Cloak/internal/client/websocket.go

package client

import (
	"encoding/base64"
	"errors"
	"fmt"
	"github.com/cbeuw/Cloak/internal/common"
	"github.com/gorilla/websocket"
	utls "github.com/refraction-networking/utls"
	"net"
	"net/http"
	"net/url"
)

type WSOverTLS struct {
	*common.WebSocketConn
	cdnDomainPort string
}

func (ws *WSOverTLS) Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey [32]byte, err error) {
	utlsConfig := &utls.Config{
		ServerName:         authInfo.MockDomain,
		InsecureSkipVerify: true,
	}
	uconn := utls.UClient(rawConn, utlsConfig, utls.HelloChrome_Auto)
	err = uconn.Handshake()
	if err != nil {
		return
	}

	u, err := url.Parse("ws://" + ws.cdnDomainPort)
	if err != nil {
		return sessionKey, fmt.Errorf("failed to parse ws url: %v", err)
	}

	payload, sharedSecret := makeAuthenticationPayload(authInfo)
	header := http.Header{}
	header.Add("hidden", base64.StdEncoding.EncodeToString(append(payload.randPubKey[:], payload.ciphertextWithTag[:]...)))
	c, _, err := websocket.NewClient(uconn, u, header, 16480, 16480)
	if err != nil {
		return sessionKey, fmt.Errorf("failed to handshake: %v", err)
	}

	ws.WebSocketConn = &common.WebSocketConn{Conn: c}

	buf := make([]byte, 128)
	n, err := ws.Read(buf)
	if err != nil {
		return sessionKey, fmt.Errorf("failed to read reply: %v", err)
	}

	if n != 60 {
		return sessionKey, errors.New("reply must be 60 bytes")
	}

	reply := buf[:60]
	sessionKeySlice, err := common.AESGCMDecrypt(reply[:12], sharedSecret[:], reply[12:])
	if err != nil {
		return
	}
	copy(sessionKey[:], sessionKeySlice)

	return
}

func (ws *WSOverTLS) Close() error {
	if ws.WebSocketConn != nil {
		return ws.WebSocketConn.Close()
	}
	return nil
}
Client side plain websocket 2019-08-31 17:01:39 +00:00			`package client`

			`import (`
			`"encoding/base64"`
			`"errors"`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`"fmt"`
Move common types to its own package 2020-04-08 23:39:40 +00:00			`"github.com/cbeuw/Cloak/internal/common"`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`"github.com/gorilla/websocket"`
Purge impurity 2020-04-09 21:11:12 +00:00			`utls "github.com/refraction-networking/utls"`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`"net"`
			`"net/http"`
			`"net/url"`
			`)`

websocket over TLS 2019-09-02 13:03:10 +00:00			`type WSOverTLS struct {`
Move common types to its own package 2020-04-08 23:39:40 +00:00			`*common.WebSocketConn`
Refactor client config 2020-04-06 12:07:16 +00:00			`cdnDomainPort string`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Export fields for testing 2020-04-10 13:09:48 +00:00			`func (ws *WSOverTLS) Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey [32]byte, err error) {`
websocket over TLS 2019-09-02 13:03:10 +00:00			`utlsConfig := &utls.Config{`
Refactor client config 2020-04-06 12:07:16 +00:00			`ServerName: authInfo.MockDomain,`
websocket over TLS 2019-09-02 13:03:10 +00:00			`InsecureSkipVerify: true,`
			`}`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`uconn := utls.UClient(rawConn, utlsConfig, utls.HelloChrome_Auto)`
websocket over TLS 2019-09-02 13:03:10 +00:00			`err = uconn.Handshake()`
			`if err != nil {`
			`return`
			`}`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00
Refactor client config 2020-04-06 12:07:16 +00:00			`u, err := url.Parse("ws://" + ws.cdnDomainPort)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`if err != nil {`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`return sessionKey, fmt.Errorf("failed to parse ws url: %v", err)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Purge impurity 2020-04-09 21:11:12 +00:00			`payload, sharedSecret := makeAuthenticationPayload(authInfo)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`header := http.Header{}`
Refactor authentication data representations 2020-01-24 16:44:29 +00:00			`header.Add("hidden", base64.StdEncoding.EncodeToString(append(payload.randPubKey[:], payload.ciphertextWithTag[:]...)))`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`c, _, err := websocket.NewClient(uconn, u, header, 16480, 16480)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`if err != nil {`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`return sessionKey, fmt.Errorf("failed to handshake: %v", err)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Move common types to its own package 2020-04-08 23:39:40 +00:00			`ws.WebSocketConn = &common.WebSocketConn{Conn: c}`
Direct WebSocket 2019-09-01 00:33:34 +00:00
			`buf := make([]byte, 128)`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`n, err := ws.Read(buf)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`if err != nil {`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`return sessionKey, fmt.Errorf("failed to read reply: %v", err)`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`

Direct WebSocket 2019-09-01 00:33:34 +00:00			`if n != 60 {`
Refactor client side transport (breaks server) 2020-04-08 19:53:09 +00:00			`return sessionKey, errors.New("reply must be 60 bytes")`
Client side plain websocket 2019-08-31 17:01:39 +00:00			`}`
Direct WebSocket 2019-09-01 00:33:34 +00:00
			`reply := buf[:60]`
Code cleanup and move stuff around 2020-04-14 00:53:28 +00:00			`sessionKeySlice, err := common.AESGCMDecrypt(reply[:12], sharedSecret[:], reply[12:])`
Make key lengths explicit 2020-04-07 20:15:28 +00:00			`if err != nil {`
			`return`
			`}`
			`copy(sessionKey[:], sessionKeySlice)`
Client side plain websocket 2019-08-31 17:01:39 +00:00
			`return`
			`}`
Prevent nil pointer panic when server response is incorrect under CDN mode 2020-09-07 13:47:37 +00:00
			`func (ws *WSOverTLS) Close() error {`
			`if ws.WebSocketConn != nil {`
			`return ws.WebSocketConn.Close()`
			`}`
			`return nil`
			`}`