changed common/sha256.c

	changed common/sha256.h
	changed crypto/aesni256.c
	changed crypto/aesni256.h
	changed engine/engine.c
	changed mtproto/mtproto-proxy.c
	changed net/net-connections.c
	changed net/net-connections.h
	changed net/net-crypto-aes.c
	changed net/net-crypto-aes.h
	changed net/net-crypto-dh.c
	changed net/net-events.c
	changed net/net-msg.c
	changed net/net-msg.h
	changed net/net-tcp-connections.c
	changed net/net-tcp-rpc-common.c
	changed net/net-tcp-rpc-common.h
	changed net/net-tcp-rpc-ext-server.c
	changed net/net-tcp-rpc-ext-server.h
	changed net/net-tcp-rpc-server.c
	changed net/net-tcp-rpc-ext-server.c
	changed net/net-tcp-rpc-ext-server.h

common/sha256.c

@@ -18,9 +18,12 @@
               2016 Nikolai Durov
 */
 
-#include <assert.h>
 #include "sha256.h"
 
+#include <assert.h>
+
+#include <openssl/hmac.h>
+
 void sha256_starts (sha256_context *ctx) {
   EVP_MD_CTX_init (ctx);
   EVP_DigestInit_ex (ctx, EVP_sha256(), NULL); 
@@ -52,3 +55,10 @@ void sha256_two_chunks (const unsigned char *input1, int ilen1, const unsigned c
   sha256_finish (ctx, output);
   EVP_MD_CTX_free (ctx);
 }
+
+void sha256_hmac (unsigned char *key, int keylen, unsigned char *input, int ilen, unsigned char output[32]) {
+  unsigned int len = 0;
+  unsigned char *result = HMAC(EVP_sha256(), key, keylen, input, ilen, output, &len);
+  assert (result == output);
+  assert (len == 32);
+}

common/sha256.h

@@ -35,3 +35,5 @@ void sha256_update (sha256_context *ctx, const unsigned char *input, int ilen);
 void sha256_finish (sha256_context *ctx, unsigned char output[32]);
 void sha256 (const unsigned char *input, int ilen, unsigned char output[32]);
 void sha256_two_chunks (const unsigned char *input1, int ilen1, const unsigned char *input2, int ilen2, unsigned char output[32]);
+
+void sha256_hmac (unsigned char *key, int keylen, unsigned char *input, int ilen, unsigned char output[32]);

crypto/aesni256.c

@@ -22,115 +22,20 @@
 */
 
 #include "crypto/aesni256.h"
-#include <assert.h>
-#include <string.h>
-#include <stdint.h>
-#include "common/cpuid.h"
-
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-#include <openssl/modes.h>
-void AES_ctr128_encrypt(
-		const unsigned char *in, 
-		unsigned char *out,
-		size_t length, 
-		const AES_KEY *key,
-		unsigned char ivec[AES_BLOCK_SIZE],
-		unsigned char ecount_buf[AES_BLOCK_SIZE],
-		unsigned int *num) {
-	CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, (block128_f)AES_encrypt);
-}
-#endif
-
-void tg_ssl_aes_ctr_crypt (tg_aes_ctx_t *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16], unsigned long long offset) {
-  unsigned char iv_copy[16];
-  memcpy (iv_copy, iv, 16);
-  unsigned long long *p = (unsigned long long *) (iv_copy + 8);
-  (*p) += offset >> 4;
-  union {
-    unsigned char c[16];
-    unsigned long long d[2];
-  } u;
-  int i = offset & 15, l;
-  if (i) {
-    AES_encrypt (iv_copy, u.c, &ctx->u.key);
-    (*p)++;
-    l = i + size;
-    if (l > 16) {
-      l = 16;
-    }
-    size -= l - i;
-    do {
-      *out++ = (*in++) ^ u.c[i++];
-    } while (i < l);
-  }
-  const unsigned long long *I = (const unsigned long long *) in;
-  unsigned long long *O = (unsigned long long *) out;
-  int n = size >> 4;
-  while (--n >= 0) {
-    AES_encrypt (iv_copy, (unsigned char *) u.d, &ctx->u.key);
-    (*p)++;
-    *O++ = (*I++) ^ u.d[0];
-    *O++ = (*I++) ^ u.d[1];
-  }
-  l = size & 15;
-  if (l) {
-    AES_encrypt (iv_copy, u.c, &ctx->u.key);
-    in = (const unsigned char *) I;
-    out = (unsigned char *) O;
-    i = 0;
-    do {
-      *out++ = (*in++) ^ u.c[i++];
-    } while (i < l);
-  }
-}
-
-
-static void tg_ssl_aes_cbc_encrypt (tg_aes_ctx_t *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16]) {
-  AES_cbc_encrypt (in, out, size, &ctx->u.key, iv, AES_ENCRYPT);
-}
-
-static void tg_ssl_aes_cbc_decrypt (tg_aes_ctx_t *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16]) {
-  AES_cbc_encrypt (in, out, size, &ctx->u.key, iv, AES_DECRYPT);
-}
-
-static void tg_ssl_aes_ige_encrypt (tg_aes_ctx_t *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[32]) {
-  AES_ige_encrypt (in, out, size, &ctx->u.key, iv, AES_ENCRYPT);
-}
-
-static void tg_ssl_aes_ige_decrypt (tg_aes_ctx_t *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[32]) {
-  AES_ige_encrypt (in, out, size, &ctx->u.key, iv, AES_DECRYPT);
-}
 
-void tg_ssl_aes_ctr128_crypt (struct tg_aes_ctx *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16], unsigned char ecount_buf[16], unsigned int *num) {
-  AES_ctr128_encrypt (in, out, size, &ctx->u.key, iv, ecount_buf, num);
-}
-
-static const struct tg_aes_methods ssl_aes_encrypt_methods = {
-  .cbc_crypt = tg_ssl_aes_cbc_encrypt,
-  .ige_crypt = tg_ssl_aes_ige_encrypt,
-  .ctr_crypt = tg_ssl_aes_ctr_crypt,
-  .ctr128_crypt = tg_ssl_aes_ctr128_crypt
-};
-
-void tg_aes_set_encrypt_key (tg_aes_ctx_t *ctx, unsigned char *key, int bits) {
-  AES_set_encrypt_key (key, bits, &ctx->u.key);
-  ctx->type = &ssl_aes_encrypt_methods;
-}
+#include <assert.h>
 
-static const struct tg_aes_methods ssl_aes_decrypt_methods = {
-  .cbc_crypt = tg_ssl_aes_cbc_decrypt,
-  .ige_crypt = tg_ssl_aes_ige_decrypt,
-  .ctr_crypt = NULL,
-  .ctr128_crypt = NULL
-};
+EVP_CIPHER_CTX *evp_cipher_ctx_init (const EVP_CIPHER *cipher, unsigned char *key, unsigned char iv[16], int is_encrypt) {
+  EVP_CIPHER_CTX *evp_ctx = EVP_CIPHER_CTX_new();
+  assert(evp_ctx);
 
-void tg_aes_set_decrypt_key (tg_aes_ctx_t *ctx, unsigned char *key, int bits) {
-  AES_set_decrypt_key (key, bits, &ctx->u.key);
-  ctx->type = &ssl_aes_decrypt_methods;
+  assert(EVP_CipherInit(evp_ctx, cipher, key, iv, is_encrypt) == 1);
+  assert(EVP_CIPHER_CTX_set_padding(evp_ctx, 0) == 1);
+  return evp_ctx;
 }
 
-void tg_aes_ctx_cleanup (tg_aes_ctx_t *ctx) {
-  memset (ctx, 0, sizeof (tg_aes_ctx_t));
+void evp_crypt (EVP_CIPHER_CTX *evp_ctx, const void *in, void *out, int size) {
+  int len;
+  assert (EVP_CipherUpdate(evp_ctx, out, &len, in, size) == 1);
+  assert (len == size);
 }

crypto/aesni256.h

@@ -23,30 +23,8 @@
 
 #pragma once
 
-#include <openssl/aes.h>
-
-struct aesni256_ctx {
-  unsigned char a[256];
-};
-
-//TODO: move cbc_crypt, ige_crypt, ctr_crypt to the virtual method table
-struct tg_aes_ctx;
-
-struct tg_aes_methods {
-  void (*cbc_crypt) (struct tg_aes_ctx *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16]);
-  void (*ige_crypt) (struct tg_aes_ctx *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[32]);
-  void (*ctr_crypt) (struct tg_aes_ctx *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16], unsigned long long offset);
-  void (*ctr128_crypt) (struct tg_aes_ctx *ctx, const unsigned char *in, unsigned char *out, int size, unsigned char iv[16], unsigned char ecount_buf[16], unsigned int *num);
-};
-
-typedef struct tg_aes_ctx {
-  union {
-    AES_KEY key;
-    struct aesni256_ctx ctx;
-  } u;
-  const struct tg_aes_methods *type;
-} tg_aes_ctx_t;
-
-void tg_aes_set_encrypt_key (tg_aes_ctx_t *ctx, unsigned char *key, int bits);
-void tg_aes_set_decrypt_key (tg_aes_ctx_t *ctx, unsigned char *key, int bits);
-void tg_aes_ctx_cleanup (tg_aes_ctx_t *ctx);
+#include <openssl/evp.h>
+
+EVP_CIPHER_CTX *evp_cipher_ctx_init (const EVP_CIPHER *cipher, unsigned char *key, unsigned char iv[16], int is_encrypt);
+
+void evp_crypt (EVP_CIPHER_CTX *evp_ctx, const void *in, void *out, int size);

engine/engine.c

@@ -691,7 +691,7 @@ static void parse_option_engine_builtin (const char *name, int arg, int *var, in
   assert (vasprintf (&h, help, ap) >= 0);
   va_end (ap);
 
-  parse_option_ex (name, arg, var, val, flags, f_parse_option_engine, h);
+  parse_option_ex (name, arg, var, val, flags, f_parse_option_engine, "%s", h);
 
   free (h);
 }

mtproto/mtproto-proxy.c

@@ -107,11 +107,11 @@ const char FullVersionStr[] = VERSION_STR " compiled at " __DATE__ " " __TIME__
 #define MAX_MTFRONT_NB			((NB_max * 3) >> 2)
 #endif
 
-double ping_interval = PING_INTERVAL;
-int window_clamp = DEFAULT_WINDOW_CLAMP;
+static double ping_interval = PING_INTERVAL;
+static int window_clamp;
 
 #define	PROXY_MODE_OUT	2
-int proxy_mode;
+static int proxy_mode;
 
 #define IS_PROXY_IN	0
 #define IS_PROXY_OUT	1
@@ -2076,23 +2076,32 @@ void cron (void) {
 int sfd;
 int http_ports_num;
 int http_sfd[MAX_HTTP_LISTEN_PORTS], http_port[MAX_HTTP_LISTEN_PORTS];
+static int domain_count;
+static int secret_count;
 
 // static double next_create_outbound;
 // int outbound_connections_per_second = DEFAULT_OUTBOUND_CONNECTION_CREATION_RATE;
 
 void mtfront_pre_loop (void) {
   int i, enable_ipv6 = engine_check_ipv6_enabled () ? SM_IPV6 : 0;
-  tcp_maximize_buffers = 1;
+  if (domain_count == 0) {
+    tcp_maximize_buffers = 1;
+    if (window_clamp == 0) {
+      window_clamp = DEFAULT_WINDOW_CLAMP;
+    }
+  }
   if (!workers) {
     for (i = 0; i < http_ports_num; i++) {
-      init_listening_tcpv6_connection (http_sfd[i], &ct_tcp_rpc_ext_server_mtfront, &ext_rpc_methods, enable_ipv6 | SM_LOWPRIO | SM_NOQACK | (max_special_connections ? SM_SPECIAL : 0));
-      //     assert (setsockopt (http_sfd[i], IPPROTO_TCP, TCP_MAXSEG, (int[]){1410}, sizeof (int)) >= 0);
-      //     assert (setsockopt (http_sfd[i], IPPROTO_TCP, TCP_NODELAY, (int[]){1}, sizeof (int)) >= 0);
-      listening_connection_job_t LC = Events[http_sfd[i]].data;
-      assert (LC);
-      CONN_INFO(LC)->window_clamp = window_clamp;
-      if (setsockopt (http_sfd[i], IPPROTO_TCP, TCP_WINDOW_CLAMP, &window_clamp, 4) < 0) {
-	vkprintf (0, "error while setting window size for socket %d to %d: %m\n", http_sfd[i], window_clamp);
+      init_listening_tcpv6_connection (http_sfd[i], &ct_tcp_rpc_ext_server_mtfront, &ext_rpc_methods, enable_ipv6 | SM_LOWPRIO | (domain_count == 0 ? SM_NOQACK : 0) | (max_special_connections ? SM_SPECIAL : 0));
+      // assert (setsockopt (http_sfd[i], IPPROTO_TCP, TCP_MAXSEG, (int[]){1410}, sizeof (int)) >= 0);
+      // assert (setsockopt (http_sfd[i], IPPROTO_TCP, TCP_NODELAY, (int[]){1}, sizeof (int)) >= 0);
+      if (window_clamp) {
+        listening_connection_job_t LC = Events[http_sfd[i]].data;
+        assert (LC);
+        CONN_INFO(LC)->window_clamp = window_clamp;
+        if (setsockopt (http_sfd[i], IPPROTO_TCP, TCP_WINDOW_CLAMP, &window_clamp, 4) < 0) {
+          vkprintf (0, "error while setting window size for socket #%d to %d: %m\n", http_sfd[i], window_clamp);
+        }
       }
     }
     // create_all_outbound_connections ();
@@ -2180,6 +2189,10 @@ int f_parse_option (int val) {
     engine_set_http_fallback (&ct_http_server, &http_methods_stats);
     mtproto_front_functions.flags &= ~ENGINE_NO_PORT;
     break;
+  case 'D':
+    tcp_rpc_add_proxy_domain (optarg);
+    domain_count++;
+    break;
   case 'S':
   case 'P':
     {
@@ -2209,6 +2222,7 @@ int f_parse_option (int val) {
       }
       if (val == 'S') {
 	tcp_rpcs_set_ext_secret (secret);
+	secret_count++;
       } else {
 	memcpy (proxy_tag, secret, sizeof (proxy_tag));
 	proxy_tag_set = 1;
@@ -2228,11 +2242,12 @@ void mtfront_prepare_parse_options (void) {
   parse_option ("http-stats", no_argument, 0, 2000, "allow http server to answer on stats queries");
   parse_option ("mtproto-secret", required_argument, 0, 'S', "16-byte secret in hex mode");
   parse_option ("proxy-tag", required_argument, 0, 'P', "16-byte proxy tag in hex mode to be passed along with all forwarded queries");
+  parse_option ("domain", required_argument, 0, 'D', "adds allowed domain for TLS-transport mode, disables other transports; can be specified more than once");
   parse_option ("max-special-connections", required_argument, 0, 'C', "sets maximal number of accepted client connections per worker");
   parse_option ("window-clamp", required_argument, 0, 'W', "sets window clamp for client TCP connections");
   parse_option ("http-ports", required_argument, 0, 'H', "comma-separated list of client (HTTP) ports to listen");
   // parse_option ("outbound-connections-ps", required_argument, 0, 'o', "limits creation rate of outbound connections to mtproto-servers (default %d)", DEFAULT_OUTBOUND_CONNECTION_CREATION_RATE);
-  parse_option ("slaves", required_argument, 0, 'M', "spawn several slave workers");
+  parse_option ("slaves", required_argument, 0, 'M', "spawn several slave workers; not recommended for TLS-transport mode for better replay protection");
   parse_option ("ping-interval", required_argument, 0, 'T', "sets ping interval in second for local TCP connections (default %.3lf)", PING_INTERVAL);
   parse_option ("random-padding-only", no_argument, 0, 'R', "allow only clients with random padding option enabled");
 }
@@ -2259,12 +2274,24 @@ void mtfront_pre_init (void) {
 
   vkprintf (1, "config loaded!\n");
 
+  if (domain_count) {
+    tcp_rpc_init_proxy_domains();
+
+    if (workers) {
+      kprintf ("It is recommended to not use workers with TLS-transport");
+    }
+    if (secret_count == 0) {
+      kprintf ("You must specify at least one mtproto-secret to use when using TLS-transport");
+      exit (2);
+    }
+  }
+
   int i, enable_ipv6 = engine_check_ipv6_enabled () ? SM_IPV6 : 0;
 
   for (i = 0; i < http_ports_num; i++) {
     http_sfd[i] = server_socket (http_port[i], engine_state->settings_addr, engine_get_backlog (), enable_ipv6);
     if (http_sfd[i] < 0) {
-      fprintf (stderr, "cannot open http/tcp server socket at port %d: %m\n", http_port[i]);
+      kprintf ("cannot open http/tcp server socket at port %d: %m\n", http_port[i]);
       exit (1);
     }
   }