12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040 |
- /*
- * This is the source code of tgnet library v. 1.1
- * It is licensed under GNU GPL v. 2 or later.
- * You should have received a copy of the license in this archive (see LICENSE).
- *
- * Copyright Nikolai Kudashov, 2015-2018.
- */
- #include <cassert>
- #include <unistd.h>
- #include <fcntl.h>
- #include <cerrno>
- #include <sys/socket.h>
- #include <memory.h>
- #include <netinet/tcp.h>
- #include <arpa/inet.h>
- #include <netdb.h>
- #include <openssl/rand.h>
- #include <openssl/hmac.h>
- #include <algorithm>
- #include <openssl/bn.h>
- #include "ByteStream.h"
- #include "ConnectionSocket.h"
- #include "FileLog.h"
- #include "Defines.h"
- #include "ConnectionsManager.h"
- #include "EventObject.h"
- #include "Timer.h"
- #include "NativeByteBuffer.h"
- #include "BuffersStorage.h"
- #include "Connection.h"
- #ifndef EPOLLRDHUP
- #define EPOLLRDHUP 0x2000
- #endif
- #define MAX_GREASE 8
- static BIGNUM *get_y2(BIGNUM *x, const BIGNUM *mod, BN_CTX *big_num_context) {
- // returns y^2 = x^3 + 486662 * x^2 + x
- BIGNUM *y = BN_dup(x);
- assert(y != NULL);
- BIGNUM *coef = BN_new();
- BN_set_word(coef, 486662);
- BN_mod_add(y, y, coef, mod, big_num_context);
- BN_mod_mul(y, y, x, mod, big_num_context);
- BN_one(coef);
- BN_mod_add(y, y, coef, mod, big_num_context);
- BN_mod_mul(y, y, x, mod, big_num_context);
- BN_clear_free(coef);
- return y;
- }
- static BIGNUM *get_double_x(BIGNUM *x, const BIGNUM *mod, BN_CTX *big_num_context) {
- // returns x_2 =(x^2 - 1)^2/(4*y^2)
- BIGNUM *denominator = get_y2(x, mod, big_num_context);
- assert(denominator != NULL);
- BIGNUM *coef = BN_new();
- BN_set_word(coef, 4);
- BN_mod_mul(denominator, denominator, coef, mod, big_num_context);
- BIGNUM *numerator = BN_new();
- assert(numerator != NULL);
- BN_mod_mul(numerator, x, x, mod, big_num_context);
- BN_one(coef);
- BN_mod_sub(numerator, numerator, coef, mod, big_num_context);
- BN_mod_mul(numerator, numerator, numerator, mod, big_num_context);
- BN_mod_inverse(denominator, denominator, mod, big_num_context);
- BN_mod_mul(numerator, numerator, denominator, mod, big_num_context);
- BN_clear_free(coef);
- BN_clear_free(denominator);
- return numerator;
- }
- static void generate_public_key(unsigned char *key) {
- BIGNUM *mod = NULL;
- BN_hex2bn(&mod, "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
- BIGNUM *pow = NULL;
- BN_hex2bn(&pow, "3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff6");
- BN_CTX *big_num_context = BN_CTX_new();
- assert(big_num_context != NULL);
- BIGNUM *x = BN_new();
- while (1) {
- RAND_bytes(key, 32);
- key[31] &= 127;
- BN_bin2bn(key, 32, x);
- assert(x != NULL);
- BN_mod_mul(x, x, x, mod, big_num_context);
- BIGNUM *y = get_y2(x, mod, big_num_context);
- BIGNUM *r = BN_new();
- BN_mod_exp(r, y, pow, mod, big_num_context);
- BN_clear_free(y);
- if (BN_is_one(r)) {
- BN_clear_free(r);
- break;
- }
- BN_clear_free(r);
- }
- int i;
- for (i = 0; i < 3; i++) {
- BIGNUM *x2 = get_double_x(x, mod, big_num_context);
- BN_clear_free(x);
- x = x2;
- }
- int num_size = BN_num_bytes(x);
- assert(num_size <= 32);
- memset(key, '\0', 32 - num_size);
- BN_bn2bin(x, key + (32 - num_size));
- for (i = 0; i < 16; i++) {
- unsigned char t = key[i];
- key[i] = key[31 - i];
- key[31 - i] = t;
- }
- BN_clear_free(x);
- BN_CTX_free(big_num_context);
- BN_clear_free(pow);
- BN_clear_free(mod);
- }
- class TlsHello {
- public:
- TlsHello() {
- RAND_bytes(grease, MAX_GREASE);
- for (int a = 0; a < MAX_GREASE; a++) {
- grease[a] = (uint8_t) ((grease[a] & 0xf0) + 0x0A);
- }
- for (size_t i = 1; i < MAX_GREASE; i += 2) {
- if (grease[i] == grease[i - 1]) {
- grease[i] ^= 0x10;
- }
- }
- }
- struct Op {
- enum class Type {
- String, Random, K, Zero, Domain, Grease, BeginScope, EndScope
- };
- Type type;
- size_t length;
- int seed;
- std::string data;
- static Op string(const char str[], size_t len) {
- Op res;
- res.type = Type::String;
- res.data = std::string(str, len);
- return res;
- }
- static Op random(size_t length) {
- Op res;
- res.type = Type::Random;
- res.length = length;
- return res;
- }
- static Op K() {
- Op res;
- res.type = Type::K;
- res.length = 32;
- return res;
- }
- static Op zero(size_t length) {
- Op res;
- res.type = Type::Zero;
- res.length = length;
- return res;
- }
- static Op domain() {
- Op res;
- res.type = Type::Domain;
- return res;
- }
- static Op grease(int seed) {
- Op res;
- res.type = Type::Grease;
- res.seed = seed;
- return res;
- }
- static Op begin_scope() {
- Op res;
- res.type = Type::BeginScope;
- return res;
- }
- static Op end_scope() {
- Op res;
- res.type = Type::EndScope;
- return res;
- }
- };
- static const TlsHello &getDefault() {
- static TlsHello result = [] {
- TlsHello res;
- res.ops = {
- Op::string("\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03", 11),
- Op::zero(32),
- Op::string("\x20", 1),
- Op::random(32),
- Op::string("\x00\x20", 2),
- Op::grease(0),
- Op::string("\x13\x01\x13\x02\x13\x03\xc0\x2b\xc0\x2f\xc0\x2c\xc0\x30\xcc\xa9\xcc\xa8\xc0\x13\xc0\x14\x00\x9c"
- "\x00\x9d\x00\x2f\x00\x35\x01\x00\x01\x93", 34),
- Op::grease(2),
- Op::string("\x00\x00\x00\x00", 4),
- Op::begin_scope(),
- Op::begin_scope(),
- Op::string("\x00", 1),
- Op::begin_scope(),
- Op::domain(),
- Op::end_scope(),
- Op::end_scope(),
- Op::end_scope(),
- Op::string("\x00\x17\x00\x00\xff\x01\x00\x01\x00\x00\x0a\x00\x0a\x00\x08", 15),
- Op::grease(4),
- Op::string(
- "\x00\x1d\x00\x17\x00\x18\x00\x0b\x00\x02\x01\x00\x00\x23\x00\x00\x00\x10\x00\x0e\x00\x0c\x02\x68\x32\x08"
- "\x68\x74\x74\x70\x2f\x31\x2e\x31\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x0d\x00\x12\x00\x10\x04\x03\x08"
- "\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x00\x12\x00\x00\x00\x33\x00\x2b\x00\x29", 75),
- Op::grease(4),
- Op::string("\x00\x01\x00\x00\x1d\x00\x20", 7),
- Op::K(),
- Op::string("\x00\x2d\x00\x02\x01\x01\x00\x2b\x00\x0b\x0a", 11),
- Op::grease(6),
- Op::string("\x03\x04\x03\x03\x03\x02\x03\x01\x00\x1b\x00\x03\x02\x00\x02", 15),
- Op::grease(3),
- Op::string("\x00\x01\x00\x00\x15", 5)};
- return res;
- }();
- return result;
- }
- uint32_t writeToBuffer(uint8_t *data) {
- uint32_t offset = 0;
- for (auto op : ops) {
- writeOp(op, data, offset);
- }
- return offset;
- }
- uint32_t writePadding(uint8_t *data, uint32_t length) {
- if (length > 515) {
- return 0;
- }
- uint32_t size = 515 - length;
- memset(data + length + 2, 0, size);
- data[length] = static_cast<uint8_t>((size >> 8) & 0xff);
- data[length + 1] = static_cast<uint8_t>(size & 0xff);
- return length + size + 2;
- }
- void setDomain(std::string value) {
- domain = std::move(value);
- }
- private:
- std::vector<Op> ops;
- uint8_t grease[MAX_GREASE];
- std::vector<size_t> scopeOffset;
- std::string domain;
- void writeOp(const TlsHello::Op &op, uint8_t *data, uint32_t &offset) {
- using Type = TlsHello::Op::Type;
- switch (op.type) {
- case Type::String:
- memcpy(data + offset, op.data.data(), op.data.size());
- offset += op.data.size();
- break;
- case Type::Random:
- RAND_bytes(data + offset, (size_t) op.length);
- offset += op.length;
- break;
- case Type::K:
- generate_public_key(data + offset);
- offset += op.length;
- break;
- case Type::Zero:
- std::memset(data + offset, 0, op.length);
- offset += op.length;
- break;
- case Type::Domain: {
- size_t size = domain.size();
- if (size > 253) {
- size = 253;
- }
- memcpy(data + offset, domain.data(), size);
- offset += size;
- break;
- }
- case Type::Grease: {
- data[offset] = grease[op.seed];
- data[offset + 1] = grease[op.seed];
- offset += 2;
- break;
- }
- case Type::BeginScope:
- scopeOffset.push_back(offset);
- offset += 2;
- break;
- case Type::EndScope: {
- auto begin_offset = scopeOffset.back();
- scopeOffset.pop_back();
- size_t size = offset - begin_offset - 2;
- data[begin_offset] = static_cast<uint8_t>((size >> 8) & 0xff);
- data[begin_offset + 1] = static_cast<uint8_t>(size & 0xff);
- break;
- }
- }
- }
- };
- ConnectionSocket::ConnectionSocket(int32_t instance) {
- instanceNum = instance;
- outgoingByteStream = new ByteStream();
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- eventObject = new EventObject(this, EventObjectTypeConnection);
- }
- ConnectionSocket::~ConnectionSocket() {
- if (outgoingByteStream != nullptr) {
- delete outgoingByteStream;
- outgoingByteStream = nullptr;
- }
- if (eventObject != nullptr) {
- delete eventObject;
- eventObject = nullptr;
- }
- if (tempBuffer != nullptr) {
- delete tempBuffer;
- tempBuffer = nullptr;
- }
- if (tlsBuffer != nullptr) {
- tlsBuffer->reuse();
- tlsBuffer = nullptr;
- }
- }
- void ConnectionSocket::openConnection(std::string address, uint16_t port, std::string secret, bool ipv6, int32_t networkType) {
- currentNetworkType = networkType;
- isIpv6 = ipv6;
- currentAddress = address;
- currentPort = port;
- waitingForHostResolve = "";
- adjustWriteOpAfterResolve = false;
- tlsState = 0;
- ConnectionsManager::getInstance(instanceNum).attachConnection(this);
- memset(&socketAddress, 0, sizeof(sockaddr_in));
- memset(&socketAddress6, 0, sizeof(sockaddr_in6));
- std::string *proxyAddress = &overrideProxyAddress;
- std::string *proxySecret = &overrideProxySecret;
- uint16_t proxyPort = overrideProxyPort;
- if (proxyAddress->empty()) {
- proxyAddress = &ConnectionsManager::getInstance(instanceNum).proxyAddress;
- proxyPort = ConnectionsManager::getInstance(instanceNum).proxyPort;
- proxySecret = &ConnectionsManager::getInstance(instanceNum).proxySecret;
- }
- if (!proxyAddress->empty()) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) connecting via proxy %s:%d secret[%d]", this, proxyAddress->c_str(), proxyPort, (int) proxySecret->size());
- if ((socketFd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) can't create proxy socket", this);
- closeSocket(1, -1);
- return;
- }
- uint32_t tempBuffLength;
- if (proxySecret->empty()) {
- proxyAuthState = 1;
- tempBuffLength = 1024;
- } else if (proxySecret->size() > 17 && (*proxySecret)[0] == '\xee') {
- proxyAuthState = 10;
- currentSecret = proxySecret->substr(1, 16);
- currentSecretDomain = proxySecret->substr(17);
- tempBuffLength = 65 * 1024;
- } else {
- proxyAuthState = 0;
- tempBuffLength = 0;
- }
- if (tempBuffLength > 0) {
- if (tempBuffer == nullptr || tempBuffer->length < tempBuffLength) {
- if (tempBuffer != nullptr) {
- delete tempBuffer;
- }
- tempBuffer = new ByteArray(tempBuffLength);
- }
- }
- socketAddress.sin_family = AF_INET;
- socketAddress.sin_port = htons(proxyPort);
- bool continueCheckAddress;
- if (inet_pton(AF_INET, proxyAddress->c_str(), &socketAddress.sin_addr.s_addr) != 1) {
- continueCheckAddress = true;
- if (LOGS_ENABLED) DEBUG_D("connection(%p) not ipv4 address %s", this, proxyAddress->c_str());
- } else {
- ipv6 = false;
- continueCheckAddress = false;
- }
- if (continueCheckAddress) {
- if (inet_pton(AF_INET6, proxyAddress->c_str(), &socketAddress6.sin6_addr.s6_addr) != 1) {
- continueCheckAddress = true;
- if (LOGS_ENABLED) DEBUG_D("connection(%p) not ipv6 address %s", this, proxyAddress->c_str());
- } else {
- ipv6 = true;
- continueCheckAddress = false;
- }
- if (continueCheckAddress) {
- #ifdef USE_DELEGATE_HOST_RESOLVE
- waitingForHostResolve = *proxyAddress;
- ConnectionsManager::getInstance(instanceNum).delegate->getHostByName(*proxyAddress, instanceNum, this);
- return;
- #else
- struct hostent *he;
- if ((he = gethostbyname(proxyAddress->c_str())) == nullptr) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) can't resolve host %s address", this, proxyAddress->c_str());
- closeSocket(1, -1);
- return;
- }
- struct in_addr **addr_list = (struct in_addr **) he->h_addr_list;
- if (addr_list[0] != nullptr) {
- socketAddress.sin_addr.s_addr = addr_list[0]->s_addr;
- if (LOGS_ENABLED) DEBUG_D("connection(%p) resolved host %s address %x", this, proxyAddress->c_str(), addr_list[0]->s_addr);
- ipv6 = false;
- } else {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) can't resolve host %s address", this, proxyAddress->c_str());
- closeSocket(1, -1);
- return;
- }
- #endif
- }
- }
- } else {
- proxyAuthState = 0;
- if ((socketFd = socket(ipv6 ? AF_INET6 : AF_INET, SOCK_STREAM, 0)) < 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) can't create socket", this);
- closeSocket(1, -1);
- return;
- }
- if (ipv6) {
- socketAddress6.sin6_family = AF_INET6;
- socketAddress6.sin6_port = htons(port);
- if (inet_pton(AF_INET6, address.c_str(), &socketAddress6.sin6_addr.s6_addr) != 1) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) bad ipv6 %s", this, address.c_str());
- closeSocket(1, -1);
- return;
- }
- } else {
- socketAddress.sin_family = AF_INET;
- socketAddress.sin_port = htons(port);
- if (inet_pton(AF_INET, address.c_str(), &socketAddress.sin_addr.s_addr) != 1) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) bad ipv4 %s", this, address.c_str());
- closeSocket(1, -1);
- return;
- }
- }
- uint32_t tempBuffLength;
- if (secret.size() > 17 && secret[0] == '\xee') {
- proxyAuthState = 10;
- currentSecret = secret.substr(1, 16);
- currentSecretDomain = secret.substr(17);
- tempBuffLength = 65 * 1024;
- } else {
- proxyAuthState = 0;
- tempBuffLength = 0;
- }
- if (tempBuffLength > 0) {
- if (tempBuffer == nullptr || tempBuffer->length < tempBuffLength) {
- if (tempBuffer != nullptr) {
- delete tempBuffer;
- }
- tempBuffer = new ByteArray(tempBuffLength);
- }
- }
- }
- openConnectionInternal(ipv6);
- }
- void ConnectionSocket::openConnectionInternal(bool ipv6) {
- int epolFd = ConnectionsManager::getInstance(instanceNum).epolFd;
- int yes = 1;
- if (setsockopt(socketFd, IPPROTO_TCP, TCP_NODELAY, &yes, sizeof(int))) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) set TCP_NODELAY failed", this);
- }
- #ifdef DEBUG_VERSION
- int size = 4 * 1024 * 1024;
- if (setsockopt(socketFd, SOL_SOCKET, SO_SNDBUF, &size, sizeof(int))) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) set SO_SNDBUF failed", this);
- }
- if (setsockopt(socketFd, SOL_SOCKET, SO_RCVBUF, &size, sizeof(int))) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) set SO_RCVBUF failed", this);
- }
- #endif
- if (fcntl(socketFd, F_SETFL, O_NONBLOCK) == -1) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) set O_NONBLOCK failed", this);
- closeSocket(1, -1);
- return;
- }
- if (connect(socketFd, (ipv6 ? (sockaddr *) &socketAddress6 : (sockaddr *) &socketAddress), (socklen_t) (ipv6 ? sizeof(sockaddr_in6) : sizeof(sockaddr_in))) == -1 && errno != EINPROGRESS) {
- closeSocket(1, -1);
- } else {
- eventMask.events = EPOLLOUT | EPOLLIN | EPOLLRDHUP | EPOLLERR | EPOLLET;
- eventMask.data.ptr = eventObject;
- if (epoll_ctl(epolFd, EPOLL_CTL_ADD, socketFd, &eventMask) != 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) epoll_ctl, adding socket failed", this);
- closeSocket(1, -1);
- }
- }
- if (adjustWriteOpAfterResolve) {
- adjustWriteOp();
- }
- }
- int32_t ConnectionSocket::checkSocketError(int32_t *error) {
- if (socketFd < 0) {
- return true;
- }
- int ret;
- int code;
- socklen_t len = sizeof(int);
- ret = getsockopt(socketFd, SOL_SOCKET, SO_ERROR, &code, &len);
- if (ret != 0 || code != 0) {
- if (LOGS_ENABLED) DEBUG_E("socket error 0x%x code 0x%x", ret, code);
- }
- *error = code;
- return (ret || code) != 0;
- }
- void ConnectionSocket::closeSocket(int32_t reason, int32_t error) {
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- ConnectionsManager::getInstance(instanceNum).detachConnection(this);
- if (socketFd >= 0) {
- epoll_ctl(ConnectionsManager::getInstance(instanceNum).epolFd, EPOLL_CTL_DEL, socketFd, nullptr);
- if (close(socketFd) != 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) unable to close socket", this);
- }
- socketFd = -1;
- }
- waitingForHostResolve = "";
- adjustWriteOpAfterResolve = false;
- proxyAuthState = 0;
- tlsState = 0;
- onConnectedSent = false;
- outgoingByteStream->clean();
- if (tlsBuffer != nullptr) {
- tlsBuffer->reuse();
- tlsBuffer = nullptr;
- }
- onDisconnected(reason, error);
- }
- void ConnectionSocket::onEvent(uint32_t events) {
- if (events & EPOLLIN) {
- int32_t error;
- if (checkSocketError(&error) != 0) {
- closeSocket(1, error);
- return;
- } else {
- ssize_t readCount;
- NativeByteBuffer *buffer = ConnectionsManager::getInstance(instanceNum).networkBuffer;
- while (true) {
- buffer->rewind();
- readCount = recv(socketFd, buffer->bytes(), READ_BUFFER_SIZE, 0);
- if (readCount < 0) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) recv failed", this);
- return;
- }
- if (readCount > 0) {
- buffer->limit((uint32_t) readCount);
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- if (proxyAuthState == 11) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS received %d", this, (int) readCount);
- size_t newBytesRead = bytesRead + readCount;
- if (newBytesRead > 64 * 1024) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS client hello too much data", this);
- return;
- }
- if (newBytesRead >= 16) {
- std::memcpy(tempBuffer->bytes + bytesRead, buffer->bytes(), (size_t) readCount);
- static std::string hello1 = std::string("\x16\x03\x03", 3);
- if (std::memcmp(hello1.data(), tempBuffer->bytes, hello1.size()) != 0) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS hello1 mismatch", this);
- return;
- }
- size_t len1 = (tempBuffer->bytes[3] << 8) + tempBuffer->bytes[4];
- if (len1 > 64 * 1024 - 5) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS len1 invalid", this);
- return;
- } else if (newBytesRead < len1 + 5) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS client hello wait for more data", this);
- bytesRead = newBytesRead;
- return;
- }
- static std::string hello2 = std::string("\x14\x03\x03\x00\x01\x01\x17\x03\x03", 9);
- if (std::memcmp(hello2.data(), tempBuffer->bytes + 5 + len1, hello2.size()) != 0) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS hello2 mismatch", this);
- return;
- }
- size_t len2 = (tempBuffer->bytes[5 + 9 + len1] << 8) + tempBuffer->bytes[5 + 9 + len1 + 1];
- if (len2 > 64 * 1024 - len1 - 5 - 11) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS len2 invalid", this);
- return;
- } else if (newBytesRead < len2 + len1 + 5 + 11) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS client hello wait for more data", this);
- bytesRead = newBytesRead;
- return;
- }
- std::memcpy(tempBuffer->bytes + 64 * 1024 + 32, tempBuffer->bytes + 11, 32);
- std::memset(tempBuffer->bytes + 11, 0, 32);
- uint8_t *temp = new uint8_t[32 + newBytesRead];
- memcpy(temp, tempBuffer->bytes + 64 * 1024, 32);
- memcpy(temp + 32, tempBuffer->bytes, newBytesRead);
- uint32_t outLength;
- HMAC(EVP_sha256(), currentSecret.data(), currentSecret.size(), temp, 32 + newBytesRead, tempBuffer->bytes + 64 * 1024, &outLength);
- delete[] temp;
- if (std::memcmp(tempBuffer->bytes + 64 * 1024, tempBuffer->bytes + 64 * 1024 + 32, 32) != 0) {
- tlsHashMismatch = true;
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS hash mismatch", this);
- return;
- }
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS hello complete", this);
- tlsState = 1;
- proxyAuthState = 0;
- bytesRead = 0;
- adjustWriteOp();
- } else {
- std::memcpy(tempBuffer->bytes + bytesRead, buffer->bytes(), (size_t) readCount);
- bytesRead = newBytesRead;
- }
- } else if (proxyAuthState == 2) {
- if (readCount == 2) {
- uint8_t auth_method = buffer->bytes()[1];
- if (auth_method == 0xff) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) unsupported proxy auth method", this);
- } else if (auth_method == 0x02) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) proxy auth required", this);
- proxyAuthState = 3;
- } else if (auth_method == 0x00) {
- proxyAuthState = 5;
- }
- adjustWriteOp();
- } else {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy response on state 2", this);
- }
- } else if (proxyAuthState == 4) {
- if (readCount == 2) {
- uint8_t auth_method = buffer->bytes()[1];
- if (auth_method != 0x00) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) auth invalid", this);
- } else {
- proxyAuthState = 5;
- }
- adjustWriteOp();
- } else {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy response on state 4", this);
- }
- } else if (proxyAuthState == 6) {
- if (readCount > 2) {
- uint8_t status = buffer->bytes()[1];
- if (status == 0x00) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) connected via proxy", this);
- proxyAuthState = 0;
- adjustWriteOp();
- } else {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy status on state 6, 0x%x", this, status);
- }
- } else {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy response on state 6", this);
- }
- } else if (proxyAuthState == 0) {
- if (ConnectionsManager::getInstance(instanceNum).delegate != nullptr) {
- ConnectionsManager::getInstance(instanceNum).delegate->onBytesReceived((int32_t) readCount, currentNetworkType, instanceNum);
- }
- if (tlsState != 0) {
- while (buffer->hasRemaining()) {
- size_t newBytesRead = buffer->remaining();
- if (tlsBuffer != nullptr) {
- newBytesRead += tlsBuffer->position();
- if (tlsBufferSized) {
- newBytesRead += 5;
- }
- }
- if (newBytesRead >= 5) {
- if (tlsBuffer == nullptr || !tlsBufferSized) {
- uint32_t pos = buffer->position();
- uint8_t offset = 0;
- uint8_t header[5];
- if (tlsBuffer != nullptr) {
- offset = (uint8_t) tlsBuffer->position();
- memcpy(header, tlsBuffer->bytes(), offset);
- tlsBuffer->reuse();
- tlsBuffer = nullptr;
- }
- memcpy(header + offset, buffer->bytes() + pos, (uint8_t) (5 - offset));
- static std::string header1 = std::string("\x17\x03\x03", 3);
- if (std::memcmp(header1.data(), header, header1.size()) != 0) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS response header1 mismatch", this);
- return;
- }
- uint32_t len1 = (header[3] << 8) + header[4];
- if (len1 > 64 * 1024) {
- closeSocket(1, -1);
- if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS response len1 invalid", this);
- return;
- } else {
- tlsBuffer = BuffersStorage::getInstance().getFreeBuffer(len1);
- tlsBufferSized = true;
- buffer->position(pos + (5 - offset));
- }
- } else {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS response new data %d", this, buffer->remaining());
- }
- buffer->limit(std::min(buffer->position() + tlsBuffer->remaining(), buffer->limit()));
- tlsBuffer->writeBytes(buffer);
- buffer->limit((uint32_t) readCount);
- if (tlsBuffer->remaining() == 0) {
- tlsBuffer->rewind();
- onReceivedData(tlsBuffer);
- if (tlsBuffer == nullptr) {
- return;
- }
- tlsBuffer->reuse();
- tlsBuffer = nullptr;
- } else {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS response wait for more data, total size %d, left %d", this, tlsBuffer->limit(), tlsBuffer->remaining());
- }
- } else {
- if (tlsBuffer == nullptr) {
- tlsBuffer = BuffersStorage::getInstance().getFreeBuffer(4);
- tlsBufferSized = false;
- }
- tlsBuffer->writeBytes(buffer);
- if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS response wait for more data, not enough bytes for header, total = %d", this, (int) tlsBuffer->position());
- }
- }
- } else {
- onReceivedData(buffer);
- }
- }
- }
- if (readCount != READ_BUFFER_SIZE) {
- break;
- }
- }
- }
- }
- if (events & EPOLLOUT) {
- int32_t error;
- if (checkSocketError(&error) != 0) {
- closeSocket(1, error);
- return;
- } else {
- if (proxyAuthState != 0) {
- if (proxyAuthState >= 10) {
- if (proxyAuthState == 10) {
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- tlsHashMismatch = false;
- proxyAuthState = 11;
- TlsHello hello = TlsHello::getDefault();
- hello.setDomain(currentSecretDomain);
- uint32_t size = hello.writeToBuffer(tempBuffer->bytes);
- if (!(size = hello.writePadding(tempBuffer->bytes, size))) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) too much data for padding", this);
- closeSocket(1, -1);
- return;
- }
- uint32_t outLength;
- HMAC(EVP_sha256(), currentSecret.data(), currentSecret.size(), tempBuffer->bytes, size, tempBuffer->bytes + 64 * 1024, &outLength);
- int32_t currentTime = ConnectionsManager::getInstance(instanceNum).getCurrentTime();
- int32_t old = ((int32_t *) (tempBuffer->bytes + 64 * 1024 + 28))[0];
- ((int32_t *) (tempBuffer->bytes + 64 * 1024 + 28))[0] = old ^ currentTime;
- memcpy(tempBuffer->bytes + 11, tempBuffer->bytes + 64 * 1024, 32);
- bytesRead = 0;
- if (send(socketFd, tempBuffer->bytes, size, 0) < 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
- closeSocket(1, -1);
- return;
- }
- adjustWriteOp();
- }
- } else {
- if (proxyAuthState == 1) {
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- proxyAuthState = 2;
- tempBuffer->bytes[0] = 0x05;
- tempBuffer->bytes[1] = 0x02;
- tempBuffer->bytes[2] = 0x00;
- tempBuffer->bytes[3] = 0x02;
- if (send(socketFd, tempBuffer->bytes, 4, 0) < 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
- closeSocket(1, -1);
- return;
- }
- adjustWriteOp();
- } else if (proxyAuthState == 3) {
- tempBuffer->bytes[0] = 0x01;
- std::string *proxyUser;
- std::string *proxyPassword;
- if (!overrideProxyAddress.empty()) {
- proxyUser = &overrideProxyUser;
- proxyPassword = &overrideProxyPassword;
- } else {
- proxyUser = &ConnectionsManager::getInstance(instanceNum).proxyUser;
- proxyPassword = &ConnectionsManager::getInstance(instanceNum).proxyPassword;
- }
- uint8_t len1 = (uint8_t) proxyUser->length();
- uint8_t len2 = (uint8_t) proxyPassword->length();
- tempBuffer->bytes[1] = len1;
- memcpy(tempBuffer->bytes + 2, proxyUser->c_str(), len1);
- tempBuffer->bytes[2 + len1] = len2;
- memcpy(tempBuffer->bytes + 3 + len1, proxyPassword->c_str(), len2);
- proxyAuthState = 4;
- if (send(socketFd, tempBuffer->bytes, 3 + len1 + len2, 0) < 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
- closeSocket(1, -1);
- return;
- }
- adjustWriteOp();
- } else if (proxyAuthState == 5) {
- tempBuffer->bytes[0] = 0x05;
- tempBuffer->bytes[1] = 0x01;
- tempBuffer->bytes[2] = 0x00;
- tempBuffer->bytes[3] = (uint8_t) (isIpv6 ? 0x04 : 0x01);
- uint16_t networkPort = ntohs(currentPort);
- inet_pton(isIpv6 ? AF_INET6 : AF_INET, currentAddress.c_str(), tempBuffer->bytes + 4);
- memcpy(tempBuffer->bytes + 4 + (isIpv6 ? 16 : 4), &networkPort, sizeof(uint16_t));
- proxyAuthState = 6;
- if (send(socketFd, tempBuffer->bytes, 4 + (isIpv6 ? 16 : 4) + 2, 0) < 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
- closeSocket(1, -1);
- return;
- }
- adjustWriteOp();
- }
- }
- } else {
- if (!onConnectedSent) {
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- if (LOGS_ENABLED) DEBUG_D("connection(%p) reset last event time, on connect", this);
- onConnected();
- onConnectedSent = true;
- }
- NativeByteBuffer *buffer = ConnectionsManager::getInstance(instanceNum).networkBuffer;
- buffer->clear();
- outgoingByteStream->get(buffer);
- buffer->flip();
- uint32_t remaining = buffer->remaining();
- if (remaining) {
- ssize_t sentLength;
- if (tlsState != 0) {
- if (remaining > 2878) {
- remaining = 2878;
- }
- size_t headersSize = 0;
- if (tlsState == 1) {
- static std::string header1 = std::string("\x14\x03\x03\x00\x01\x01", 6);
- std::memcpy(tempBuffer->bytes, header1.data(), header1.size());
- headersSize += header1.size();
- tlsState = 2;
- }
- static std::string header2 = std::string("\x17\x03\x03", 3);
- std::memcpy(tempBuffer->bytes + headersSize, header2.data(), header2.size());
- headersSize += header2.size();
- tempBuffer->bytes[headersSize] = static_cast<uint8_t>((remaining >> 8) & 0xff);
- tempBuffer->bytes[headersSize + 1] = static_cast<uint8_t>(remaining & 0xff);
- headersSize += 2;
- std::memcpy(tempBuffer->bytes + headersSize, buffer->bytes(), remaining);
- if ((sentLength = send(socketFd, tempBuffer->bytes, headersSize + remaining, 0)) < headersSize) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
- closeSocket(1, -1);
- return;
- } else {
- if (ConnectionsManager::getInstance(instanceNum).delegate != nullptr) {
- ConnectionsManager::getInstance(instanceNum).delegate->onBytesSent((int32_t) sentLength, currentNetworkType, instanceNum);
- }
- outgoingByteStream->discard((uint32_t) (sentLength - headersSize));
- adjustWriteOp();
- }
- } else {
- if ((sentLength = send(socketFd, buffer->bytes(), remaining, 0)) < 0) {
- if (LOGS_ENABLED) DEBUG_D("connection(%p) send failed", this);
- closeSocket(1, -1);
- return;
- } else {
- if (ConnectionsManager::getInstance(instanceNum).delegate != nullptr) {
- ConnectionsManager::getInstance(instanceNum).delegate->onBytesSent((int32_t) sentLength, currentNetworkType, instanceNum);
- }
- outgoingByteStream->discard((uint32_t) sentLength);
- adjustWriteOp();
- }
- }
- }
- }
- }
- }
- if (events & EPOLLHUP) {
- if (LOGS_ENABLED) DEBUG_E("socket event has EPOLLHUP");
- closeSocket(1, -1);
- return;
- } else if (events & EPOLLRDHUP) {
- if (LOGS_ENABLED) DEBUG_E("socket event has EPOLLRDHUP");
- closeSocket(1, -1);
- return;
- }
- if (events & EPOLLERR) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) epoll error", this);
- return;
- }
- }
- void ConnectionSocket::writeBuffer(uint8_t *data, uint32_t size) {
- NativeByteBuffer *buffer = BuffersStorage::getInstance().getFreeBuffer(size);
- buffer->writeBytes(data, size);
- outgoingByteStream->append(buffer);
- adjustWriteOp();
- }
- void ConnectionSocket::writeBuffer(NativeByteBuffer *buffer) {
- outgoingByteStream->append(buffer);
- adjustWriteOp();
- }
- void ConnectionSocket::adjustWriteOp() {
- if (!waitingForHostResolve.empty()) {
- adjustWriteOpAfterResolve = true;
- return;
- }
- eventMask.events = EPOLLIN | EPOLLRDHUP | EPOLLERR | EPOLLET;
- if (proxyAuthState == 0 && (outgoingByteStream->hasData() || !onConnectedSent) || proxyAuthState == 1 || proxyAuthState == 3 || proxyAuthState == 5 || proxyAuthState == 10) {
- eventMask.events |= EPOLLOUT;
- }
- eventMask.data.ptr = eventObject;
- if (epoll_ctl(ConnectionsManager::getInstance(instanceNum).epolFd, EPOLL_CTL_MOD, socketFd, &eventMask) != 0) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) epoll_ctl, modify socket failed", this);
- closeSocket(1, -1);
- }
- }
- void ConnectionSocket::setTimeout(time_t time) {
- timeout = time;
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- if (LOGS_ENABLED) DEBUG_D("connection(%p) set current timeout = %lld", this, (long long) timeout);
- }
- time_t ConnectionSocket::getTimeout() {
- return timeout;
- }
- bool ConnectionSocket::checkTimeout(int64_t now) {
- if (timeout != 0 && (now - lastEventTime) > (int64_t) timeout * 1000) {
- if (!onConnectedSent || hasPendingRequests()) {
- closeSocket(2, 0);
- return true;
- } else {
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- if (LOGS_ENABLED) DEBUG_D("connection(%p) reset last event time, no requests", this);
- }
- }
- return false;
- }
- bool ConnectionSocket::hasTlsHashMismatch() {
- return tlsHashMismatch;
- }
- void ConnectionSocket::resetLastEventTime() {
- lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
- }
- bool ConnectionSocket::isDisconnected() {
- return socketFd < 0;
- }
- void ConnectionSocket::dropConnection() {
- closeSocket(0, 0);
- }
- void ConnectionSocket::setOverrideProxy(std::string address, uint16_t port, std::string username, std::string password, std::string secret) {
- overrideProxyAddress = address;
- overrideProxyPort = port;
- overrideProxyUser = username;
- overrideProxyPassword = password;
- overrideProxySecret = secret;
- }
- void ConnectionSocket::onHostNameResolved(std::string host, std::string ip, bool ipv6) {
- ConnectionsManager::getInstance(instanceNum).scheduleTask([&, host, ip, ipv6] {
- if (waitingForHostResolve == host) {
- waitingForHostResolve = "";
- if (ip.empty() || inet_pton(AF_INET, ip.c_str(), &socketAddress.sin_addr.s_addr) != 1) {
- if (LOGS_ENABLED) DEBUG_E("connection(%p) can't resolve host %s address via delegate", this, host.c_str());
- closeSocket(1, -1);
- return;
- }
- if (LOGS_ENABLED) DEBUG_D("connection(%p) resolved host %s address %s via delegate", this, host.c_str(), ip.c_str());
- openConnectionInternal(ipv6);
- }
- });
- }
|