err)
-				return
-			}
-		}
-	}()
-
-	sesh := setupSesh()
-	sesh.AddConnection(mc.Client)
-	testData := make([]byte,PAYLOAD_LEN)
-	rand.Read(testData)
-
-	stream,_ := sesh.OpenStream()
-	b.ResetTimer()
-	for i:=0;i<b.N;i++{
-		_,err := stream.Write(testData)
-		if err != nil {
-			b.Error(
-				"For","stream write",
-				"got",err,
-				)
-		}
-		b.SetBytes(PAYLOAD_LEN)
-	}
-}
-
-*/
diff --git a/internal/multiplex/switchboard.go b/internal/multiplex/switchboard.go
index e3bc171..dbf5f2c 100644
--- a/internal/multiplex/switchboard.go
+++ b/internal/multiplex/switchboard.go
@@ -120,12 +120,12 @@ func (sb *switchboard) closeAll() {
 	sb.cesM.RUnlock()
 }
 
-// deplex function costantly reads from a TCP connection, call deobfs and distribute it
+// deplex function costantly reads from a TCP connection, call Deobfs and distribute it
 // to the corresponding stream
 func (sb *switchboard) deplex(ce *connEnclave) {
 	buf := make([]byte, 20480)
 	for {
-		n, err := sb.session.obfsedRead(ce.remoteConn, buf)
+		n, err := sb.session.unitRead(ce.remoteConn, buf)
 		sb.rxWait(n)
 		sb.Valve.AddRx(int64(n))
 		if err != nil {
@@ -135,7 +135,7 @@ func (sb *switchboard) deplex(ce *connEnclave) {
 			return
 		}
 
-		frame, err := sb.session.deobfs(buf[:n])
+		frame, err := sb.session.Deobfs(buf[:n])
 		if err != nil {
 			log.Debugf("Failed to decrypt a frame for session %v: %v", sb.session.id, err)
 			continue
diff --git a/internal/server/activeuser.go b/internal/server/activeuser.go
index d01f781..3b1806b 100644
--- a/internal/server/activeuser.go
+++ b/internal/server/activeuser.go
@@ -30,7 +30,7 @@ func (u *ActiveUser) DelSession(sessionID uint32) {
 	u.sessionsM.Unlock()
 }
 
-func (u *ActiveUser) GetSession(sessionID uint32, obfs mux.Obfser, deobfs mux.Deobfser, sessionKey []byte, obfsedRead func(net.Conn, []byte) (int, error)) (sesh *mux.Session, existing bool, err error) {
+func (u *ActiveUser) GetSession(sessionID uint32, obfuscator *mux.Obfuscator, unitReader func(net.Conn, []byte) (int, error)) (sesh *mux.Session, existing bool, err error) {
 	u.sessionsM.Lock()
 	defer u.sessionsM.Unlock()
 	if sesh = u.sessions[sessionID]; sesh != nil {
@@ -40,7 +40,7 @@ func (u *ActiveUser) GetSession(sessionID uint32, obfs mux.Obfser, deobfs mux.De
 		if err != nil {
 			return nil, false, err
 		}
-		sesh = mux.MakeSession(sessionID, u.valve, obfs, deobfs, sessionKey, obfsedRead)
+		sesh = mux.MakeSession(sessionID, u.valve, obfuscator, unitReader)
 		u.sessions[sessionID] = sesh
 		return sesh, false, nil
 	}
diff --git a/internal/util/util.go b/internal/util/util.go
index ff26202..ad6a1c1 100644
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -76,7 +76,7 @@ func ReadTLS(conn net.Conn, buffer []byte) (n int, err error) {
 	return
 }
 
-func GenerateObfs(encryptionMethod byte, sessionKey []byte) (obfs mux.Obfser, deobfs mux.Deobfser, err error) {
+func GenerateObfs(encryptionMethod byte, sessionKey []byte) (obfuscator *mux.Obfuscator, err error) {
 	var payloadCipher cipher.AEAD
 	switch encryptionMethod {
 	case 0x00:
@@ -97,7 +97,7 @@ func GenerateObfs(encryptionMethod byte, sessionKey []byte) (obfs mux.Obfser, de
 			return
 		}
 	default:
-		return nil, nil, errors.New("Unknown encryption method")
+		return nil, errors.New("Unknown encryption method")
 	}
 
 	headerCipher, err := aes.NewCipher(sessionKey)
@@ -105,8 +105,11 @@ func GenerateObfs(encryptionMethod byte, sessionKey []byte) (obfs mux.Obfser, de
 		return
 	}
 
-	obfs = mux.MakeObfs(headerCipher, payloadCipher)
-	deobfs = mux.MakeDeobfs(headerCipher, payloadCipher)
+	obfuscator = &mux.Obfuscator{
+		mux.MakeObfs(headerCipher, payloadCipher),
+		mux.MakeDeobfs(headerCipher, payloadCipher),
+		sessionKey,
+	}
 	return
 }