Cloak/internal/server/auth.go

package server

import (
	"bytes"
	"encoding/binary"
	"errors"
	"fmt"
	"github.com/cbeuw/Cloak/internal/util"
	"time"

	log "github.com/sirupsen/logrus"
)

type ClientInfo struct {
	UID              []byte
	SessionId        uint32
	ProxyMethod      string
	EncryptionMethod byte
	Unordered        bool
	Transport        Transport
}

type authFragments struct {
	sharedSecret      [32]byte
	randPubKey        [32]byte
	ciphertextWithTag [64]byte
}

const (
	UNORDERED_FLAG = 0x01 // 0000 0001
)

var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
var ErrUnreconisedProtocol = errors.New("unreconised protocol")

// decryptClientInfo checks if a the authFragments are valid. It doesn't check if the UID is authorised
func decryptClientInfo(fragments authFragments, serverTime time.Time) (info ClientInfo, err error) {
	var plaintext []byte
	plaintext, err = util.AESGCMDecrypt(fragments.randPubKey[0:12], fragments.sharedSecret[:], fragments.ciphertextWithTag[:])
	if err != nil {
		return
	}

	info = ClientInfo{
		UID:              plaintext[0:16],
		SessionId:        0,
		ProxyMethod:      string(bytes.Trim(plaintext[16:28], "\x00")),
		EncryptionMethod: plaintext[28],
		Unordered:        plaintext[41]&UNORDERED_FLAG != 0,
	}

	timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
	clientTime := time.Unix(timestamp, 0)
	if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) {
		err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
		return
	}
	info.SessionId = binary.BigEndian.Uint32(plaintext[37:41])
	return
}

var ErrReplay = errors.New("duplicate random")
var ErrBadProxyMethod = errors.New("invalid proxy method")

// AuthFirstPacket checks if the first packet of data is ClientHello or HTTP GET, and checks if it was from a Cloak client
// if it is from a Cloak client, it returns the ClientInfo with the decrypted fields. It doesn't check if the user
// is authorised. It also returns a finisher callback function to be called when the caller wishes to proceed with
// the handshake
func AuthFirstPacket(firstPacket []byte, sta *State) (info ClientInfo, finisher Responder, err error) {
	var transport Transport
	switch firstPacket[0] {
	case 0x47:
		transport = &WebSocket{}
	case 0x16:
		transport = &TLS{}
	default:
		err = ErrUnreconisedProtocol
		return
	}

	fragments, finisher, err := transport.processFirstPacket(firstPacket, sta.StaticPv)
	if err != nil {
		return
	}

	if sta.registerRandom(fragments.randPubKey) {
		err = ErrReplay
		return
	}

	info, err = decryptClientInfo(fragments, sta.WorldState.Now())
	if err != nil {
		log.Debug(err)
		err = fmt.Errorf("transport %v in correct format but not Cloak: %v", transport, err)
		return
	}
	if _, ok := sta.ProxyBook[info.ProxyMethod]; !ok {
		err = ErrBadProxyMethod
		return
	}
	info.Transport = transport
	return
}
Untested server 2018-10-09 15:07:54 +00:00			`package server`

			`import (`
			`"bytes"`
			`"encoding/binary"`
Improve logging 2019-08-02 14:45:33 +00:00			`"errors"`
			`"fmt"`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`"github.com/cbeuw/Cloak/internal/util"`
Change how timestamp's validity is checked 2019-08-08 14:05:36 +00:00			`"time"`
Direct WebSocket 2019-09-01 00:33:34 +00:00
			`log "github.com/sirupsen/logrus"`
Untested server 2018-10-09 15:07:54 +00:00			`)`

Refactor return value of decryption 2019-08-12 13:21:42 +00:00			`type ClientInfo struct {`
			`UID []byte`
			`SessionId uint32`
			`ProxyMethod string`
			`EncryptionMethod byte`
Add unordered mode 2019-08-12 21:43:16 +00:00			`Unordered bool`
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`Transport Transport`
Refactor return value of decryption 2019-08-12 13:21:42 +00:00			`}`

Rename a struct 2020-04-06 13:29:38 +00:00			`type authFragments struct {`
Make authentication info arrays 2020-01-24 15:13:26 +00:00			`sharedSecret [32]byte`
			`randPubKey [32]byte`
			`ciphertextWithTag [64]byte`
Refactor touchStone 2019-08-31 20:40:50 +00:00			`}`

Add unordered mode 2019-08-12 21:43:16 +00:00			`const (`
			`UNORDERED_FLAG = 0x01 // 0000 0001`
			`)`

Improve logging 2019-08-02 14:45:33 +00:00			`var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`var ErrUnreconisedProtocol = errors.New("unreconised protocol")`
Improve logging 2019-08-02 14:45:33 +00:00
Refactor authentication pipeline 2020-04-06 14:24:18 +00:00			`// decryptClientInfo checks if a the authFragments are valid. It doesn't check if the UID is authorised`
Purge impurity 2020-04-09 21:11:12 +00:00			`func decryptClientInfo(fragments authFragments, serverTime time.Time) (info ClientInfo, err error) {`
Improve logging 2019-08-02 14:45:33 +00:00			`var plaintext []byte`
Rename a struct 2020-04-06 13:29:38 +00:00			`plaintext, err = util.AESGCMDecrypt(fragments.randPubKey[0:12], fragments.sharedSecret[:], fragments.ciphertextWithTag[:])`
TLS1.3 2019-08-02 00:01:19 +00:00			`if err != nil {`
Use AES-GCM instead of CTR 2019-06-09 14:03:28 +00:00			`return`
			`}`
TLS1.3 2019-08-02 00:01:19 +00:00
Fix nil pointer with ClientInfo 2019-08-14 10:48:32 +00:00			`info = ClientInfo{`
Refactor return value of decryption 2019-08-12 13:21:42 +00:00			`UID: plaintext[0:16],`
			`SessionId: 0,`
			`ProxyMethod: string(bytes.Trim(plaintext[16:28], "\x00")),`
			`EncryptionMethod: plaintext[28],`
Add unordered mode 2019-08-12 21:43:16 +00:00			`Unordered: plaintext[41]&UNORDERED_FLAG != 0,`
Refactor return value of decryption 2019-08-12 13:21:42 +00:00			`}`

TLS1.3 2019-08-02 00:01:19 +00:00			`timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))`
Change how timestamp's validity is checked 2019-08-08 14:05:36 +00:00			`clientTime := time.Unix(timestamp, 0)`
			`if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) {`
Improve logging 2019-08-02 14:45:33 +00:00			`err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)`
Add optional encryption 2019-06-09 11:05:41 +00:00			`return`
Untested server 2018-10-09 15:07:54 +00:00			`}`
Refactor return value of decryption 2019-08-12 13:21:42 +00:00			`info.SessionId = binary.BigEndian.Uint32(plaintext[37:41])`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`return`
Untested server 2018-10-09 15:07:54 +00:00			`}`
Direct WebSocket 2019-09-01 00:33:34 +00:00
Working direct WebSocket transport 2019-09-01 19:23:45 +00:00			`var ErrReplay = errors.New("duplicate random")`
			`var ErrBadProxyMethod = errors.New("invalid proxy method")`

Refactor authentication pipeline 2020-04-06 14:24:18 +00:00			`// AuthFirstPacket checks if the first packet of data is ClientHello or HTTP GET, and checks if it was from a Cloak client`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`// if it is from a Cloak client, it returns the ClientInfo with the decrypted fields. It doesn't check if the user`
			`// is authorised. It also returns a finisher callback function to be called when the caller wishes to proceed with`
			`// the handshake`
Refactor authentication pipeline 2020-04-06 14:24:18 +00:00			`func AuthFirstPacket(firstPacket []byte, sta *State) (info ClientInfo, finisher Responder, err error) {`
Fix transport null pointer 2020-01-22 22:27:19 +00:00			`var transport Transport`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`switch firstPacket[0] {`
			`case 0x47:`
Refactor authentication pipeline 2020-04-06 14:24:18 +00:00			`transport = &WebSocket{}`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`case 0x16:`
Refactor authentication pipeline 2020-04-06 14:24:18 +00:00			`transport = &TLS{}`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`default:`
			`err = ErrUnreconisedProtocol`
			`return`
			`}`

Export fields for testing 2020-04-10 13:09:48 +00:00			`fragments, finisher, err := transport.processFirstPacket(firstPacket, sta.StaticPv)`
Refactor Transport and add tests 2020-01-22 18:37:01 +00:00			`if err != nil {`
			`return`
			`}`

Rename a struct 2020-04-06 13:29:38 +00:00			`if sta.registerRandom(fragments.randPubKey) {`
Refactor Transport and add tests 2020-01-22 18:37:01 +00:00			`err = ErrReplay`
			`return`
			`}`

Purge impurity 2020-04-09 21:11:12 +00:00			`info, err = decryptClientInfo(fragments, sta.WorldState.Now())`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`if err != nil {`
			`log.Debug(err)`
Fix logging of transport 2020-04-03 22:37:09 +00:00			`err = fmt.Errorf("transport %v in correct format but not Cloak: %v", transport, err)`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`return`
			`}`
			`if _, ok := sta.ProxyBook[info.ProxyMethod]; !ok {`
			`err = ErrBadProxyMethod`
			`return`
			`}`
Fix transport null pointer 2020-01-22 22:27:19 +00:00			`info.Transport = transport`
Direct WebSocket 2019-09-01 00:33:34 +00:00			`return`
			`}`