Cloak/internal/multiplex/obfs.go

164 lines
3.9 KiB
Go
Raw Normal View History

2018-12-09 23:45:06 +00:00
package multiplex
2018-10-07 17:09:45 +00:00
import (
"crypto/aes"
2019-07-31 23:16:33 +00:00
"crypto/cipher"
"crypto/rand"
2018-10-07 17:09:45 +00:00
"encoding/binary"
2018-12-09 23:45:06 +00:00
"errors"
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/salsa20"
2019-08-04 09:38:49 +00:00
prand "math/rand"
2018-10-07 17:09:45 +00:00
)
2019-08-04 09:38:49 +00:00
type Obfser func(*Frame, []byte) (int, error)
2018-12-09 23:45:06 +00:00
type Deobfser func([]byte) (*Frame, error)
var u32 = binary.BigEndian.Uint32
var putU32 = binary.BigEndian.PutUint32
2019-07-27 23:15:27 +00:00
const HEADER_LEN = 12
func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser {
2019-08-04 09:38:49 +00:00
obfs := func(f *Frame, buf []byte) (int, error) {
var extraLen uint8
if payloadCipher == nil {
if len(f.Payload) < 8 {
extraLen = uint8(8 - len(f.Payload))
}
} else {
extraLen = uint8(payloadCipher.Overhead())
}
usefulLen := 5 + HEADER_LEN + len(f.Payload) + int(extraLen)
if len(buf) < usefulLen {
return 0, errors.New("buffer is too small")
}
2019-08-07 18:08:37 +00:00
useful := buf[:usefulLen] // tls header + payload + potential overhead
recordLayer := useful[0:5]
header := useful[5 : 5+HEADER_LEN]
encryptedPayload := useful[5+HEADER_LEN:]
2019-07-27 23:15:27 +00:00
2019-08-04 09:38:49 +00:00
// header: [StreamID 4 bytes][Seq 4 bytes][Closing 1 byte][extraLen 1 bytes][random 2 bytes]
putU32(header[0:4], f.StreamID)
putU32(header[4:8], f.Seq)
header[8] = f.Closing
2019-08-04 09:38:49 +00:00
header[9] = extraLen
prand.Read(header[10:12])
2019-07-31 23:43:33 +00:00
if payloadCipher == nil {
copy(encryptedPayload, f.Payload)
2019-08-04 09:38:49 +00:00
if extraLen != 0 {
rand.Read(encryptedPayload[len(encryptedPayload)-int(extraLen):])
}
2019-07-31 23:43:33 +00:00
} else {
ciphertext := payloadCipher.Seal(nil, header, f.Payload, nil)
copy(encryptedPayload, ciphertext)
2019-06-09 14:03:28 +00:00
}
2019-06-09 11:05:41 +00:00
nonce := encryptedPayload[len(encryptedPayload)-8:]
salsa20.XORKeyStream(header, header, nonce, &salsaKey)
2018-10-20 16:03:39 +00:00
// Composing final obfsed message
// We don't use util.AddRecordLayer here to avoid unnecessary malloc
2019-07-27 23:15:27 +00:00
recordLayer[0] = 0x17
recordLayer[1] = 0x03
recordLayer[2] = 0x03
binary.BigEndian.PutUint16(recordLayer[3:5], uint16(HEADER_LEN+len(encryptedPayload)))
2019-08-04 09:38:49 +00:00
return usefulLen, nil
2018-10-07 17:09:45 +00:00
}
return obfs
}
func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser {
2018-12-09 23:45:06 +00:00
deobfs := func(in []byte) (*Frame, error) {
2019-08-04 09:38:49 +00:00
if len(in) < 5+HEADER_LEN+8 {
2019-08-07 16:53:34 +00:00
return nil, errors.New("Input cannot be shorter than 25 bytes")
2018-12-09 23:45:06 +00:00
}
2019-08-07 16:53:34 +00:00
peeled := make([]byte, len(in)-5)
copy(peeled, in[5:])
header := peeled[:12]
pldWithOverHead := peeled[12:] // plaintext + potential overhead
nonce := peeled[len(peeled)-8:]
salsa20.XORKeyStream(header, header, nonce, &salsaKey)
streamID := u32(header[0:4])
seq := u32(header[4:8])
closing := header[8]
2019-08-04 09:38:49 +00:00
extraLen := header[9]
2019-08-07 16:53:34 +00:00
usefulPayloadLen := len(pldWithOverHead) - int(extraLen)
if usefulPayloadLen < 0 {
return nil, errors.New("extra length is greater than total pldWithOverHead length")
2019-08-07 16:22:40 +00:00
}
2019-08-07 16:53:34 +00:00
var outputPayload []byte
2019-06-09 11:05:41 +00:00
2019-07-31 23:43:33 +00:00
if payloadCipher == nil {
2019-08-07 16:53:34 +00:00
if extraLen == 0 {
outputPayload = pldWithOverHead
} else {
outputPayload = pldWithOverHead[:usefulPayloadLen]
}
2019-07-31 23:43:33 +00:00
} else {
2019-08-07 16:53:34 +00:00
_, err := payloadCipher.Open(pldWithOverHead[:0], header, pldWithOverHead, nil)
2019-07-31 23:43:33 +00:00
if err != nil {
return nil, err
}
2019-08-07 16:53:34 +00:00
outputPayload = pldWithOverHead[:usefulPayloadLen]
2019-07-31 23:43:33 +00:00
}
2018-12-09 23:45:06 +00:00
ret := &Frame{
2018-10-27 22:35:46 +00:00
StreamID: streamID,
Seq: seq,
Closing: closing,
Payload: outputPayload,
2018-10-07 17:09:45 +00:00
}
2018-12-09 23:45:06 +00:00
return ret, nil
2018-10-07 17:09:45 +00:00
}
return deobfs
}
func GenerateObfs(encryptionMethod byte, sessionKey []byte) (obfuscator *Obfuscator, err error) {
if len(sessionKey) != 32 {
err = errors.New("sessionKey size must be 32 bytes")
}
var salsaKey [32]byte
copy(salsaKey[:], sessionKey)
var payloadCipher cipher.AEAD
switch encryptionMethod {
case 0x00:
payloadCipher = nil
case 0x01:
var c cipher.Block
c, err = aes.NewCipher(sessionKey)
if err != nil {
return
}
payloadCipher, err = cipher.NewGCM(c)
if err != nil {
return
}
case 0x02:
payloadCipher, err = chacha20poly1305.New(sessionKey)
if err != nil {
return
}
default:
return nil, errors.New("Unknown encryption method")
}
obfuscator = &Obfuscator{
MakeObfs(salsaKey, payloadCipher),
MakeDeobfs(salsaKey, payloadCipher),
sessionKey,
}
return
}