2018-10-09 15:07:54 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
2019-08-02 14:45:33 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2019-01-25 00:24:47 +00:00
|
|
|
"github.com/cbeuw/Cloak/internal/ecdh"
|
2018-10-14 19:32:54 +00:00
|
|
|
"github.com/cbeuw/Cloak/internal/util"
|
2018-10-09 15:07:54 +00:00
|
|
|
)
|
|
|
|
|
2019-08-02 14:45:33 +00:00
|
|
|
var ErrReplay = errors.New("duplicate random")
|
|
|
|
var ErrInvalidPubKey = errors.New("public key has invalid format")
|
|
|
|
var ErrCiphertextLength = errors.New("ciphertext has the wrong length")
|
|
|
|
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")
|
|
|
|
|
|
|
|
func TouchStone(ch *ClientHello, sta *State) (UID []byte, sessionID uint32, proxyMethod string, encryptionMethod byte, sharedSecret []byte, err error) {
|
2019-01-19 19:30:32 +00:00
|
|
|
|
2019-08-03 10:49:05 +00:00
|
|
|
if sta.registerRandom(ch.random) {
|
2019-08-02 14:45:33 +00:00
|
|
|
err = ErrReplay
|
2019-06-09 11:05:41 +00:00
|
|
|
return
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
|
|
|
|
2019-08-03 10:49:05 +00:00
|
|
|
ephPub, ok := ecdh.Unmarshal(ch.random)
|
2019-08-02 00:01:19 +00:00
|
|
|
if !ok {
|
2019-08-02 14:45:33 +00:00
|
|
|
err = ErrInvalidPubKey
|
2019-08-02 00:01:19 +00:00
|
|
|
return
|
|
|
|
}
|
2019-07-26 16:05:46 +00:00
|
|
|
|
2019-08-02 00:01:19 +00:00
|
|
|
sharedSecret = ecdh.GenerateSharedSecret(sta.staticPv, ephPub)
|
2019-08-02 14:45:33 +00:00
|
|
|
var keyShare []byte
|
|
|
|
keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])
|
2019-08-02 00:01:19 +00:00
|
|
|
if err != nil {
|
2019-06-09 11:05:41 +00:00
|
|
|
return
|
2018-10-20 20:41:01 +00:00
|
|
|
}
|
2019-07-26 16:05:46 +00:00
|
|
|
|
2019-08-02 14:45:33 +00:00
|
|
|
ciphertext := append(ch.sessionId, keyShare...)
|
2019-08-02 00:01:19 +00:00
|
|
|
if len(ciphertext) != 64 {
|
2019-08-02 14:45:33 +00:00
|
|
|
err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(ciphertext))
|
2019-08-02 00:01:19 +00:00
|
|
|
return
|
|
|
|
}
|
2019-07-26 16:05:46 +00:00
|
|
|
|
2019-08-02 14:45:33 +00:00
|
|
|
var plaintext []byte
|
2019-08-03 10:49:05 +00:00
|
|
|
plaintext, err = util.AESGCMDecrypt(ch.random[0:12], sharedSecret, ciphertext)
|
2019-08-02 00:01:19 +00:00
|
|
|
if err != nil {
|
2019-06-09 14:03:28 +00:00
|
|
|
return
|
|
|
|
}
|
2019-08-02 00:01:19 +00:00
|
|
|
|
|
|
|
UID = plaintext[0:16]
|
|
|
|
proxyMethod = string(bytes.Trim(plaintext[16:28], "\x00"))
|
|
|
|
encryptionMethod = plaintext[28]
|
|
|
|
timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
|
|
|
|
if timestamp/int64(TIMESTAMP_WINDOW.Seconds()) != sta.Now().Unix()/int64(TIMESTAMP_WINDOW.Seconds()) {
|
2019-08-02 14:45:33 +00:00
|
|
|
err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
|
2019-06-09 11:05:41 +00:00
|
|
|
return
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
2019-08-02 00:01:19 +00:00
|
|
|
sessionID = binary.BigEndian.Uint32(plaintext[37:41])
|
2018-11-07 21:16:13 +00:00
|
|
|
return
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|