Cloak/internal/server/auth.go

package server

import (
	"bytes"
	"encoding/binary"
	"errors"
	"fmt"
	"github.com/cbeuw/Cloak/internal/ecdh"
	"github.com/cbeuw/Cloak/internal/util"
)

var ErrReplay = errors.New("duplicate random")
var ErrInvalidPubKey = errors.New("public key has invalid format")
var ErrCiphertextLength = errors.New("ciphertext has the wrong length")
var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")

func TouchStone(ch *ClientHello, sta *State) (UID []byte, sessionID uint32, proxyMethod string, encryptionMethod byte, sharedSecret []byte, err error) {

	if sta.registerRandom(ch.random) {
		err = ErrReplay
		return
	}

	ephPub, ok := ecdh.Unmarshal(ch.random)
	if !ok {
		err = ErrInvalidPubKey
		return
	}

	sharedSecret = ecdh.GenerateSharedSecret(sta.staticPv, ephPub)
	var keyShare []byte
	keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])
	if err != nil {
		return
	}

	ciphertext := append(ch.sessionId, keyShare...)
	if len(ciphertext) != 64 {
		err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(ciphertext))
		return
	}

	var plaintext []byte
	plaintext, err = util.AESGCMDecrypt(ch.random[0:12], sharedSecret, ciphertext)
	if err != nil {
		return
	}

	UID = plaintext[0:16]
	proxyMethod = string(bytes.Trim(plaintext[16:28], "\x00"))
	encryptionMethod = plaintext[28]
	timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))
	if timestamp/int64(TIMESTAMP_WINDOW.Seconds()) != sta.Now().Unix()/int64(TIMESTAMP_WINDOW.Seconds()) {
		err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)
		return
	}
	sessionID = binary.BigEndian.Uint32(plaintext[37:41])
	return
}
Untested server 2018-10-09 15:07:54 +00:00			`package server`

			`import (`
			`"bytes"`
			`"encoding/binary"`
Improve logging 2019-08-02 14:45:33 +00:00			`"errors"`
			`"fmt"`
Remove ECDH as an external dependancy and include it as a internal package 2019-01-25 00:24:47 +00:00			`"github.com/cbeuw/Cloak/internal/ecdh"`
Use ECDH instead of ECIES 2018-10-14 19:32:54 +00:00			`"github.com/cbeuw/Cloak/internal/util"`
Untested server 2018-10-09 15:07:54 +00:00			`)`

Improve logging 2019-08-02 14:45:33 +00:00			`var ErrReplay = errors.New("duplicate random")`
			`var ErrInvalidPubKey = errors.New("public key has invalid format")`
			`var ErrCiphertextLength = errors.New("ciphertext has the wrong length")`
			`var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window")`

			`func TouchStone(ch ClientHello, sta State) (UID []byte, sessionID uint32, proxyMethod string, encryptionMethod byte, sharedSecret []byte, err error) {`
Remove reundancy and fix a race 2019-01-19 19:30:32 +00:00
Refactor usedrandom 2019-08-03 10:49:05 +00:00			`if sta.registerRandom(ch.random) {`
Improve logging 2019-08-02 14:45:33 +00:00			`err = ErrReplay`
Add optional encryption 2019-06-09 11:05:41 +00:00			`return`
Untested server 2018-10-09 15:07:54 +00:00			`}`

Refactor usedrandom 2019-08-03 10:49:05 +00:00			`ephPub, ok := ecdh.Unmarshal(ch.random)`
TLS1.3 2019-08-02 00:01:19 +00:00			`if !ok {`
Improve logging 2019-08-02 14:45:33 +00:00			`err = ErrInvalidPubKey`
TLS1.3 2019-08-02 00:01:19 +00:00			`return`
			`}`
Change the protocol to solve sessionTicket inconsistency 2019-07-26 16:05:46 +00:00
TLS1.3 2019-08-02 00:01:19 +00:00			`sharedSecret = ecdh.GenerateSharedSecret(sta.staticPv, ephPub)`
Improve logging 2019-08-02 14:45:33 +00:00			`var keyShare []byte`
			`keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}])`
TLS1.3 2019-08-02 00:01:19 +00:00			`if err != nil {`
Add optional encryption 2019-06-09 11:05:41 +00:00			`return`
drop aes encryption of headers 2018-10-20 20:41:01 +00:00			`}`
Change the protocol to solve sessionTicket inconsistency 2019-07-26 16:05:46 +00:00
Improve logging 2019-08-02 14:45:33 +00:00			`ciphertext := append(ch.sessionId, keyShare...)`
TLS1.3 2019-08-02 00:01:19 +00:00			`if len(ciphertext) != 64 {`
Improve logging 2019-08-02 14:45:33 +00:00			`err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(ciphertext))`
TLS1.3 2019-08-02 00:01:19 +00:00			`return`
			`}`
Change the protocol to solve sessionTicket inconsistency 2019-07-26 16:05:46 +00:00
Improve logging 2019-08-02 14:45:33 +00:00			`var plaintext []byte`
Refactor usedrandom 2019-08-03 10:49:05 +00:00			`plaintext, err = util.AESGCMDecrypt(ch.random[0:12], sharedSecret, ciphertext)`
TLS1.3 2019-08-02 00:01:19 +00:00			`if err != nil {`
Use AES-GCM instead of CTR 2019-06-09 14:03:28 +00:00			`return`
			`}`
TLS1.3 2019-08-02 00:01:19 +00:00
			`UID = plaintext[0:16]`
			`proxyMethod = string(bytes.Trim(plaintext[16:28], "\x00"))`
			`encryptionMethod = plaintext[28]`
			`timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37]))`
			`if timestamp/int64(TIMESTAMP_WINDOW.Seconds()) != sta.Now().Unix()/int64(TIMESTAMP_WINDOW.Seconds()) {`
Improve logging 2019-08-02 14:45:33 +00:00			`err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp)`
Add optional encryption 2019-06-09 11:05:41 +00:00			`return`
Untested server 2018-10-09 15:07:54 +00:00			`}`
TLS1.3 2019-08-02 00:01:19 +00:00			`sessionID = binary.BigEndian.Uint32(plaintext[37:41])`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`return`
Untested server 2018-10-09 15:07:54 +00:00			`}`