ei
/
mtg
зеркало из https://github.com/9seconds/mtg
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Релизы 48 Вики Активность
Просмотр исходного кода

Fix android ping

tags/v2.2.0^2^2
9seconds 1 месяц назад
Родитель
6d8d2961e8
Сommit
45b0964afd
3 измененных файлов: 21 добавлений и 34 удалений
Единый вид Показать статистику Diff
  1. 3
    6
      mtglib/internal/tls/fake/server_side.go
  2. 11
    14
      mtglib/internal/tls/fake/server_side_test.go
  3. 7
    14
      mtglib/proxy.go

+ 3
- 6
mtglib/internal/tls/fake/server_side.go Просмотреть файл

32 
 	0x00, 0x20, // 32 bytes of key
 32 
 	0x00, 0x20, // 32 bytes of key
33 
 }
 33 
 }
34
34
35 
-func SendServerHello(w io.Writer, secret []byte, clientHello *ClientHello) ([]byte, error) {
35 
+func SendServerHello(w io.Writer, secret []byte, clientHello *ClientHello) error {
36 
 	buf := &bytes.Buffer{}
 36 
 	buf := &bytes.Buffer{}
37 
 	buf.Grow(tls.MaxRecordSize)
 37 
 	buf.Grow(tls.MaxRecordSize)
38
38
39 
 	generateServerHello(buf, clientHello)
 39 
 	generateServerHello(buf, clientHello)
40 
 	generateChangeCipherValue(buf)
 40 
 	generateChangeCipherValue(buf)
41 
-
42 
-	noise := &bytes.Buffer{}
43 
-	generateNoise(noise)
41 
+	generateNoise(buf)
44
42
45 
 	packet := buf.Bytes()
 43 
 	packet := buf.Bytes()
46 
 	digest := hmac.New(sha256.New, secret)
 44 
 	digest := hmac.New(sha256.New, secret)
47
45
48 
 	digest.Write(clientHello.Random[:])
 46 
 	digest.Write(clientHello.Random[:])
49 
 	digest.Write(packet)
 47 
 	digest.Write(packet)
50 
-	digest.Write(noise.Bytes())
51 
 	copy(packet[RandomOffset:], digest.Sum(nil))
 48 
 	copy(packet[RandomOffset:], digest.Sum(nil))
52
49
53 
 	_, err := w.Write(packet)
 50 
 	_, err := w.Write(packet)
54
51
55 
-	return noise.Bytes()[tls.SizeHeader:], err
52 
+	return err
56 
 }
 53 
 }
57
54
58 
 func generateServerHello(buf *bytes.Buffer, hello *ClientHello) {
 55 
 func generateServerHello(buf *bytes.Buffer, hello *ClientHello) {

+ 11
- 14
mtglib/internal/tls/fake/server_side_test.go Просмотреть файл

38 
 }
 38 
 }
39
39
40 
 func (suite *SendServerHelloTestSuite) TestRecordStructure() {
 40 
 func (suite *SendServerHelloTestSuite) TestRecordStructure() {
41 
-	noise, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
41 
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
42 
 	suite.NoError(err)
 42 
 	suite.NoError(err)
43
43
44 
 	var rec bytes.Buffer
 44 
 	var rec bytes.Buffer
53 
 	suite.NoError(err)
 53 
 	suite.NoError(err)
54 
 	suite.Equal(byte(tls.TypeChangeCipherSpec), recordType)
 54 
 	suite.Equal(byte(tls.TypeChangeCipherSpec), recordType)
55
55
56 
-	suite.Empty(suite.buf.Bytes())
56 
+	rec.Reset()
57
57
58 
-	// noise is raw payload without TLS record header
59 
-	suite.Len(noise, 1369)
58 
+	recordType, length, err := tls.ReadRecord(suite.buf, &rec)
59 
+	suite.NoError(err)
60 
+	suite.Equal(byte(tls.TypeApplicationData), recordType)
61 
+	suite.Equal(int64(1369), length)
62 
+
63 
+	suite.Empty(suite.buf.Bytes())
60 
 }
 64 
 }
61
65
62 
 func (suite *SendServerHelloTestSuite) TestHMAC() {
 66 
 func (suite *SendServerHelloTestSuite) TestHMAC() {
63 
-	noise, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
67 
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
64 
 	suite.NoError(err)
 68 
 	suite.NoError(err)
65
69
66 
 	packet := make([]byte, suite.buf.Len())
 70 
 	packet := make([]byte, suite.buf.Len())
74 
 	mac.Write(suite.hello.Random[:])
 78 
 	mac.Write(suite.hello.Random[:])
75 
 	mac.Write(packet)
 79 
 	mac.Write(packet)
76
80
77 
-	// HMAC is computed over the full noise TLS record (with header),
78 
-	// but SendServerHello returns noise without the header,
79 
-	// so we reconstruct the full record.
80 
-	var fullNoise bytes.Buffer
81 
-	tls.WriteRecord(&fullNoise, noise) //nolint: errcheck
82 
-	mac.Write(fullNoise.Bytes())
83 
-
84 
 	suite.Equal(random, mac.Sum(nil))
 81 
 	suite.Equal(random, mac.Sum(nil))
85 
 }
 82 
 }
86
83
87 
 func (suite *SendServerHelloTestSuite) TestHandshakePayload() {
 84 
 func (suite *SendServerHelloTestSuite) TestHandshakePayload() {
88 
-	_, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
85 
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
89 
 	suite.NoError(err)
 86 
 	suite.NoError(err)
90
87
91 
 	packet := suite.buf.Bytes()
 88 
 	packet := suite.buf.Bytes()
107 
 }
 104 
 }
108
105
109 
 func (suite *SendServerHelloTestSuite) TestChangeCipherSpec() {
 106 
 func (suite *SendServerHelloTestSuite) TestChangeCipherSpec() {
110 
-	_, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
107 
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
111 
 	suite.NoError(err)
 108 
 	suite.NoError(err)
112
109
113 
 	// Skip first record
 110 
 	// Skip first record

+ 7
- 14
mtglib/proxy.go Просмотреть файл

78 
 		ctx.logger.Info("Stream has been finished")
 78 
 		ctx.logger.Info("Stream has been finished")
79 
 	}()
 79 
 	}()
80
80
81 
-	noise, ok := p.doFakeTLSHandshake(ctx)
82 
-	if !ok {
81 
+	if !p.doFakeTLSHandshake(ctx) {
83 
 		return
 82 
 		return
84 
 	}
 83 
 	}
85
84
90 
 	}
 89 
 	}
91 
 	defer clientConn.Stop()
 90 
 	defer clientConn.Stop()
92
91
93 
-	if _, err := clientConn.SyncWrite(noise); err != nil {
94 
-		ctx.logger.InfoError("cannot send the first packet", err)
95 
-		return
96 
-	}
97 
-
98 
 	ctx.clientConn = clientConn
 92 
 	ctx.clientConn = clientConn
99
93
100 
 	if err := p.doObfuscatedHandshake(ctx); err != nil {
 94 
 	if err := p.doObfuscatedHandshake(ctx); err != nil {
176 
 	p.blocklist.Shutdown()
 170 
 	p.blocklist.Shutdown()
177 
 }
 171 
 }
178
172
179 
-func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) ([]byte, bool) {
173 
+func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) bool {
180 
 	rewind := newConnRewind(ctx.clientConn)
 174 
 	rewind := newConnRewind(ctx.clientConn)
181
175
182 
 	clientHello, err := fake.ReadClientHello(
 176 
 	clientHello, err := fake.ReadClientHello(
188 
 	if err != nil {
 182 
 	if err != nil {
189 
 		p.logger.InfoError("cannot read client hello", err)
 183 
 		p.logger.InfoError("cannot read client hello", err)
190 
 		p.doDomainFronting(ctx, rewind)
 184 
 		p.doDomainFronting(ctx, rewind)
191 
-		return nil, false
185 
+		return false
192 
 	}
 186 
 	}
193
187
194 
 	if p.antiReplayCache.SeenBefore(clientHello.SessionID) {
 188 
 	if p.antiReplayCache.SeenBefore(clientHello.SessionID) {
195 
 		p.logger.Warning("replay attack has been detected!")
 189 
 		p.logger.Warning("replay attack has been detected!")
196 
 		p.eventStream.Send(p.ctx, NewEventReplayAttack(ctx.streamID))
 190 
 		p.eventStream.Send(p.ctx, NewEventReplayAttack(ctx.streamID))
197 
 		p.doDomainFronting(ctx, rewind)
 191 
 		p.doDomainFronting(ctx, rewind)
198 
-		return nil, false
192 
+		return false
199 
 	}
 193 
 	}
200
194
201 
-	noise, err := fake.SendServerHello(ctx.clientConn, p.secret.Key[:], clientHello)
202 
-	if err != nil {
195 
+	if err := fake.SendServerHello(ctx.clientConn, p.secret.Key[:], clientHello); err != nil {
203 
 		p.logger.InfoError("cannot send welcome packet", err)
 196 
 		p.logger.InfoError("cannot send welcome packet", err)
204 
-		return nil, false
197 
+		return false
205 
 	}
 198 
 	}
206
199
207 
 	ctx.clientConn = tls.New(ctx.clientConn, true, false)
 200 
 	ctx.clientConn = tls.New(ctx.clientConn, true, false)
208
201
209 
-	return noise, true
202 
+	return true
210 
 }
 203 
 }
211
204
212 
 func (p *Proxy) doObfuscatedHandshake(ctx *streamContext) error {
 205 
 func (p *Proxy) doObfuscatedHandshake(ctx *streamContext) error {

Редактирование Предпросмотр
Загрузка…
Отмена
Сохранить