Cloak/internal/util/util.go

package util

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/binary"
	"errors"
	"io"
	"net"
	"strconv"
	"time"

	log "github.com/sirupsen/logrus"
)

func AESGCMEncrypt(nonce []byte, key []byte, plaintext []byte) ([]byte, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	return aesgcm.Seal(nil, nonce, plaintext, nil), nil
}

func AESGCMDecrypt(nonce []byte, key []byte, ciphertext []byte) ([]byte, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	plain, err := aesgcm.Open(nil, nonce, ciphertext, nil)
	if err != nil {
		return nil, err
	}
	return plain, nil
}

func CryptoRandRead(buf []byte) {
	_, err := rand.Read(buf)
	if err == nil {
		return
	}
	waitDur := [10]time.Duration{5 * time.Millisecond, 10 * time.Millisecond, 30 * time.Millisecond, 50 * time.Millisecond,
		100 * time.Millisecond, 300 * time.Millisecond, 500 * time.Millisecond, 1 * time.Second,
		3 * time.Second, 5 * time.Second}
	for i := 0; i < 10; i++ {
		log.Errorf("Failed to get cryptographic random bytes: %v. Retrying...", err)
		_, err = rand.Read(buf)
		if err == nil {
			return
		}
		time.Sleep(time.Millisecond * waitDur[i])
	}
	log.Fatal("Cannot get cryptographic random bytes after 10 retries")
}

// ReadTLS reads TLS data according to its record layer
func ReadTLS(conn net.Conn, buffer []byte) (n int, err error) {
	// TCP is a stream. Multiple TLS messages can arrive at the same time,
	// a single message can also be segmented due to MTU of the IP layer.
	// This function guareentees a single TLS message to be read and everything
	// else is left in the buffer.
	i, err := io.ReadFull(conn, buffer[:5])
	if err != nil {
		return
	}

	dataLength := int(binary.BigEndian.Uint16(buffer[3:5]))
	if dataLength > len(buffer) {
		err = errors.New("Reading TLS message: message size greater than buffer. message size: " + strconv.Itoa(dataLength))
		return
	}
	left := dataLength
	readPtr := 5

	for left != 0 {
		// If left > buffer size (i.e. our message got segmented), the entire MTU is read
		// if left = buffer size, the entire buffer is all there left to read
		// if left < buffer size (i.e. multiple messages came together),
		// only the message we want is read

		i, err = conn.Read(buffer[readPtr : readPtr+left])
		if err != nil {
			return
		}
		left -= i
		readPtr += i
	}

	n = 5 + dataLength
	return
}

// AddRecordLayer adds record layer to data
func AddRecordLayer(input []byte, typ []byte, ver []byte) []byte {
	length := make([]byte, 2)
	binary.BigEndian.PutUint16(length, uint16(len(input)))
	ret := make([]byte, 5+len(input))
	copy(ret[0:1], typ)
	copy(ret[1:3], ver)
	copy(ret[3:5], length)
	copy(ret[5:], input)
	return ret
}

func Pipe(dst net.Conn, src net.Conn, srcReadTimeout time.Duration) {
	// The maximum size of TLS message will be 16380+14+16. 14 because of the stream header and 16
	// because of the salt/mac
	// 16408 is the max TLS message size on Firefox
	buf := make([]byte, 16378)
	if srcReadTimeout != 0 {
		src.SetReadDeadline(time.Now().Add(srcReadTimeout))
	}
	for {
		if srcReadTimeout != 0 {
			src.SetReadDeadline(time.Now().Add(srcReadTimeout))
		}
		i, err := io.ReadAtLeast(src, buf, 1)
		if err != nil {
			dst.Close()
			src.Close()
			return
		}
		i, err = dst.Write(buf[:i])
		if err != nil {
			dst.Close()
			src.Close()
			return
		}
	}
}
Untested client 2018-10-07 17:09:45 +00:00			`package util`

			`import (`
drop aes encryption of headers 2018-10-20 20:41:01 +00:00			`"crypto/aes"`
			`"crypto/cipher"`
Handle error and retry for Crypto.rand 2020-02-01 23:46:46 +00:00			`"crypto/rand"`
Untested client 2018-10-07 17:09:45 +00:00			`"encoding/binary"`
			`"errors"`
			`"io"`
			`"net"`
Fix infinite loop. Baseline 2018-10-16 20:13:19 +00:00			`"strconv"`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`"time"`
Handle error and retry for Crypto.rand 2020-02-01 23:46:46 +00:00
			`log "github.com/sirupsen/logrus"`
Untested client 2018-10-07 17:09:45 +00:00			`)`

Use AES-GCM instead of CTR 2019-06-09 14:03:28 +00:00			`func AESGCMEncrypt(nonce []byte, key []byte, plaintext []byte) ([]byte, error) {`
			`block, err := aes.NewCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`aesgcm, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return aesgcm.Seal(nil, nonce, plaintext, nil), nil`
drop aes encryption of headers 2018-10-20 20:41:01 +00:00			`}`

Use AES-GCM instead of CTR 2019-06-09 14:03:28 +00:00			`func AESGCMDecrypt(nonce []byte, key []byte, ciphertext []byte) ([]byte, error) {`
			`block, err := aes.NewCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`aesgcm, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return nil, err`
			`}`
			`plain, err := aesgcm.Open(nil, nonce, ciphertext, nil)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return plain, nil`
drop aes encryption of headers 2018-10-20 20:41:01 +00:00			`}`

Handle error and retry for Crypto.rand 2020-02-01 23:46:46 +00:00			`func CryptoRandRead(buf []byte) {`
			`_, err := rand.Read(buf)`
			`if err == nil {`
			`return`
			`}`
			`waitDur := [10]time.Duration{5 * time.Millisecond, 10 * time.Millisecond, 30 * time.Millisecond, 50 * time.Millisecond,`
			`100 * time.Millisecond, 300 * time.Millisecond, 500 * time.Millisecond, 1 * time.Second,`
			`3 * time.Second, 5 * time.Second}`
			`for i := 0; i < 10; i++ {`
			`log.Errorf("Failed to get cryptographic random bytes: %v. Retrying...", err)`
			`_, err = rand.Read(buf)`
			`if err == nil {`
			`return`
			`}`
			`time.Sleep(time.Millisecond * waitDur[i])`
			`}`
			`log.Fatal("Cannot get cryptographic random bytes after 10 retries")`
			`}`

QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`// ReadTLS reads TLS data according to its record layer`
			`func ReadTLS(conn net.Conn, buffer []byte) (n int, err error) {`
Untested client 2018-10-07 17:09:45 +00:00			`// TCP is a stream. Multiple TLS messages can arrive at the same time,`
			`// a single message can also be segmented due to MTU of the IP layer.`
			`// This function guareentees a single TLS message to be read and everything`
			`// else is left in the buffer.`
			`i, err := io.ReadFull(conn, buffer[:5])`
			`if err != nil {`
			`return`
			`}`

Stop using custom conversion function 2019-01-13 22:22:55 +00:00			`dataLength := int(binary.BigEndian.Uint16(buffer[3:5]))`
Fix infinite loop. Baseline 2018-10-16 20:13:19 +00:00			`if dataLength > len(buffer) {`
			`err = errors.New("Reading TLS message: message size greater than buffer. message size: " + strconv.Itoa(dataLength))`
			`return`
			`}`
Untested client 2018-10-07 17:09:45 +00:00			`left := dataLength`
			`readPtr := 5`

			`for left != 0 {`
			`// If left > buffer size (i.e. our message got segmented), the entire MTU is read`
			`// if left = buffer size, the entire buffer is all there left to read`
			`// if left < buffer size (i.e. multiple messages came together),`
			`// only the message we want is read`
More comments 2019-08-20 21:43:04 +00:00
Use normal Read in ReadTLS instead of ReadFull 2019-08-30 13:38:31 +00:00			`i, err = conn.Read(buffer[readPtr : readPtr+left])`
Untested client 2018-10-07 17:09:45 +00:00			`if err != nil {`
			`return`
			`}`
			`left -= i`
			`readPtr += i`
			`}`

			`n = 5 + dataLength`
			`return`
			`}`

			`// AddRecordLayer adds record layer to data`
			`func AddRecordLayer(input []byte, typ []byte, ver []byte) []byte {`
			`length := make([]byte, 2)`
			`binary.BigEndian.PutUint16(length, uint16(len(input)))`
			`ret := make([]byte, 5+len(input))`
			`copy(ret[0:1], typ)`
			`copy(ret[1:3], ver)`
			`copy(ret[3:5], length)`
			`copy(ret[5:], input)`
			`return ret`
			`}`
Move pipe to util 2019-08-03 13:58:48 +00:00
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`func Pipe(dst net.Conn, src net.Conn, srcReadTimeout time.Duration) {`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`// The maximum size of TLS message will be 16380+14+16. 14 because of the stream header and 16`
Move pipe to util 2019-08-03 13:58:48 +00:00			`// because of the salt/mac`
			`// 16408 is the max TLS message size on Firefox`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`buf := make([]byte, 16378)`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`if srcReadTimeout != 0 {`
			`src.SetReadDeadline(time.Now().Add(srcReadTimeout))`
			`}`
Move pipe to util 2019-08-03 13:58:48 +00:00			`for {`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`if srcReadTimeout != 0 {`
			`src.SetReadDeadline(time.Now().Add(srcReadTimeout))`
			`}`
Move pipe to util 2019-08-03 13:58:48 +00:00			`i, err := io.ReadAtLeast(src, buf, 1)`
			`if err != nil {`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`dst.Close()`
			`src.Close()`
Move pipe to util 2019-08-03 13:58:48 +00:00			`return`
			`}`
			`i, err = dst.Write(buf[:i])`
			`if err != nil {`
Add Stream Timeout 2019-08-19 22:23:41 +00:00			`dst.Close()`
			`src.Close()`
Move pipe to util 2019-08-03 13:58:48 +00:00			`return`
			`}`
			`}`
			`}`