commit f3345057b19f842e7655f53df195bfbf3e590135 Author: David Fifield <david@bamsoftware.com> Date: Thu Oct 3 08:19:32 2013 -0700 Move websocket-transport to /pluggable-transports/websocket.git. Per #9863. --- .gitignore | 2 - README | 16 +- doc/websocket-transport.txt | 219 ------- websocket-transport/Makefile | 34 -- websocket-transport/src/pt/pt.go | 605 -------------------- websocket-transport/src/pt/socks/socks.go | 107 ---- .../src/websocket-client/websocket-client.go | 254 -------- .../src/websocket-server/websocket-server.go | 285 --------- websocket-transport/src/websocket/websocket.go | 431 -------------- 9 files changed, 4 insertions(+), 1949 deletions(-) diff --git a/.gitignore b/.gitignore index 6195b6c..c3e5b7f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,5 @@ *.pyc /dist /py2exe-tmp -/websocket-transport/websocket-client -/websocket-transport/websocket-server /modules/nodejs/node_modules /modules/nodejs/flashproxy.js diff --git a/README b/README index 8f84ed8..ca93ce8 100644 --- a/README +++ b/README @@ -99,18 +99,10 @@ re-register: == How to run a relay -A server transport plugin for the WebSocket protocol is in the -websocket-transport directory. To build it, you need development tools -for the Go programming language ("apt-get install golang" on Debian). - $ cd websocket-transport - $ make - # make install -You will need a version of Tor supporting the extended OR port protocol. - $ git clone https://git.torproject.org/user/asn/tor.git -b bug4773_rebase -Add a line like the following to the relay's torrc. You can change the ---port option; make sure that port is open in the firewall. - ExtORPort 5555 - ServerTransportPlugin websocket exec /usr/local/bin/websocket-server --port 9901 +Proxies talk to a relay running the websocket pluggable transport. +Source code and documentation for the server transport plugin are in the +Git repository at +https://git.torproject.org/pluggable-transports/websocket.git. == How to put a flash proxy badge on a web page diff --git a/doc/websocket-transport.txt b/doc/websocket-transport.txt deleted file mode 100644 index a9d839f..0000000 --- a/doc/websocket-transport.txt +++ /dev/null @@ -1,219 +0,0 @@ -Title: WebSocket pluggable transport -Author: David Fifield - -Overview - - This proposal describes the "websocket" pluggable transport for Tor. - It uses the WebSocket protocol now implemented by many web browsers. - It is mostly a straightforward description of proxying WebSocket to - plain TCP, with special consideration for a base64 encoding for agents - that don't support binary WebSocket frames. - -Motivation - - The WebSocket protocol is used by the "flash proxy" system that uses - web browsers as temporary proxies; browsers may connect to a relay - that supports this pluggable transport. Additionally, if WebSocket has - a lot of non-Tor use, it becomes a good target for tunneling, perhaps - in conjunction with a lower layer of obfuscation. WebSocket commonly - works over HTTP ports that are likely to get through a firewall. - -WebSocket overview - - WebSocket is a protocol (rather, several mostly compatible protocols) - aimed at exposing socket-like functionality to JavaScript in web - browsers. It is partially aimed at supplanting techniques such as HTTP - long polling for client–server communication. WebSocket provides - bidirectional communication between a client and server, sufficient to - tunnel Tor traffic. A WebSocket session begins with an HTTP Upgrade - handshake. The socket carries data broken into variable-length - "messages" which are further broken into "frames." There are - distinguished frame opcodes that serve to send either data or control - information. Frames sent by the client (but not the server) are XORed - with a repeating 32-bit mask that is randomly generated per-frame. - - Broadly speaking, there are two versions of WebSocket: the older - "hixie" protocol, and the newer "hybi" protocol which is now RFC 6455. - There are subprotocols within these two versions that differ only in - small ways: "hixie-75" and "hixie-76"; and "hybi-7", "hybi-10", and - "hybi-17". The older "hybi" sockets were supported by Firefox 4 and - Opera 11, but were later disabled because of problems with interaction - with reverse HTTP proxies. Current versions of Firefox and Chrome - support "hybi" sockets, while Safari only supports "hixie". - - The "hybi" sockets support text frames and binary frames. Text frames - may only include UTF-8–encoded text; it is an error if payload doesn't - decode. Binary frames may contain any binary data. However, not all - web browsers support binary frames; they were first added to Firefox - in version 11. The "hixie" sockets have only text frames. - -Method name - - The method name of the transport is "websocket". For example, these - are possible torrc configurations for a client and server, - respectively: - -UseBridges 1 -ClientTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --client -Bridge websocket 198.51.100.1 - -ServerTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --server - -The base64 subprotocol - - The most convenient way to tunnel data over WebSocket is with binary - frames, but not all web browsers support binary frames. To work around - this, the "base64" subprotocol encodes binary data as base64 within - text frames. A client that knows it does not support binary frames - requests the base64 subprotocol by including "base64" in the value of - the Sec-WebSocket-Protocol header field. A server that also supports - this subprotocol by sending the value "base64" (and only "base64") in - the Sec-WebSocket-Protocol header field of its response. See under - "Examples" for examples of handshakes like this. - - The base64 encoding is applied at the message level, not the frame - level. This means, in particular, that any '=' padding occurs only at - the end of a message, not at the end of each of its constituent - frames. So, for example, the 5-byte message "Hello", whose base64 - encoding is "SGVsbG8=", may be sent as one text frame as follows: - - 0x81 0x08 "SGVsbG8=" - - or, for example, as two frames (one of 2 bytes and one of 6 bytes): - - 0x01 0x02 "SG" 0x81 0x06 "VsbG8=" - - When sent by a client, all frames including these must be masked. Here - is an example of a masked base64-encoded message sent as a single - frame (using the masking key 0x12345678): - - 0x81 0x18 0x12 0x34 0x56 0x78 0x41 0x73 0x00 0x0b 0x70 0x73 0x6e 0x45 - -Examples - - Here are examples of WebSocket handshakes and the beginning of data - transfer. The data is the beginning of a Tor connection (i.e., it - begins with a TLS handshake). Data are shown using C string syntax. - "> " at the beginning of a line indicates client-to-server - communication; "< " is server-to-client. "[...]" indicates contents - omitted for brevity. Newlines in the presentation are not significant. - This section is non-normative. - - Using "hybi"/RFC 6455 WebSocket with binary frames: - -> GET / HTTP/1.1\r\n -> Host: 192.0.2.1:80\r\n -> Origin: http://example.com\r\n -> Sec-WebSocket-Version: 13\r\n -> Sec-WebSocket-Key: mzo2xSF9N8VUxuefqO0RSw==\r\n -> Connection: Upgrade\r\n -> Upgrade: websocket\r\n -> \r\n -< HTTP/1.1 101 Switching Protocols\r\n -< Upgrade: websocket\r\n -< Connection: Upgrade\r\n -< Sec-WebSocket-Accept: fM0KjD7ixoxkl4PEXU6tNaTveSg=\r\n -< \r\n -> \x82\xfe\x01\x04\xc9\xd6\xdd\x29\xdf\xd5\xde\x29\x36\xd7[...] -< \x16\x03\x01\x00\x31\x02\x00\x00\x2d\x03[...] - - Using "hybi"/RFC 6455 WebSocket with the base64 subprotocol: - -> GET / HTTP/1.1\r\n -> Host: 192.0.2.1:80\r\n -> Origin: http://example.com\r\n -> Sec-WebSocket-Version: 13\r\n -> Sec-WebSocket-Protocol: base64\r\n -> Sec-WebSocket-Key: k5Ybhw0XBDeBfmda1J9ooQ==\r\n -> Connection: Upgrade\r\n -> Upgrade: websocket\r\n -> \r\n -< HTTP/1.1 101 Switching Protocols\r\n -< Upgrade: websocket\r\n -< Connection: Upgrade\r\n -< Sec-WebSocket-Accept: LYWpflPUHdal8U1BLPXWR3iqUrI=\r\n -< Sec-WebSocket-Protocol: base64\r\n -< \r\n -> \x81\xfe\x01\x58\xbd\x94\x2a\x31\xfb\xf3\x67\x75\xfc\xc4[...] -< \x81\x7e\x04\xd0FgMBADECAA[...] - -Considerations specific to pluggable transports - - Endpoints must implement WebSocket according to RFC 6455; for example, - a server MUST close the connection if it receives an unmasked frame - from a client, and a client MUST close the connection if it receives a - masked frame from a server (RFC 6455 section 5.1). There are also - additional requirements for WebSocket when used as a Tor pluggable - transport. - - Clients MUST implement the RFC 6455 version of the protocol and use it - for all connections. Servers MUST implement the RFC 6455 version of - the protocol and MAY also implement earlier versions. That is, a - server MAY check a client HTTP request to see if it matches an earlier - version of the protocol, and MAY begin communicating using that - protocol. Section 4.4 of RFC 6455 discusses supporting multiple - versions of the protocol. - - Servers MUST support binary frames (opcode 2). Servers MAY also - support text frames (opcode 1). Servers supporting text frames MUST - implement the base64 subprotocol and accept it when requested by a - client in the Sec-WebSocket-Protocol header field. Text frames MUST - NOT be sent by either side if the base64 subprotocol has not been - negotiated. Any endpoint receiving a text frame when base64 has not - been negotiated, or a text message that cannot be decoded as base64, - MUST close the connection. - - A client MUST NOT proceed after receiving any HTTP response status - code other than 101. In particular, it MUST NOT follow redirections - such as 301. - - Endpoints SHOULD respond to Ping frames with a single Pong frame, but - nothing in this specification requires the sending of Ping frames. - - Message and frame boundaries are not meaningful. Received non-control - messages are concatenated, in order, to reconstruct the original - stream. Endpoints SHOULD limit the size of messages they send. All - messages SHOULD be sent in a single frame. - - Endpoints MUST limit the size of messages and frames that they will - buffer. When the sum of the length of already-buffered data and the - length of the next frame exceeds the limit, the endpoint MUST close - the connection and SHOULD do so with a status code of 1009 (see RFC - 6455 section 7.4.1). Endpoints MUST be capable of receiving messages - containing up to 16384 bytes of binary data; this may require - buffering up to 21848 bytes of UTF-8–encoded base64 text. - -Questions/extensions - - WebSocket also has a TLS-wrapped version, identified by using the - "wss" (as opposed to "ws") URL scheme. An advantage of this when - tunneling through a browser is that the TLS handshake will be exactly - that of a browser. However, this probably requires the certificates of - relays' server transport plugins to be trusted by browsers. - -References - - "Pluggable transports for circumvention" - https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180-pluggable... - - RFC 6455, "The WebSocket Protocol" (a.k.a. hybi-17) - https://tools.ietf.org/html/rfc6455 - - "The WebSocket protocol (draft-ietf-hybi-thewebsocketprotocol-10)" - (a.k.a. hybi-10) - https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10 - - "The WebSocket protocol (draft-ietf-hybi-thewebsocketprotocol-7)" - (a.k.a. hybi-7) - https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-7 - - "The WebSocket protocol (draft-ietf-hybi-thewebsocketprotocol-00)" - (a.k.a. hybi-00, hixie-76) - https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-00 - - "The Web Socket protocol (draft-hixie-thewebsocketprotocol-75)" - (a.k.a. hixie-75) - https://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 - - Browser support matrix - http://autobahn.ws/testsuite/reports/clients/index.html diff --git a/websocket-transport/Makefile b/websocket-transport/Makefile deleted file mode 100644 index 2ce4ffa..0000000 --- a/websocket-transport/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -DESTDIR = -PREFIX = /usr/local -BINDIR = $(PREFIX)/bin - -PROGRAMS = websocket-client websocket-server - -export GOPATH = $(CURDIR) -GOBUILDFLAGS = -# Alternate flags to use gccgo, allowing cross-compiling for x86 from -# x86_64, and presumably better optimization. Install this package: -# apt-get install gccgo-multilib -# GOBUILDFLAGS = -compiler gccgo -gccgoflags "-O3 -m32 -static-libgo" - -all: websocket-server - -%: $(GOPATH)/src/%/*.go - go build $(GOBUILDFLAGS) "$*" - -# websocket-client has a special rule because "go get" is necessary. -websocket-client: $(GOPATH)/src/websocket-client/*.go - go get -d $(GOBUILDFLAGS) websocket-client - go build $(GOBUILDFLAGS) websocket-client - -install: - mkdir -p "$(DESTDIR)$(BINDIR)" - cp -f websocket-server "$(DESTDIR)$(BINDIR)" - -clean: - rm -f $(PROGRAMS) - -fmt: - go fmt $(PROGRAMS) - -.PHONY: all install clean fmt diff --git a/websocket-transport/src/pt/pt.go b/websocket-transport/src/pt/pt.go deleted file mode 100644 index 6b40098..0000000 --- a/websocket-transport/src/pt/pt.go +++ /dev/null @@ -1,605 +0,0 @@ -// Tor pluggable transports library. -// -// Sample client usage: -// -// pt.ClientSetup([]string{"foo"}) -// ln, err := startSocksListener() -// if err != nil { -// panic(err.Error()) -// } -// pt.Cmethod("foo", "socks4", ln.Addr()) -// pt.CmethodsDone() -// -// Sample server usage: -// -// var ptInfo pt.ServerInfo -// info = pt.ServerSetup([]string{"foo", "bar"}) -// for _, bindAddr := range info.BindAddrs { -// ln, err := startListener(bindAddr.Addr) -// if err != nil { -// pt.SmethodError(bindAddr.MethodName, err.Error()) -// continue -// } -// pt.Smethod(bindAddr.MethodName, ln.Addr()) -// } -// pt.SmethodsDone() -// func handler(conn net.Conn, methodName) { -// or, err := pt.ConnectOr(&ptInfo, conn, methodName) -// if err != nil { -// return -// } -// // Do something with or and conn. -// } - -package pt - -import ( - "bufio" - "bytes" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "crypto/subtle" - "encoding/binary" - "errors" - "fmt" - "io" - "net" - "os" - "strings" - "time" -) - -func getenv(key string) string { - return os.Getenv(key) -} - -// Abort with an ENV-ERROR if the environment variable isn't set. -func getenvRequired(key string) string { - value := os.Getenv(key) - if value == "" { - EnvError(fmt.Sprintf("no %s environment variable", key)) - } - return value -} - -// Escape a string so it contains no byte values over 127 and doesn't contain -// any of the characters '\x00', '\n', or '\\'. -func escape(s string) string { - var buf bytes.Buffer - for _, b := range []byte(s) { - if b == '\n' { - buf.WriteString("\\n") - } else if b == '\\' { - buf.WriteString("\\\\") - } else if 0 < b && b < 128 { - buf.WriteByte(b) - } else { - fmt.Fprintf(&buf, "\\x%02x", b) - } - } - return buf.String() -} - -// Print a pluggable transports protocol line to stdout. The line consists of an -// unescaped keyword, followed by any number of escaped strings. -func Line(keyword string, v ...string) { - var buf bytes.Buffer - buf.WriteString(keyword) - for _, x := range v { - buf.WriteString(" " + escape(x)) - } - fmt.Println(buf.String()) - os.Stdout.Sync() -} - -// All of the *Error functions call os.Exit(1). - -// Emit an ENV-ERROR with explanation text. -func EnvError(msg string) { - Line("ENV-ERROR", msg) - os.Exit(1) -} - -// Emit a VERSION-ERROR with explanation text. -func VersionError(msg string) { - Line("VERSION-ERROR", msg) - os.Exit(1) -} - -// Emit a CMETHOD-ERROR with explanation text. -func CmethodError(methodName, msg string) { - Line("CMETHOD-ERROR", methodName, msg) - os.Exit(1) -} - -// Emit an SMETHOD-ERROR with explanation text. -func SmethodError(methodName, msg string) { - Line("SMETHOD-ERROR", methodName, msg) - os.Exit(1) -} - -// Emit a CMETHOD line. socks must be "socks4" or "socks5". Call this once for -// each listening client SOCKS port. -func Cmethod(name string, socks string, addr net.Addr) { - Line("CMETHOD", name, socks, addr.String()) -} - -// Emit a CMETHODS DONE line. Call this after opening all client listeners. -func CmethodsDone() { - Line("CMETHODS", "DONE") -} - -// Emit an SMETHOD line. Call this once for each listening server port. -func Smethod(name string, addr net.Addr) { - Line("SMETHOD", name, addr.String()) -} - -// Emit an SMETHODS DONE line. Call this after opening all server listeners. -func SmethodsDone() { - Line("SMETHODS", "DONE") -} - -// Get a pluggable transports version offered by Tor and understood by us, if -// any. The only version we understand is "1". This function reads the -// environment variable TOR_PT_MANAGED_TRANSPORT_VER. -func getManagedTransportVer() string { - const transportVersion = "1" - for _, offered := range strings.Split(getenvRequired("TOR_PT_MANAGED_TRANSPORT_VER"), ",") { - if offered == transportVersion { - return offered - } - } - return "" -} - -// Get the intersection of the method names offered by Tor and those in -// methodNames. This function reads the environment variable -// TOR_PT_CLIENT_TRANSPORTS. -func getClientTransports(methodNames []string) []string { - clientTransports := getenvRequired("TOR_PT_CLIENT_TRANSPORTS") - if clientTransports == "*" { - return methodNames - } - result := make([]string, 0) - for _, requested := range strings.Split(clientTransports, ",") { - for _, methodName := range methodNames { - if requested == methodName { - result = append(result, methodName) - break - } - } - } - return result -} - -// This structure is returned by ClientSetup. It consists of a list of method -// names. -type ClientInfo struct { - MethodNames []string -} - -// Check the client pluggable transports environments, emitting an error message -// and exiting the program if any error is encountered. Returns a subset of -// methodNames requested by Tor. -func ClientSetup(methodNames []string) ClientInfo { - var info ClientInfo - - ver := getManagedTransportVer() - if ver == "" { - VersionError("no-version") - } else { - Line("VERSION", ver) - } - - info.MethodNames = getClientTransports(methodNames) - if len(info.MethodNames) == 0 { - CmethodsDone() - os.Exit(1) - } - - return info -} - -// A combination of a method name and an address, as extracted from -// TOR_PT_SERVER_BINDADDR. -type BindAddr struct { - MethodName string - Addr *net.TCPAddr -} - -// Resolve an address string into a net.TCPAddr. -func resolveBindAddr(bindAddr string) (*net.TCPAddr, error) { - addr, err := net.ResolveTCPAddr("tcp", bindAddr) - if err == nil { - return addr, nil - } - // Before the fixing of bug #7011, tor doesn't put brackets around IPv6 - // addresses. Split after the last colon, assuming it is a port - // separator, and try adding the brackets. - parts := strings.Split(bindAddr, ":") - if len(parts) <= 2 { - return nil, err - } - bindAddr = "[" + strings.Join(parts[:len(parts)-1], ":") + "]:" + parts[len(parts)-1] - return net.ResolveTCPAddr("tcp", bindAddr) -} - -// Return a new slice, the members of which are those members of addrs having a -// MethodName in methodNames. -func filterBindAddrs(addrs []BindAddr, methodNames []string) []BindAddr { - var result []BindAddr - - for _, ba := range addrs { - for _, methodName := range methodNames { - if ba.MethodName == methodName { - result = append(result, ba) - break - } - } - } - - return result -} - -// Return a map from method names to bind addresses. The map is the contents of -// TOR_PT_SERVER_BINDADDR, with keys filtered by TOR_PT_SERVER_TRANSPORTS, and -// further filtered by the methods in methodNames. -func getServerBindAddrs(methodNames []string) []BindAddr { - var result []BindAddr - - // Get the list of all requested bindaddrs. - var serverBindAddr = getenvRequired("TOR_PT_SERVER_BINDADDR") - for _, spec := range strings.Split(serverBindAddr, ",") { - var bindAddr BindAddr - - parts := strings.SplitN(spec, "-", 2) - if len(parts) != 2 { - EnvError(fmt.Sprintf("TOR_PT_SERVER_BINDADDR: %q: doesn't contain \"-\"", spec)) - } - bindAddr.MethodName = parts[0] - addr, err := resolveBindAddr(parts[1]) - if err != nil { - EnvError(fmt.Sprintf("TOR_PT_SERVER_BINDADDR: %q: %s", spec, err.Error())) - } - bindAddr.Addr = addr - result = append(result, bindAddr) - } - - // Filter by TOR_PT_SERVER_TRANSPORTS. - serverTransports := getenvRequired("TOR_PT_SERVER_TRANSPORTS") - if serverTransports != "*" { - result = filterBindAddrs(result, strings.Split(serverTransports, ",")) - } - - // Finally filter by what we understand. - result = filterBindAddrs(result, methodNames) - - return result -} - -// Read and validate the contents of an auth cookie file. Returns the 32-byte -// cookie. See section 4.2.1.2 of pt-spec.txt. -func readAuthCookieFile(filename string) ([]byte, error) { - authCookieHeader := []byte("! Extended ORPort Auth Cookie !\x0a") - header := make([]byte, 32) - cookie := make([]byte, 32) - - f, err := os.Open(filename) - if err != nil { - return cookie, err - } - defer f.Close() - - n, err := io.ReadFull(f, header) - if err != nil { - return cookie, err - } - n, err = io.ReadFull(f, cookie) - if err != nil { - return cookie, err - } - // Check that the file ends here. - n, err = f.Read(make([]byte, 1)) - if n != 0 { - return cookie, errors.New(fmt.Sprintf("file is longer than 64 bytes")) - } else if err != io.EOF { - return cookie, errors.New(fmt.Sprintf("did not find EOF at end of file")) - } - - if !bytes.Equal(header, authCookieHeader) { - return cookie, errors.New(fmt.Sprintf("missing auth cookie header")) - } - - return cookie, nil -} - -// This structure is returned by ServerSetup. It consists of a list of -// BindAddrs, an address for the ORPort, an address for the extended ORPort (if -// any), and an authentication cookie (if any). -type ServerInfo struct { - BindAddrs []BindAddr - OrAddr *net.TCPAddr - ExtendedOrAddr *net.TCPAddr - AuthCookie []byte -} - -// Check the server pluggable transports environments, emitting an error message -// and exiting the program if any error is encountered. Resolves the various -// requested bind addresses, the server ORPort and extended ORPort, and reads -// the auth cookie file. Returns a ServerInfo struct. -func ServerSetup(methodNames []string) ServerInfo { - var info ServerInfo - var err error - - ver := getManagedTransportVer() - if ver == "" { - VersionError("no-version") - } else { - Line("VERSION", ver) - } - - var orPort = getenvRequired("TOR_PT_ORPORT") - info.OrAddr, err = net.ResolveTCPAddr("tcp", orPort) - if err != nil { - EnvError(fmt.Sprintf("cannot resolve TOR_PT_ORPORT %q: %s", orPort, err.Error())) - } - - info.BindAddrs = getServerBindAddrs(methodNames) - if len(info.BindAddrs) == 0 { - SmethodsDone() - os.Exit(1) - } - - var extendedOrPort = getenv("TOR_PT_EXTENDED_SERVER_PORT") - if extendedOrPort != "" { - info.ExtendedOrAddr, err = net.ResolveTCPAddr("tcp", extendedOrPort) - if err != nil { - EnvError(fmt.Sprintf("cannot resolve TOR_PT_EXTENDED_SERVER_PORT %q: %s", extendedOrPort, err.Error())) - } - } - - var authCookieFilename = getenv("TOR_PT_AUTH_COOKIE_FILE") - if authCookieFilename != "" { - info.AuthCookie, err = readAuthCookieFile(authCookieFilename) - if err != nil { - EnvError(fmt.Sprintf("error reading TOR_PT_AUTH_COOKIE_FILE %q: %s", authCookieFilename, err.Error())) - } - } - - return info -} - -// See 217-ext-orport-auth.txt section 4.2.1.3. -func computeServerHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte { - h := hmac.New(sha256.New, info.AuthCookie) - io.WriteString(h, "ExtORPort authentication server-to-client hash") - h.Write(clientNonce) - h.Write(serverNonce) - return h.Sum([]byte{}) -} - -// See 217-ext-orport-auth.txt section 4.2.1.3. -func computeClientHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte { - h := hmac.New(sha256.New, info.AuthCookie) - io.WriteString(h, "ExtORPort authentication client-to-server hash") - h.Write(clientNonce) - h.Write(serverNonce) - return h.Sum([]byte{}) -} - -func extOrPortAuthenticate(s *net.TCPConn, info *ServerInfo) error { - r := bufio.NewReader(s) - - // Read auth types. 217-ext-orport-auth.txt section 4.1. - var authTypes [256]bool - var count int - for count = 0; count < 256; count++ { - b, err := r.ReadByte() - if err != nil { - return err - } - if b == 0 { - break - } - authTypes[b] = true - } - if count >= 256 { - return errors.New(fmt.Sprintf("read 256 auth types without seeing \\x00")) - } - - // We support only type 1, SAFE_COOKIE. - if !authTypes[1] { - return errors.New(fmt.Sprintf("server didn't offer auth type 1")) - } - _, err := s.Write([]byte{1}) - if err != nil { - return err - } - - clientNonce := make([]byte, 32) - clientHash := make([]byte, 32) - serverNonce := make([]byte, 32) - serverHash := make([]byte, 32) - - _, err = io.ReadFull(rand.Reader, clientNonce) - if err != nil { - return err - } - _, err = s.Write(clientNonce) - if err != nil { - return err - } - - _, err = io.ReadFull(r, serverHash) - if err != nil { - return err - } - _, err = io.ReadFull(r, serverNonce) - if err != nil { - return err - } - - expectedServerHash := computeServerHash(info, clientNonce, serverNonce) - if subtle.ConstantTimeCompare(serverHash, expectedServerHash) != 1 { - return errors.New(fmt.Sprintf("mismatch in server hash")) - } - - clientHash = computeClientHash(info, clientNonce, serverNonce) - _, err = s.Write(clientHash) - if err != nil { - return err - } - - status := make([]byte, 1) - _, err = io.ReadFull(r, status) - if err != nil { - return err - } - if status[0] != 1 { - return errors.New(fmt.Sprintf("server rejected authentication")) - } - - if r.Buffered() != 0 { - return errors.New(fmt.Sprintf("%d bytes left after extended OR port authentication", r.Buffered())) - } - - return nil -} - -// See section 3.1 of 196-transport-control-ports.txt. -const ( - extOrCmdDone = 0x0000 - extOrCmdUserAddr = 0x0001 - extOrCmdTransport = 0x0002 - extOrCmdOkay = 0x1000 - extOrCmdDeny = 0x1001 -) - -func extOrPortWriteCommand(s *net.TCPConn, cmd uint16, body []byte) error { - var buf bytes.Buffer - if len(body) > 65535 { - return errors.New("command exceeds maximum length of 65535") - } - err := binary.Write(&buf, binary.BigEndian, cmd) - if err != nil { - return err - } - err = binary.Write(&buf, binary.BigEndian, uint16(len(body))) - if err != nil { - return err - } - err = binary.Write(&buf, binary.BigEndian, body) - if err != nil { - return err - } - _, err = s.Write(buf.Bytes()) - if err != nil { - return err - } - - return nil -} - -// Send a USERADDR command on s. See section 3.1.2.1 of -// 196-transport-control-ports.txt. -func extOrPortSendUserAddr(s *net.TCPConn, conn net.Conn) error { - return extOrPortWriteCommand(s, extOrCmdUserAddr, []byte(conn.RemoteAddr().String())) -} - -// Send a TRANSPORT command on s. See section 3.1.2.2 of -// 196-transport-control-ports.txt. -func extOrPortSendTransport(s *net.TCPConn, methodName string) error { - return extOrPortWriteCommand(s, extOrCmdTransport, []byte(methodName)) -} - -// Send a DONE command on s. See section 3.1 of 196-transport-control-ports.txt. -func extOrPortSendDone(s *net.TCPConn) error { - return extOrPortWriteCommand(s, extOrCmdDone, []byte{}) -} - -func extOrPortRecvCommand(s *net.TCPConn) (cmd uint16, body []byte, err error) { - var bodyLen uint16 - data := make([]byte, 4) - - _, err = io.ReadFull(s, data) - if err != nil { - return - } - buf := bytes.NewBuffer(data) - err = binary.Read(buf, binary.BigEndian, &cmd) - if err != nil { - return - } - err = binary.Read(buf, binary.BigEndian, &bodyLen) - if err != nil { - return - } - body = make([]byte, bodyLen) - _, err = io.ReadFull(s, body) - if err != nil { - return - } - - return cmd, body, err -} - -// Send USERADDR and TRANSPORT commands followed by a DONE command. Wait for an -// OKAY or DENY response command from the server. Returns nil if and only if -// OKAY is received. -func extOrPortSetup(s *net.TCPConn, conn net.Conn, methodName string) error { - var err error - - err = extOrPortSendUserAddr(s, conn) - if err != nil { - return err - } - err = extOrPortSendTransport(s, methodName) - if err != nil { - return err - } - err = extOrPortSendDone(s) - if err != nil { - return err - } - cmd, _, err := extOrPortRecvCommand(s) - if err != nil { - return err - } - if cmd == extOrCmdDeny { - return errors.New("server returned DENY after our USERADDR and DONE") - } else if cmd != extOrCmdOkay { - return errors.New(fmt.Sprintf("server returned unknown command 0x%04x after our USERADDR and DONE", cmd)) - } - - return nil -} - -// Connect to info.ExtendedOrAddr if defined, or else info.OrAddr, and return an -// open *net.TCPConn. If connecting to the extended OR port, extended OR port -// authentication à la 217-ext-orport-auth.txt is done before returning; an -// error is returned if authentication fails. -func ConnectOr(info *ServerInfo, conn net.Conn, methodName string) (*net.TCPConn, error) { - if info.ExtendedOrAddr == nil { - return net.DialTCP("tcp", nil, info.OrAddr) - } - - s, err := net.DialTCP("tcp", nil, info.ExtendedOrAddr) - if err != nil { - return nil, err - } - s.SetDeadline(time.Now().Add(5 * time.Second)) - err = extOrPortAuthenticate(s, info) - if err != nil { - s.Close() - return nil, err - } - err = extOrPortSetup(s, conn, methodName) - if err != nil { - s.Close() - return nil, err - } - s.SetDeadline(time.Time{}) - - return s, nil -} diff --git a/websocket-transport/src/pt/socks/socks.go b/websocket-transport/src/pt/socks/socks.go deleted file mode 100644 index 788d53c..0000000 --- a/websocket-transport/src/pt/socks/socks.go +++ /dev/null @@ -1,107 +0,0 @@ -// SOCKS4a server library. - -package socks - -import ( - "bufio" - "errors" - "fmt" - "io" - "net" -) - -const ( - socksVersion = 0x04 - socksCmdConnect = 0x01 - socksResponseVersion = 0x00 - socksRequestGranted = 0x5a - socksRequestFailed = 0x5b -) - -// Read a SOCKS4a connect request, and call the given connect callback with the -// requested destination string. If the callback returns an error, sends a SOCKS -// request failed message. Otherwise, sends a SOCKS request granted message for -// the destination address returned by the callback. -func AwaitSocks4aConnect(conn *net.TCPConn, connect func(string) (*net.TCPAddr, error)) error { - dest, err := readSocks4aConnect(conn) - if err != nil { - sendSocks4aResponseFailed(conn) - return err - } - destAddr, err := connect(dest) - if err != nil { - sendSocks4aResponseFailed(conn) - return err - } - sendSocks4aResponseGranted(conn, destAddr) - return nil -} - -// Read a SOCKS4a connect request. Returns a "host:port" string. -func readSocks4aConnect(s io.Reader) (string, error) { - r := bufio.NewReader(s) - - var h [8]byte - n, err := io.ReadFull(r, h[:]) - if err != nil { - return "", errors.New(fmt.Sprintf("after %d bytes of SOCKS header: %s", n, err)) - } - if h[0] != socksVersion { - return "", errors.New(fmt.Sprintf("SOCKS header had version 0x%02x, not 0x%02x", h[0], socksVersion)) - } - if h[1] != socksCmdConnect { - return "", errors.New(fmt.Sprintf("SOCKS header had command 0x%02x, not 0x%02x", h[1], socksCmdConnect)) - } - - _, err = r.ReadBytes('\x00') - if err != nil { - return "", errors.New(fmt.Sprintf("reading SOCKS userid: %s", err)) - } - - var port int - var host string - - port = int(h[2])<<8 | int(h[3])<<0 - if h[4] == 0 && h[5] == 0 && h[6] == 0 && h[7] != 0 { - hostBytes, err := r.ReadBytes('\x00') - if err != nil { - return "", errors.New(fmt.Sprintf("reading SOCKS4a destination: %s", err)) - } - host = string(hostBytes[:len(hostBytes)-1]) - } else { - host = net.IPv4(h[4], h[5], h[6], h[7]).String() - } - - if r.Buffered() != 0 { - return "", errors.New(fmt.Sprintf("%d bytes left after SOCKS header", r.Buffered())) - } - - return fmt.Sprintf("%s:%d", host, port), nil -} - -// Send a SOCKS4a response with the given code and address. -func sendSocks4aResponse(w io.Writer, code byte, addr *net.TCPAddr) error { - var resp [8]byte - resp[0] = socksResponseVersion - resp[1] = code - resp[2] = byte((addr.Port >> 8) & 0xff) - resp[3] = byte((addr.Port >> 0) & 0xff) - resp[4] = addr.IP[0] - resp[5] = addr.IP[1] - resp[6] = addr.IP[2] - resp[7] = addr.IP[3] - _, err := w.Write(resp[:]) - return err -} - -var emptyAddr = net.TCPAddr{IP: net.IPv4(0, 0, 0, 0), Port: 0} - -// Send a SOCKS4a response code 0x5a. -func sendSocks4aResponseGranted(w io.Writer, addr *net.TCPAddr) error { - return sendSocks4aResponse(w, socksRequestGranted, addr) -} - -// Send a SOCKS4a response code 0x5b (with an all-zero address). -func sendSocks4aResponseFailed(w io.Writer) error { - return sendSocks4aResponse(w, socksRequestFailed, &emptyAddr) -} diff --git a/websocket-transport/src/websocket-client/websocket-client.go b/websocket-transport/src/websocket-client/websocket-client.go deleted file mode 100644 index 1c3b3b9..0000000 --- a/websocket-transport/src/websocket-client/websocket-client.go +++ /dev/null @@ -1,254 +0,0 @@ -// Tor websocket client transport plugin. -// -// Usage: -// ClientTransportPlugin websocket exec ./websocket-client - -package main - -import ( - "code.google.com/p/go.net/websocket" - "flag" - "fmt" - "io" - "net" - "net/url" - "os" - "os/signal" - "sync" - "time" -) - -import "pt" -import "pt/socks" - -const ptMethodName = "websocket" -const socksTimeout = 2 * time.Second -const bufSiz = 1500 - -var logFile = os.Stderr - -// When a connection handler starts, +1 is written to this channel; when it -// ends, -1 is written. -var handlerChan = make(chan int) - -var logMutex sync.Mutex - -func usage() { - fmt.Printf("Usage: %s [OPTIONS]\n", os.Args[0]) - fmt.Printf("WebSocket client pluggable transport for Tor.\n") - fmt.Printf("Works only as a managed proxy.\n") - fmt.Printf("\n") - fmt.Printf(" -h, --help show this help.\n") - fmt.Printf(" --log FILE log messages to FILE (default stderr).\n") - fmt.Printf(" --socks ADDR listen for SOCKS on ADDR.\n") -} - -func Log(format string, v ...interface{}) { - dateStr := time.Now().Format("2006-01-02 15:04:05") - logMutex.Lock() - defer logMutex.Unlock() - msg := fmt.Sprintf(format, v...) - fmt.Fprintf(logFile, "%s %s\n", dateStr, msg) -} - -func proxy(local *net.TCPConn, ws *websocket.Conn) { - var wg sync.WaitGroup - - wg.Add(2) - - // Local-to-WebSocket read loop. - go func() { - buf := make([]byte, bufSiz) - var err error - for { - n, er := local.Read(buf[:]) - if n > 0 { - ew := websocket.Message.Send(ws, buf[:n]) - if ew != nil { - err = ew - break - } - } - if er != nil { - err = er - break - } - } - if err != nil && err != io.EOF { - Log("%s", err) - } - local.CloseRead() - ws.Close() - - wg.Done() - }() - - // WebSocket-to-local read loop. - go func() { - var buf []byte - var err error - for { - er := websocket.Message.Receive(ws, &buf) - if er != nil { - err = er - break - } - n, ew := local.Write(buf) - if ew != nil { - err = ew - break - } - if n != len(buf) { - err = io.ErrShortWrite - break - } - } - if err != nil && err != io.EOF { - Log("%s", err) - } - local.CloseWrite() - ws.Close() - - wg.Done() - }() - - wg.Wait() -} - -func handleConnection(conn *net.TCPConn) error { - defer conn.Close() - - handlerChan <- 1 - defer func() { - handlerChan <- -1 - }() - - var ws *websocket.Conn - - conn.SetDeadline(time.Now().Add(socksTimeout)) - err := socks.AwaitSocks4aConnect(conn, func(dest string) (*net.TCPAddr, error) { - // Disable deadline. - conn.SetDeadline(time.Time{}) - Log("SOCKS request for %s", dest) - destAddr, err := net.ResolveTCPAddr("tcp", dest) - if err != nil { - return nil, err - } - wsUrl := url.URL{Scheme: "ws", Host: dest} - ws, err = websocket.Dial(wsUrl.String(), "", wsUrl.String()) - if err != nil { - return nil, err - } - Log("WebSocket connection to %s", ws.Config().Location.String()) - return destAddr, nil - }) - if err != nil { - return err - } - defer ws.Close() - proxy(conn, ws) - return nil -} - -func socksAcceptLoop(ln *net.TCPListener) error { - for { - socks, err := ln.AcceptTCP() - if err != nil { - return err - } - go func() { - err := handleConnection(socks) - if err != nil { - Log("SOCKS from %s: %s", socks.RemoteAddr(), err) - } - }() - } - return nil -} - -func startListener(addrStr string) (*net.TCPListener, error) { - addr, err := net.ResolveTCPAddr("tcp", addrStr) - if err != nil { - return nil, err - } - ln, err := net.ListenTCP("tcp", addr) - if err != nil { - return nil, err - } - go func() { - err := socksAcceptLoop(ln) - if err != nil { - Log("accept: %s", err) - } - }() - return ln, nil -} - -func main() { - var logFilename string - var socksAddrStrs = []string{"127.0.0.1:0"} - var socksArg string - - flag.Usage = usage - flag.StringVar(&logFilename, "log", "", "log file to write to") - flag.StringVar(&socksArg, "socks", "", "address on which to listen for SOCKS connections") - flag.Parse() - - if logFilename != "" { - f, err := os.OpenFile(logFilename, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600) - if err != nil { - fmt.Fprintf(os.Stderr, "Can't open log file %q: %s.\n", logFilename, err.Error()) - os.Exit(1) - } - logFile = f - } - - if socksArg != "" { - socksAddrStrs = []string{socksArg} - } - - Log("starting") - pt.ClientSetup([]string{ptMethodName}) - - listeners := make([]*net.TCPListener, 0) - for _, socksAddrStr := range socksAddrStrs { - ln, err := startListener(socksAddrStr) - if err != nil { - pt.CmethodError(ptMethodName, err.Error()) - } - pt.Cmethod(ptMethodName, "socks4", ln.Addr()) - Log("listening on %s", ln.Addr().String()) - listeners = append(listeners, ln) - } - pt.CmethodsDone() - - var numHandlers int = 0 - - signalChan := make(chan os.Signal, 1) - signal.Notify(signalChan, os.Interrupt) - var sigint bool = false - for !sigint { - select { - case n := <-handlerChan: - numHandlers += n - case <-signalChan: - Log("SIGINT") - sigint = true - } - } - - for _, ln := range listeners { - ln.Close() - } - - sigint = false - for numHandlers != 0 && !sigint { - select { - case n := <-handlerChan: - numHandlers += n - case <-signalChan: - Log("SIGINT") - sigint = true - } - } -} diff --git a/websocket-transport/src/websocket-server/websocket-server.go b/websocket-transport/src/websocket-server/websocket-server.go deleted file mode 100644 index 207be8d..0000000 --- a/websocket-transport/src/websocket-server/websocket-server.go +++ /dev/null @@ -1,285 +0,0 @@ -// Tor websocket server transport plugin. -// -// Usage: -// ServerTransportPlugin websocket exec ./websocket-server --port 9901 - -package main - -import ( - "encoding/base64" - "errors" - "flag" - "fmt" - "io" - "net" - "net/http" - "os" - "os/signal" - "sync" - "syscall" - "time" -) - -import "pt" -import "websocket" - -const ptMethodName = "websocket" -const requestTimeout = 10 * time.Second - -// "4/3+1" accounts for possible base64 encoding. -const maxMessageSize = 64*1024*4/3 + 1 - -var logFile = os.Stderr - -var ptInfo pt.ServerInfo - -// When a connection handler starts, +1 is written to this channel; when it -// ends, -1 is written. -var handlerChan = make(chan int) - -func usage() { - fmt.Printf("Usage: %s [OPTIONS]\n", os.Args[0]) - fmt.Printf("WebSocket server pluggable transport for Tor.\n") - fmt.Printf("Works only as a managed proxy.\n") - fmt.Printf("\n") - fmt.Printf(" -h, --help show this help.\n") - fmt.Printf(" --log FILE log messages to FILE (default stderr).\n") - fmt.Printf(" --port PORT listen on PORT (overrides Tor's requested port).\n") -} - -var logMutex sync.Mutex - -func log(format string, v ...interface{}) { - dateStr := time.Now().Format("2006-01-02 15:04:05") - logMutex.Lock() - defer logMutex.Unlock() - msg := fmt.Sprintf(format, v...) - fmt.Fprintf(logFile, "%s %s\n", dateStr, msg) -} - -// An abstraction that makes an underlying WebSocket connection look like an -// io.ReadWriteCloser. It internally takes care of things like base64 encoding -// and decoding. -type webSocketConn struct { - Ws *websocket.WebSocket - Base64 bool - messageBuf []byte -} - -// Implements io.Reader. -func (conn *webSocketConn) Read(b []byte) (n int, err error) { - for len(conn.messageBuf) == 0 { - var m websocket.Message - m, err = conn.Ws.ReadMessage() - if err != nil { - return - } - if m.Opcode == 8 { - err = io.EOF - return - } - if conn.Base64 { - if m.Opcode != 1 { - err = errors.New(fmt.Sprintf("got non-text opcode %d with the base64 subprotocol", m.Opcode)) - return - } - conn.messageBuf = make([]byte, base64.StdEncoding.DecodedLen(len(m.Payload))) - var num int - num, err = base64.StdEncoding.Decode(conn.messageBuf, m.Payload) - if err != nil { - return - } - conn.messageBuf = conn.messageBuf[:num] - } else { - if m.Opcode != 2 { - err = errors.New(fmt.Sprintf("got non-binary opcode %d with no subprotocol", m.Opcode)) - return - } - conn.messageBuf = m.Payload - } - } - - n = copy(b, conn.messageBuf) - conn.messageBuf = conn.messageBuf[n:] - - return -} - -// Implements io.Writer. -func (conn *webSocketConn) Write(b []byte) (n int, err error) { - if conn.Base64 { - buf := make([]byte, base64.StdEncoding.EncodedLen(len(b))) - base64.StdEncoding.Encode(buf, b) - err = conn.Ws.WriteMessage(1, buf) - if err != nil { - return - } - n = len(b) - } else { - err = conn.Ws.WriteMessage(2, b) - n = len(b) - } - return -} - -// Implements io.Closer. -func (conn *webSocketConn) Close() error { - // Ignore any error in trying to write a Close frame. - _ = conn.Ws.WriteFrame(8, nil) - return conn.Ws.Conn.Close() -} - -// Create a new webSocketConn. -func newWebSocketConn(ws *websocket.WebSocket) webSocketConn { - var conn webSocketConn - conn.Ws = ws - conn.Base64 = (ws.Subprotocol == "base64") - return conn -} - -// Copy from WebSocket to socket and vice versa. -func proxy(local *net.TCPConn, conn *webSocketConn) { - var wg sync.WaitGroup - - wg.Add(2) - - go func() { - _, err := io.Copy(conn, local) - if err != nil { - log("error copying ORPort to WebSocket") - } - local.CloseRead() - conn.Close() - wg.Done() - }() - - go func() { - _, err := io.Copy(local, conn) - if err != nil { - log("error copying WebSocket to ORPort") - } - local.CloseWrite() - conn.Close() - wg.Done() - }() - - wg.Wait() -} - -func webSocketHandler(ws *websocket.WebSocket) { - // Undo timeouts on HTTP request handling. - ws.Conn.SetDeadline(time.Time{}) - conn := newWebSocketConn(ws) - - handlerChan <- 1 - defer func() { - handlerChan <- -1 - }() - - s, err := pt.ConnectOr(&ptInfo, ws.Conn, ptMethodName) - if err != nil { - log("Failed to connect to ORPort: " + err.Error()) - return - } - - proxy(s, &conn) -} - -func startListener(addr *net.TCPAddr) (*net.TCPListener, error) { - ln, err := net.ListenTCP("tcp", addr) - if err != nil { - return nil, err - } - go func() { - var config websocket.Config - config.Subprotocols = []string{"base64"} - config.MaxMessageSize = maxMessageSize - s := &http.Server{ - Handler: config.Handler(webSocketHandler), - ReadTimeout: requestTimeout, - } - err = s.Serve(ln) - if err != nil { - log("http.Serve: " + err.Error()) - } - }() - return ln, nil -} - -func main() { - var logFilename string - var port int - - flag.Usage = usage - flag.StringVar(&logFilename, "log", "", "log file to write to") - flag.IntVar(&port, "port", 0, "port to listen on if unspecified by Tor") - flag.Parse() - - if logFilename != "" { - f, err := os.OpenFile(logFilename, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600) - if err != nil { - fmt.Fprintf(os.Stderr, "Can't open log file %q: %s.\n", logFilename, err.Error()) - os.Exit(1) - } - logFile = f - } - - log("starting") - ptInfo = pt.ServerSetup([]string{ptMethodName}) - - listeners := make([]*net.TCPListener, 0) - for _, bindAddr := range ptInfo.BindAddrs { - // Override tor's requested port (which is 0 if this transport - // has not been run before) with the one requested by the --port - // option. - if port != 0 { - bindAddr.Addr.Port = port - } - - ln, err := startListener(bindAddr.Addr) - if err != nil { - pt.SmethodError(bindAddr.MethodName, err.Error()) - continue - } - pt.Smethod(bindAddr.MethodName, ln.Addr()) - log("listening on %s", ln.Addr().String()) - listeners = append(listeners, ln) - } - pt.SmethodsDone() - - var numHandlers int = 0 - var sig os.Signal - sigChan := make(chan os.Signal, 1) - signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM) - - sig = nil - for sig == nil { - select { - case n := <-handlerChan: - numHandlers += n - case sig = <-sigChan: - } - } - log("Got first signal %q with %d running handlers.", sig, numHandlers) - for _, ln := range listeners { - ln.Close() - } - - if sig == syscall.SIGTERM { - log("Caught signal %q, exiting.", sig) - return - } - - sig = nil - for sig == nil && numHandlers != 0 { - select { - case n := <-handlerChan: - numHandlers += n - log("%d remaining handlers.", numHandlers) - case sig = <-sigChan: - } - } - if sig != nil { - log("Got second signal %q with %d running handlers.", sig, numHandlers) - } -} diff --git a/websocket-transport/src/websocket/websocket.go b/websocket-transport/src/websocket/websocket.go deleted file mode 100644 index dc228d1..0000000 --- a/websocket-transport/src/websocket/websocket.go +++ /dev/null @@ -1,431 +0,0 @@ -// WebSocket library. Only the RFC 6455 variety of WebSocket is supported. -// -// Reading and writing is strictly per-frame (or per-message). There is no way -// to partially read a frame. Config.MaxMessageSize affords control of the -// maximum buffering of messages. -// -// The reason for using this custom implementation instead of -// code.google.com/p/go.net/websocket is that the latter has problems with long -// messages and does not support server subprotocols. -// "Denial of Service Protection in Go HTTP Servers" -// https://code.google.com/p/go/issues/detail?id=2093 -// "go.websocket: Read/Copy fail with long frames" -// https://code.google.com/p/go/issues/detail?id=2134 -// http://golang.org/pkg/net/textproto/#pkg-bugs -// "To let callers manage exposure to denial of service attacks, Reader should -// allow them to set and reset a limit on the number of bytes read from the -// connection." -// "websocket.Dial doesn't limit response header length as http.Get does" -// https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/2Tge6U8-QYI -// -// Example usage: -// -// func doSomething(ws *WebSocket) { -// } -// var config websocket.Config -// config.Subprotocols = []string{"base64"} -// config.MaxMessageSize = 2500 -// http.Handle("/", config.Handler(doSomething)) -// err = http.ListenAndServe(":8080", nil) - -package websocket - -import ( - "bufio" - "bytes" - "crypto/rand" - "crypto/sha1" - "encoding/base64" - "encoding/binary" - "errors" - "fmt" - "io" - "net" - "net/http" - "strings" -) - -// Settings for potential WebSocket connections. Subprotocols is a list of -// supported subprotocols as in RFC 6455 section 1.9. When answering client -// requests, the first of the client's requests subprotocols that is also in -// this list (if any) will be used as the subprotocol for the connection. -// MaxMessageSize is a limit on buffering messages. -type Config struct { - Subprotocols []string - MaxMessageSize int -} - -// Representation of a WebSocket frame. The Payload is always without masking. -type Frame struct { - Fin bool - Opcode byte - Payload []byte -} - -// Return true iff the frame's opcode says it is a control frame. -func (frame *Frame) IsControl() bool { - return (frame.Opcode & 0x08) != 0 -} - -// Representation of a WebSocket message. The Payload is always without masking. -type Message struct { - Opcode byte - Payload []byte -} - -// A WebSocket connection after hijacking from HTTP. -type WebSocket struct { - // Conn and ReadWriter from http.ResponseWriter.Hijack. - Conn net.Conn - Bufrw *bufio.ReadWriter - // Whether we are a client or a server has implications for masking. - IsClient bool - // Set from a parent Config. - MaxMessageSize int - // The single selected subprotocol after negotiation, or "". - Subprotocol string - // Buffer for message payloads, which may be interrupted by control - // messages. - messageBuf bytes.Buffer -} - -func applyMask(payload []byte, maskKey [4]byte) { - for i := 0; i < len(payload); i++ { - payload[i] = payload[i] ^ maskKey[i%4] - } -} - -func (ws *WebSocket) maxMessageSize() int { - if ws.MaxMessageSize == 0 { - return 64000 - } - return ws.MaxMessageSize -} - -// Read a single frame from the WebSocket. -func (ws *WebSocket) ReadFrame() (frame Frame, err error) { - var b byte - err = binary.Read(ws.Bufrw, binary.BigEndian, &b) - if err != nil { - return - } - frame.Fin = (b & 0x80) != 0 - frame.Opcode = b & 0x0f - err = binary.Read(ws.Bufrw, binary.BigEndian, &b) - if err != nil { - return - } - masked := (b & 0x80) != 0 - - payloadLen := uint64(b & 0x7f) - if payloadLen == 126 { - var short uint16 - err = binary.Read(ws.Bufrw, binary.BigEndian, &short) - if err != nil { - return - } - payloadLen = uint64(short) - } else if payloadLen == 127 { - var long uint64 - err = binary.Read(ws.Bufrw, binary.BigEndian, &long) - if err != nil { - return - } - payloadLen = long - } - if payloadLen > uint64(ws.maxMessageSize()) { - err = errors.New(fmt.Sprintf("frame payload length of %d exceeds maximum of %d", payloadLen, ws.MaxMessageSize)) - return - } - - maskKey := [4]byte{} - if masked { - if ws.IsClient { - err = errors.New("client got masked frame") - return - } - err = binary.Read(ws.Bufrw, binary.BigEndian, &maskKey) - if err != nil { - return - } - } else { - if !ws.IsClient { - err = errors.New("server got unmasked frame") - return - } - } - - frame.Payload = make([]byte, payloadLen) - _, err = io.ReadFull(ws.Bufrw, frame.Payload) - if err != nil { - return - } - if masked { - applyMask(frame.Payload, maskKey) - } - - return frame, nil -} - -// Read a single message from the WebSocket. Multiple fragmented frames are -// combined into a single message before being returned. Non-control messages -// may be interrupted by control frames. The control frames are returned as -// individual messages before the message that they interrupt. -func (ws *WebSocket) ReadMessage() (message Message, err error) { - var opcode byte = 0 - for { - var frame Frame - frame, err = ws.ReadFrame() - if err != nil { - return - } - if frame.IsControl() { - if !frame.Fin { - err = errors.New("control frame has fin bit unset") - return - } - message.Opcode = frame.Opcode - message.Payload = frame.Payload - return message, nil - } - - if opcode == 0 { - if frame.Opcode == 0 { - err = errors.New("first frame has opcode 0") - return - } - opcode = frame.Opcode - } else { - if frame.Opcode != 0 { - err = errors.New(fmt.Sprintf("non-first frame has nonzero opcode %d", frame.Opcode)) - return - } - } - if ws.messageBuf.Len()+len(frame.Payload) > ws.MaxMessageSize { - err = errors.New(fmt.Sprintf("message payload length of %d exceeds maximum of %d", - ws.messageBuf.Len()+len(frame.Payload), ws.MaxMessageSize)) - return - } - ws.messageBuf.Write(frame.Payload) - if frame.Fin { - break - } - } - message.Opcode = opcode - message.Payload = ws.messageBuf.Bytes() - ws.messageBuf.Reset() - - return message, nil -} - -// Write a single frame to the WebSocket stream. Destructively masks payload in -// place if ws.IsClient. Frames are always unfragmented. -func (ws *WebSocket) WriteFrame(opcode byte, payload []byte) (err error) { - if opcode >= 16 { - err = errors.New(fmt.Sprintf("opcode %d is >= 16", opcode)) - return - } - ws.Bufrw.WriteByte(0x80 | opcode) - - var maskBit byte - var maskKey [4]byte - if ws.IsClient { - _, err = io.ReadFull(rand.Reader, maskKey[:]) - if err != nil { - return - } - applyMask(payload, maskKey) - maskBit = 0x80 - } else { - maskBit = 0x00 - } - - if len(payload) < 126 { - ws.Bufrw.WriteByte(maskBit | byte(len(payload))) - } else if len(payload) <= 0xffff { - ws.Bufrw.WriteByte(maskBit | 126) - binary.Write(ws.Bufrw, binary.BigEndian, uint16(len(payload))) - } else { - ws.Bufrw.WriteByte(maskBit | 127) - binary.Write(ws.Bufrw, binary.BigEndian, uint64(len(payload))) - } - - if ws.IsClient { - _, err = ws.Bufrw.Write(maskKey[:]) - if err != nil { - return - } - } - _, err = ws.Bufrw.Write(payload) - if err != nil { - return - } - - ws.Bufrw.Flush() - - return -} - -// Write a single message to the WebSocket stream. Destructively masks payload -// in place if ws.IsClient. Messages are always sent as a single unfragmented -// frame. -func (ws *WebSocket) WriteMessage(opcode byte, payload []byte) (err error) { - return ws.WriteFrame(opcode, payload) -} - -// Split a string on commas and trim whitespace. -func commaSplit(s string) []string { - var result []string - if strings.TrimSpace(s) == "" { - return result - } - for _, e := range strings.Split(s, ",") { - result = append(result, strings.TrimSpace(e)) - } - return result -} - -// Returns true iff one of the strings in haystack is needle (case-insensitive). -func containsCase(haystack []string, needle string) bool { - for _, e := range haystack { - if strings.ToLower(e) == strings.ToLower(needle) { - return true - } - } - return false -} - -// One-step SHA-1 hash of a string. -func sha1Hash(data string) []byte { - h := sha1.New() - h.Write([]byte(data)) - return h.Sum(nil) -} - -func httpError(w http.ResponseWriter, bufrw *bufio.ReadWriter, code int) { - w.Header().Set("Connection", "close") - bufrw.WriteString(fmt.Sprintf("HTTP/1.0 %d %s\r\n", code, http.StatusText(code))) - w.Header().Write(bufrw) - bufrw.WriteString("\r\n") - bufrw.Flush() -} - -// An implementation of http.Handler with a Config. The ServeHTTP function calls -// Callback assuming WebSocket HTTP negotiation is successful. -type HTTPHandler struct { - Config *Config - Callback func(*WebSocket) -} - -// Implements the http.Handler interface. -func (handler *HTTPHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { - conn, bufrw, err := w.(http.Hijacker).Hijack() - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - defer conn.Close() - - // See RFC 6455 section 4.2.1 for this sequence of checks. - - // 1. An HTTP/1.1 or higher GET request, including a "Request-URI"... - if req.Method != "GET" { - httpError(w, bufrw, http.StatusMethodNotAllowed) - return - } - if req.URL.Path != "/" { - httpError(w, bufrw, http.StatusNotFound) - return - } - // 2. A |Host| header field containing the server's authority. - // We deliberately skip this test. - // 3. An |Upgrade| header field containing the value "websocket", - // treated as an ASCII case-insensitive value. - if !containsCase(commaSplit(req.Header.Get("Upgrade")), "websocket") { - httpError(w, bufrw, http.StatusBadRequest) - return - } - // 4. A |Connection| header field that includes the token "Upgrade", - // treated as an ASCII case-insensitive value. - if !containsCase(commaSplit(req.Header.Get("Connection")), "Upgrade") { - httpError(w, bufrw, http.StatusBadRequest) - return - } - // 5. A |Sec-WebSocket-Key| header field with a base64-encoded value - // that, when decoded, is 16 bytes in length. - websocketKey := req.Header.Get("Sec-WebSocket-Key") - key, err := base64.StdEncoding.DecodeString(websocketKey) - if err != nil || len(key) != 16 { - httpError(w, bufrw, http.StatusBadRequest) - return - } - // 6. A |Sec-WebSocket-Version| header field, with a value of 13. - // We also allow 8 from draft-ietf-hybi-thewebsocketprotocol-10. - var knownVersions = []string{"8", "13"} - websocketVersion := req.Header.Get("Sec-WebSocket-Version") - if !containsCase(knownVersions, websocketVersion) { - // "If this version does not match a version understood by the - // server, the server MUST abort the WebSocket handshake - // described in this section and instead send an appropriate - // HTTP error code (such as 426 Upgrade Required) and a - // |Sec-WebSocket-Version| header field indicating the - // version(s) the server is capable of understanding." - w.Header().Set("Sec-WebSocket-Version", strings.Join(knownVersions, ", ")) - httpError(w, bufrw, 426) - return - } - // 7. Optionally, an |Origin| header field. - // 8. Optionally, a |Sec-WebSocket-Protocol| header field, with a list of - // values indicating which protocols the client would like to speak, ordered - // by preference. - clientProtocols := commaSplit(req.Header.Get("Sec-WebSocket-Protocol")) - // 9. Optionally, a |Sec-WebSocket-Extensions| header field... - // 10. Optionally, other header fields... - - var ws WebSocket - ws.Conn = conn - ws.Bufrw = bufrw - ws.IsClient = false - ws.MaxMessageSize = handler.Config.MaxMessageSize - - // See RFC 6455 section 4.2.2, item 5 for these steps. - - // 1. A Status-Line with a 101 response code as per RFC 2616. - bufrw.WriteString(fmt.Sprintf("HTTP/1.0 %d %s\r\n", http.StatusSwitchingProtocols, http.StatusText(http.StatusSwitchingProtocols))) - // 2. An |Upgrade| header field with value "websocket" as per RFC 2616. - w.Header().Set("Upgrade", "websocket") - // 3. A |Connection| header field with value "Upgrade". - w.Header().Set("Connection", "Upgrade") - // 4. A |Sec-WebSocket-Accept| header field. The value of this header - // field is constructed by concatenating /key/, defined above in step 4 - // in Section 4.2.2, with the string - // "258EAFA5-E914-47DA-95CA-C5AB0DC85B11", taking the SHA-1 hash of this - // concatenated value to obtain a 20-byte value and base64-encoding (see - // Section 4 of [RFC4648]) this 20-byte hash. - const magicGUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11" - acceptKey := base64.StdEncoding.EncodeToString(sha1Hash(websocketKey + magicGUID)) - w.Header().Set("Sec-WebSocket-Accept", acceptKey) - // 5. Optionally, a |Sec-WebSocket-Protocol| header field, with a value - // /subprotocol/ as defined in step 4 in Section 4.2.2. - for _, clientProto := range clientProtocols { - for _, serverProto := range handler.Config.Subprotocols { - if clientProto == serverProto { - ws.Subprotocol = clientProto - w.Header().Set("Sec-WebSocket-Protocol", clientProto) - break - } - } - } - // 6. Optionally, a |Sec-WebSocket-Extensions| header field... - w.Header().Write(bufrw) - bufrw.WriteString("\r\n") - bufrw.Flush() - - // Call the WebSocket-specific handler. - handler.Callback(&ws) -} - -// Return an http.Handler with the given callback function. -func (config *Config) Handler(callback func(*WebSocket)) http.Handler { - return &HTTPHandler{config, callback} -}