|
|
@ -13,7 +13,7 @@ type Deobfser func([]byte) (*Frame, error)
|
|
|
|
var u32 = binary.BigEndian.Uint32
|
|
|
|
var u32 = binary.BigEndian.Uint32
|
|
|
|
var putU32 = binary.BigEndian.PutUint32
|
|
|
|
var putU32 = binary.BigEndian.PutUint32
|
|
|
|
|
|
|
|
|
|
|
|
const headerLen = 12
|
|
|
|
const HEADER_LEN = 12
|
|
|
|
|
|
|
|
|
|
|
|
func genXorKey(key, salt []byte) []byte {
|
|
|
|
func genXorKey(key, salt []byte) []byte {
|
|
|
|
h := sha1.New()
|
|
|
|
h := sha1.New()
|
|
|
@ -29,17 +29,22 @@ func xor(a []byte, b []byte) {
|
|
|
|
|
|
|
|
|
|
|
|
func MakeObfs(key []byte, algo Crypto) Obfser {
|
|
|
|
func MakeObfs(key []byte, algo Crypto) Obfser {
|
|
|
|
obfs := func(f *Frame) ([]byte, error) {
|
|
|
|
obfs := func(f *Frame) ([]byte, error) {
|
|
|
|
|
|
|
|
ret := make([]byte, 5+HEADER_LEN+len(f.Payload)+16)
|
|
|
|
|
|
|
|
recordLayer := ret[0:5]
|
|
|
|
|
|
|
|
header := ret[5 : 5+HEADER_LEN]
|
|
|
|
|
|
|
|
encryptedPayload := ret[5+HEADER_LEN:]
|
|
|
|
|
|
|
|
|
|
|
|
// header: [StreamID 4 bytes][Seq 4 bytes][Closing 1 byte][random 3 bytes]
|
|
|
|
// header: [StreamID 4 bytes][Seq 4 bytes][Closing 1 byte][random 3 bytes]
|
|
|
|
header := make([]byte, headerLen)
|
|
|
|
|
|
|
|
putU32(header[0:4], f.StreamID)
|
|
|
|
putU32(header[0:4], f.StreamID)
|
|
|
|
putU32(header[4:8], f.Seq)
|
|
|
|
putU32(header[4:8], f.Seq)
|
|
|
|
header[8] = f.Closing
|
|
|
|
header[8] = f.Closing
|
|
|
|
rand.Read(header[9:12])
|
|
|
|
rand.Read(header[9:12])
|
|
|
|
|
|
|
|
|
|
|
|
encryptedPayload, err := algo.encrypt(f.Payload, header)
|
|
|
|
ciphertext, err := algo.encrypt(f.Payload, header)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
copy(encryptedPayload, ciphertext)
|
|
|
|
|
|
|
|
|
|
|
|
cKey := make([]byte, len(key))
|
|
|
|
cKey := make([]byte, len(key))
|
|
|
|
copy(cKey, key)
|
|
|
|
copy(cKey, key)
|
|
|
@ -49,23 +54,18 @@ func MakeObfs(key []byte, algo Crypto) Obfser {
|
|
|
|
|
|
|
|
|
|
|
|
// Composing final obfsed message
|
|
|
|
// Composing final obfsed message
|
|
|
|
// We don't use util.AddRecordLayer here to avoid unnecessary malloc
|
|
|
|
// We don't use util.AddRecordLayer here to avoid unnecessary malloc
|
|
|
|
// TODO: allocate this in the beginning and do everything in place
|
|
|
|
recordLayer[0] = 0x17
|
|
|
|
obfsed := make([]byte, 5+headerLen+len(encryptedPayload))
|
|
|
|
recordLayer[1] = 0x03
|
|
|
|
obfsed[0] = 0x17
|
|
|
|
recordLayer[2] = 0x03
|
|
|
|
obfsed[1] = 0x03
|
|
|
|
binary.BigEndian.PutUint16(recordLayer[3:5], uint16(HEADER_LEN+len(encryptedPayload)))
|
|
|
|
obfsed[2] = 0x03
|
|
|
|
return ret, nil
|
|
|
|
binary.BigEndian.PutUint16(obfsed[3:5], uint16(headerLen+len(encryptedPayload)))
|
|
|
|
|
|
|
|
copy(obfsed[5:5+headerLen], header)
|
|
|
|
|
|
|
|
copy(obfsed[5+headerLen:], encryptedPayload)
|
|
|
|
|
|
|
|
// obfsed: [record layer 5 bytes][obfsedheader 12 bytes][payload]
|
|
|
|
|
|
|
|
return obfsed, nil
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return obfs
|
|
|
|
return obfs
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func MakeDeobfs(key []byte, algo Crypto) Deobfser {
|
|
|
|
func MakeDeobfs(key []byte, algo Crypto) Deobfser {
|
|
|
|
deobfs := func(in []byte) (*Frame, error) {
|
|
|
|
deobfs := func(in []byte) (*Frame, error) {
|
|
|
|
if len(in) < 5+headerLen+16 {
|
|
|
|
if len(in) < 5+HEADER_LEN+16 {
|
|
|
|
return nil, errors.New("Input cannot be shorter than 33 bytes")
|
|
|
|
return nil, errors.New("Input cannot be shorter than 33 bytes")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
peeled := in[5:]
|
|
|
|
peeled := in[5:]
|
|
|
|