ipn/wg: proton as rpn

Author: ignoramous

intra/backend/ipn_proxies.go

@@ -16,6 +16,7 @@ const ( // see ipn/proxies.go
 	Auto     = "Auto"         // auto uses ipn.Exit or any of the RPN proxies
 	RpnWg    = WG + "w" + RPN // RPN Warp
 	RpnAmz   = WG + "a" + RPN // RPN Amnezia
+	RpnPro   = WG + "p" + RPN // RPN Proton
 	RpnWs    = PIPWS + RPN    // RPN WebSockets
 	RpnH2    = PIPH2 + RPN    // RPN HTTP/2
 	Rpn64    = NAT64 + RPN    // RPN Exit hopping over NAT64
@@ -61,16 +62,22 @@ type Rpn interface {
 	RegisterSE() error
 	// RegisterAmnezia registers a new Amnezia installation.
 	RegisterAmnezia(publicKeyBase64 string) (json []byte, err error)
+	// RegisterProton registers a new Proton installation.
+	RegisterProton(existingStateJson []byte, serversFile string) (json []byte, err error)
 	// TestWarp connects to some Warp IPs and returns reachable ones.
 	TestWarp() (ips string, errs error)
 	// TestAmnezia connects to the Amnezia gateway and returns its IP if reachable.
 	TestAmnezia() (ips string, errs error)
+	// TestProton connects to the Proton gateway and returns its IP if reachable.
+	TestProton() (ips string, errs error)
 	// TestSE connects to some SurfEasy IPs and returns reachable ones.
 	TestSE() (ips string, errs error)
 	// TestExit64 connects to public NAT64 endpoints and returns reachable ones.
 	TestExit64() (ips string, errs error)
 	// Warp returns a RpnWg proxy.
 	Warp() (wg Proxy, err error)
+	// Proton returns a Proton WireGuard proxy.
+	Proton() (wg Proxy, err error)
 	// Amnezia returns a Amnezia WireGuard proxy.
 	Amnezia() (awg Proxy, err error)
 	// Pip returns a RpnWs proxy.

intra/backend/ipn_wgkeygen.go

@@ -14,6 +14,7 @@
 package backend
 
 import (
+	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/subtle"
 	"encoding/base64"
@@ -26,7 +27,7 @@ import (
 
 // from: github.com/WireGuard/wireguard-windows/blob/dcc0eb72a/conf/parser.go#L121
 
-const klen = 32
+const klen = ed25519.SeedSize
 
 type (
 	eckey [klen]byte
@@ -83,6 +84,12 @@ func NewWgPrivateKey() (WgKey, error) {
 	return k, nil
 }
 
+func NewWgPrivateKeyFrom(k [klen]byte) WgKey {
+	k[0] &= 248
+	k[31] = (k[31] & 127) | 64
+	return (*eckey)(&k)
+}
+
 func parseKeyBase64(s string) (*eckey, error) {
 	k, err := base64.StdEncoding.DecodeString(s)
 	if err != nil {

intra/core/sched.go

@@ -0,0 +1,71 @@
+// Copyright (c) 2024 RethinkDNS and its authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package core
+
+import (
+	"context"
+	"errors"
+	"sync"
+	"time"
+)
+
+var errNewJob = errors.New("sched: replaced by newer job")
+
+type Job func() error
+
+type ctl struct {
+	who    context.Context
+	cancel context.CancelCauseFunc
+}
+
+type Scheduler struct {
+	ctx context.Context
+
+	mu     sync.Mutex
+	jobctl map[string]*ctl
+}
+
+func NewScheduler(ctx context.Context) *Scheduler {
+	return &Scheduler{
+		ctx:    ctx,
+		jobctl: make(map[string]*ctl),
+	}
+}
+
+// At runs f at time t; accepts a Context to cancel it.
+func (s *Scheduler) At(id string, t time.Time, f Job) context.Context {
+	s.mu.Lock()
+	ctx, done := context.WithCancelCause(s.ctx)
+	if c := s.jobctl[id]; c != nil {
+		c.cancel(errNewJob) // dispose existing job
+	}
+	s.jobctl[id] = &ctl{who: ctx, cancel: done}
+	s.mu.Unlock()
+
+	Go("at."+id, func() {
+		var cause error
+
+		defer func() {
+			done(cause)
+			s.mu.Lock()
+			if c := s.jobctl[id]; c != nil && c.who == ctx {
+				delete(s.jobctl, id)
+			}
+			s.mu.Unlock()
+		}()
+
+		select {
+		case <-s.ctx.Done():
+			cause = s.ctx.Err()
+			return
+		case <-time.After(time.Until(t)):
+			cause = f()
+			return
+		}
+	})
+	return ctx
+}

intra/ipn/auto.go

@@ -74,6 +74,7 @@ func (h *auto) dial(network, local, remote string) (protect.Conn, error) {
 	exit, exerr := h.pxr.ProxyFor(Exit)
 	exit64, ex64err := h.pxr.ProxyFor(Rpn64)
 	warp, waerr := h.pxr.ProxyFor(RpnWg)
+	pro, proerr := h.pxr.ProxyFor(RpnPro)
 	amz, amzerr := h.pxr.ProxyFor(RpnAmz)
 	sep, seerr := h.pxr.ProxyFor(RpnSE)
 
@@ -104,6 +105,25 @@ func (h *auto) dial(network, local, remote string) (protect.Conn, error) {
 			return h.dialIfReachable(exit, network, local, remote)
 		}, func(ctx context.Context) (protect.Conn, error) {
 			const myidx = 1
+			if pro == nil { // exit must always be present
+				return nil, proerr
+			}
+			if recent {
+				if previdx != myidx {
+					return nil, errNotPinned
+				}
+				// ip pinned to this proxy
+				h.dialIfHealthy(pro, network, local, remote)
+			}
+
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+			case <-time.After(shortdelay * myidx): // 100ms
+			}
+			return h.dialIfReachable(pro, network, local, remote)
+		}, func(ctx context.Context) (protect.Conn, error) {
+			const myidx = 2
 			if warp == nil {
 				return nil, waerr
 			}
@@ -118,11 +138,11 @@ func (h *auto) dial(network, local, remote string) (protect.Conn, error) {
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
-			case <-time.After(shortdelay): // 100ms
+			case <-time.After(shortdelay * myidx): // 200ms
 			}
 			return h.dialIfHealthy(warp, network, local, remote)
 		}, func(ctx context.Context) (protect.Conn, error) {
-			const myidx = 2
+			const myidx = 3
 			if exit64 == nil {
 				return nil, ex64err
 			}
@@ -137,11 +157,11 @@ func (h *auto) dial(network, local, remote string) (protect.Conn, error) {
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
-			case <-time.After(shortdelay * 2): // 200ms
+			case <-time.After(shortdelay * myidx): // 300ms
 			}
 			return h.dialIfHealthy(exit64, network, local, remote)
 		}, func(ctx context.Context) (protect.Conn, error) {
-			const myidx = 3
+			const myidx = 4
 			if amz == nil {
 				return nil, amzerr
 			}
@@ -156,11 +176,11 @@ func (h *auto) dial(network, local, remote string) (protect.Conn, error) {
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
-			case <-time.After(shortdelay * 3): // 300ms
+			case <-time.After(shortdelay * myidx): // 400ms
 			}
 			return h.dialIfHealthy(amz, network, local, remote)
 		}, func(ctx context.Context) (protect.Conn, error) {
-			const myidx = 4
+			const myidx = 5
 			if sep == nil {
 				return nil, seerr
 			}
@@ -175,7 +195,7 @@ func (h *auto) dial(network, local, remote string) (protect.Conn, error) {
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
-			case <-time.After(shortdelay * 4): // 400ms
+			case <-time.After(shortdelay * myidx): // 500ms
 			}
 			return h.dialIfHealthy(sep, network, local, remote)
 		},
@@ -201,6 +221,7 @@ func (h *auto) Announce(network, local string) (protect.PacketConn, error) {
 
 	exit, exerr := h.pxr.ProxyFor(Exit)
 	warp, waerr := h.pxr.ProxyFor(RpnWg)
+	pro, proerr := h.pxr.ProxyFor(RpnPro)
 	amz, amzerr := h.pxr.ProxyFor(RpnAmz)
 
 	previdx, recent := h.exp.Get(local)
@@ -224,6 +245,24 @@ func (h *auto) Announce(network, local string) (protect.PacketConn, error) {
 			return h.announceIfHealthy(exit, network, local)
 		}, func(ctx context.Context) (protect.PacketConn, error) {
 			const myidx = 1
+			if pro == nil {
+				return nil, proerr
+			}
+			if recent {
+				if previdx != myidx {
+					return nil, errNotPinned
+				}
+				// ip pinned to this proxy
+				return h.announceIfHealthy(pro, network, local)
+			}
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+			case <-time.After(shortdelay * myidx): // 100ms
+			}
+			return h.announceIfHealthy(pro, network, local)
+		}, func(ctx context.Context) (protect.PacketConn, error) {
+			const myidx = 2
 			if warp == nil {
 				return nil, waerr
 			}
@@ -237,11 +276,11 @@ func (h *auto) Announce(network, local string) (protect.PacketConn, error) {
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
-			case <-time.After(shortdelay): // 100ms
+			case <-time.After(shortdelay * myidx): // 200ms
 			}
 			return h.announceIfHealthy(warp, network, local)
 		}, func(ctx context.Context) (protect.PacketConn, error) {
-			const myidx = 2
+			const myidx = 3
 			if amz == nil {
 				return nil, amzerr
 			}
@@ -255,7 +294,7 @@ func (h *auto) Announce(network, local string) (protect.PacketConn, error) {
 			select {
 			case <-ctx.Done():
 				return nil, ctx.Err()
-			case <-time.After(shortdelay * 2): // 200ms
+			case <-time.After(shortdelay * myidx): // 300ms
 			}
 			return h.announceIfHealthy(amz, network, local)
 		}, // seasy-proxy does not support udp?
@@ -286,7 +325,7 @@ func (h *auto) Probe(network, local string) (pc protect.PacketConn, err error) {
 	if h.status.Load() == END {
 		return nil, errProxyStopped
 	}
-	// todo: rpnwg, rpnamz
+	// todo: rpnwg, rpnamz, rpnpro
 	exit, err := h.pxr.ProxyFor(Exit)
 	if err == nil {
 		pc, err = exit.Dialer().Probe(network, local)
@@ -332,21 +371,24 @@ func (h *auto) Hop(p Proxy) error {
 		return errProxyStopped
 	}
 
-	var warp, sep, amz Proxy
-	var waerr, seerr, amzerr error
+	var warp, sep, amz, pro Proxy
+	var waerr, seerr, amzerr, proerr error
 	old := h.via.Tango(p)
 	if warp, waerr = h.pxr.ProxyFor(RpnWg); warp != nil {
-		warp.Hop(p)
+		waerr = warp.Hop(p)
+	}
+	if pro, proerr = h.pxr.ProxyFor(RpnPro); pro != nil {
+		proerr = pro.Hop(p)
 	}
 	if amz, amzerr = h.pxr.ProxyFor(RpnAmz); amz != nil {
-		amz.Hop(p)
+		amzerr = amz.Hop(p)
 	}
 	if sep, seerr = h.pxr.ProxyFor(RpnSE); sep != nil {
-		sep.Hop(p)
+		seerr = sep.Hop(p)
 	}
 
 	log.I("proxy: auto: hop(%s) => %s; errs? %v",
-		idhandle(old), idhandle(p), core.JoinErr(waerr, seerr, amzerr))
+		idhandle(old), idhandle(p), core.JoinErr(waerr, seerr, amzerr, proerr))
 	return nil
 }