2018-10-09 15:07:54 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
2019-08-02 14:45:33 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2020-04-14 00:53:28 +00:00
|
|
|
"github.com/cbeuw/Cloak/internal/common"
|
2019-08-08 14:05:36 +00:00
|
|
|
"time"
|
2019-09-01 00:33:34 +00:00
|
|
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
2018-10-09 15:07:54 +00:00
|
|
|
)
|
|
|
|
|
2019-08-12 13:21:42 +00:00
|
|
|
type ClientInfo struct {
|
|
|
|
UID []byte
|
|
|
|
SessionId uint32
|
|
|
|
ProxyMethod string
|
|
|
|
EncryptionMethod byte
|
2019-08-12 21:43:16 +00:00
|
|
|
Unordered bool
|
2019-09-01 19:23:45 +00:00
|
|
|
Transport Transport
|
2019-08-12 13:21:42 +00:00
|
|
|
}
|
|
|
|
|
2020-04-06 13:29:38 +00:00
|
|
|
type authFragments struct {
|
2020-01-24 15:13:26 +00:00
|
|
|
sharedSecret [32]byte
|
|
|
|
randPubKey [32]byte
|
|
|
|
ciphertextWithTag [64]byte
|
2019-08-31 20:40:50 +00:00
|
|
|
}
|
|
|
|
|
2019-08-12 21:43:16 +00:00
|
|
|
const (
|
|
|
|
UNORDERED_FLAG = 0x01 // 0000 0001
|
|
|
|
)
|
|
|
|
|
2019-08-02 14:45:33 +00:00
|
|
|
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
|
|
|
|
|
2020-04-06 14:24:18 +00:00
|
|
|
// decryptClientInfo checks if a the authFragments are valid. It doesn't check if the UID is authorised
|
2020-04-09 21:11:12 +00:00
|
|
|
func decryptClientInfo(fragments authFragments, serverTime time.Time) (info ClientInfo, err error) {
|
2019-08-02 14:45:33 +00:00
|
|
|
var plaintext []byte
|
2020-04-14 00:53:28 +00:00
|
|
|
plaintext, err = common.AESGCMDecrypt(fragments.randPubKey[0:12], fragments.sharedSecret[:], fragments.ciphertextWithTag[:])
|
2019-08-02 00:01:19 +00:00
|
|
|
if err != nil {
|
2019-06-09 14:03:28 +00:00
|
|
|
return
|
|
|
|
}
|
2019-08-02 00:01:19 +00:00
|
|
|
|
2019-08-14 10:48:32 +00:00
|
|
|
info = ClientInfo{
|
2019-08-12 13:21:42 +00:00
|
|
|
UID: plaintext[0:16],
|
|
|
|
SessionId: 0,
|
|
|
|
ProxyMethod: string(bytes.Trim(plaintext[16:28], "\x00")),
|
|
|
|
EncryptionMethod: plaintext[28],
|
2019-08-12 21:43:16 +00:00
|
|
|
Unordered: plaintext[41]&UNORDERED_FLAG != 0,
|
2019-08-12 13:21:42 +00:00
|
|
|
}
|
|
|
|
|
2019-08-02 00:01:19 +00:00
|
|
|
timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
|
2019-08-08 14:05:36 +00:00
|
|
|
clientTime := time.Unix(timestamp, 0)
|
|
|
|
if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) {
|
2019-08-02 14:45:33 +00:00
|
|
|
err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
|
2019-06-09 11:05:41 +00:00
|
|
|
return
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
2019-08-12 13:21:42 +00:00
|
|
|
info.SessionId = binary.BigEndian.Uint32(plaintext[37:41])
|
2018-11-07 21:16:13 +00:00
|
|
|
return
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
2019-09-01 00:33:34 +00:00
|
|
|
|
2019-09-01 19:23:45 +00:00
|
|
|
var ErrReplay = errors.New("duplicate random")
|
|
|
|
var ErrBadProxyMethod = errors.New("invalid proxy method")
|
2020-10-16 00:12:23 +00:00
|
|
|
var ErrBadDecryption = errors.New("decryption/authentication faliure")
|
2019-09-01 19:23:45 +00:00
|
|
|
|
2020-04-06 14:24:18 +00:00
|
|
|
// AuthFirstPacket checks if the first packet of data is ClientHello or HTTP GET, and checks if it was from a Cloak client
|
2019-09-01 00:33:34 +00:00
|
|
|
// if it is from a Cloak client, it returns the ClientInfo with the decrypted fields. It doesn't check if the user
|
|
|
|
// is authorised. It also returns a finisher callback function to be called when the caller wishes to proceed with
|
|
|
|
// the handshake
|
2020-08-12 10:32:39 +00:00
|
|
|
func AuthFirstPacket(firstPacket []byte, transport Transport, sta *State) (info ClientInfo, finisher Responder, err error) {
|
2020-04-10 13:09:48 +00:00
|
|
|
fragments, finisher, err := transport.processFirstPacket(firstPacket, sta.StaticPv)
|
2020-01-22 18:37:01 +00:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-04-06 13:29:38 +00:00
|
|
|
if sta.registerRandom(fragments.randPubKey) {
|
2020-01-22 18:37:01 +00:00
|
|
|
err = ErrReplay
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-04-09 21:11:12 +00:00
|
|
|
info, err = decryptClientInfo(fragments, sta.WorldState.Now())
|
2019-09-01 00:33:34 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Debug(err)
|
2020-10-16 00:12:23 +00:00
|
|
|
err = fmt.Errorf("%w: %v", ErrBadDecryption, err)
|
2019-09-01 00:33:34 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
if _, ok := sta.ProxyBook[info.ProxyMethod]; !ok {
|
|
|
|
err = ErrBadProxyMethod
|
|
|
|
return
|
|
|
|
}
|
2020-01-22 22:27:19 +00:00
|
|
|
info.Transport = transport
|
2019-09-01 00:33:34 +00:00
|
|
|
return
|
|
|
|
}
|