Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two liveness checks when using decoy registration with sharing over API #59

Merged
merged 2 commits into from
Dec 11, 2020
Merged

Two liveness checks when using decoy registration with sharing over API #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e6dd1a2
updated wrapping struct for clientToStations and added a flag to regi…
jmwample Dec 10, 2020
61add4d
rust compilation issue fixed
jmwample Dec 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions application/lib/registration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,6 @@ func (reg *DecoyRegistration) GenerateClientToStation() *pb.ClientToStation {
V6Support: &v6,
V4Support: &v4,
Transport: &reg.Transport,
Flags: reg.Flags,
}

for (proto.Size(initProto)+AES_GCM_TAG_SIZE)%3 != 0 {
Expand All @@ -261,15 +260,27 @@ func (reg *DecoyRegistration) GenerateClientToStation() *pb.ClientToStation {
return initProto
}

func (reg *DecoyRegistration) GenerateClientToAPI() *pb.ClientToAPI {
func (reg *DecoyRegistration) GenerateC2SWrapper() *pb.C2SWrapper {
boolHolder := true
c2s := reg.GenerateClientToStation()
protoPayload := &pb.ClientToAPI{
Secret: reg.Keys.SharedSecret,
c2s.Flags.Prescanned = &boolHolder
source := pb.RegistrationSource_DetectorPrescan

protoPayload := &pb.C2SWrapper{
SharedSecret: reg.Keys.SharedSecret,
RegistrationPayload: c2s,
RegistrationSource: &source,
}
return protoPayload
}

func (reg *DecoyRegistration) PreScanned() bool {
if reg == nil || reg.Flags == nil {
return false
}
return reg.Flags.GetPrescanned()
}

// PhantomIsLive - Test whether the phantom is live using
// 8 syns which returns syn-acks from 99% of sites within 1 second.
// see ZMap: Fast Internet-wide Scanning and Its Security Applications
Expand Down
8 changes: 4 additions & 4 deletions application/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ func get_zmq_updates(connectAddr string, regManager *cj.RegistrationManager, con
if reg == nil || reg.RegistrationSource == nil {
continue
}
if *reg.RegistrationSource != pb.RegistrationSource_DetectorPrescan {
if !reg.PreScanned() {
// New registration received over channel that requires liveness scan for the phantom
liveness, response := reg.PhantomIsLive()
if liveness == true {
Expand All @@ -210,11 +210,11 @@ func get_zmq_updates(connectAddr string, regManager *cj.RegistrationManager, con
}

func tryShareRegistrationOverAPI(reg *cj.DecoyRegistration, apiEndpoint string) {
c2a := reg.GenerateClientToAPI()
c2a := reg.GenerateC2SWrapper()

payload, err := proto.Marshal(c2a)
if err != nil {
logger.Printf("%v failed to marshal ClientToAPI payload: %v", reg.IDString(), err)
logger.Printf("%v failed to marshal C2SWrapper payload: %v", reg.IDString(), err)
return
}

Expand Down Expand Up @@ -249,7 +249,7 @@ func recieve_zmq_message(sub *zmq.Socket, regManager *cj.RegistrationManager) ([
return nil, err
}

parsed := &pb.ZMQPayload{}
parsed := &pb.C2SWrapper{}
err = proto.Unmarshal(msg, parsed)
if err != nil {
logger.Printf("Failed to unmarshall ClientToStation: %v", err)
Expand Down
29 changes: 17 additions & 12 deletions proto/signalling.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,9 +133,9 @@ enum ErrorReasonS2C {
}

enum TransportType {
NullTransport = 0;
MinTransport = 1; // Send a 32-byte HMAC id to let the station distinguish registrations to same host
Obfs4Transport = 2; // Not implemented yet?
Null = 0;
Min = 1; // Send a 32-byte HMAC id to let the station distinguish registrations to same host
Obfs4 = 2; // Not implemented yet?
}

message StationToClient {
Expand Down Expand Up @@ -167,7 +167,8 @@ message RegistrationFlags {
optional bool upload_only = 1;
optional bool dark_decoy = 2;
optional bool proxy_header = 3;
optional bool use_TIL = 4;
optional bool use_TIL = 4;
optional bool prescanned = 5;
}

message ClientToStation {
Expand Down Expand Up @@ -216,19 +217,23 @@ message ClientToStation {
optional bytes padding = 100;
}

// Message type used as the request body when registering via the HTTP API.
// This message is assumed to be sent via TLS, meaning that sending the secret outright is acceptable.
message ClientToAPI {
// The secret that will be used when forming phantom connections.
optional bytes secret = 1;

// The ClientToStation payload; the same as used in decoy registrations.
optional ClientToStation registration_payload = 2;
enum RegistrationSource {
Detector = 0;
API = 1;
DetectorPrescan = 2;
}

message ZMQPayload {
message C2SWrapper {
optional bytes shared_secret = 1;
optional ClientToStation registration_payload = 3;
optional RegistrationSource registration_source = 4;

// client source address when receiving a registration
optional bytes registration_address = 6;

// Decoy address used when registering over Decoy registrar
optional bytes decoy_address = 7;
}

message SessionStats {
Expand Down
Loading