key management and client version centralization

Author: jmwample

cmd/application/registration_with_transport_test.go

@@ -17,7 +17,7 @@ import (
 	"google.golang.org/protobuf/proto"
 )
 
-func mockReceiveFromDetector() (*pb.ClientToStation, cj.ConjureSharedKeys) {
+func mockReceiveFromDetector() (*pb.ClientToStation, core.ConjureSharedKeys) {
 	clientToStationBytes, _ := hex.DecodeString("109a04180ba2010e35322e34342e37332e363a343433b00100a2060100")
 	sharedSecret, _ := hex.DecodeString("5414c734ad5dc53e6b56a7bb47ce695a14a3ef076a3d5ace9cbf3b4d12706b73")
 
@@ -32,7 +32,7 @@ func mockReceiveFromDetector() (*pb.ClientToStation, cj.ConjureSharedKeys) {
 	clientToStation.Flags = &pb.RegistrationFlags{Use_TIL: &t}
 	clientToStation.ClientLibVersion = &v
 
-	conjureKeys, _ := cj.GenSharedKeys(uint(v), sharedSecret, 0)
+	conjureKeys, _ := core.GenSharedKeys(uint(v), sharedSecret, 0)
 
 	return clientToStation, conjureKeys
 }

go.mod

@@ -2,12 +2,7 @@ module github.com/refraction-networking/conjure
 
 go 1.18
 
-// replace gitlab.com/yawning/obfs4.git => github.com/jmwample/obfs4.git v0.0.0-20230113193642-07b111e6b208
-
-replace gitlab.com/yawning/obfs4.git => github.com/jmwample/obfs4 v0.0.0-20230113193642-07b111e6b208
-
 require (
-	git.torproject.org/pluggable-transports/goptlib.git v1.3.0
 	github.com/BurntSushi/toml v1.2.1
 	github.com/flynn/noise v1.0.0
 	github.com/go-redis/redis/v8 v8.11.5
@@ -18,19 +13,20 @@ require (
 	github.com/pebbe/zmq4 v1.2.9
 	github.com/pelletier/go-toml v1.9.5
 	github.com/pion/stun v0.3.5
+	github.com/refraction-networking/ed25519 v0.1.2
 	github.com/refraction-networking/gotapdance v1.5.5
+	github.com/refraction-networking/obfs4 v0.1.2
 	github.com/refraction-networking/utls v1.2.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.1
-	gitlab.com/yawning/obfs4.git v0.0.0-20230519154740-645026c2ada4
-	golang.org/x/crypto v0.9.0
-	golang.org/x/net v0.10.0
+	gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.4.0
+	golang.org/x/crypto v0.11.0
+	golang.org/x/net v0.12.0
 	google.golang.org/grpc v1.53.0
 	google.golang.org/protobuf v1.31.0
 )
 
 require (
-	filippo.io/edwards25519 v1.0.0 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -41,8 +37,7 @@ require (
 	github.com/oschwald/maxminddb-golang v1.10.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sergeyfrolov/bsbuffer v0.0.0-20180903213811-94e85abb8507 // indirect
-	gitlab.com/yawning/edwards25519-extra.git v0.0.0-20220726154925-def713fd18e4 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,9 +1,3 @@
-filippo.io/edwards25519 v1.0.0-rc.1.0.20210721174708-390f27c3be20/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
-filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
-filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
-git.torproject.org/pluggable-transports/goptlib.git v1.0.0/go.mod h1:YT4XMSkuEXbtqlydr9+OxqFAyspUv0Gr9qhM3B++o/Q=
-git.torproject.org/pluggable-transports/goptlib.git v1.3.0 h1:G+iuRUblCCC2xnO+0ag1/4+aaM98D5mjWP1M0v9s8a0=
-git.torproject.org/pluggable-transports/goptlib.git v1.3.0/go.mod h1:4PBMl1dg7/3vMWSoWb46eGWlrxkUyn/CAJmxhDLAlDs=
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
@@ -13,7 +7,6 @@ github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dchest/siphash v1.2.1/go.mod h1:q+IRvb2gOSrUnYoPqHiyHXS0FOBBOdl6tONBlVnOnt4=
 github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA=
 github.com/dchest/siphash v1.2.3/go.mod h1:0NvQU092bT0ipiFN++/rXm69QG9tVxLAlQHIXMPAkHc=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
@@ -32,8 +25,6 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/hashicorp/golang-lru v0.6.0 h1:uL2shRDx7RTrOrTCUZEGP/wJUFiUI8QT6E7z5o8jga4=
 github.com/hashicorp/golang-lru v0.6.0/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/jmwample/obfs4 v0.0.0-20230113193642-07b111e6b208 h1:6nxlCjgsYnjYafKVqvElKbFL+95Kgg5YWT/GuXUNoD8=
-github.com/jmwample/obfs4 v0.0.0-20230113193642-07b111e6b208/go.mod h1:9GcM8QNU9/wXtEEH2q8bVOnPI7FtIF6VVLzZ1l6Hgf8=
 github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM=
 github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
@@ -59,8 +50,12 @@ github.com/pion/stun v0.3.5/go.mod h1:gDMim+47EeEtfWogA37n6qXZS88L5V6LqFcf+DZA2U
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/refraction-networking/ed25519 v0.1.2 h1:08kJZUkAlY7a7cZGosl1teGytV+QEoNxPO7NnRvAB+g=
+github.com/refraction-networking/ed25519 v0.1.2/go.mod h1:nxYLUAYt/hmNpAh64PNSQ/tQ9gTIB89wCaGKJlRtZ9I=
 github.com/refraction-networking/gotapdance v1.5.5 h1:PquRRNtBeMU9wToaYXelH+VTJYOFN5WmfNGu3L1M03I=
 github.com/refraction-networking/gotapdance v1.5.5/go.mod h1:kPt7e1vlkn67NPe1zmPQCpVOfLLHApegCY3/KtsMBCU=
+github.com/refraction-networking/obfs4 v0.1.2 h1:J842O4fGSkd2W8ogYj0KN6gqVVY+Cpqodw9qFGL7wVU=
+github.com/refraction-networking/obfs4 v0.1.2/go.mod h1:wAl/+gWiLsrcykJA3nKJHx89f5/gXGM8UKvty7+mvbM=
 github.com/refraction-networking/utls v1.2.0 h1:U5f8wkij2NVinfLuJdFP3gCMwIHs+EzvhxmYdXgiapo=
 github.com/refraction-networking/utls v1.2.0/go.mod h1:NPq+cVqzH7D1BeOkmOcb5O/8iVewAsiVt2x1/eO0hgQ=
 github.com/sergeyfrolov/bsbuffer v0.0.0-20180903213811-94e85abb8507 h1:ML7ZNtcln5UBo5Wv7RIv9Xg3Pr5VuRCWLFXEwda54Y4=
@@ -75,25 +70,22 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-gitlab.com/yawning/edwards25519-extra.git v0.0.0-20211229043746-2f91fcc9fbdb/go.mod h1:gvdJuZuO/tPZyhEV8K3Hmoxv/DWud5L4qEQxfYjEUTo=
-gitlab.com/yawning/edwards25519-extra.git v0.0.0-20220726154925-def713fd18e4 h1:LeXiZggivkDGgmkl7+r+m/2xj3rd+K/30/0obRKayAU=
-gitlab.com/yawning/edwards25519-extra.git v0.0.0-20220726154925-def713fd18e4/go.mod h1:gvdJuZuO/tPZyhEV8K3Hmoxv/DWud5L4qEQxfYjEUTo=
+gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.4.0 h1:Y7fHDMy11yyjM+YlHfcM3svaujdL+m5DqS444wbj8o4=
+gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.4.0/go.mod h1:70bhd4JKW/+1HLfm+TMrgHJsUHG4coelMWwiVEJ2gAg=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=

pkg/core/core.go

@@ -1,13 +1,45 @@
 package core
 
-import (
-	"crypto/hmac"
-	"crypto/sha256"
+const (
+	// PhantomSelectionMinGeneration
+	PhantomSelectionMinGeneration uint = 1
+
+	// PhantomHkdfMinVersion indicates the first version in which the Phantom selection was based on HKDF
+	PhantomHkdfMinVersion uint = 2
+
+	// RandomizeDstPortMinVersion is the earliest client library version ID that supports destination port randomization
+	RandomizeDstPortMinVersion uint = 3
+
+	// SharedKeysRefactorMinVersion
+	SharedKeysRefactorMinVersion uint = 4
 )
 
-// ConjureHMAC implements the hmak that can then be used for further hkdf key generation
-func ConjureHMAC(key []byte, str string) []byte {
-	hash := hmac.New(sha256.New, key)
-	hash.Write([]byte(str))
-	return hash.Sum(nil)
+// CurrentClientLibraryVersion returns the current client library version used
+// for feature compatibility support between client and server. Currently I
+// don't intend to connect this to the library tag version in any way.
+//
+// When adding new client versions comment out older versions and add new
+// version below with a description of the reason for the new version.
+func CurrentClientLibraryVersion() uint32 {
+	// Registration refactor extricates some (Decoy) registrar specific keys out of the shared
+	// keys object, changing the keys that get generated based on client version.
+	// https://github.com/refraction-networking/gotapdance/pull/131
+	// https://github.com/refraction-networking/conjure/pull/202
+	return 4
+
+	// // Support for randomizing destination port for phantom connection
+	// // https://github.com/refraction-networking/gotapdance/pull/108
+	// return 3
+
+	// // Selection algorithm update - Oct 27, 2022 -- Phantom selection version rework again to use
+	// // hkdf for actual uniform distribution across phantom subnets.
+	// // https://github.com/refraction-networking/conjure/pull/145
+	// return 2
+
+	// // Initial inclusion of client version - added due to update in phantom
+	// // selection algorithm that is not backwards compatible to older clients.
+	// return 1
+
+	// // No client version indicates any client before this change.
+	// return 0
 }

pkg/core/core_test.go

@@ -0,0 +1,83 @@
+package core
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"io"
+	"testing"
+
+	pb "github.com/refraction-networking/conjure/proto"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+func TestNewGenKeys(t *testing.T) {
+	fakePubkey := [32]byte{0}
+
+	keys, _ := GenerateClientSharedKeys(fakePubkey)
+	oldKeys, _ := generateClientSharedKeysOld(fakePubkey)
+
+	stationKeys, _ := GenSharedKeys(4, keys.SharedSecret, pb.TransportType_Null)
+	stationKeysOld, _ := GenSharedKeys(3, oldKeys.SharedSecret, pb.TransportType_Null)
+
+	if !bytes.Equal(keys.ConjureSeed, stationKeys.ConjureSeed) {
+		t.Fatalf("Version 4 station ConjureSeed does not match client: \nStation: %v\nClient: %v", stationKeys.ConjureSeed, keys.ConjureSeed)
+	}
+
+	if !bytes.Equal(oldKeys.ConjureSeed, stationKeysOld.ConjureSeed) {
+		t.Fatalf("Version 3 station ConjureSeed does not match client: \nStation: %v\nClient: %v", stationKeysOld.ConjureSeed, oldKeys.ConjureSeed)
+	}
+}
+
+// Below is for testing that SharedSecret and ConjureSeed match with old client version.
+type OldSharedKeys struct {
+	SharedSecret, Representative                               []byte
+	FspKey, FspIv, VspKey, VspIv, NewMasterSecret, ConjureSeed []byte
+	reader                                                     io.Reader
+}
+
+// oldConjureSharedKeys contains keys that the station is required to keep.
+type oldConjureSharedKeys struct {
+	SharedSecret                                            []byte
+	FspKey, FspIv, VspKey, VspIv, MasterSecret, ConjureSeed []byte
+}
+
+func generateClientSharedKeysOld(pubkey [32]byte) (*OldSharedKeys, error) {
+	sharedSecret, representative, err := generateEligatorTransformedKey(pubkey[:])
+	if err != nil {
+		return nil, err
+	}
+
+	tdHkdf := hkdf.New(sha256.New, sharedSecret, []byte("conjureconjureconjureconjure"), nil)
+	keys := &OldSharedKeys{
+		SharedSecret:    sharedSecret,
+		Representative:  representative,
+		FspKey:          make([]byte, 16),
+		FspIv:           make([]byte, 12),
+		VspKey:          make([]byte, 16),
+		VspIv:           make([]byte, 12),
+		NewMasterSecret: make([]byte, 48),
+		ConjureSeed:     make([]byte, 16),
+		reader:          tdHkdf,
+	}
+
+	if _, err := tdHkdf.Read(keys.FspKey); err != nil {
+		return keys, err
+	}
+	if _, err := tdHkdf.Read(keys.FspIv); err != nil {
+		return keys, err
+	}
+	if _, err := tdHkdf.Read(keys.VspKey); err != nil {
+		return keys, err
+	}
+	if _, err := tdHkdf.Read(keys.VspIv); err != nil {
+		return keys, err
+	}
+	if _, err := tdHkdf.Read(keys.NewMasterSecret); err != nil {
+		return keys, err
+	}
+	if _, err := tdHkdf.Read(keys.ConjureSeed); err != nil {
+		return keys, err
+	}
+	return keys, err
+}