/* * Slitheen - a decoy routing system for censorship resistance * Copyright (C) 2017 Cecylia Bocovich (cbocovic@uwaterloo.ca) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 3. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Additional permission under GNU GPL version 3 section 7 * * If you modify this Program, or any covered work, by linking or combining * it with the OpenSSL library (or a modified version of that library), * containing parts covered by the terms of the OpenSSL Licence and the * SSLeay license, the licensors of this Program grant you additional * permission to convey the resulting work. Corresponding Source for a * non-source form of such a combination shall include the source code * for the parts of the OpenSSL library used as well as that of the covered * work. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "socks5proxy.h" #include "crypto.h" #include "tagging.h" #include "util.h" #define DEBUG static connection_table *connections; typedef struct { int32_t in; int32_t out; } ous_pipes; int main(void){ int listen_socket; struct sockaddr_in address; struct sockaddr_in remote_addr; socklen_t addr_size; connections = calloc(1, sizeof(connection_table)); connections->first = NULL; int32_t ous_in[2]; if(pipe(ous_in) < 0){ printf("Failed to create pipe\n"); return 1; } int32_t ous_out[2]; if(pipe(ous_out) < 0){ printf("Failed to create pipe\n"); return 1; } ous_pipes pipes; pipes.in = ous_in[0]; pipes.out = ous_out[1]; /* Spawn a thread to communicate with OUS */ pthread_t *ous_thread = calloc(1, sizeof(pthread_t)); pthread_create(ous_thread, NULL, ous_IO, (void *) &pipes); ous_pipes mux_pipes; mux_pipes.in = ous_in[1]; mux_pipes.out = ous_out[0]; /* Spawn a thread for multiplexing and demultiplexing */ pthread_t *demux_thread = calloc(1, sizeof(pthread_t)); pthread_create(demux_thread, NULL, demultiplex_data, (void *) &mux_pipes); pthread_t *mux_thread = calloc(1, sizeof(pthread_t)); pthread_create(mux_thread, NULL, multiplex_data, (void *) &mux_pipes); if (!(listen_socket = socket(AF_INET, SOCK_STREAM, 0))){ printf("Error creating socket\n"); fflush(stdout); return 1; } address.sin_family = AF_INET; address.sin_addr.s_addr = INADDR_ANY; address.sin_port = htons(1080); int enable = 1; if (setsockopt(listen_socket, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable)) <0 ){ printf("Error setting sockopt\n"); return 1; } if(bind(listen_socket, (struct sockaddr *) &address, sizeof(address))){ printf("Error binding socket\n"); fflush(stdout); return 1; } if(listen(listen_socket, 10) < 0){ printf("Error listening\n"); fflush(stdout); close(listen_socket); exit(1); } uint8_t last_id = 1; printf("Ready for listening\n"); for(;;){ addr_size = sizeof(remote_addr); int new_socket; new_socket = accept(listen_socket, (struct sockaddr *) &remote_addr, &addr_size); if(new_socket < 0){ perror("accept"); exit(1); } printf("New connection\n"); //assign a new stream_id and create a pipe for the session connection *new_conn = calloc(1, sizeof(connection)); new_conn->stream_id = last_id++; new_conn->socket = new_socket; new_conn->state = NEW_STREAM; new_conn->next = NULL; if(connections->first == NULL){ connections->first = new_conn; printf("Added first connection with id: %d\n", new_conn->stream_id); fflush(stdout); } else { connection *last = connections->first; while(last->next != NULL){ last = last->next; } last->next = new_conn; printf("Added connection with id: %d at %p\n", new_conn->stream_id, last->next); fflush(stdout); } } return 0; } /* * Responsible for communicating with the OUS. Upstream data is read from the pipes of individual * streams and sent to the OUS. Downstream data is read from the OUS, demultiplexed according t * stream ID, and sent to the corresponding stream. */ void *ous_IO(void *args){ ous_pipes *pipes = (ous_pipes *) args; int32_t ous_in = pipes->in; int32_t ous_out = pipes->out; //generate Slitheen ID uint8_t slitheen_id[SLITHEEN_ID_LEN]; uint8_t shared_secret[16]; generate_slitheen_id(slitheen_id, shared_secret); #ifdef DEBUG printf("Randomly generated slitheen id: "); int i; for(i=0; i< SLITHEEN_ID_LEN; i++){ printf("%02x ", slitheen_id[i]); } printf("\n"); #endif // Calculate super encryption keys generate_super_keys(shared_secret); printf("Generated super encrypt keys\n"); char *encoded_bytes = NULL; base64_encode(slitheen_id, SLITHEEN_ID_LEN, &encoded_bytes); printf("Encoded ID\n"); //give encoded slitheen ID to ous struct sockaddr_in ous_addr; ous_addr.sin_family = AF_INET; inet_pton(AF_INET, "127.0.0.1", &(ous_addr.sin_addr)); ous_addr.sin_port = htons(57173); int32_t ous = socket(AF_INET, SOCK_STREAM, 0); if(ous < 0){ printf("Failed to make socket\n"); pthread_exit(NULL); } int32_t error = connect(ous, (struct sockaddr *) &ous_addr, sizeof (struct sockaddr)); if(error < 0){ printf("Error connecting to OUS\n"); pthread_exit(NULL); } printf("Connected to OUS\n"); uint16_t len = htons(strlen(encoded_bytes)); int32_t bytes_sent = send(ous, (unsigned char *) &len, sizeof(uint16_t), 0); bytes_sent += send(ous, encoded_bytes, ntohs(len), 0); printf("Wrote %d bytes to OUS_in: %x\n %s\n", bytes_sent, len, encoded_bytes); uint8_t *buffer = emalloc(BUFSIZ); int32_t buffer_len = BUFSIZ; int32_t bytes_read; /* Select on proxy pipes, demux thread, and ous to send and receive data*/ for(;;){ fd_set read_fds; fd_set write_fds; int32_t nfds = ous; if(ous_in > nfds) nfds = ous_in; if(ous_out > nfds) nfds = ous_out; FD_ZERO(&read_fds); FD_ZERO(&write_fds); FD_SET(ous_in, &read_fds); FD_SET(ous, &read_fds); FD_SET(ous_out, &write_fds); FD_SET(ous, &write_fds); if(select(nfds+1, &read_fds, &write_fds, NULL, NULL) < 0){ fprintf(stderr, "Select error\n"); break; } if(FD_ISSET(ous_in, &read_fds) && FD_ISSET(ous, &write_fds)){ bytes_read = read(ous_in, buffer, buffer_len); #ifdef DEBUG printf("Received %d bytes from multiplexer\n", bytes_read); for(int i=0; i< bytes_read; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif if(bytes_read > 0){ bytes_sent = send(ous, buffer, bytes_read, 0); #ifdef DEBUG printf("Sent %d bytes to OUS\n", bytes_sent); for(int i=0; i< bytes_sent; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif if(bytes_sent <= 0){ fprintf(stderr, "Connection to OUS closed\n"); break; } } else if (bytes_read == 0) { fprintf(stderr, "Connection to multiplexer closed\n"); break; } else { fprintf(stderr, "Error reading from multiplexer\n"); break; } } if(FD_ISSET(ous, &read_fds) && FD_ISSET(ous_out, &write_fds)){ bytes_read = recv(ous, buffer, 4, 0); #ifdef DEBUG printf("Received %d bytes from OUS\n", bytes_read); for(int i=0; i< bytes_read; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif if (bytes_read <= 0) { fprintf(stderr, "Connection to OUS closed\n"); break; } uint32_t *chunk_len = (uint32_t*) buffer; fprintf(stderr, "Length of this chunk: %u\n", *chunk_len); bytes_read = recv(ous, buffer, *chunk_len, 0); #ifdef DEBUG printf("Received %d bytes from OUS\n", bytes_read); for(int i=0; i< bytes_read; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif if(bytes_read > 0){ bytes_sent = write(ous_out, buffer, bytes_read); #ifdef DEBUG printf("Sent %d bytes to demultiplexer\n", bytes_sent); for(int i=0; i< bytes_sent; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif if(bytes_sent <= 0){ fprintf(stderr, "Connection to demultiplexer closed\n"); break; } } else if (bytes_read == 0) { fprintf(stderr, "Connection to OUS closed\n"); break; } else { fprintf(stderr, "Error reading from OUS\n"); break; } } } fprintf(stderr, "Closing OUS\n"); close(ous); close(ous_in); close(ous_out); free(buffer); pthread_exit(NULL); } /* * Continuously read from all stream sockets and pass data to ous */ void *multiplex_data(void *args){ ous_pipes *pipes = (ous_pipes *) args; int32_t buffer_len = BUFSIZ; uint8_t *buffer = ecalloc(1, buffer_len); int32_t bytes_read; uint8_t *response = ecalloc(1, BUFSIZ); /* Select on stream sockets and ous_in pipe to send and receive data*/ for(;;){ fd_set read_fds; fd_set write_fds; int32_t nfds = 0; FD_ZERO(&read_fds); FD_ZERO(&write_fds); //add all stream sockets to read_fds connection *conn = connections->first; while(conn != NULL){ if(conn->socket > nfds) nfds = conn->socket; FD_SET(conn->socket, &read_fds); conn = conn->next; } FD_SET(pipes->in, &write_fds); if(pipes->in > nfds) nfds = pipes->in; struct timeval tv; tv.tv_sec = 3; tv.tv_usec = 0; if(select(nfds+1, &read_fds, &write_fds, NULL, &tv) < 0){ fprintf(stderr, "Select error\n"); break; } struct slitheen_up_hdr *up_hdr; uint16_t len; char *encoded_bytes = NULL; conn = connections->first; while(conn != NULL){ uint8_t stream_id = conn->stream_id; if(FD_ISSET(conn->socket, &read_fds) && FD_ISSET(pipes->in, &write_fds)){ printf("Reading from stream %d\n", conn->stream_id); bytes_read = recv(conn->socket, buffer, buffer_len, 0); if(bytes_read < 0){ close(conn->socket); conn = conn->next; remove_connection(stream_id); continue; } else if(bytes_read == 0){ //socket is closed printf("Closing connection for stream %d sockfd.\n", conn->stream_id); fflush(stdout); if(conn->state == CONNECTED){ //Send close message to slitheen proxy up_hdr = (struct slitheen_up_hdr *) buffer; up_hdr->stream_id = conn->stream_id; up_hdr->len = 0; base64_encode(buffer, 20, &encoded_bytes); len = htons(strlen(encoded_bytes)); int32_t bytes_sent = write(pipes->in, (unsigned char *) &len, sizeof(uint16_t)); bytes_sent += write(pipes->in, encoded_bytes, ntohs(len)); printf("Wrote %d bytes to ous\n", bytes_sent); printf("Closing message: %s\n", encoded_bytes); free(encoded_bytes); encoded_bytes = NULL; } close(conn->socket); conn = conn->next; remove_connection(stream_id); continue; } switch(conn->state){ case NEW_STREAM: printf("Received new stream data from stream %d\n", conn->stream_id); #ifdef DEBUG printf("Received %d bytes (id %d):\n", bytes_read, conn->stream_id); for(int i=0; i< bytes_read; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif //Respond to methods negotiation struct socks_method_req *clnt_meth = (struct socks_method_req *) buffer; uint8_t *p = buffer + 2; if(clnt_meth->version != 0x05){ close(conn->socket); printf("Client supplied invalid version: %02x\n", clnt_meth->version); fflush(stdout); conn = conn->next; remove_connection(stream_id); continue; } int responded = 0; int bytes_sent; for(int i=0; i< clnt_meth->num_methods; i++){ if(p[0] == 0x00){//send response with METH= 0x00 response[0] = 0x05; response[1] = 0x00; send(conn->socket, response, 2, 0); responded = 1; } p++; } if(!responded){//respond with METH= 0xFF response[0] = 0x05; response[1] = 0xFF; send(conn->socket, response, 2, 0); close(conn->socket); conn = conn->next; remove_connection(stream_id); continue; } conn->state = NEGOTIATED; break; case NEGOTIATED: printf("Received negotiation data from stream %d\n", conn->stream_id); #ifdef DEBUG printf("Received %d bytes (id %d):\n", bytes_read, conn->stream_id); for(int i=0; i< bytes_read; i++){ printf("%02x ", buffer[i]); } printf("\n"); fflush(stdout); #endif //Respond to say connection was accepted response[0] = 0x05; response[1] = 0x00; response[2] = 0x00; response[3] = 0x01; *((uint32_t *) (response + 4)) = 0; *((uint16_t *) (response + 8)) = 0; send(conn->socket, response, 10, 0); //TODO: add check for send memmove(buffer+sizeof(struct slitheen_up_hdr), buffer, bytes_read); up_hdr = (struct slitheen_up_hdr *) buffer; up_hdr->stream_id = conn->stream_id; up_hdr->len = htons(bytes_read); bytes_read+= sizeof(struct slitheen_up_hdr); base64_encode(buffer, bytes_read, &encoded_bytes); len = htons(strlen(encoded_bytes)); bytes_sent = write(pipes->in, (unsigned char *) &len, sizeof(uint16_t)); bytes_sent += write(pipes->in, encoded_bytes, ntohs(len)); printf("Wrote %d bytes to ous\n", bytes_sent); free(encoded_bytes); encoded_bytes = NULL; conn->state = CONNECTED; break; case CONNECTED: printf("Received application data from stream %d\n", conn->stream_id); #ifdef DEBUG_UPSTREAM printf("Received %d data bytes from sockfd (id %d):\n", bytes_read, conn->stream_id); for(i=0; i< bytes_read; i++){ printf("%02x ", buffer[i]); } printf("\n"); printf("%s\n", buffer); fflush(stdout); #endif memmove(buffer+sizeof(struct slitheen_up_hdr), buffer, bytes_read); up_hdr = (struct slitheen_up_hdr *) buffer; up_hdr->stream_id = conn->stream_id; up_hdr->len = htons(bytes_read); bytes_read+= sizeof(struct slitheen_up_hdr); base64_encode(buffer, bytes_read, &encoded_bytes); len = htons(strlen(encoded_bytes)); bytes_sent = write(pipes->in, (unsigned char *) &len, sizeof(uint16_t)); bytes_sent += write(pipes->in, encoded_bytes, ntohs(len)); printf("Wrote %d bytes to ous\n", bytes_sent); #ifdef DEBUG_UPSTREAM printf("Sent to OUS (%d bytes): %x %s\n",bytes_sent, len, encoded_bytes); #endif free(encoded_bytes); encoded_bytes = NULL; break; default: fprintf(stderr, "Wrong connection state\n"); close(conn->socket); conn = conn->next; remove_connection(stream_id); break; } } conn = conn->next; } } free(response); pthread_exit(NULL); } /* Read blocks of covert data from the OUS. Determine the stream id and the length of * the block and then write the data to the correct thread to be passed to the browser */ void *demultiplex_data(void *args){ ous_pipes *pipes = (ous_pipes *) args; int32_t buffer_len = BUFSIZ; uint8_t *buffer = calloc(1, buffer_len); uint8_t *p; uint8_t *partial_block = NULL; uint32_t partial_block_len = 0; uint32_t resource_remaining = 0; uint64_t expected_next_count = 1; data_block *saved_data = NULL; for(;;){ printf("Demux thread waiting to read\n"); int32_t bytes_read = read(pipes->out, buffer, buffer_len-partial_block_len); if(bytes_read > 0){ int32_t bytes_remaining = bytes_read; p = buffer; //didn't read a full slitheen block last time if(partial_block_len > 0){ //process first part of slitheen info memmove(buffer+partial_block_len, buffer, bytes_read); memcpy(buffer, partial_block, partial_block_len); bytes_remaining += partial_block_len; free(partial_block); partial_block = NULL; partial_block_len = 0; } while(bytes_remaining > 0){ if(resource_remaining <= 0){//we're at a new resource //the first value for a new resource will be the resource length, //followed by a newline uint8_t *end_ptr; resource_remaining = strtol((const char *) p, (char **) &end_ptr, 10); #ifdef DEBUG_PARSE printf("Starting new resource of len %d bytes\n", resource_remaining); printf("Resource len bytes:\n"); int i; for(i=0; i< (end_ptr - p) + 1; i++){ printf("%02x ", ((const char *) p)[i]); } printf("\n"); #endif if(resource_remaining == 0){ bytes_remaining -= (end_ptr - p) + 1; p += (end_ptr - p) + 1; } else { bytes_remaining -= (end_ptr - p) + 1; p += (end_ptr - p) + 1; } continue; } if(resource_remaining < SLITHEEN_HEADER_LEN){ printf("ERROR: Resource remaining doesn't fit header len.\n"); resource_remaining = 0; bytes_remaining = 0; break; } if(bytes_remaining < SLITHEEN_HEADER_LEN){ #ifdef DEBUG_PARSE printf("Partial header: "); int i; for(i = 0; i< bytes_remaining; i++){ printf("%02x ", p[i]); } printf("\n"); #endif if(partial_block != NULL) printf("UH OH (PB)\n"); partial_block = calloc(1, bytes_remaining); memcpy(partial_block, p, bytes_remaining); partial_block_len = bytes_remaining; bytes_remaining = 0; break; } //decrypt header to see if we have entire block uint8_t *tmp_header = malloc(SLITHEEN_HEADER_LEN); memcpy(tmp_header, p, SLITHEEN_HEADER_LEN); peek_header(tmp_header); struct slitheen_hdr *sl_hdr = (struct slitheen_hdr *) tmp_header; //first see if sl_hdr corresponds to a valid stream. If not, ignore rest of read bytes #ifdef DEBUG_PARSE printf("Slitheen header:\n"); int i; for(i = 0; i< SLITHEEN_HEADER_LEN; i++){ printf("%02x ", tmp_header[i]); } printf("\n"); #endif if(ntohs(sl_hdr->len) > resource_remaining){ printf("ERROR: slitheen block doesn't fit in resource remaining!\n"); resource_remaining = 0; bytes_remaining = 0; break; } if(ntohs(sl_hdr->len) > bytes_remaining){ if(partial_block != NULL) printf("UH OH (PB)\n"); partial_block = calloc(1, ntohs(sl_hdr->len)); memcpy(partial_block, p, bytes_remaining); partial_block_len = bytes_remaining; bytes_remaining = 0; free(tmp_header); break; } super_decrypt(p); sl_hdr = (struct slitheen_hdr *) p; free(tmp_header); p += SLITHEEN_HEADER_LEN; bytes_remaining -= SLITHEEN_HEADER_LEN; resource_remaining -= SLITHEEN_HEADER_LEN; if((!sl_hdr->len) && (sl_hdr->garbage)){ #ifdef DEBUG_PARSE printf("%d Garbage bytes\n", ntohs(sl_hdr->garbage)); #endif p += ntohs(sl_hdr->garbage); bytes_remaining -= ntohs(sl_hdr->garbage); resource_remaining -= ntohs(sl_hdr->garbage); continue; } int32_t sock =-1; if(connections->first == NULL){ printf("Error: there are no connections\n"); } else { connection *last = connections->first; if (last->stream_id == sl_hdr->stream_id){ sock = last->socket; } while(last->next != NULL){ last = last->next; if (last->stream_id == sl_hdr->stream_id){ sock = last->socket; } } } if(sock == -1){ printf("No stream id exists. Possibly invalid header\n"); break; } #ifdef DEBUG_PARSE printf("Received information for stream id: %d of length: %u\n", sl_hdr->stream_id, ntohs(sl_hdr->len)); #endif //figure out how much to skip int32_t padding = 0; if(ntohs(sl_hdr->len) %16){ padding = 16 - ntohs(sl_hdr->len)%16; } p += 16; //IV //check counter to see if we are missing data if(sl_hdr->counter > expected_next_count){ //save any future data printf("Received header with count %lu. Expected count %lu.\n", sl_hdr->counter, expected_next_count); if((saved_data == NULL) || (saved_data->count > sl_hdr->counter)){ data_block *new_block = malloc(sizeof(data_block)); new_block->count = sl_hdr->counter; new_block->len = ntohs(sl_hdr->len); new_block->data = malloc(ntohs(sl_hdr->len)); memcpy(new_block->data, p, ntohs(sl_hdr->len)); new_block->socket = sock; new_block->next = saved_data; saved_data = new_block; } else { data_block *last = saved_data; while((last->next != NULL) && (last->next->count < sl_hdr->counter)){ last = last->next; } data_block *new_block = malloc(sizeof(data_block)); new_block->count = sl_hdr->counter; new_block->len = ntohs(sl_hdr->len); new_block->data = malloc(ntohs(sl_hdr->len)); memcpy(new_block->data, p, ntohs(sl_hdr->len)); new_block->socket = sock; new_block->next = last->next; last->next = new_block; } } else { int32_t bytes_sent = send(sock, p, ntohs(sl_hdr->len), 0); if(bytes_sent <= 0){ printf("Error writing to socket for stream id %d\n", sl_hdr->stream_id); } //increment expected counter expected_next_count++; } //now check to see if there is saved data to write out if(saved_data != NULL){ data_block *current_block = saved_data; while((current_block != NULL) && (expected_next_count == current_block->count)){ int32_t bytes_sent = send(current_block->socket, current_block->data, current_block->len, 0); if(bytes_sent <= 0){ printf("Error writing to socket for stream id %d\n", sl_hdr->stream_id); } expected_next_count++; saved_data = current_block->next; free(current_block->data); free(current_block); current_block = saved_data; } } p += ntohs(sl_hdr->len); //encrypted data p += 16; //mac p += padding; p += ntohs(sl_hdr->garbage); bytes_remaining -= ntohs(sl_hdr->len) + 16 + padding + 16 + ntohs(sl_hdr->garbage); resource_remaining -= ntohs(sl_hdr->len) + 16 + padding + 16 + ntohs(sl_hdr->garbage); } } else { printf("Error: read %d bytes from OUS_out\n", bytes_read); goto err; } } err: free(buffer); close(pipes->out); pthread_exit(NULL); } int remove_connection(uint16_t stream_id){ connection *last = connections->first; connection *prev = last; while(last != NULL){ if(last->stream_id == stream_id){ if(last == connections->first){ connections->first = last->next; } else { prev->next = last->next; } free(last); printf("Removed stream id %d from connections table\n", stream_id); break; } prev = last; last = last->next; } return 1; }