Merge pull request #359 from 9seconds/fix-android

Fix android ping

mtglib/internal/tls/fake/server_side.go

@@ -7,15 +7,17 @@ import (
 	"crypto/sha256"
 	"encoding/binary"
 	"io"
+	"math"
+	rnd "math/rand/v2"
 
+	"github.com/9seconds/mtg/v2/mtglib/internal/doppel"
 	"github.com/9seconds/mtg/v2/mtglib/internal/tls"
 	"golang.org/x/crypto/curve25519"
 )
 
 const (
 	TypeHandshakeServer = 0x02
-
-	ChangeCipherValue = 0x01
+	ChangeCipherValue   = 0x01
 
 	EllipticCurveLen = 32
 )
@@ -32,27 +34,24 @@ var serverHelloSuffix = []byte{
 	0x00, 0x20, // 32 bytes of key
 }
 
-func SendServerHello(w io.Writer, secret []byte, clientHello *ClientHello) ([]byte, error) {
+func SendServerHello(w io.Writer, secret []byte, clientHello *ClientHello) error {
 	buf := &bytes.Buffer{}
 	buf.Grow(tls.MaxRecordSize)
 
 	generateServerHello(buf, clientHello)
 	generateChangeCipherValue(buf)
-
-	noise := &bytes.Buffer{}
-	generateNoise(noise)
+	generateNoise(buf)
 
 	packet := buf.Bytes()
 	digest := hmac.New(sha256.New, secret)
 
 	digest.Write(clientHello.Random[:])
 	digest.Write(packet)
-	digest.Write(noise.Bytes())
 	copy(packet[RandomOffset:], digest.Sum(nil))
 
 	_, err := w.Write(packet)
 
-	return noise.Bytes()[tls.SizeHeader:], err
+	return err
 }
 
 func generateServerHello(buf *bytes.Buffer, hello *ClientHello) {
@@ -128,7 +127,8 @@ func generateChangeCipherValue(buf *bytes.Buffer) {
 }
 
 func generateNoise(buf *bytes.Buffer) {
-	data := [1369]byte{}
+	minSize := int(math.Round(0.75 * float64(doppel.TLSRecordSizeMax)))
+	data := make([]byte, minSize+rnd.IntN(doppel.TLSRecordSizeMax-minSize))
 
 	if _, err := rand.Read(data[:]); err != nil {
 		panic(err)

mtglib/internal/tls/fake/server_side_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/9seconds/mtg/v2/mtglib"
+	"github.com/9seconds/mtg/v2/mtglib/internal/doppel"
 	"github.com/9seconds/mtg/v2/mtglib/internal/tls"
 	"github.com/9seconds/mtg/v2/mtglib/internal/tls/fake"
 	"github.com/stretchr/testify/suite"
@@ -38,7 +39,7 @@ func (suite *SendServerHelloTestSuite) SetupTest() {
 }
 
 func (suite *SendServerHelloTestSuite) TestRecordStructure() {
-	noise, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
 	suite.NoError(err)
 
 	var rec bytes.Buffer
@@ -53,14 +54,18 @@ func (suite *SendServerHelloTestSuite) TestRecordStructure() {
 	suite.NoError(err)
 	suite.Equal(byte(tls.TypeChangeCipherSpec), recordType)
 
-	suite.Empty(suite.buf.Bytes())
+	rec.Reset()
 
-	// noise is raw payload without TLS record header
-	suite.Len(noise, 1369)
+	recordType, length, err := tls.ReadRecord(suite.buf, &rec)
+	suite.NoError(err)
+	suite.Equal(byte(tls.TypeApplicationData), recordType)
+	suite.Greater(length, int64(doppel.TLSRecordSizeStart))
+
+	suite.Empty(suite.buf.Bytes())
 }
 
 func (suite *SendServerHelloTestSuite) TestHMAC() {
-	noise, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
 	suite.NoError(err)
 
 	packet := make([]byte, suite.buf.Len())
@@ -74,18 +79,11 @@ func (suite *SendServerHelloTestSuite) TestHMAC() {
 	mac.Write(suite.hello.Random[:])
 	mac.Write(packet)
 
-	// HMAC is computed over the full noise TLS record (with header),
-	// but SendServerHello returns noise without the header,
-	// so we reconstruct the full record.
-	var fullNoise bytes.Buffer
-	tls.WriteRecord(&fullNoise, noise) //nolint: errcheck
-	mac.Write(fullNoise.Bytes())
-
 	suite.Equal(random, mac.Sum(nil))
 }
 
 func (suite *SendServerHelloTestSuite) TestHandshakePayload() {
-	_, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
 	suite.NoError(err)
 
 	packet := suite.buf.Bytes()
@@ -107,7 +105,7 @@ func (suite *SendServerHelloTestSuite) TestHandshakePayload() {
 }
 
 func (suite *SendServerHelloTestSuite) TestChangeCipherSpec() {
-	_, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
+	err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
 	suite.NoError(err)
 
 	// Skip first record

mtglib/proxy.go

@@ -78,8 +78,7 @@ func (p *Proxy) ServeConn(conn essentials.Conn) {
 		ctx.logger.Info("Stream has been finished")
 	}()
 
-	noise, ok := p.doFakeTLSHandshake(ctx)
-	if !ok {
+	if !p.doFakeTLSHandshake(ctx) {
 		return
 	}
 
@@ -90,11 +89,6 @@ func (p *Proxy) ServeConn(conn essentials.Conn) {
 	}
 	defer clientConn.Stop()
 
-	if _, err := clientConn.SyncWrite(noise); err != nil {
-		ctx.logger.InfoError("cannot send the first packet", err)
-		return
-	}
-
 	ctx.clientConn = clientConn
 
 	if err := p.doObfuscatedHandshake(ctx); err != nil {
@@ -176,7 +170,7 @@ func (p *Proxy) Shutdown() {
 	p.blocklist.Shutdown()
 }
 
-func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) ([]byte, bool) {
+func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) bool {
 	rewind := newConnRewind(ctx.clientConn)
 
 	clientHello, err := fake.ReadClientHello(
@@ -188,25 +182,24 @@ func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) ([]byte, bool) {
 	if err != nil {
 		p.logger.InfoError("cannot read client hello", err)
 		p.doDomainFronting(ctx, rewind)
-		return nil, false
+		return false
 	}
 
 	if p.antiReplayCache.SeenBefore(clientHello.SessionID) {
 		p.logger.Warning("replay attack has been detected!")
 		p.eventStream.Send(p.ctx, NewEventReplayAttack(ctx.streamID))
 		p.doDomainFronting(ctx, rewind)
-		return nil, false
+		return false
 	}
 
-	noise, err := fake.SendServerHello(ctx.clientConn, p.secret.Key[:], clientHello)
-	if err != nil {
+	if err := fake.SendServerHello(ctx.clientConn, p.secret.Key[:], clientHello); err != nil {
 		p.logger.InfoError("cannot send welcome packet", err)
-		return nil, false
+		return false
 	}
 
 	ctx.clientConn = tls.New(ctx.clientConn, true, false)
 
-	return noise, true
+	return true
 }
 
 func (p *Proxy) doObfuscatedHandshake(ctx *streamContext) error {