1
0
mirror of https://github.com/danog/libtgvoip.git synced 2024-12-11 16:49:52 +01:00
libtgvoip/controller/net/NetworkSocket.cpp
2020-01-24 20:26:34 +01:00

762 lines
18 KiB
C++

//
// Created by Grishka on 29.03.17.
//
#include <stdexcept>
#include <algorithm>
#include <stdlib.h>
#include <string.h>
#if defined(_WIN32)
#include <winsock2.h>
#include "os/windows/NetworkSocketWinsock.h"
#else
#include "os/posix/NetworkSocketPosix.h"
#endif
#include "tools/logging.h"
#include "VoIPServerConfig.h"
#include "VoIPController.h"
#include "tools/Buffers.h"
#include "controller/net/NetworkSocket.h"
#define MIN_UDP_PORT 16384
#define MAX_UDP_PORT 32768
using namespace tgvoip;
NetworkSocket::NetworkSocket(NetworkProtocol protocol) : protocol(protocol)
{
ipv6Timeout = ServerConfig::GetSharedInstance()->GetDouble("nat64_fallback_timeout", 3);
failed = false;
}
NetworkSocket::~NetworkSocket()
{
}
std::string NetworkSocket::GetLocalInterfaceInfo(NetworkAddress *inet4addr, NetworkAddress *inet6addr)
{
std::string r = "not implemented";
return r;
}
uint16_t NetworkSocket::GenerateLocalPort()
{
uint16_t rnd;
VoIPController::crypto.rand_bytes(reinterpret_cast<uint8_t *>(&rnd), 2);
return (uint16_t)((rnd % (MAX_UDP_PORT - MIN_UDP_PORT)) + MIN_UDP_PORT);
}
void NetworkSocket::SetMaxPriority()
{
}
bool NetworkSocket::IsFailed()
{
return failed;
}
std::shared_ptr<NetworkSocket> NetworkSocket::Create(NetworkProtocol protocol)
{
#ifndef _WIN32
return std::make_shared<NetworkSocketPosix>(protocol);
#else
return std::make_shared<NetworkSocketWinsock>(protocol);
#endif
}
NetworkAddress NetworkSocket::ResolveDomainName(std::string name)
{
#ifndef _WIN32
return NetworkSocketPosix::ResolveDomainName(name);
#else
return NetworkSocketWinsock::ResolveDomainName(name);
#endif
}
void NetworkSocket::GenerateTCPO2States(unsigned char *buffer, TCPO2State *recvState, TCPO2State *sendState)
{
memset(recvState, 0, sizeof(TCPO2State));
memset(sendState, 0, sizeof(TCPO2State));
unsigned char nonce[64];
uint32_t *first = reinterpret_cast<uint32_t *>(nonce), *second = first + 1;
uint32_t first1 = 0x44414548U, first2 = 0x54534f50U, first3 = 0x20544547U, first4 = 0x20544547U, first5 = 0xeeeeeeeeU;
uint32_t second1 = 0;
do
{
VoIPController::crypto.rand_bytes(nonce, sizeof(nonce));
} while (*first == first1 || *first == first2 || *first == first3 || *first == first4 || *first == first5 || *second == second1 || *reinterpret_cast<unsigned char *>(nonce) == 0xef);
// prepare encryption key/iv
memcpy(sendState->key, nonce + 8, 32);
memcpy(sendState->iv, nonce + 8 + 32, 16);
// prepare decryption key/iv
char reversed[48];
memcpy(reversed, nonce + 8, sizeof(reversed));
std::reverse(reversed, reversed + sizeof(reversed));
memcpy(recvState->key, reversed, 32);
memcpy(recvState->iv, reversed + 32, 16);
// write protocol identifier
*reinterpret_cast<uint32_t *>(nonce + 56) = 0xefefefefU;
memcpy(buffer, nonce, 56);
EncryptForTCPO2(nonce, sizeof(nonce), sendState);
memcpy(buffer + 56, nonce + 56, 8);
}
void NetworkSocket::EncryptForTCPO2(unsigned char *buffer, size_t len, TCPO2State *state)
{
VoIPController::crypto.aes_ctr_encrypt(buffer, len, state->key, state->iv, state->ecount, &state->num);
}
size_t NetworkSocket::Receive(unsigned char *buffer, size_t len)
{
NetworkPacket pkt = Receive(len);
if (pkt.IsEmpty())
return 0;
size_t actualLen = std::min(len, pkt.data.Length());
memcpy(buffer, *pkt.data, actualLen);
return actualLen;
}
bool NetworkAddress::operator==(const NetworkAddress &other) const
{
if (isIPv6 != other.isIPv6)
return false;
if (!isIPv6)
{
return addr.ipv4 == other.addr.ipv4;
}
return memcmp(addr.ipv6, other.addr.ipv6, 16) == 0;
}
bool NetworkAddress::operator!=(const NetworkAddress &other) const
{
return !(*this == other);
}
std::string NetworkAddress::ToString() const
{
if (isIPv6)
{
#ifndef _WIN32
return NetworkSocketPosix::V6AddressToString(addr.ipv6);
#else
return NetworkSocketWinsock::V6AddressToString(addr.ipv6);
#endif
}
else
{
#ifndef _WIN32
return NetworkSocketPosix::V4AddressToString(addr.ipv4);
#else
return NetworkSocketWinsock::V4AddressToString(addr.ipv4);
#endif
}
}
bool NetworkAddress::IsEmpty() const
{
if (isIPv6)
{
const uint64_t *a = reinterpret_cast<const uint64_t *>(addr.ipv6);
return a[0] == 0LL && a[1] == 0LL;
}
return addr.ipv4 == 0;
}
bool NetworkAddress::PrefixMatches(const unsigned int prefix, const NetworkAddress &other) const
{
if (isIPv6 != other.isIPv6)
return false;
if (!isIPv6)
{
uint32_t mask = 0xFFFFFFFF << (32 - prefix);
return (addr.ipv4 & mask) == (other.addr.ipv4 & mask);
}
return false;
}
NetworkAddress NetworkAddress::Empty()
{
NetworkAddress addr;
addr.isIPv6 = false;
addr.addr.ipv4 = 0;
return addr;
}
NetworkAddress NetworkAddress::IPv4(std::string str)
{
NetworkAddress addr;
addr.isIPv6 = false;
#ifndef _WIN32
addr.addr.ipv4 = NetworkSocketPosix::StringToV4Address(str);
#else
addr.addr.ipv4 = NetworkSocketWinsock::StringToV4Address(str);
#endif
return addr;
}
NetworkAddress NetworkAddress::IPv4(uint32_t addr)
{
NetworkAddress a;
a.isIPv6 = false;
a.addr.ipv4 = addr;
return a;
}
NetworkAddress NetworkAddress::IPv6(std::string str)
{
NetworkAddress addr;
addr.isIPv6 = false;
#ifndef _WIN32
NetworkSocketPosix::StringToV6Address(str, addr.addr.ipv6);
#else
NetworkSocketWinsock::StringToV6Address(str, addr.addr.ipv6);
#endif
return addr;
}
NetworkAddress NetworkAddress::IPv6(const uint8_t addr[16])
{
NetworkAddress a;
a.isIPv6 = true;
memcpy(a.addr.ipv6, addr, 16);
return a;
}
bool NetworkSocket::Select(std::vector<std::shared_ptr<NetworkSocket>> &readFds, std::vector<std::shared_ptr<NetworkSocket>> &writeFds, std::vector<std::shared_ptr<NetworkSocket>> &errorFds, const std::unique_ptr<SocketSelectCanceller> &canceller)
{
#ifndef _WIN32
return NetworkSocketPosix::Select(readFds, writeFds, errorFds, canceller);
#else
return NetworkSocketWinsock::Select(readFds, writeFds, errorFds, canceller);
#endif
}
SocketSelectCanceller::~SocketSelectCanceller()
{
}
std::unique_ptr<SocketSelectCanceller> SocketSelectCanceller::Create()
{
#ifndef _WIN32
return std::move(std::unique_ptr<SocketSelectCanceller>{new SocketSelectCancellerPosix()});
#else
return std::move(std::unique_ptr<SocketSelectCanceller>{new SocketSelectCancellerWin32()});
#endif
}
NetworkSocketTCPObfuscated::NetworkSocketTCPObfuscated(const std::shared_ptr<NetworkSocket> &wrapped) : NetworkSocketWrapper(NetworkProtocol::TCP)
{
this->wrapped = wrapped;
}
NetworkSocketTCPObfuscated::~NetworkSocketTCPObfuscated()
{
}
std::shared_ptr<NetworkSocket> NetworkSocketTCPObfuscated::GetWrapped()
{
return wrapped;
}
void NetworkSocketTCPObfuscated::InitConnection()
{
Buffer buf(64);
GenerateTCPO2States(*buf, &recvState, &sendState);
wrapped->Send(NetworkPacket{
std::move(buf),
NetworkAddress::Empty(),
0,
NetworkProtocol::TCP});
}
void NetworkSocketTCPObfuscated::Send(NetworkPacket packet)
{
BufferOutputStream os(packet.data.Length() + 4);
size_t len = packet.data.Length() / 4;
if (len < 0x7F)
{
os.WriteByte((unsigned char)len);
}
else
{
os.WriteByte(0x7F);
os.WriteByte((unsigned char)(len & 0xFF));
os.WriteByte((unsigned char)((len >> 8) & 0xFF));
os.WriteByte((unsigned char)((len >> 16) & 0xFF));
}
os.WriteBytes(packet.data);
EncryptForTCPO2(os.GetBuffer(), os.GetLength(), &sendState);
wrapped->Send(NetworkPacket{
Buffer(std::move(os)),
NetworkAddress::Empty(),
0,
NetworkProtocol::TCP});
//LOGD("Sent %u bytes", os.GetLength());
}
bool NetworkSocketTCPObfuscated::OnReadyToSend()
{
LOGV("TCPO socket ready to send");
if (!initialized)
{
LOGV("Initializing TCPO2 connection");
initialized = true;
InitConnection();
readyToSend = true;
return false;
}
return wrapped->OnReadyToSend();
}
NetworkPacket NetworkSocketTCPObfuscated::Receive(size_t maxLen)
{
unsigned char len1;
size_t packetLen = 0;
size_t offset = 0;
size_t len;
len = wrapped->Receive(&len1, 1);
if (len <= 0)
{
return NetworkPacket::Empty();
}
EncryptForTCPO2(&len1, 1, &recvState);
if (len1 < 0x7F)
{
packetLen = (size_t)len1 * 4;
}
else
{
unsigned char len2[3];
len = wrapped->Receive(len2, 3);
if (len <= 0)
{
return NetworkPacket::Empty();
}
EncryptForTCPO2(len2, 3, &recvState);
packetLen = ((size_t)len2[0] | ((size_t)len2[1] << 8) | ((size_t)len2[2] << 16)) * 4;
}
if (packetLen > 1500)
{
LOGW("packet too big to fit into buffer (%u vs %u)", (unsigned int)packetLen, (unsigned int)1500);
return NetworkPacket::Empty();
}
Buffer buf(packetLen);
while (offset < packetLen)
{
len = wrapped->Receive(*buf, packetLen - offset);
if (len <= 0)
{
return NetworkPacket::Empty();
}
offset += len;
}
EncryptForTCPO2(*buf, packetLen, &recvState);
return NetworkPacket{
std::move(buf),
wrapped->GetConnectedAddress(),
wrapped->GetConnectedPort(),
NetworkProtocol::TCP};
}
void NetworkSocketTCPObfuscated::Open()
{
}
void NetworkSocketTCPObfuscated::Close()
{
wrapped->Close();
}
void NetworkSocketTCPObfuscated::Connect(const NetworkAddress address, uint16_t port)
{
wrapped->Connect(address, port);
}
bool NetworkSocketTCPObfuscated::IsFailed()
{
return wrapped->IsFailed();
}
NetworkSocketSOCKS5Proxy::NetworkSocketSOCKS5Proxy(const std::shared_ptr<NetworkSocket> &tcp, const std::shared_ptr<NetworkSocket> &udp, std::string username, std::string password) : NetworkSocketWrapper(udp ? NetworkProtocol::UDP : NetworkProtocol::TCP)
{
this->tcp = tcp;
this->udp = udp;
this->username = username;
this->password = password;
}
NetworkSocketSOCKS5Proxy::~NetworkSocketSOCKS5Proxy()
{
}
void NetworkSocketSOCKS5Proxy::Send(NetworkPacket packet)
{
if (protocol == NetworkProtocol::TCP)
{
tcp->Send(std::move(packet));
}
else if (protocol == NetworkProtocol::UDP)
{
BufferOutputStream out(1500);
out.WriteInt16(0); // RSV
out.WriteByte(0); // FRAG
if (!packet.address.isIPv6)
{
out.WriteByte(1); // ATYP (IPv4)
out.WriteInt32(packet.address.addr.ipv4);
}
else
{
out.WriteByte(4); // ATYP (IPv6)
out.WriteBytes(packet.address.addr.ipv6, 16);
}
out.WriteInt16(htons(packet.port));
out.WriteBytes(packet.data);
udp->Send(NetworkPacket{
Buffer(std::move(out)),
connectedAddress,
connectedPort,
NetworkProtocol::UDP});
}
}
NetworkPacket NetworkSocketSOCKS5Proxy::Receive(size_t maxLen)
{
if (protocol == NetworkProtocol::TCP)
{
NetworkPacket packet = tcp->Receive();
packet.address = connectedAddress;
packet.port = connectedPort;
return packet;
}
else
{
NetworkPacket p = udp->Receive();
if (!p.IsEmpty() && p.address == connectedAddress && p.port == connectedPort)
{
BufferInputStream in(p.data);
in.ReadInt16(); // RSV
in.ReadByte(); // FRAG
unsigned char atyp = in.ReadByte();
NetworkAddress address = NetworkAddress::Empty();
if (atyp == 1)
{ // IPv4
address = NetworkAddress::IPv4(in.ReadUInt32());
}
else if (atyp == 4)
{ // IPv6
unsigned char addr[16];
in.ReadBytes(addr, 16);
address = NetworkAddress::IPv6(addr);
}
return NetworkPacket{
Buffer::CopyOf(p.data, in.GetOffset(), in.Remaining()),
address,
htons(in.ReadInt16()),
protocol};
}
}
return NetworkPacket::Empty();
}
void NetworkSocketSOCKS5Proxy::Open()
{
}
void NetworkSocketSOCKS5Proxy::Close()
{
tcp->Close();
}
void NetworkSocketSOCKS5Proxy::Connect(const NetworkAddress address, uint16_t port)
{
connectedAddress = address;
connectedPort = port;
}
std::shared_ptr<NetworkSocket> NetworkSocketSOCKS5Proxy::GetWrapped()
{
return protocol == NetworkProtocol::TCP ? tcp : udp;
}
void NetworkSocketSOCKS5Proxy::InitConnection()
{
}
bool NetworkSocketSOCKS5Proxy::IsFailed()
{
return NetworkSocket::IsFailed() || tcp->IsFailed();
}
NetworkAddress NetworkSocketSOCKS5Proxy::GetConnectedAddress()
{
return connectedAddress;
}
uint16_t NetworkSocketSOCKS5Proxy::GetConnectedPort()
{
return connectedPort;
}
bool NetworkSocketSOCKS5Proxy::OnReadyToSend()
{
//LOGV("on ready to send, state=%d", state);
if (state == ConnectionState::Initial)
{
BufferOutputStream p(16);
p.WriteByte(5); // VER
if (!username.empty())
{
p.WriteByte(2); // NMETHODS
p.WriteByte(0); // no auth
p.WriteByte(2); // user/pass
}
else
{
p.WriteByte(1); // NMETHODS
p.WriteByte(0); // no auth
}
tcp->Send(NetworkPacket{
Buffer(std::move(p)),
NetworkAddress::Empty(),
0,
NetworkProtocol::TCP});
state = ConnectionState::WaitingForAuthMethod;
return false;
}
return udp ? udp->OnReadyToSend() : tcp->OnReadyToSend();
}
bool NetworkSocketSOCKS5Proxy::OnReadyToReceive()
{
//LOGV("on ready to receive state=%d", state);
unsigned char buf[1024];
if (state == ConnectionState::WaitingForAuthMethod)
{
size_t l = tcp->Receive(buf, sizeof(buf));
if (l < 2 || tcp->IsFailed())
{
failed = true;
return false;
}
BufferInputStream in(buf, l);
unsigned char ver = in.ReadByte();
unsigned char chosenMethod = in.ReadByte();
LOGV("socks5: VER=%02X, METHOD=%02X", ver, chosenMethod);
if (ver != 5)
{
LOGW("socks5: incorrect VER in response");
failed = true;
return false;
}
if (chosenMethod == 0)
{
// connected, no further auth needed
SendConnectionCommand();
}
else if (chosenMethod == 2 && !username.empty())
{
BufferOutputStream p(512);
p.WriteByte(1); // VER
p.WriteByte((unsigned char)(username.length() > 255 ? 255 : username.length())); // ULEN
p.WriteBytes((unsigned char *)username.c_str(), username.length() > 255 ? 255 : username.length()); // UNAME
p.WriteByte((unsigned char)(password.length() > 255 ? 255 : password.length())); // PLEN
p.WriteBytes((unsigned char *)password.c_str(), password.length() > 255 ? 255 : password.length()); // PASSWD
tcp->Send(NetworkPacket{
Buffer(std::move(p)),
NetworkAddress::Empty(),
0,
NetworkProtocol::TCP});
state = ConnectionState::WaitingForAuthResult;
}
else
{
LOGW("socks5: unsupported auth method");
failed = true;
return false;
}
return false;
}
else if (state == ConnectionState::WaitingForAuthResult)
{
size_t l = tcp->Receive(buf, sizeof(buf));
if (l < 2 || tcp->IsFailed())
{
failed = true;
return false;
}
BufferInputStream in(buf, l);
uint8_t ver = in.ReadByte();
unsigned char status = in.ReadByte();
LOGV("socks5: auth response VER=%02X, STATUS=%02X", ver, status);
if (ver != 1)
{
LOGW("socks5: auth response VER is incorrect");
failed = true;
return false;
}
if (status != 0)
{
LOGW("socks5: username/password auth failed");
failed = true;
return false;
}
LOGV("socks5: authentication succeeded");
SendConnectionCommand();
return false;
}
else if (state == ConnectionState::WaitingForCommandResult)
{
size_t l = tcp->Receive(buf, sizeof(buf));
if (protocol == NetworkProtocol::TCP)
{
if (l < 2 || tcp->IsFailed())
{
LOGW("socks5: connect failed")
failed = true;
return false;
}
BufferInputStream in(buf, l);
unsigned char ver = in.ReadByte();
if (ver != 5)
{
LOGW("socks5: connect: wrong ver in response");
failed = true;
return false;
}
unsigned char rep = in.ReadByte();
if (rep != 0)
{
LOGW("socks5: connect: failed with error %02X", rep);
failed = true;
return false;
}
LOGV("socks5: connect succeeded");
state = ConnectionState::Connected;
tcp = std::make_shared<NetworkSocketTCPObfuscated>(tcp);
readyToSend = true;
return tcp->OnReadyToSend();
}
else if (protocol == NetworkProtocol::UDP)
{
if (l < 2 || tcp->IsFailed())
{
LOGW("socks5: udp associate failed");
failed = true;
return false;
}
try
{
BufferInputStream in(buf, l);
unsigned char ver = in.ReadByte();
unsigned char rep = in.ReadByte();
if (ver != 5)
{
LOGW("socks5: udp associate: wrong ver in response");
failed = true;
return false;
}
if (rep != 0)
{
LOGW("socks5: udp associate failed with error %02X", rep);
failed = true;
return false;
}
in.ReadByte(); // RSV
unsigned char atyp = in.ReadByte();
if (atyp == 1)
{
uint32_t addr = in.ReadUInt32();
connectedAddress = NetworkAddress::IPv4(addr);
}
else if (atyp == 3)
{
unsigned char len = in.ReadByte();
char domain[256];
memset(domain, 0, sizeof(domain));
in.ReadBytes((unsigned char *)domain, len);
LOGD("address type is domain, address=%s", domain);
connectedAddress = ResolveDomainName(std::string(domain));
if (connectedAddress.IsEmpty())
{
LOGW("socks5: failed to resolve domain name '%s'", domain);
failed = true;
return false;
}
}
else if (atyp == 4)
{
unsigned char addr[16];
in.ReadBytes(addr, 16);
connectedAddress = NetworkAddress::IPv6(addr);
}
else
{
LOGW("socks5: unknown address type %d", atyp);
failed = true;
return false;
}
connectedPort = (uint16_t)ntohs(in.ReadInt16());
state = ConnectionState::Connected;
readyToSend = true;
LOGV("socks5: udp associate successful, given endpoint %s:%d", connectedAddress.ToString().c_str(), connectedPort);
}
catch (std::out_of_range &x)
{
LOGW("socks5: udp associate response parse failed");
failed = true;
}
}
}
return udp ? udp->OnReadyToReceive() : tcp->OnReadyToReceive();
}
void NetworkSocketSOCKS5Proxy::SendConnectionCommand()
{
BufferOutputStream out(1024);
if (protocol == NetworkProtocol::TCP)
{
out.WriteByte(5); // VER
out.WriteByte(1); // CMD (CONNECT)
out.WriteByte(0); // RSV
if (!connectedAddress.isIPv6)
{
out.WriteByte(1); // ATYP (IPv4)
out.WriteInt32(connectedAddress.addr.ipv4);
}
else
{
out.WriteByte(4); // ATYP (IPv6)
out.WriteBytes((unsigned char *)connectedAddress.addr.ipv6, 16);
}
out.WriteInt16(htons(connectedPort)); // DST.PORT
}
else if (protocol == NetworkProtocol::UDP)
{
LOGV("Sending udp associate");
out.WriteByte(5); // VER
out.WriteByte(3); // CMD (UDP ASSOCIATE)
out.WriteByte(0); // RSV
out.WriteByte(1); // ATYP (IPv4)
out.WriteInt32(0); // DST.ADDR
out.WriteInt16(0); // DST.PORT
}
tcp->Send(NetworkPacket{
Buffer(std::move(out)),
NetworkAddress::Empty(),
0,
NetworkProtocol::TCP});
state = ConnectionState::WaitingForCommandResult;
}
bool NetworkSocketSOCKS5Proxy::NeedSelectForSending()
{
return state == ConnectionState::Initial || state == ConnectionState::Connected;
}