Archives
/
Cloak
mirror of https://github.com/cbeuw/Cloak
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
renovate/github.com-refraction-networking-utls-1.x
master
dependabot/go_modules/golang.org/x/net-0.23.0
ptspec
legacy-v1
v0.1.0
v0.2.0
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.6.0
v2.6.1
v2.7.0
v2.7.1-pre
v2.8.0
v2.9.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0dd52d8570'
${ noResults }
Cloak/internal/server/auth.go

61 lines
1.6 KiB
Go
Raw Normal View History Unescape Escape

Untested server
6 years ago
package server
import (
"bytes"
Use ECDH instead of ECIES
6 years ago
"crypto"
Untested server
6 years ago
"crypto/sha256"
"encoding/binary"
"log"
Use ECDH instead of ECIES
6 years ago
Remove ECDH as an external dependancy and include it as a internal package
6 years ago
"github.com/cbeuw/Cloak/internal/ecdh"
Use ECDH instead of ECIES
6 years ago
"github.com/cbeuw/Cloak/internal/util"
Untested server
6 years ago
)
QOS and user managing, bug fixes
6 years ago
// input ticket, return UID
Add optional encryption
5 years ago
func decryptSessionTicket(staticPv crypto.PrivateKey, ticket []byte) ([]byte, uint32, string, byte) {
Remove ECDH as an external dependancy and include it as a internal package
6 years ago
ephPub, _ := ecdh.Unmarshal(ticket[0:32])
key := ecdh.GenerateSharedSecret(staticPv, ephPub)
Add optional encryption
5 years ago
plain := util.AESDecrypt(ticket[0:16], key, ticket[32:85])
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies
5 years ago
sessionID := binary.BigEndian.Uint32(plain[32:36])
Add optional encryption
5 years ago
return plain[0:32], sessionID, string(bytes.Trim(plain[36:52], "\x00")), plain[52]
Untested server
6 years ago
}
QOS and user managing, bug fixes
6 years ago
func validateRandom(random []byte, UID []byte, time int64) bool {
Untested server
6 years ago
t := make([]byte, 8)
Use ECDH instead of ECIES
6 years ago
binary.BigEndian.PutUint64(t, uint64(time/(12*60*60)))
rdm := random[0:16]
Untested server
6 years ago
preHash := make([]byte, 56)
QOS and user managing, bug fixes
6 years ago
copy(preHash[0:32], UID)
Untested server
6 years ago
copy(preHash[32:40], t)
Use ECDH instead of ECIES
6 years ago
copy(preHash[40:56], rdm)
Untested server
6 years ago
h := sha256.New()
h.Write(preHash)
return bytes.Equal(h.Sum(nil)[0:16], random[16:32])
}
Add optional encryption
5 years ago
func TouchStone(ch *ClientHello, sta *State) (isCK bool, UID []byte, sessionID uint32, proxyMethod string, encryptionMethod byte) {
Untested server
6 years ago
var random [32]byte
copy(random[:], ch.random)
Remove reundancy and fix a race
6 years ago
sta.usedRandomM.Lock()
used := sta.usedRandom[random]
sta.usedRandom[random] = int(sta.Now().Unix())
sta.usedRandomM.Unlock()
Untested server
6 years ago
if used != 0 {
log.Println("Replay! Duplicate random")
Add optional encryption
5 years ago
return
Untested server
6 years ago
}
drop aes encryption of headers
6 years ago
ticket := ch.extensions[[2]byte{0x00, 0x23}]
Fix a user input validation
6 years ago
if len(ticket) < 68 {
Add optional encryption
5 years ago
return
drop aes encryption of headers
6 years ago
}
Add optional encryption
5 years ago
UID, sessionID, proxyMethod, encryptionMethod = decryptSessionTicket(sta.staticPv, ticket)
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies
5 years ago
isCK = validateRandom(ch.random, UID, sta.Now().Unix())
if !isCK {
Add optional encryption
5 years ago
return
Untested server
6 years ago
}
QOS and user managing, bug fixes
6 years ago
return
Untested server
6 years ago
}