Cloak/internal/client/websocket.go

package client

import (
	"crypto/rand"
	"encoding/base64"
	"errors"
	"fmt"
	"github.com/cbeuw/Cloak/internal/util"
	"github.com/gorilla/websocket"
	"net"
	"net/http"
	"net/url"

	utls "github.com/refraction-networking/utls"
)

type WSOverTLS struct {
	Transport
}

func (WSOverTLS) HasRecordLayer() bool                              { return false }
func (WSOverTLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadWebSocket }

func (WSOverTLS) PrepareConnection(sta *State, conn net.Conn) (preparedConn net.Conn, sessionKey []byte, err error) {
	utlsConfig := &utls.Config{
		ServerName:         sta.ServerName,
		InsecureSkipVerify: true,
	}
	uconn := utls.UClient(conn, utlsConfig, utls.HelloChrome_Auto)
	err = uconn.Handshake()
	preparedConn = uconn
	if err != nil {
		return
	}

	u, err := url.Parse("ws://" + sta.RemoteHost + ":" + sta.RemotePort) //TODO IPv6
	if err != nil {
		return preparedConn, nil, fmt.Errorf("failed to parse ws url: %v", err)
	}

	payload, sharedSecret := makeAuthenticationPayload(sta, rand.Reader)
	header := http.Header{}
	header.Add("hidden", base64.StdEncoding.EncodeToString(append(payload.randPubKey[:], payload.ciphertextWithTag[:]...)))
	c, _, err := websocket.NewClient(preparedConn, u, header, 16480, 16480)
	if err != nil {
		return preparedConn, nil, fmt.Errorf("failed to handshake: %v", err)
	}

	preparedConn = &util.WebSocketConn{Conn: c}

	buf := make([]byte, 128)
	n, err := preparedConn.Read(buf)
	if err != nil {
		return preparedConn, nil, fmt.Errorf("failed to read reply: %v", err)
	}

	if n != 60 {
		return preparedConn, nil, errors.New("reply must be 60 bytes")
	}

	reply := buf[:60]
	sessionKey, err = util.AESGCMDecrypt(reply[:12], sharedSecret, reply[12:])

	return
}
Client side plain websocket 2019-08-31 17:01:39 +00:00			`package client`

			`import (`
Refactor makeAuthenticationPayload to allow easier tests 2020-01-25 10:19:45 +00:00			`"crypto/rand"`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`"encoding/base64"`
			`"errors"`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`"fmt"`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`"github.com/cbeuw/Cloak/internal/util"`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`"github.com/gorilla/websocket"`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`"net"`
			`"net/http"`
			`"net/url"`
websocket over TLS 2019-09-02 13:03:10 +00:00
			`utls "github.com/refraction-networking/utls"`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`)`

websocket over TLS 2019-09-02 13:03:10 +00:00			`type WSOverTLS struct {`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`Transport`
			`}`

websocket over TLS 2019-09-02 13:03:10 +00:00			`func (WSOverTLS) HasRecordLayer() bool { return false }`
			`func (WSOverTLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadWebSocket }`

			`func (WSOverTLS) PrepareConnection(sta *State, conn net.Conn) (preparedConn net.Conn, sessionKey []byte, err error) {`
			`utlsConfig := &utls.Config{`
			`ServerName: sta.ServerName,`
			`InsecureSkipVerify: true,`
			`}`
			`uconn := utls.UClient(conn, utlsConfig, utls.HelloChrome_Auto)`
			`err = uconn.Handshake()`
			`preparedConn = uconn`
			`if err != nil {`
			`return`
			`}`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00
Client side plain websocket 2019-08-31 17:01:39 +00:00			`u, err := url.Parse("ws://" + sta.RemoteHost + ":" + sta.RemotePort) //TODO IPv6`
			`if err != nil {`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`return preparedConn, nil, fmt.Errorf("failed to parse ws url: %v", err)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Refactor makeAuthenticationPayload to allow easier tests 2020-01-25 10:19:45 +00:00			`payload, sharedSecret := makeAuthenticationPayload(sta, rand.Reader)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`header := http.Header{}`
Refactor authentication data representations 2020-01-24 16:44:29 +00:00			`header.Add("hidden", base64.StdEncoding.EncodeToString(append(payload.randPubKey[:], payload.ciphertextWithTag[:]...)))`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`c, _, err := websocket.NewClient(preparedConn, u, header, 16480, 16480)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`if err != nil {`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`return preparedConn, nil, fmt.Errorf("failed to handshake: %v", err)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`preparedConn = &util.WebSocketConn{Conn: c}`
Direct WebSocket 2019-09-01 00:33:34 +00:00
			`buf := make([]byte, 128)`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`n, err := preparedConn.Read(buf)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`if err != nil {`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`return preparedConn, nil, fmt.Errorf("failed to read reply: %v", err)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Direct WebSocket 2019-09-01 00:33:34 +00:00			`if n != 60 {`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`return preparedConn, nil, errors.New("reply must be 60 bytes")`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`
Direct WebSocket 2019-09-01 00:33:34 +00:00
			`reply := buf[:60]`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`sessionKey, err = util.AESGCMDecrypt(reply[:12], sharedSecret, reply[12:])`

			`return`
			`}`