Cloak/internal/client/auth.go

package client

import (
	"crypto/rand"
	"encoding/binary"
	"github.com/cbeuw/Cloak/internal/ecdh"
	"github.com/cbeuw/Cloak/internal/util"
	"sync/atomic"
)

const (
	UNORDERED_FLAG = 0x01 // 0000 0001
)

type chHiddenData struct {
	fullRaw          []byte // pubkey, ciphertext, tag
	chRandom         []byte
	chSessionId      []byte
	chX25519KeyShare []byte
	chExtSNI         []byte
}

// makeHiddenData generates the ephemeral key pair, calculates the shared secret, and then compose and
// encrypt the Authentication data. It also composes SNI extension.
func makeHiddenData(sta *State) (ret chHiddenData, sharedSecret []byte) {
	// random is marshalled ephemeral pub key 32 bytes
	/*
		Authentication data:
		+----------+----------------+---------------------+-------------+--------------+--------+------------+
		|  _UID_   | _Proxy Method_ | _Encryption Method_ | _Timestamp_ | _Session Id_ | _Flag_ | _reserved_ |
		+----------+----------------+---------------------+-------------+--------------+--------+------------+
		| 16 bytes | 12 bytes       | 1 byte              | 8 bytes     | 4 bytes      | 1 byte | 6 bytes    |
		+----------+----------------+---------------------+-------------+--------------+--------+------------+
	*/
	// The authentication ciphertext and its tag are then distributed among SessionId and X25519KeyShare
	ephPv, ephPub, _ := ecdh.GenerateKey(rand.Reader)
	ret.chRandom = ecdh.Marshal(ephPub)

	plaintext := make([]byte, 48)
	copy(plaintext, sta.UID)
	copy(plaintext[16:28], sta.ProxyMethod)
	plaintext[28] = sta.EncryptionMethod
	binary.BigEndian.PutUint64(plaintext[29:37], uint64(sta.Now().Unix()))
	binary.BigEndian.PutUint32(plaintext[37:41], atomic.LoadUint32(&sta.SessionID))

	if sta.Unordered {
		plaintext[41] |= UNORDERED_FLAG
	}

	sharedSecret = ecdh.GenerateSharedSecret(ephPv, sta.staticPub)
	nonce := ret.chRandom[0:12]
	ciphertextWithTag, _ := util.AESGCMEncrypt(nonce, sharedSecret, plaintext)
	ret.fullRaw = append(ret.chRandom, ciphertextWithTag...)
	ret.chSessionId = ciphertextWithTag[0:32]
	ret.chX25519KeyShare = ciphertextWithTag[32:64]
	ret.chExtSNI = makeServerName(sta.ServerName)
	return
}
Untested client 2018-10-07 17:09:45 +00:00			`package client`

			`import (`
			`"crypto/rand"`
			`"encoding/binary"`
Remove ECDH as an external dependancy and include it as a internal package 2019-01-25 00:24:47 +00:00			`"github.com/cbeuw/Cloak/internal/ecdh"`
			`"github.com/cbeuw/Cloak/internal/util"`
TLS1.3 2019-08-02 00:01:19 +00:00			`"sync/atomic"`
Untested client 2018-10-07 17:09:45 +00:00			`)`

Add unordered mode 2019-08-12 21:43:16 +00:00			`const (`
			`UNORDERED_FLAG = 0x01 // 0000 0001`
			`)`

Refactor client ClientHello composition 2019-08-16 23:16:31 +00:00			`type chHiddenData struct {`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`fullRaw []byte // pubkey, ciphertext, tag`
			`chRandom []byte`
			`chSessionId []byte`
			`chX25519KeyShare []byte`
			`chExtSNI []byte`
Refactor client ClientHello composition 2019-08-16 23:16:31 +00:00			`}`

More comments 2019-08-20 21:43:04 +00:00			`// makeHiddenData generates the ephemeral key pair, calculates the shared secret, and then compose and`
			`// encrypt the Authentication data. It also composes SNI extension.`
Refactor client ClientHello composition 2019-08-16 23:16:31 +00:00			`func makeHiddenData(sta *State) (ret chHiddenData, sharedSecret []byte) {`
TLS1.3 2019-08-02 00:01:19 +00:00			`// random is marshalled ephemeral pub key 32 bytes`
More comments 2019-08-20 21:43:04 +00:00			`/*`
			`Authentication data:`
			`+----------+----------------+---------------------+-------------+--------------+--------+------------+`
			`\| _UID_ \| _Proxy Method_ \| _Encryption Method_ \| _Timestamp_ \| _Session Id_ \| _Flag_ \| _reserved_ \|`
			`+----------+----------------+---------------------+-------------+--------------+--------+------------+`
			`\| 16 bytes \| 12 bytes \| 1 byte \| 8 bytes \| 4 bytes \| 1 byte \| 6 bytes \|`
			`+----------+----------------+---------------------+-------------+--------------+--------+------------+`
			`*/`
			`// The authentication ciphertext and its tag are then distributed among SessionId and X25519KeyShare`
TLS1.3 2019-08-02 00:01:19 +00:00			`ephPv, ephPub, _ := ecdh.GenerateKey(rand.Reader)`
Refactor client ClientHello composition 2019-08-16 23:16:31 +00:00			`ret.chRandom = ecdh.Marshal(ephPub)`
TLS1.3 2019-08-02 00:01:19 +00:00
			`plaintext := make([]byte, 48)`
			`copy(plaintext, sta.UID)`
			`copy(plaintext[16:28], sta.ProxyMethod)`
			`plaintext[28] = sta.EncryptionMethod`
Refactor InitState 2019-08-20 21:48:01 +00:00			`binary.BigEndian.PutUint64(plaintext[29:37], uint64(sta.Now().Unix()))`
TLS1.3 2019-08-02 00:01:19 +00:00			`binary.BigEndian.PutUint32(plaintext[37:41], atomic.LoadUint32(&sta.SessionID))`

Add unordered mode 2019-08-12 21:43:16 +00:00			`if sta.Unordered {`
			`plaintext[41] \|= UNORDERED_FLAG`
			`}`

TLS1.3 2019-08-02 00:01:19 +00:00			`sharedSecret = ecdh.GenerateSharedSecret(ephPv, sta.staticPub)`
Refactor client ClientHello composition 2019-08-16 23:16:31 +00:00			`nonce := ret.chRandom[0:12]`
More comments 2019-08-20 21:43:04 +00:00			`ciphertextWithTag, _ := util.AESGCMEncrypt(nonce, sharedSecret, plaintext)`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`ret.fullRaw = append(ret.chRandom, ciphertextWithTag...)`
More comments 2019-08-20 21:43:04 +00:00			`ret.chSessionId = ciphertextWithTag[0:32]`
			`ret.chX25519KeyShare = ciphertextWithTag[32:64]`
Refactor client ClientHello composition 2019-08-16 23:16:31 +00:00			`ret.chExtSNI = makeServerName(sta.ServerName)`
TLS1.3 2019-08-02 00:01:19 +00:00			`return`
Untested client 2018-10-07 17:09:45 +00:00			`}`