Prefix transport (#165)

* skeleton for prefix transport

* outline implementatiions for prefix / format transports

* add initial default supported prefixes

* proper labels for default prefixes

* add optional methods to obfuscate session hmacID using ECDHE+AES

* passing for min successful test. added XORObfs because collisions would cause N pubkey ops

* passing tests for all current prefixes

* failing base64 test

* prefixes with custom decode supported w/ GET base64 example

* apply updated version of client lib

* moved things around to accomodate privkey arg to transport construction

* prefix transport config and corner case handling

* move things around to accommodate pubkeys and client lib versions

* missed one update

* go mod updates for gotapdance/tapdance

* adding registrar overrides for prefix transport

* parsing and choosing from prefix list

* WIP regserver prefix_transport overrides

* passing tests for expected parsing behavior

* add lint ignore for legacy code using math/rand

* maybe complete prefix override

* partial integration into registration server pipeline

* prefix transport overrides complete, in theory, for now

* update gotapdance version

* crypto/ed25519 requires 64 byte [priv][pub] format or it panics

* more keysize issues 😑

* conform to new Client Transport interface

Author: jmwample

application/app_config.toml

@@ -1,12 +1,5 @@
 
-# Bool to enable or disable sharing of registrations over API when received over decoy registrar
-enable_share_over_api = false
-
-# REST endpoint to share decoy registrations.
-preshare_endpoint = ""
-
-# Name of abstract socket to bind proxy to
-socket_name = "zmq-proxy"
+## ------ Application General ------
 
 # Absolute path to private key to use when authenticating with servers.
 # Can be either privkey or privkey || pubkey; only first 32 bytes will
@@ -15,16 +8,16 @@ socket_name = "zmq-proxy"
 # the station will shutdown).
 privkey_path = ""
 
-# Time in milliseconds to wait between sending heartbeats.
-# Heartbeats are only sent when other traffic doesn't come through;
-# i.e. normal messages can "act" as a heartbeat by confirming
-# that the connection is alive.
-heartbeat_interval = 30000
+# Log level, one of the following: info, error, warn, debug, trace
+log_level = "error"
 
-# Time in milliseconds after sending a heartbeat to wait for
-# a response before the connection is assumed to be dead.
-heartbeat_timeout = 1000
+# Path to a file containing supplemental prefix specifications for the prefix transport.
+supplemental_prefix_path = ""
+
+# Do not include Default prefixes and rely entirely on the prefixes in supplemental_prefix_path
+disable_default_prefixes = false
 
+## ------ Liveness Probing ------
 
 # Duration that a phantom IP identified as "LIVE" using a liveness test is
 # cached, preventing further lookups to the address. Empty string disables
@@ -50,6 +43,7 @@ cache_expiration_nonlive = "5m"
 # cache will have finite capacity and implement LRU eviction.
 cache_capacity_nonlive = 0
 
+## ------ Registration / Connection Filters ------
 
 # Allow the station to opt out of either version of internet protocol to limit a
 # statio to handling one or the other. For example, v6 on small station deployment
@@ -98,15 +92,36 @@ detector_filter_list = [
     "::1",
 ]
 
-# Log level, one of the following: info, error, warn, debug, trace
-log_level = "error"
+## ------ GeoIP Info ------
 
 # MaxMind Database files - if empty then the Empty Geoip lookup will be used (effictvely disaling
 # lookup). The default path used by the maxmind geoiupdate tool is `/usr/local/share/GeoIP`.
 # repo - https://github.com/maxmind/geoipupdate/blob/main/pkg/geoipupdate/defaults_notwin.go#L15
 geoip_cc_db_path = ""
 geoip_asn_db_path = ""
 
+
+## ------ ZMQ ------
+
+# Bool to enable or disable sharing of registrations over API when received over decoy registrar
+enable_share_over_api = false
+
+# REST endpoint to share decoy registrations.
+preshare_endpoint = ""
+
+# Name of abstract socket to bind proxy to
+socket_name = "zmq-proxy"
+
+# Time in milliseconds to wait between sending heartbeats.
+# Heartbeats are only sent when other traffic doesn't come through;
+# i.e. normal messages can "act" as a heartbeat by confirming
+# that the connection is alive.
+heartbeat_interval = 30000
+
+# Time in milliseconds after sending a heartbeat to wait for
+# a response before the connection is assumed to be dead.
+heartbeat_timeout = 1000
+
 ### ZMQ sockets to connect to and subscribe
 
 ## Registration API

application/conns.go

@@ -93,7 +93,6 @@ func (cm *connManager) handleNewConn(regManager *cj.RegistrationManager, clientC
 		return
 	}
 
-	// TODO: if NOT mPort 443: just forward things and return
 	fdPtr := fd.Fd()
 	originalDstIP, err := getOriginalDst(fdPtr)
 	if err != nil {

application/lib/config.go

@@ -14,6 +14,15 @@ type Config struct {
 
 	// Log verbosity level
 	LogLevel string `toml:"log_level"`
+
+	// Path to private key file
+	PrivateKeyPath string `toml:"privkey_path"`
+
+	// PrefixFilePath provides a path to a file containing supported prefix specifications for the
+	// prefix transport.
+	// [TODO] refactor into a more general transport config object
+	PrefixFilePath         string `toml:"supplemental_prefix_path"`
+	DisableDefaultPrefixes bool   `toml:"disable_default_prefixes"`
 }
 
 // ParseConfig parses the config from the CJ_STATION_CONFIG environment
@@ -30,3 +39,31 @@ func ParseConfig() (*Config, error) {
 
 	return &c, nil
 }
+
+// PrivateKeyLength is the expected length of the station (ed25519) private key in bytes.
+const PrivateKeyLength = 32
+
+// ParsePrivateKey tries to use either the PrivateKeyPath (`privkey_path`) config variable or the
+// CJ_PRIVKEY environment variable to locate the file from which it can parse the station private key
+func (c *Config) ParsePrivateKey() ([32]byte, error) {
+	privkeyPath := c.PrivateKeyPath
+	if privkeyPath == "" {
+		privkeyPath = os.Getenv("CJ_PRIVKEY")
+	}
+	if privkeyPath == "" {
+		return [32]byte{}, fmt.Errorf("no path to private key")
+	}
+
+	privkey, err := os.ReadFile(privkeyPath)
+	if err != nil {
+		return [32]byte{}, fmt.Errorf("failed to load private key: %w", err)
+	}
+
+	if len(privkey) < PrivateKeyLength {
+		return [32]byte{}, fmt.Errorf("privkey error - not enough bytes")
+	}
+
+	var out [32]byte
+	copy(out[:], privkey[:])
+	return out, nil
+}

application/lib/conjure.go

@@ -1,7 +1,6 @@
 package lib
 
 import (
-	"crypto/hmac"
 	"crypto/sha256"
 	"io"
 
@@ -44,13 +43,15 @@ func generateObfs4Keys(rand io.Reader) (Obfs4Keys, error) {
 	return keys, err
 }
 
+// ConjureSharedKeys contains keys that the station is required to keep.
 type ConjureSharedKeys struct {
 	SharedSecret                                            []byte
 	FspKey, FspIv, VspKey, VspIv, MasterSecret, ConjureSeed []byte
 	Obfs4Keys                                               Obfs4Keys
 }
 
-func GenSharedKeys(sharedSecret []byte, tt pb.TransportType) (ConjureSharedKeys, error) {
+// GenSharedKeys generates the keys requires to form a Conjure connection based on the SharedSecret
+func GenSharedKeys(clientLibVer uint, sharedSecret []byte, tt pb.TransportType) (ConjureSharedKeys, error) {
 	tdHkdf := hkdf.New(sha256.New, sharedSecret, []byte("conjureconjureconjureconjure"), nil)
 	keys := ConjureSharedKeys{
 		SharedSecret: sharedSecret,
@@ -85,16 +86,6 @@ func GenSharedKeys(sharedSecret []byte, tt pb.TransportType) (ConjureSharedKeys,
 	if tt == pb.TransportType_Obfs4 {
 		keys.Obfs4Keys, err = generateObfs4Keys(tdHkdf)
 	}
-	return keys, err
-}
 
-// from client tapdance/conjure.go
-func conjureHMAC(key []byte, str string) []byte {
-	hash := hmac.New(sha256.New, key)
-	hash.Write([]byte(str))
-	return hash.Sum(nil)
-}
-
-func (k *ConjureSharedKeys) ConjureHMAC(str string) []byte {
-	return conjureHMAC(k.SharedSecret, str)
+	return keys, err
 }

application/lib/phantom_selector.go

@@ -10,6 +10,7 @@ import (
 	mrand "math/rand"
 	"net"
 	"sort"
+	"time"
 
 	wr "github.com/mroth/weightedrand"
 	"golang.org/x/crypto/hkdf"
@@ -45,6 +46,8 @@ func (sc *SubnetConfig) getSubnetsVarint(seed []byte, weighted bool) []string {
 			fmt.Println("failed to seed random for weighted rand")
 			return nil
 		}
+
+		// nolint:staticcheck // here for backwards compatibility with clients
 		mrand.Seed(seedInt)
 
 		choices := make([]wr.Choice, 0, len(sc.WeightedSubnets))
@@ -400,8 +403,11 @@ func SelectAddrFromSubnet(seed []byte, net1 *net.IPNet) (net.IP, error) {
 		return nil, fmt.Errorf("failed to create seed ")
 	}
 
+	// nolint:staticcheck // here for backwards compatibility with clients
 	mrand.Seed(seedInt)
 	randBytes := make([]byte, addrLen/8)
+
+	// nolint:staticcheck // here for backwards compatibility with clients
 	_, err := mrand.Read(randBytes)
 	if err != nil {
 		return nil, err
@@ -579,3 +585,9 @@ func (p *PhantomIPSelector) UpdateGeneration(generation uint, subnets *SubnetCon
 	p.Networks[generation] = subnets
 	return true
 }
+
+func init() {
+	// NOTE: math/rand is only used for backwards compatibility.
+	// nolint:staticcheck
+	mrand.Seed(time.Now().UnixNano())
+}

application/lib/proxies_test.go

@@ -24,6 +24,8 @@ import (
 var errNotExist = errors.New("not implemented")
 
 // under construction - not finalized or definitive
+// TODO: flesh out this test, or disable it. The go routines have a race condition that can result
+// in the test being useless.
 func TestProxyMockCovertReset(t *testing.T) {
 
 	wg := new(sync.WaitGroup)
@@ -108,15 +110,15 @@ func (m *mockConn) RemoteAddr() net.Addr {
 }
 
 func (m *mockConn) SetDeadline(t time.Time) error {
-	return errNotExist
+	return nil
 }
 
 func (m *mockConn) SetReadDeadline(t time.Time) error {
-	return errNotExist
+	return nil
 }
 
 func (m *mockConn) SetWriteDeadline(t time.Time) error {
-	return errNotExist
+	return nil
 }
 
 func TestHalfpipeDeadlineEcho(t *testing.T) {

application/lib/registration.go

@@ -635,7 +635,6 @@ func (r *RegisteredDecoys) RegistrationExists(d *DecoyRegistration) *DecoyRegist
 	defer r.m.RUnlock()
 
 	return r.registrationExists(d)
-
 }
 
 // For use inside of this struct (so no deadlocks on struct mutex)
@@ -647,7 +646,6 @@ func (r *RegisteredDecoys) registrationExists(d *DecoyRegistration) *DecoyRegist
 	}
 
 	identifier := t.GetIdentifier(d)
-
 	phantomAddr := d.PhantomIp.String()
 
 	_, exists := r.decoys[phantomAddr]

application/lib/registration_ingest.go

@@ -98,7 +98,10 @@ func (rm *RegistrationManager) startIngestThread(ctx context.Context, regChan <-
 		case msg := <-regChan:
 			newRegs, err := rm.parseRegMessage(msg.([]byte))
 			if err != nil {
-				logger.Errorf("Encountered err when creating Reg: %v\n", err)
+
+				if !errors.Is(err, ErrLegacyAddrSelectBug) {
+					logger.Errorf("Encountered err when creating Reg: %v\n", err)
+				}
 				continue
 			}
 			if len(newRegs) == 0 {
@@ -300,7 +303,10 @@ func (rm *RegistrationManager) parseRegMessage(msg []byte) ([]*DecoyRegistration
 	if parsed.GetRegistrationPayload().GetV4Support() && rm.EnableIPv4 && sourceAddr.To4() != nil {
 		reg, err := rm.NewRegistrationC2SWrapper(parsed, false)
 		if err != nil {
-			logger.Errorf("Failed to create registration from v4 C2S: %v", err)
+
+			if !errors.Is(err, ErrLegacyAddrSelectBug) {
+				logger.Errorf("Failed to create registration from v4 C2S: %v", err)
+			}
 			return nil, err
 		}
 
@@ -386,13 +392,28 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in
 	c2s := c2sw.GetRegistrationPayload()
 
 	// Generate keys from shared secret using HKDF
-	conjureKeys, err := GenSharedKeys(c2sw.GetSharedSecret(), c2s.GetTransport())
+	conjureKeys, err := GenSharedKeys(uint(c2s.GetClientLibVersion()), c2sw.GetSharedSecret(), c2s.GetTransport())
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate keys: %v", err)
 	}
 
 	regSrc := c2sw.GetRegistrationSource()
 
+	// If a C2SWrapper has a registration response at this stage EITHER auth was disabled OR it was
+	// signed by a registration server and has overrides that should be applied
+	var dstPort = -1
+	if rr := c2sw.GetRegistrationResponse(); rr != nil {
+		if rr.DstPort != nil {
+			dstPort = int(rr.GetDstPort())
+		}
+
+		if rr.TransportParams != nil {
+			c2s.TransportParams = rr.GetTransportParams()
+		}
+
+		// TODO: future, apply the ip addresses from the Registration response (rr.IPv4Addr, rr.IPv6Addr)
+	}
+
 	reg, err := rm.NewRegistration(c2s, &conjureKeys, includeV6, &regSrc)
 	if err != nil || reg == nil {
 		return nil, fmt.Errorf("failed to build registration: %s", err)
@@ -416,6 +437,10 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in
 		return nil, fmt.Errorf("failed geoip asn lookup: %w", err)
 	}
 
+	if dstPort != -1 {
+		reg.PhantomPort = uint16(dstPort)
+	}
+
 	return reg, nil
 }
 

application/lib/registration_test.go

@@ -30,38 +30,14 @@ func mockReceiveFromDetector() (pb.ClientToStation, ConjureSharedKeys) {
 	clientToStation.Flags = &pb.RegistrationFlags{Use_TIL: &t}
 	clientToStation.ClientLibVersion = &v
 
-	conjureKeys, _ := GenSharedKeys(sharedSecret, 0)
+	conjureKeys, _ := GenSharedKeys(0, sharedSecret, 0)
 
 	var testGeneration uint32 = 957
 	clientToStation.DecoyListGeneration = &testGeneration
 
 	return *clientToStation, conjureKeys
 }
 
-// func testEqualRegistrations(reg1 *DecoyRegistration, reg2 *DecoyRegistration) bool {
-// 	return true
-// }
-
-// // This is not actually working yet
-// func TestCreateDecoyRegistration(t *testing.T) {
-// 	rm := NewRegistrationManager(&RegConfig{})
-
-// 	c2s, keys := mockReceiveFromDetector()
-
-// 	regSource := pb.RegistrationSource_Detector
-
-// 	newReg, err := rm.NewRegistration(&c2s, &keys, c2s.GetV6Support(), &regSource)
-// 	if err != nil {
-// 		t.Fatalf("Registration failed: %v", err)
-// 	}
-
-// 	expectedReg := DecoyRegistration{}
-
-// 	if !testEqualRegistrations(newReg, &expectedReg) {
-// 		t.Fatalf("Bad registration Created")
-// 	}
-// }
-
 func TestRegistrationLookup(t *testing.T) {
 	rm := NewRegistrationManager(&RegConfig{})
 
@@ -116,9 +92,7 @@ func TestRegisterForDetectorOnce(t *testing.T) {
 
 	// check message
 	msg := <-channel
-	if msg == nil {
-		t.Fatalf("no messages received\n")
-	}
+	require.NotNil(t, msg)
 
 	// reconstruct IP from message
 	parsed := pb.StationToDetector{}
@@ -174,9 +148,7 @@ func TestRegisterForDetectorArray(t *testing.T) {
 
 		// check message
 		msg := <-channel
-		if msg == nil {
-			t.Fatalf("no messages received %s\n", addr)
-		}
+		require.NotNil(t, msg)
 
 		// reconstruct IP from message
 		parsed := pb.StationToDetector{}