/
obfs4.go
169 lines (147 loc) · 5.19 KB
/
obfs4.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
package ptx
import (
"context"
"fmt"
"net"
"path/filepath"
"time"
"github.com/ooni/probe-engine/pkg/model"
"github.com/ooni/probe-engine/pkg/runtimex"
"gitlab.com/yawning/obfs4.git/transports/base"
"gitlab.com/yawning/obfs4.git/transports/obfs4"
pt "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib"
)
// DefaultTestingOBFS4Bridge is a factory that returns you
// an OBFS4Dialer configured for the bridge we use by default
// when testing. Of course, given the nature of obfs4, it's
// not wise to use this bridge in general. But, feel free to
// use this bridge for integration testing of this code.
func DefaultTestingOBFS4Bridge() *OBFS4Dialer {
// See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/master/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
// for publicly available bridges used by Tor Browser.
return &OBFS4Dialer{
Address: "209.148.46.65:443",
Cert: "ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw",
DataDir: "testdata",
Fingerprint: "74FAD13168806246602538555B5521A0383A1875",
IATMode: "0",
}
}
// OBFS4Dialer is a dialer for obfs4. Make sure you fill all
// the fields marked as mandatory before using.
type OBFS4Dialer struct {
// Address contains the MANDATORY proxy address.
Address string
// Cert contains the MANDATORY certificate parameter.
Cert string
// DataDir is the MANDATORY directory where to store obfs4 data.
DataDir string
// Fingerprint is the MANDATORY bridge fingerprint.
Fingerprint string
// IATMode contains the MANDATORY iat-mode parameter.
IATMode string
// UnderlyingDialer is the optional underlying dialer to
// use. If not set, we will use &net.Dialer{}.
UnderlyingDialer model.SimpleDialer
}
// DialContext establishes a connection with the given obfs4 proxy. The context
// argument allows to interrupt this operation midway.
func (d *OBFS4Dialer) DialContext(ctx context.Context) (net.Conn, error) {
cd, err := d.newCancellableDialer()
if err != nil {
return nil, err
}
return cd.dial(ctx, "tcp", d.Address)
}
// newCancellableDialer constructs a new cancellable dialer. This function
// is separate from DialContext for testing purposes.
func (d *OBFS4Dialer) newCancellableDialer() (*obfs4CancellableDialer, error) {
factory := d.newFactory()
parsedargs, err := d.parseargs(factory)
if err != nil {
return nil, err
}
return &obfs4CancellableDialer{
done: make(chan interface{}),
ud: d.underlyingDialer(), // choose proper dialer
factory: factory,
parsedargs: parsedargs,
}, nil
}
// newFactory creates an obfs4 factory instance.
func (d *OBFS4Dialer) newFactory() base.ClientFactory {
o4f := &obfs4.Transport{}
cf, err := o4f.ClientFactory(filepath.Join(d.DataDir, "obfs4"))
// the source code for this transport always returns a nil error
runtimex.PanicOnError(err, "unexpected o4f.ClientFactory failure")
return cf
}
// parseargs parses the obfs4 arguments.
func (d *OBFS4Dialer) parseargs(factory base.ClientFactory) (interface{}, error) {
args := &pt.Args{"cert": []string{d.Cert}, "iat-mode": []string{d.IATMode}}
return factory.ParseArgs(args)
}
// underlyingDialer returns a suitable SimpleDialer.
func (d *OBFS4Dialer) underlyingDialer() model.SimpleDialer {
if d.UnderlyingDialer != nil {
return d.UnderlyingDialer
}
return &net.Dialer{
Timeout: 15 * time.Second, // eventually interrupt connect
}
}
// obfs4CancellableDialer is a cancellable dialer for obfs4. It will run
// the dial proper in a background goroutine, thus allowing for its early
// cancellation.
type obfs4CancellableDialer struct {
// done is a channel that will be closed when done. In normal
// usage you don't want to await for this signal. But it's useful
// for testing to know that the background goroutine joined.
done chan interface{}
// factory is the factory for obfs4.
factory base.ClientFactory
// parsedargs contains the parsed args for obfs4.
parsedargs interface{}
// ud is the underlying Dialer to use.
ud model.SimpleDialer
}
// dial performs the dial.
func (d *obfs4CancellableDialer) dial(
ctx context.Context, network, address string) (net.Conn, error) {
connch, errch := make(chan net.Conn), make(chan error, 1)
go func() {
defer close(d.done) // signal we're joining
conn, err := d.factory.Dial(network, address, d.innerDial, d.parsedargs)
if err != nil {
errch <- err // buffered channel
return
}
select {
case connch <- conn:
default:
conn.Close() // context won the race
}
}()
select {
case err := <-errch:
return nil, err
case conn := <-connch:
return conn, nil
case <-ctx.Done():
return nil, ctx.Err()
}
}
// innerDial performs the inner dial using the underlying dialer.
func (d *obfs4CancellableDialer) innerDial(network, address string) (net.Conn, error) {
return d.ud.DialContext(context.Background(), network, address)
}
// AsBridgeArgument returns the argument to be passed to
// the tor command line to declare this bridge.
func (d *OBFS4Dialer) AsBridgeArgument() string {
return fmt.Sprintf("obfs4 %s %s cert=%s iat-mode=%s",
d.Address, d.Fingerprint, d.Cert, d.IATMode)
}
// Name returns the pluggable transport name.
func (d *OBFS4Dialer) Name() string {
return "obfs4"
}