package server import ( "bytes" "crypto" "encoding/binary" "errors" "fmt" "github.com/cbeuw/Cloak/internal/ecdh" "github.com/cbeuw/Cloak/internal/util" "time" ) type ClientInfo struct { UID []byte SessionId uint32 ProxyMethod string EncryptionMethod byte Unordered bool } const ( UNORDERED_FLAG = 0x01 // 0000 0001 ) var ErrInvalidPubKey = errors.New("public key has invalid format") var ErrCiphertextLength = errors.New("ciphertext has the wrong length") var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window") // touchStone checks if a ClientHello came from a Cloak client by checking and decrypting the fields Cloak hides data in // It returns the ClientInfo, but it doesn't check if the UID is authorised func touchStone(ch *ClientHello, staticPv crypto.PrivateKey, now func() time.Time) (info ClientInfo, sharedSecret []byte, err error) { ephPub, ok := ecdh.Unmarshal(ch.random) if !ok { err = ErrInvalidPubKey return } sharedSecret = ecdh.GenerateSharedSecret(staticPv, ephPub) var keyShare []byte keyShare, err = parseKeyShare(ch.extensions[[2]byte{0x00, 0x33}]) if err != nil { return } ciphertext := append(ch.sessionId, keyShare...) if len(ciphertext) != 64 { err = fmt.Errorf("%v: %v", ErrCiphertextLength, len(ciphertext)) return } var plaintext []byte plaintext, err = util.AESGCMDecrypt(ch.random[0:12], sharedSecret, ciphertext) if err != nil { return } info = ClientInfo{ UID: plaintext[0:16], SessionId: 0, ProxyMethod: string(bytes.Trim(plaintext[16:28], "\x00")), EncryptionMethod: plaintext[28], Unordered: plaintext[41]&UNORDERED_FLAG != 0, } timestamp := int64(binary.BigEndian.Uint64(plaintext[29:37])) clientTime := time.Unix(timestamp, 0) serverTime := now() if !(clientTime.After(serverTime.Truncate(TIMESTAMP_TOLERANCE)) && clientTime.Before(serverTime.Add(TIMESTAMP_TOLERANCE))) { err = fmt.Errorf("%v: received timestamp %v", ErrTimestampOutOfWindow, timestamp) return } info.SessionId = binary.BigEndian.Uint32(plaintext[37:41]) return }