Code cleanup and move stuff around

4 years ago · 4a81683e44
parent 6460aab0d4
commit 4a81683e44
17 changed files with 28 additions and 95 deletions
--- a/cmd/ck-server/keygen.go
+++ b/cmd/ck-server/keygen.go
@ -3,13 +3,13 @@ package main
 import (
 	"crypto/rand"
 	"encoding/base64"
+	"github.com/cbeuw/Cloak/internal/common"
 	"github.com/cbeuw/Cloak/internal/ecdh"
-	"github.com/cbeuw/Cloak/internal/util"
 )

 func generateUID() string {
 	UID := make([]byte, 16)
-	util.CryptoRandRead(UID)
+	common.CryptoRandRead(UID)
 	return base64.StdEncoding.EncodeToString(UID)
 }

--- a/internal/client/TLS.go
+++ b/internal/client/TLS.go
@ -3,7 +3,6 @@ package client
 import (
 	"encoding/binary"
 	"github.com/cbeuw/Cloak/internal/common"
-	"github.com/cbeuw/Cloak/internal/util"
 	log "github.com/sirupsen/logrus"
 	"net"
 )
@ -84,7 +83,7 @@ func (tls *DirectTLS) Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey
 	encrypted := append(buf[6:38], buf[84:116]...)
 	nonce := encrypted[0:12]
 	ciphertextWithTag := encrypted[12:60]
-	sessionKeySlice, err := util.AESGCMDecrypt(nonce, sharedSecret[:], ciphertextWithTag)
+	sessionKeySlice, err := common.AESGCMDecrypt(nonce, sharedSecret[:], ciphertextWithTag)
 	if err != nil {
 		return
 	}
--- a/internal/client/auth.go
+++ b/internal/client/auth.go
@ -2,8 +2,8 @@ package client

 import (
 	"encoding/binary"
+	"github.com/cbeuw/Cloak/internal/common"
 	"github.com/cbeuw/Cloak/internal/ecdh"
-	"github.com/cbeuw/Cloak/internal/util"
 )

 const (
@ -41,7 +41,7 @@ func makeAuthenticationPayload(authInfo AuthInfo) (ret authenticationPayload, sh
 	}

 	copy(sharedSecret[:], ecdh.GenerateSharedSecret(ephPv, authInfo.ServerPubKey))
-	ciphertextWithTag, _ := util.AESGCMEncrypt(ret.randPubKey[:12], sharedSecret[:], plaintext)
+	ciphertextWithTag, _ := common.AESGCMEncrypt(ret.randPubKey[:12], sharedSecret[:], plaintext)
 	copy(ret.ciphertextWithTag[:], ciphertextWithTag[:])
 	return
 }
--- a/internal/client/chrome.go
+++ b/internal/client/chrome.go
@ -5,7 +5,7 @@ package client
 import (
 	"encoding/binary"
 	"encoding/hex"
-	"github.com/cbeuw/Cloak/internal/util"
+	"github.com/cbeuw/Cloak/internal/common"
 )

 type Chrome struct{}
@ -14,7 +14,7 @@ func makeGREASE() []byte {
 	// see https://tools.ietf.org/html/draft-davidben-tls-grease-01
 	// This is exclusive to Chrome.
 	var one [1]byte
-	util.CryptoRandRead(one[:])
+	common.CryptoRandRead(one[:])
 	sixteenth := one[0] % 16
 	monoGREASE := sixteenth*16 + 0xA
 	doubleGREASE := []byte{monoGREASE, monoGREASE}
--- a/internal/client/connector.go
+++ b/internal/client/connector.go
@ -9,7 +9,6 @@ import (
 	"time"

 	mux "github.com/cbeuw/Cloak/internal/multiplex"
-	"github.com/cbeuw/Cloak/internal/util"
 	log "github.com/sirupsen/logrus"
 )

@ -20,7 +19,7 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D
 		// sessionID is usergenerated. There shouldn't be a security concern because the scope of
 		// sessionID is limited to its UID.
 		quad := make([]byte, 4)
-		util.RandRead(authInfo.WorldState.Rand, quad)
+		common.RandRead(authInfo.WorldState.Rand, quad)
 		authInfo.SessionId = binary.BigEndian.Uint32(quad)
 	} else {
 		authInfo.SessionId = 0
--- a/internal/client/firefox.go
+++ b/internal/client/firefox.go
@ -5,7 +5,7 @@ package client
 import (
 	"encoding/binary"
 	"encoding/hex"
-	"github.com/cbeuw/Cloak/internal/util"
+	"github.com/cbeuw/Cloak/internal/common"
 )

 type Firefox struct{}
@ -19,7 +19,7 @@ func (f *Firefox) composeExtensions(SNI []byte, keyShare []byte) []byte {
 		copy(ret[6:38], hidden)
 		ret[38], ret[39] = 0x00, 0x17 // group secp256r1
 		ret[40], ret[41] = 0x00, 0x41 // length 65
-		util.CryptoRandRead(ret[42:107])
+		common.CryptoRandRead(ret[42:107])
 		return ret
 	}
 	// extension length is always 399, and server name length is variable
--- a/internal/client/websocket.go
+++ b/internal/client/websocket.go
@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"github.com/cbeuw/Cloak/internal/common"
-	"github.com/cbeuw/Cloak/internal/util"
 	"github.com/gorilla/websocket"
 	utls "github.com/refraction-networking/utls"
 	"net"
@ -55,7 +54,7 @@ func (ws *WSOverTLS) Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey
 	}

 	reply := buf[:60]
-	sessionKeySlice, err := util.AESGCMDecrypt(reply[:12], sharedSecret[:], reply[12:])
+	sessionKeySlice, err := common.AESGCMDecrypt(reply[:12], sharedSecret[:], reply[12:])
 	if err != nil {
 		return
 	}
--- a/internal/common/copy.go
+++ b/internal/common/copy.go
@ -53,20 +53,8 @@ func Copy(dst net.Conn, src net.Conn, srcReadTimeout time.Duration) (written int
 		return rt.ReadFrom(src)
 	}

-	//if buf == nil {
 	size := 32 * 1024
-	/*
-		if l, ok := src.(*LimitedReader); ok && int64(size) > l.N {
-			if l.N < 1 {
-				size = 1
-			} else {
-				size = int(l.N)
-			}
-		}
-
-	*/
 	buf := make([]byte, size)
-	//}
 	for {
 		if srcReadTimeout != 0 {
 			// TODO: don't rely on setreaddeadline
--- a/internal/common/crypto.go
+++ b/internal/common/crypto.go
@ -1,4 +1,4 @@
-package util
+package common

 import (
 	"crypto/aes"
@ -60,30 +60,3 @@ func RandRead(randSource io.Reader, buf []byte) {
 	}
 	log.Fatal("Cannot get cryptographic random bytes after 10 retries")
 }
-
-/*
-func Pipe(dst net.Conn, src net.Conn, srcReadTimeout time.Duration) {
-	// The maximum size of TLS message will be 16380+14+16. 14 because of the stream header and 16
-	// because of the salt/mac
-	// 16408 is the max TLS message size on Firefox
-	buf := make([]byte, 16378)
-	for {
-		if srcReadTimeout != 0 {
-			src.SetReadDeadline(time.Now().Add(srcReadTimeout))
-		}
-		i, err := io.ReadAtLeast(src, buf, 1)
-		if err != nil {
-			dst.Close()
-			src.Close()
-			return
-		}
-		_, err = dst.Write(buf[:i])
-		if err != nil {
-			dst.Close()
-			src.Close()
-			return
-		}
-	}
-}
-
-*/
--- a/internal/multiplex/obfs.go
+++ b/internal/multiplex/obfs.go
@ -6,7 +6,7 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
-	"github.com/cbeuw/Cloak/internal/util"
+	"github.com/cbeuw/Cloak/internal/common"
 	"golang.org/x/crypto/chacha20poly1305"
 	"golang.org/x/crypto/salsa20"
 )
@ -78,7 +78,7 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser {
 		if payloadCipher == nil {
 			if extraLen != 0 { // read nonce
 				extra := buf[usefulLen-extraLen : usefulLen]
-				util.CryptoRandRead(extra)
+				common.CryptoRandRead(extra)
 			}
 		} else {
 			payloadCipher.Seal(payload[:0], header[:12], payload, nil)
--- a/internal/multiplex/session.go
+++ b/internal/multiplex/session.go
@ -3,7 +3,7 @@ package multiplex
 import (
 	"errors"
 	"fmt"
-	"github.com/cbeuw/Cloak/internal/util"
+	"github.com/cbeuw/Cloak/internal/common"
 	"net"
 	"sync"
 	"sync/atomic"
@ -252,9 +252,9 @@ func (sesh *Session) passiveClose() error {

 func genRandomPadding() []byte {
 	lenB := make([]byte, 1)
-	util.CryptoRandRead(lenB)
+	common.CryptoRandRead(lenB)
 	pad := make([]byte, lenB[0])
-	util.CryptoRandRead(pad)
+	common.CryptoRandRead(pad)
 	return pad
 }

--- a/internal/server/TLS.go
+++ b/internal/server/TLS.go
@ -6,7 +6,6 @@ import (
 	"fmt"
 	"github.com/cbeuw/Cloak/internal/common"
 	"github.com/cbeuw/Cloak/internal/ecdh"
-	"github.com/cbeuw/Cloak/internal/util"
 	"io"
 	"math/rand"
 	"net"
@ -48,11 +47,11 @@ func (TLS) makeResponder(clientHelloSessionId []byte, sharedSecret [32]byte) Res
 		possibleCertLengths := []int{42, 27, 68, 59, 36, 44, 46}
 		rand.Seed(int64(sessionKey[0]))
 		cert := make([]byte, possibleCertLengths[rand.Intn(len(possibleCertLengths))])
-		util.RandRead(randSource, cert)
+		common.RandRead(randSource, cert)

 		var nonce [12]byte
-		util.RandRead(randSource, nonce[:])
-		encryptedSessionKey, err := util.AESGCMEncrypt(nonce[:], sharedSecret[:], sessionKey[:])
+		common.RandRead(randSource, nonce[:])
+		encryptedSessionKey, err := common.AESGCMEncrypt(nonce[:], sharedSecret[:], sessionKey[:])
 		if err != nil {
 			return
 		}
--- a/internal/server/TLSAux.go
+++ b/internal/server/TLSAux.go
@ -6,7 +6,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/cbeuw/Cloak/internal/util"
+	"github.com/cbeuw/Cloak/internal/common"
 )

 // ClientHello contains every field in a ClientHello message
@ -176,7 +176,7 @@ func composeServerHello(sessionId []byte, nonce [12]byte, encryptedSessionKeyWit
 	keyShare, _ := hex.DecodeString("00330024001d0020")
 	keyExchange := make([]byte, 32)
 	copy(keyExchange, encryptedSessionKeyWithTag[20:48])
-	util.CryptoRandRead(keyExchange[28:32])
+	common.CryptoRandRead(keyExchange[28:32])
 	serverHello[9] = append(keyShare, keyExchange...)

 	serverHello[10], _ = hex.DecodeString("002b00020304")
--- a/internal/server/auth.go
+++ b/internal/server/auth.go
@ -5,7 +5,7 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
-	"github.com/cbeuw/Cloak/internal/util"
+	"github.com/cbeuw/Cloak/internal/common"
 	"time"

 	log "github.com/sirupsen/logrus"
@ -36,7 +36,7 @@ var ErrUnreconisedProtocol = errors.New("unreconised protocol")
 // decryptClientInfo checks if a the authFragments are valid. It doesn't check if the UID is authorised
 func decryptClientInfo(fragments authFragments, serverTime time.Time) (info ClientInfo, err error) {
 	var plaintext []byte
-	plaintext, err = util.AESGCMDecrypt(fragments.randPubKey[0:12], fragments.sharedSecret[:], fragments.ciphertextWithTag[:])
+	plaintext, err = common.AESGCMDecrypt(fragments.randPubKey[0:12], fragments.sharedSecret[:], fragments.ciphertextWithTag[:])
 	if err != nil {
 		return
 	}
--- a/internal/server/dispatcher.go
+++ b/internal/server/dispatcher.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/base64"
 	"github.com/cbeuw/Cloak/internal/common"
-	"github.com/cbeuw/Cloak/internal/util"
 	"io"
 	"net"
 	"net/http"
@ -77,7 +76,7 @@ func dispatchConnection(conn net.Conn, sta *State) {
 	}

 	var sessionKey [32]byte
-	util.RandRead(sta.WorldState.Rand, sessionKey[:])
+	common.RandRead(sta.WorldState.Rand, sessionKey[:])
 	obfuscator, err := mux.MakeObfuscator(ci.EncryptionMethod, sessionKey)
 	if err != nil {
 		log.Error(err)
--- a/internal/server/websocket.go
+++ b/internal/server/websocket.go
@ -7,8 +7,8 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"github.com/cbeuw/Cloak/internal/common"
 	"github.com/cbeuw/Cloak/internal/ecdh"
-	"github.com/cbeuw/Cloak/internal/util"
 	"io"
 	"net"
 	"net/http"
@ -49,10 +49,10 @@ func (WebSocket) makeResponder(reqPacket []byte, sharedSecret [32]byte) Responde
 		<-handler.finished
 		preparedConn = handler.conn
 		nonce := make([]byte, 12)
-		util.RandRead(randSource, nonce)
+		common.RandRead(randSource, nonce)

 		// reply: [12 bytes nonce][32 bytes encrypted session key][16 bytes authentication tag]
-		encryptedKey, err := util.AESGCMEncrypt(nonce, sharedSecret[:], sessionKey[:]) // 32 + 16 = 48 bytes
+		encryptedKey, err := common.AESGCMEncrypt(nonce, sharedSecret[:], sessionKey[:]) // 32 + 16 = 48 bytes
 		if err != nil {
 			err = fmt.Errorf("failed to encrypt reply: %v", err)
 			return
--- a/internal/util/util_test.go
+++ b/internal/util/util_test.go
@ -1,23 +0,0 @@
-package util
-
-/*
-func BenchmarkPipe(b *testing.B) {
-	reader := rand.New(rand.NewSource(42))
-	buf := make([]byte, 16380)
-	for i := 0; i < b.N; i++ {
-		n, err := io.ReadAtLeast(reader, buf, 1)
-		if err != nil {
-			b.Error(err)
-			return
-		}
-		n, err = ioutil.Discard.Write(buf[:n])
-		if err != nil {
-			b.Error(err)
-			return
-		}
-		b.SetBytes(int64(n))
-	}
-}
-
-
-*/