initial commit

dialer/obfs/http/conn.go

@@ -0,0 +1,144 @@
+package http
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
+	"io"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"sync"
+
+	"github.com/go-gost/gost/v3/pkg/logger"
+)
+
+type obfsHTTPConn struct {
+	net.Conn
+	host           string
+	rbuf           bytes.Buffer
+	wbuf           bytes.Buffer
+	headerDrained  bool
+	handshaked     bool
+	handshakeMutex sync.Mutex
+	header         http.Header
+	logger         logger.Logger
+}
+
+func (c *obfsHTTPConn) Handshake() (err error) {
+	c.handshakeMutex.Lock()
+	defer c.handshakeMutex.Unlock()
+
+	if c.handshaked {
+		return nil
+	}
+
+	err = c.handshake()
+	if err != nil {
+		return
+	}
+
+	c.handshaked = true
+	return nil
+}
+
+func (c *obfsHTTPConn) handshake() (err error) {
+	r := &http.Request{
+		Method:     http.MethodGet,
+		ProtoMajor: 1,
+		ProtoMinor: 1,
+		URL:        &url.URL{Scheme: "http", Host: c.host},
+		Header:     c.header,
+	}
+	if r.Header == nil {
+		r.Header = http.Header{}
+	}
+	r.Header.Set("Connection", "Upgrade")
+	r.Header.Set("Upgrade", "websocket")
+	key, _ := c.generateChallengeKey()
+	r.Header.Set("Sec-WebSocket-Key", key)
+
+	// cache the request header
+	if err = r.Write(&c.wbuf); err != nil {
+		return
+	}
+
+	if c.logger.IsLevelEnabled(logger.DebugLevel) {
+		dump, _ := httputil.DumpRequest(r, false)
+		c.logger.Debug(string(dump))
+	}
+
+	return nil
+}
+
+func (c *obfsHTTPConn) Read(b []byte) (n int, err error) {
+	if err = c.Handshake(); err != nil {
+		return
+	}
+
+	if err = c.drainHeader(); err != nil {
+		return
+	}
+
+	if c.rbuf.Len() > 0 {
+		return c.rbuf.Read(b)
+	}
+	return c.Conn.Read(b)
+}
+
+func (c *obfsHTTPConn) drainHeader() (err error) {
+	if c.headerDrained {
+		return
+	}
+	c.headerDrained = true
+
+	br := bufio.NewReader(c.Conn)
+	// drain and discard the response header
+	var line string
+	var buf bytes.Buffer
+	for {
+		line, err = br.ReadString('\n')
+		if err != nil {
+			return
+		}
+		buf.WriteString(line)
+		if line == "\r\n" {
+			break
+		}
+	}
+
+	if c.logger.IsLevelEnabled(logger.DebugLevel) {
+		c.logger.Debug(buf.String())
+	}
+
+	// cache the extra data for next read.
+	var b []byte
+	b, err = br.Peek(br.Buffered())
+	if len(b) > 0 {
+		_, err = c.rbuf.Write(b)
+	}
+	return
+}
+
+func (c *obfsHTTPConn) Write(b []byte) (n int, err error) {
+	if err = c.Handshake(); err != nil {
+		return
+	}
+	if c.wbuf.Len() > 0 {
+		c.wbuf.Write(b) // append the data to the cached header
+		_, err = c.wbuf.WriteTo(c.Conn)
+		n = len(b) // exclude the header length
+		return
+	}
+	return c.Conn.Write(b)
+}
+
+func (c *obfsHTTPConn) generateChallengeKey() (string, error) {
+	p := make([]byte, 16)
+	if _, err := io.ReadFull(rand.Reader, p); err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(p), nil
+}

dialer/obfs/http/dialer.go

@@ -0,0 +1,68 @@
+package http
+
+import (
+	"context"
+	"net"
+
+	"github.com/go-gost/gost/v3/pkg/dialer"
+	"github.com/go-gost/gost/v3/pkg/logger"
+	md "github.com/go-gost/gost/v3/pkg/metadata"
+	"github.com/go-gost/gost/v3/pkg/registry"
+)
+
+func init() {
+	registry.DialerRegistry().Register("ohttp", NewDialer)
+}
+
+type obfsHTTPDialer struct {
+	md     metadata
+	logger logger.Logger
+}
+
+func NewDialer(opts ...dialer.Option) dialer.Dialer {
+	options := &dialer.Options{}
+	for _, opt := range opts {
+		opt(options)
+	}
+
+	return &obfsHTTPDialer{
+		logger: options.Logger,
+	}
+}
+
+func (d *obfsHTTPDialer) Init(md md.Metadata) (err error) {
+	return d.parseMetadata(md)
+}
+
+func (d *obfsHTTPDialer) Dial(ctx context.Context, addr string, opts ...dialer.DialOption) (net.Conn, error) {
+	options := &dialer.DialOptions{}
+	for _, opt := range opts {
+		opt(options)
+	}
+
+	conn, err := options.NetDialer.Dial(ctx, "tcp", addr)
+	if err != nil {
+		d.logger.Error(err)
+	}
+	return conn, err
+}
+
+// Handshake implements dialer.Handshaker
+func (d *obfsHTTPDialer) Handshake(ctx context.Context, conn net.Conn, options ...dialer.HandshakeOption) (net.Conn, error) {
+	opts := &dialer.HandshakeOptions{}
+	for _, option := range options {
+		option(opts)
+	}
+
+	host := d.md.host
+	if host == "" {
+		host = opts.Addr
+	}
+
+	return &obfsHTTPConn{
+		Conn:   conn,
+		host:   host,
+		header: d.md.header,
+		logger: d.logger,
+	}, nil
+}

dialer/obfs/http/metadata.go

@@ -0,0 +1,29 @@
+package http
+
+import (
+	"net/http"
+
+	mdata "github.com/go-gost/gost/v3/pkg/metadata"
+)
+
+type metadata struct {
+	host   string
+	header http.Header
+}
+
+func (d *obfsHTTPDialer) parseMetadata(md mdata.Metadata) (err error) {
+	const (
+		header = "header"
+		host   = "host"
+	)
+
+	if m := mdata.GetStringMapString(md, header); len(m) > 0 {
+		h := http.Header{}
+		for k, v := range m {
+			h.Add(k, v)
+		}
+		d.md.header = h
+	}
+	d.md.host = mdata.GetString(md, host)
+	return
+}

dialer/obfs/tls/conn.go

@@ -0,0 +1,266 @@
+package tls
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/tls"
+	"errors"
+	"net"
+	"sync"
+	"time"
+
+	dissector "github.com/go-gost/tls-dissector"
+)
+
+const (
+	maxTLSDataLen = 16384
+)
+
+var (
+	cipherSuites = []uint16{
+		0xc02c, 0xc030, 0x009f, 0xcca9, 0xcca8, 0xccaa, 0xc02b, 0xc02f,
+		0x009e, 0xc024, 0xc028, 0x006b, 0xc023, 0xc027, 0x0067, 0xc00a,
+		0xc014, 0x0039, 0xc009, 0xc013, 0x0033, 0x009d, 0x009c, 0x003d,
+		0x003c, 0x0035, 0x002f, 0x00ff,
+	}
+
+	compressionMethods = []uint8{0x00}
+
+	algorithms = []uint16{
+		0x0601, 0x0602, 0x0603, 0x0501, 0x0502, 0x0503, 0x0401, 0x0402,
+		0x0403, 0x0301, 0x0302, 0x0303, 0x0201, 0x0202, 0x0203,
+	}
+
+	tlsRecordTypes   = []uint8{0x16, 0x14, 0x16, 0x17}
+	tlsVersionMinors = []uint8{0x01, 0x03, 0x03, 0x03}
+
+	ErrBadType         = errors.New("bad type")
+	ErrBadMajorVersion = errors.New("bad major version")
+	ErrBadMinorVersion = errors.New("bad minor version")
+	ErrMaxDataLen      = errors.New("bad tls data len")
+)
+
+const (
+	tlsRecordStateType = iota
+	tlsRecordStateVersion0
+	tlsRecordStateVersion1
+	tlsRecordStateLength0
+	tlsRecordStateLength1
+	tlsRecordStateData
+)
+
+type obfsTLSParser struct {
+	step   uint8
+	state  uint8
+	length uint16
+}
+
+func (r *obfsTLSParser) Parse(b []byte) (int, error) {
+	i := 0
+	last := 0
+	length := len(b)
+
+	for i < length {
+		ch := b[i]
+		switch r.state {
+		case tlsRecordStateType:
+			if tlsRecordTypes[r.step] != ch {
+				return 0, ErrBadType
+			}
+			r.state = tlsRecordStateVersion0
+			i++
+		case tlsRecordStateVersion0:
+			if ch != 0x03 {
+				return 0, ErrBadMajorVersion
+			}
+			r.state = tlsRecordStateVersion1
+			i++
+		case tlsRecordStateVersion1:
+			if ch != tlsVersionMinors[r.step] {
+				return 0, ErrBadMinorVersion
+			}
+			r.state = tlsRecordStateLength0
+			i++
+		case tlsRecordStateLength0:
+			r.length = uint16(ch) << 8
+			r.state = tlsRecordStateLength1
+			i++
+		case tlsRecordStateLength1:
+			r.length |= uint16(ch)
+			if r.step == 0 {
+				r.length = 91
+			} else if r.step == 1 {
+				r.length = 1
+			} else if r.length > maxTLSDataLen {
+				return 0, ErrMaxDataLen
+			}
+			if r.length > 0 {
+				r.state = tlsRecordStateData
+			} else {
+				r.state = tlsRecordStateType
+				r.step++
+			}
+			i++
+		case tlsRecordStateData:
+			left := uint16(length - i)
+			if left > r.length {
+				left = r.length
+			}
+			if r.step >= 2 {
+				skip := i - last
+				copy(b[last:], b[i:length])
+				length -= int(skip)
+				last += int(left)
+				i = last
+			} else {
+				i += int(left)
+			}
+			r.length -= left
+			if r.length == 0 {
+				if r.step < 3 {
+					r.step++
+				}
+				r.state = tlsRecordStateType
+			}
+		}
+	}
+
+	if last == 0 {
+		return 0, nil
+	} else if last < length {
+		length -= last
+	}
+
+	return length, nil
+}
+
+type obfsTLSConn struct {
+	net.Conn
+	wbuf           bytes.Buffer
+	host           string
+	handshaked     chan struct{}
+	parser         obfsTLSParser
+	handshakeMutex sync.Mutex
+}
+
+func (c *obfsTLSConn) Handshaked() bool {
+	select {
+	case <-c.handshaked:
+		return true
+	default:
+		return false
+	}
+}
+
+func (c *obfsTLSConn) Handshake(payload []byte) (err error) {
+	c.handshakeMutex.Lock()
+	defer c.handshakeMutex.Unlock()
+
+	if c.Handshaked() {
+		return
+	}
+
+	if err = c.handshake(payload); err != nil {
+		return
+	}
+
+	close(c.handshaked)
+	return nil
+}
+
+func (c *obfsTLSConn) handshake(payload []byte) error {
+	clientMsg := &dissector.ClientHelloMsg{
+		Version:            tls.VersionTLS12,
+		SessionID:          make([]byte, 32),
+		CipherSuites:       cipherSuites,
+		CompressionMethods: compressionMethods,
+		Extensions: []dissector.Extension{
+			&dissector.SessionTicketExtension{
+				Data: payload,
+			},
+			&dissector.ServerNameExtension{
+				Name: c.host,
+			},
+			&dissector.ECPointFormatsExtension{
+				Formats: []uint8{0x01, 0x00, 0x02},
+			},
+			&dissector.SupportedGroupsExtension{
+				Groups: []uint16{0x001d, 0x0017, 0x0019, 0x0018},
+			},
+			&dissector.SignatureAlgorithmsExtension{
+				Algorithms: algorithms,
+			},
+			&dissector.EncryptThenMacExtension{},
+			&dissector.ExtendedMasterSecretExtension{},
+		},
+	}
+	clientMsg.Random.Time = uint32(time.Now().Unix())
+	rand.Read(clientMsg.Random.Opaque[:])
+	rand.Read(clientMsg.SessionID)
+	b, err := clientMsg.Encode()
+	if err != nil {
+		return err
+	}
+
+	record := &dissector.Record{
+		Type:    dissector.Handshake,
+		Version: tls.VersionTLS10,
+		Opaque:  b,
+	}
+	if _, err := record.WriteTo(c.Conn); err != nil {
+		return err
+	}
+	return err
+}
+
+func (c *obfsTLSConn) Read(b []byte) (n int, err error) {
+	<-c.handshaked
+
+	n, err = c.Conn.Read(b)
+	if err != nil {
+		return
+	}
+	if n > 0 {
+		n, err = c.parser.Parse(b[:n])
+	}
+
+	return
+}
+
+func (c *obfsTLSConn) Write(b []byte) (n int, err error) {
+	n = len(b)
+
+	if !c.Handshaked() {
+		if err = c.Handshake(b); err != nil {
+			return
+		}
+		return
+	}
+
+	for len(b) > 0 {
+		data := b
+		if len(b) > maxTLSDataLen {
+			data = b[:maxTLSDataLen]
+			b = b[maxTLSDataLen:]
+		} else {
+			b = b[:0]
+		}
+		record := &dissector.Record{
+			Type:    dissector.AppData,
+			Version: tls.VersionTLS12,
+			Opaque:  data,
+		}
+
+		if c.wbuf.Len() > 0 {
+			record.Type = dissector.Handshake
+			record.WriteTo(&c.wbuf)
+			_, err = c.wbuf.WriteTo(c.Conn)
+			return
+		}
+
+		if _, err = record.WriteTo(c.Conn); err != nil {
+			return
+		}
+	}
+	return
+}

dialer/obfs/tls/dialer.go

@@ -0,0 +1,67 @@
+package tls
+
+import (
+	"context"
+	"net"
+
+	"github.com/go-gost/gost/v3/pkg/dialer"
+	"github.com/go-gost/gost/v3/pkg/logger"
+	md "github.com/go-gost/gost/v3/pkg/metadata"
+	"github.com/go-gost/gost/v3/pkg/registry"
+)
+
+func init() {
+	registry.DialerRegistry().Register("otls", NewDialer)
+}
+
+type obfsTLSDialer struct {
+	md     metadata
+	logger logger.Logger
+}
+
+func NewDialer(opts ...dialer.Option) dialer.Dialer {
+	options := &dialer.Options{}
+	for _, opt := range opts {
+		opt(options)
+	}
+
+	return &obfsTLSDialer{
+		logger: options.Logger,
+	}
+}
+
+func (d *obfsTLSDialer) Init(md md.Metadata) (err error) {
+	return d.parseMetadata(md)
+}
+
+func (d *obfsTLSDialer) Dial(ctx context.Context, addr string, opts ...dialer.DialOption) (net.Conn, error) {
+	options := &dialer.DialOptions{}
+	for _, opt := range opts {
+		opt(options)
+	}
+
+	conn, err := options.NetDialer.Dial(ctx, "tcp", addr)
+	if err != nil {
+		d.logger.Error(err)
+	}
+	return conn, err
+}
+
+// Handshake implements dialer.Handshaker
+func (d *obfsTLSDialer) Handshake(ctx context.Context, conn net.Conn, options ...dialer.HandshakeOption) (net.Conn, error) {
+	opts := &dialer.HandshakeOptions{}
+	for _, option := range options {
+		option(opts)
+	}
+
+	host := d.md.host
+	if host == "" {
+		host = opts.Addr
+	}
+
+	return &obfsTLSConn{
+		Conn:       conn,
+		host:       host,
+		handshaked: make(chan struct{}),
+	}, nil
+}

dialer/obfs/tls/metadata.go

@@ -0,0 +1,18 @@
+package tls
+
+import (
+	mdata "github.com/go-gost/gost/v3/pkg/metadata"
+)
+
+type metadata struct {
+	host string
+}
+
+func (d *obfsTLSDialer) parseMetadata(md mdata.Metadata) (err error) {
+	const (
+		host = "host"
+	)
+
+	d.md.host = mdata.GetString(md, host)
+	return
+}