protocol

package
v0.0.0-...-2ea17e8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2019 License: GPL-3.0, GPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TUNNEL_PROTOCOL_SSH                           = "SSH"
	TUNNEL_PROTOCOL_OBFUSCATED_SSH                = "OSSH"
	TUNNEL_PROTOCOL_UNFRONTED_MEEK                = "UNFRONTED-MEEK-OSSH"
	TUNNEL_PROTOCOL_UNFRONTED_MEEK_HTTPS          = "UNFRONTED-MEEK-HTTPS-OSSH"
	TUNNEL_PROTOCOL_UNFRONTED_MEEK_SESSION_TICKET = "UNFRONTED-MEEK-SESSION-TICKET-OSSH"
	TUNNEL_PROTOCOL_FRONTED_MEEK                  = "FRONTED-MEEK-OSSH"
	TUNNEL_PROTOCOL_FRONTED_MEEK_HTTP             = "FRONTED-MEEK-HTTP-OSSH"
	TUNNEL_PROTOCOL_QUIC_OBFUSCATED_SSH           = "QUIC-OSSH"
	TUNNEL_PROTOCOL_MARIONETTE_OBFUSCATED_SSH     = "MARIONETTE-OSSH"
	TUNNEL_PROTOCOL_TAPDANCE_OBFUSCATED_SSH       = "TAPDANCE-OSSH"

	SERVER_ENTRY_SOURCE_EMBEDDED   = "EMBEDDED"
	SERVER_ENTRY_SOURCE_REMOTE     = "REMOTE"
	SERVER_ENTRY_SOURCE_DISCOVERY  = "DISCOVERY"
	SERVER_ENTRY_SOURCE_TARGET     = "TARGET"
	SERVER_ENTRY_SOURCE_OBFUSCATED = "OBFUSCATED"

	CAPABILITY_SSH_API_REQUESTS            = "ssh-api-requests"
	CAPABILITY_UNTUNNELED_WEB_API_REQUESTS = "handshake"

	CLIENT_CAPABILITY_SERVER_REQUESTS = "server-requests"

	PSIPHON_API_HANDSHAKE_REQUEST_NAME = "psiphon-handshake"
	PSIPHON_API_CONNECTED_REQUEST_NAME = "psiphon-connected"
	PSIPHON_API_STATUS_REQUEST_NAME    = "psiphon-status"
	PSIPHON_API_OSL_REQUEST_NAME       = "psiphon-osl"

	// PSIPHON_API_CLIENT_VERIFICATION_REQUEST_NAME may still be used by older Android clients
	PSIPHON_API_CLIENT_VERIFICATION_REQUEST_NAME = "psiphon-client-verification"

	PSIPHON_API_CLIENT_SESSION_ID_LENGTH = 16

	PSIPHON_SSH_API_PROTOCOL = "ssh"
	PSIPHON_WEB_API_PROTOCOL = "web"

	PACKET_TUNNEL_CHANNEL_TYPE = "tun@psiphon.ca"
	RANDOM_STREAM_CHANNEL_TYPE = "random@psiphon.ca"

	PSIPHON_API_HANDSHAKE_AUTHORIZATIONS = "authorizations"
)
View Source 
const (
	TLS_PROFILE_IOS_1131         = "iOS-Safari-11.3.1"
	TLS_PROFILE_ANDROID_60       = "Android-6.0"
	TLS_PROFILE_ANDROID_51       = "Android-5.1"
	TLS_PROFILE_CHROME_58        = "Chrome-58"
	TLS_PROFILE_CHROME_57        = "Chrome-57"
	TLS_PROFILE_FIREFOX_56       = "Firefox-56"
	TLS_PROFILE_RANDOMIZED       = "Randomized"
	TLS_PROFILE_TLS13_RANDOMIZED = "TLS-1.3-Randomized"
)
View Source 
const (
	QUIC_VERSION_GQUIC39    = "gQUICv39"
	QUIC_VERSION_GQUIC43    = "gQUICv43"
	QUIC_VERSION_GQUIC44    = "gQUICv44"
	QUIC_VERSION_OBFUSCATED = "OBFUSCATED"
)

Variables

View Source 
var DefaultDisabledTunnelProtocols = TunnelProtocols{
	TUNNEL_PROTOCOL_MARIONETTE_OBFUSCATED_SSH,
	TUNNEL_PROTOCOL_TAPDANCE_OBFUSCATED_SSH,
}
View Source 
var SupportedQUICVersions = QUICVersions{
	QUIC_VERSION_GQUIC39,
	QUIC_VERSION_GQUIC43,
	QUIC_VERSION_GQUIC44,
	QUIC_VERSION_OBFUSCATED,
}
View Source 
var SupportedServerEntrySources = TunnelProtocols{
	SERVER_ENTRY_SOURCE_EMBEDDED,
	SERVER_ENTRY_SOURCE_REMOTE,
	SERVER_ENTRY_SOURCE_DISCOVERY,
	SERVER_ENTRY_SOURCE_TARGET,
	SERVER_ENTRY_SOURCE_OBFUSCATED,
}
View Source 
var SupportedTLSProfiles = TLSProfiles{
	TLS_PROFILE_IOS_1131,
	TLS_PROFILE_ANDROID_60,
	TLS_PROFILE_ANDROID_51,
	TLS_PROFILE_CHROME_58,
	TLS_PROFILE_CHROME_57,
	TLS_PROFILE_FIREFOX_56,
	TLS_PROFILE_RANDOMIZED,
	TLS_PROFILE_TLS13_RANDOMIZED,
}
View Source 
var SupportedTunnelProtocols = TunnelProtocols{
	TUNNEL_PROTOCOL_SSH,
	TUNNEL_PROTOCOL_OBFUSCATED_SSH,
	TUNNEL_PROTOCOL_UNFRONTED_MEEK,
	TUNNEL_PROTOCOL_UNFRONTED_MEEK_HTTPS,
	TUNNEL_PROTOCOL_UNFRONTED_MEEK_SESSION_TICKET,
	TUNNEL_PROTOCOL_FRONTED_MEEK,
	TUNNEL_PROTOCOL_FRONTED_MEEK_HTTP,
	TUNNEL_PROTOCOL_QUIC_OBFUSCATED_SSH,
	TUNNEL_PROTOCOL_MARIONETTE_OBFUSCATED_SSH,
	TUNNEL_PROTOCOL_TAPDANCE_OBFUSCATED_SSH,
}

Functions

func DeriveSSHServerKEXPRNGSeed 

func DeriveSSHServerKEXPRNGSeed(obfuscatedKey string) (*prng.Seed, error)

func DeriveSSHServerVersionPRNGSeed 

func DeriveSSHServerVersionPRNGSeed(obfuscatedKey string) (*prng.Seed, error)

func EncodeServerEntry 

func EncodeServerEntry(serverEntry *ServerEntry) (string, error)

EncodeServerEntry returns a string containing the encoding of a ServerEntry following Psiphon conventions.

func GetCapability 

func GetCapability(protocol string) string

GetCapability returns the server capability corresponding to the tunnel protocol.

func GetTacticsCapability 

func GetTacticsCapability(protocol string) string

GetTacticsCapability returns the server tactics capability corresponding to the tunnel protocol.

func QUICVersionIsObfuscated 

func QUICVersionIsObfuscated(version string) bool

func TLSProfileIsRandomized 

func TLSProfileIsRandomized(tlsProfile string) bool

func TLSProfileIsTLS13 

func TLSProfileIsTLS13(tlsProfile string) bool

func TunnelProtocolIsResourceIntensive 

func TunnelProtocolIsResourceIntensive(protocol string) bool

func TunnelProtocolUsesFrontedMeek 

func TunnelProtocolUsesFrontedMeek(protocol string) bool

func TunnelProtocolUsesMarionette 

func TunnelProtocolUsesMarionette(protocol string) bool

func TunnelProtocolUsesMeek 

func TunnelProtocolUsesMeek(protocol string) bool

func TunnelProtocolUsesMeekHTTP 

func TunnelProtocolUsesMeekHTTP(protocol string) bool

func TunnelProtocolUsesMeekHTTPS 

func TunnelProtocolUsesMeekHTTPS(protocol string) bool

func TunnelProtocolUsesObfuscatedSSH 

func TunnelProtocolUsesObfuscatedSSH(protocol string) bool

func TunnelProtocolUsesObfuscatedSessionTickets 

func TunnelProtocolUsesObfuscatedSessionTickets(protocol string) bool

func TunnelProtocolUsesQUIC 

func TunnelProtocolUsesQUIC(protocol string) bool

func TunnelProtocolUsesSSH 

func TunnelProtocolUsesSSH(protocol string) bool

func TunnelProtocolUsesTapdance 

func TunnelProtocolUsesTapdance(protocol string) bool

func UseClientTunnelProtocol 

func UseClientTunnelProtocol(
	clientProtocol string,
	serverProtocols TunnelProtocols) bool

func ValidateServerEntryFields 

func ValidateServerEntryFields(serverEntryFields ServerEntryFields) error

ValidateServerEntryFields checks for malformed server entries. Currently, it checks for a valid ipAddress. This is important since the IP address is the key used to store/lookup the server entry. TODO: validate more fields?

Types

type ConnectedResponse 

type ConnectedResponse struct {
	ConnectedTimestamp string `json:"connected_timestamp"`
	Padding            string `json:"padding"`
}

type HandshakeResponse 

type HandshakeResponse struct {
	SSHSessionID           string              `json:"ssh_session_id"`
	Homepages              []string            `json:"homepages"`
	UpgradeClientVersion   string              `json:"upgrade_client_version"`
	PageViewRegexes        []map[string]string `json:"page_view_regexes"`
	HttpsRequestRegexes    []map[string]string `json:"https_request_regexes"`
	EncodedServerList      []string            `json:"encoded_server_list"`
	ClientRegion           string              `json:"client_region"`
	ServerTimestamp        string              `json:"server_timestamp"`
	ActiveAuthorizationIDs []string            `json:"active_authorization_ids"`
	TacticsPayload         json.RawMessage     `json:"tactics_payload"`
	Padding                string              `json:"padding"`
}

type MeekCookieData 

type MeekCookieData struct {
	MeekProtocolVersion  int    `json:"v"`
	ClientTunnelProtocol string `json:"t"`
	EndPoint             string `json:"e"`
}

type OSLRequest 

type OSLRequest struct {
	ClearLocalSLOKs bool             `json:"clear_local_sloks"`
	SeedPayload     *osl.SeedPayload `json:"seed_payload"`
}

type QUICVersions 

type QUICVersions []string

func (QUICVersions) PruneInvalid 

func (versions QUICVersions) PruneInvalid() QUICVersions

func (QUICVersions) Validate 

func (versions QUICVersions) Validate() error

type RandomStreamRequest 

type RandomStreamRequest struct {
	UpstreamBytes   int `json:"u"`
	DownstreamBytes int `json:"d"`
}

type SSHPasswordPayload 

type SSHPasswordPayload struct {
	SessionId          string   `json:"SessionId"`
	SshPassword        string   `json:"SshPassword"`
	ClientCapabilities []string `json:"ClientCapabilities"`
}

type ServerEntry 

type ServerEntry struct {
	IpAddress                     string   `json:"ipAddress"`
	WebServerPort                 string   `json:"webServerPort"` // not an int
	WebServerSecret               string   `json:"webServerSecret"`
	WebServerCertificate          string   `json:"webServerCertificate"`
	SshPort                       int      `json:"sshPort"`
	SshUsername                   string   `json:"sshUsername"`
	SshPassword                   string   `json:"sshPassword"`
	SshHostKey                    string   `json:"sshHostKey"`
	SshObfuscatedPort             int      `json:"sshObfuscatedPort"`
	SshObfuscatedQUICPort         int      `json:"sshObfuscatedQUICPort"`
	SshObfuscatedTapdancePort     int      `json:"sshObfuscatedTapdancePort"`
	SshObfuscatedKey              string   `json:"sshObfuscatedKey"`
	Capabilities                  []string `json:"capabilities"`
	Region                        string   `json:"region"`
	MeekServerPort                int      `json:"meekServerPort"`
	MeekCookieEncryptionPublicKey string   `json:"meekCookieEncryptionPublicKey"`
	MeekObfuscatedKey             string   `json:"meekObfuscatedKey"`
	MeekFrontingHost              string   `json:"meekFrontingHost"`
	MeekFrontingHosts             []string `json:"meekFrontingHosts"`
	MeekFrontingDomain            string   `json:"meekFrontingDomain"`
	MeekFrontingAddresses         []string `json:"meekFrontingAddresses"`
	MeekFrontingAddressesRegex    string   `json:"meekFrontingAddressesRegex"`
	MeekFrontingDisableSNI        bool     `json:"meekFrontingDisableSNI"`
	TacticsRequestPublicKey       string   `json:"tacticsRequestPublicKey"`
	TacticsRequestObfuscatedKey   string   `json:"tacticsRequestObfuscatedKey"`
	MarionetteFormat              string   `json:"marionetteFormat"`
	ConfigurationVersion          int      `json:"configurationVersion"`

	// These local fields are not expected to be present in downloaded server
	// entries. They are added by the client to record and report stats about
	// how and when server entries are obtained.
	LocalSource    string `json:"localSource"`
	LocalTimestamp string `json:"localTimestamp"`
}

ServerEntry represents a Psiphon server. It contains information about how to establish a tunnel connection to the server through several protocols. Server entries are JSON records downloaded from various sources.

func DecodeServerEntry 

func DecodeServerEntry(
	encodedServerEntry, timestamp, serverEntrySource string) (*ServerEntry, error)

DecodeServerEntry extracts a server entry from the encoding used by remote server lists and Psiphon server handshake requests.

The resulting ServerEntry.LocalSource is populated with serverEntrySource, which should be one of SERVER_ENTRY_SOURCE_EMBEDDED, SERVER_ENTRY_SOURCE_REMOTE, SERVER_ENTRY_SOURCE_DISCOVERY, SERVER_ENTRY_SOURCE_TARGET, SERVER_ENTRY_SOURCE_OBFUSCATED. ServerEntry.LocalTimestamp is populated with the provided timestamp, which should be a RFC 3339 formatted string. These local fields are stored with the server entry and reported to the server as stats (a coarse granularity timestamp is reported).

func (*ServerEntry) GetSupportedProtocols 

func (serverEntry *ServerEntry) GetSupportedProtocols(
	useUpstreamProxy bool,
	limitTunnelProtocols []string,
	excludeIntensive bool) []string

GetSupportedProtocols returns a list of tunnel protocols supported by the ServerEntry's capabilities.

func (*ServerEntry) GetSupportedTacticsProtocols 

func (serverEntry *ServerEntry) GetSupportedTacticsProtocols() []string

GetSupportedTacticsProtocols returns a list of tunnel protocols, supported by the ServerEntry's capabilities, that may be used for tactics requests.

func (*ServerEntry) GetUntunneledWebRequestPorts 

func (serverEntry *ServerEntry) GetUntunneledWebRequestPorts() []string

func (*ServerEntry) SupportsProtocol 

func (serverEntry *ServerEntry) SupportsProtocol(protocol string) bool

SupportsProtocol returns true if and only if the ServerEntry has the necessary capability to support the specified tunnel protocol.

func (*ServerEntry) SupportsSSHAPIRequests 

func (serverEntry *ServerEntry) SupportsSSHAPIRequests() bool

SupportsSSHAPIRequests returns true when the server supports SSH API requests.

type ServerEntryFields 

type ServerEntryFields map[string]interface{}

ServerEntryFields is an alternate representation of ServerEntry which enables future compatibility when unmarshaling and persisting new server entries which may contain new, unrecognized fields not in the ServerEntry type for a particular client version.

When new JSON server entries with new fields are unmarshaled to ServerEntry types, unrecognized fields are discarded. When unmarshaled to ServerEntryFields, unrecognized fields are retained and may be persisted and available when the client is upgraded and unmarshals to an updated ServerEntry type.

func DecodeServerEntryFields 

func DecodeServerEntryFields(
	encodedServerEntry, timestamp, serverEntrySource string) (ServerEntryFields, error)

DecodeServerEntryFields extracts an encoded server entry into a ServerEntryFields type, much like DecodeServerEntry. Unrecognized fields not in ServerEntry are retained in the ServerEntryFields.

func DecodeServerEntryList 

func DecodeServerEntryList(
	encodedServerEntryList, timestamp,
	serverEntrySource string) ([]ServerEntryFields, error)

DecodeServerEntryList extracts server entries from the list encoding used by remote server lists and Psiphon server handshake requests. Each server entry is validated and invalid entries are skipped. See DecodeServerEntry for note on serverEntrySource/timestamp.

func (ServerEntryFields) GetConfigurationVersion 

func (fields ServerEntryFields) GetConfigurationVersion() int

func (ServerEntryFields) GetIPAddress 

func (fields ServerEntryFields) GetIPAddress() string

func (ServerEntryFields) SetLocalSource 

func (fields ServerEntryFields) SetLocalSource(source string)

func (ServerEntryFields) SetLocalTimestamp 

func (fields ServerEntryFields) SetLocalTimestamp(timestamp string)

type StreamingServerEntryDecoder 

type StreamingServerEntryDecoder struct {
	// contains filtered or unexported fields
}

StreamingServerEntryDecoder performs the DecodeServerEntryList operation, loading only one server entry into memory at a time.

func NewStreamingServerEntryDecoder 

func NewStreamingServerEntryDecoder(
	encodedServerEntryListReader io.Reader,
	timestamp, serverEntrySource string) *StreamingServerEntryDecoder

NewStreamingServerEntryDecoder creates a new StreamingServerEntryDecoder.

func (*StreamingServerEntryDecoder) Next 

func (decoder *StreamingServerEntryDecoder) Next() (ServerEntryFields, error)

Next reads and decodes, and validates the next server entry from the input stream, returning a nil server entry when the stream is complete.

Limitations:

  • Each encoded server entry line cannot exceed bufio.MaxScanTokenSize, the default buffer size which this decoder uses. This is 64K.
  • DecodeServerEntry is called on each encoded server entry line, which will allocate memory to hex decode and JSON deserialze the server entry. As this is not presently reusing a fixed buffer, each call will allocate additional memory; garbage collection is necessary to reclaim that memory for reuse for the next server entry.

type TLSProfiles 

type TLSProfiles []string

func (TLSProfiles) PruneInvalid 

func (profiles TLSProfiles) PruneInvalid() TLSProfiles

func (TLSProfiles) Validate 

func (profiles TLSProfiles) Validate() error

type TunnelProtocols 

type TunnelProtocols []string

func (TunnelProtocols) PruneInvalid 

func (t TunnelProtocols) PruneInvalid() TunnelProtocols

func (TunnelProtocols) Validate 

func (t TunnelProtocols) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.