mirror of
https://github.com/telemt/telemt.git
synced 2026-04-18 11:04:09 +03:00
Refactor and enhance security in proxy and handshake modules
- Updated `direct_relay_security_tests.rs` to ensure sanitized paths are correctly validated against resolved paths. - Added tests for symlink handling in `unknown_dc_log_path_revalidation` to prevent symlink target escape vulnerabilities. - Modified `handshake.rs` to use a more robust hashing strategy for eviction offsets, improving the eviction logic in `auth_probe_record_failure_with_state`. - Introduced new tests in `handshake_security_tests.rs` to validate eviction logic under various conditions, ensuring low fail streak entries are prioritized for eviction. - Simplified `route_mode.rs` by removing unnecessary atomic mode tracking, streamlining the transition logic in `RouteRuntimeController`. - Enhanced `route_mode_security_tests.rs` with comprehensive tests for mode transitions and their effects on session states, ensuring consistency under concurrent modifications. - Cleaned up `emulator.rs` by removing unused ALPN extension handling, improving code clarity and maintainability.
This commit is contained in:
David Osipov
@@ -11,9 +11,8 @@ use crate::crypto::{sha256_hmac, SecureRandom};
|
||||
use crate::error::ProxyError;
|
||||
use super::constants::*;
|
||||
use std::time::{SystemTime, UNIX_EPOCH};
|
||||
use num_bigint::BigUint;
|
||||
use num_traits::One;
|
||||
use subtle::ConstantTimeEq;
|
||||
use x25519_dalek::{X25519_BASEPOINT_BYTES, x25519};
|
||||
|
||||
// ============= Public Constants =============
|
||||
|
||||
@@ -121,27 +120,6 @@ impl TlsExtensionBuilder {
|
||||
self
|
||||
}
|
||||
|
||||
/// Add ALPN extension with a single selected protocol.
|
||||
fn add_alpn(&mut self, proto: &[u8]) -> &mut Self {
|
||||
// Extension type: ALPN (0x0010)
|
||||
self.extensions.extend_from_slice(&extension_type::ALPN.to_be_bytes());
|
||||
|
||||
// ALPN extension format:
|
||||
// extension_data length (2 bytes)
|
||||
// protocols length (2 bytes)
|
||||
// protocol name length (1 byte)
|
||||
// protocol name bytes
|
||||
let proto_len = proto.len() as u8;
|
||||
let list_len: u16 = 1 + u16::from(proto_len);
|
||||
let ext_len: u16 = 2 + list_len;
|
||||
|
||||
self.extensions.extend_from_slice(&ext_len.to_be_bytes());
|
||||
self.extensions.extend_from_slice(&list_len.to_be_bytes());
|
||||
self.extensions.push(proto_len);
|
||||
self.extensions.extend_from_slice(proto);
|
||||
self
|
||||
}
|
||||
|
||||
/// Build final extensions with length prefix
|
||||
fn build(self) -> Vec<u8> {
|
||||
let mut result = Vec::with_capacity(2 + self.extensions.len());
|
||||
@@ -177,8 +155,6 @@ struct ServerHelloBuilder {
|
||||
compression: u8,
|
||||
/// Extensions
|
||||
extensions: TlsExtensionBuilder,
|
||||
/// Selected ALPN protocol (if any)
|
||||
alpn: Option<Vec<u8>>,
|
||||
}
|
||||
|
||||
impl ServerHelloBuilder {
|
||||
@@ -189,7 +165,6 @@ impl ServerHelloBuilder {
|
||||
cipher_suite: cipher_suite::TLS_AES_128_GCM_SHA256,
|
||||
compression: 0x00,
|
||||
extensions: TlsExtensionBuilder::new(),
|
||||
alpn: None,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -204,18 +179,9 @@ impl ServerHelloBuilder {
|
||||
self
|
||||
}
|
||||
|
||||
fn with_alpn(mut self, proto: Option<Vec<u8>>) -> Self {
|
||||
self.alpn = proto;
|
||||
self
|
||||
}
|
||||
|
||||
/// Build ServerHello message (without record header)
|
||||
fn build_message(&self) -> Vec<u8> {
|
||||
let mut ext_builder = self.extensions.clone();
|
||||
if let Some(ref alpn) = self.alpn {
|
||||
ext_builder.add_alpn(alpn);
|
||||
}
|
||||
let extensions = ext_builder.extensions.clone();
|
||||
let extensions = self.extensions.extensions.clone();
|
||||
let extensions_len = extensions.len() as u16;
|
||||
|
||||
// Calculate total length
|
||||
@@ -380,6 +346,9 @@ fn validate_tls_handshake_at_time_with_boot_cap(
|
||||
// Extract session ID
|
||||
let session_id_len_pos = TLS_DIGEST_POS + TLS_DIGEST_LEN;
|
||||
let session_id_len = handshake.get(session_id_len_pos).copied()? as usize;
|
||||
if session_id_len > 32 {
|
||||
return None;
|
||||
}
|
||||
let session_id_start = session_id_len_pos + 1;
|
||||
|
||||
if handshake.len() < session_id_start + session_id_len {
|
||||
@@ -444,27 +413,14 @@ fn validate_tls_handshake_at_time_with_boot_cap(
|
||||
})
|
||||
}
|
||||
|
||||
fn curve25519_prime() -> BigUint {
|
||||
(BigUint::one() << 255) - BigUint::from(19u32)
|
||||
}
|
||||
|
||||
/// Generate a fake X25519 public key for TLS
|
||||
///
|
||||
/// Produces a quadratic residue mod p = 2^255 - 19 by computing n² mod p,
|
||||
/// which matches Python/C behavior and avoids DPI fingerprinting.
|
||||
/// Uses RFC 7748 X25519 scalar multiplication over the canonical basepoint,
|
||||
/// yielding distribution-consistent public keys for anti-fingerprinting.
|
||||
pub fn gen_fake_x25519_key(rng: &SecureRandom) -> [u8; 32] {
|
||||
let mut n_bytes = [0u8; 32];
|
||||
n_bytes.copy_from_slice(&rng.bytes(32));
|
||||
|
||||
let n = BigUint::from_bytes_le(&n_bytes);
|
||||
let p = curve25519_prime();
|
||||
let pk = (&n * &n) % &p;
|
||||
|
||||
let mut out = pk.to_bytes_le();
|
||||
out.resize(32, 0);
|
||||
let mut result = [0u8; 32];
|
||||
result.copy_from_slice(&out[..32]);
|
||||
result
|
||||
let mut scalar = [0u8; 32];
|
||||
scalar.copy_from_slice(&rng.bytes(32));
|
||||
x25519(scalar, X25519_BASEPOINT_BYTES)
|
||||
}
|
||||
|
||||
/// Build TLS ServerHello response
|
||||
@@ -481,7 +437,7 @@ pub fn build_server_hello(
|
||||
session_id: &[u8],
|
||||
fake_cert_len: usize,
|
||||
rng: &SecureRandom,
|
||||
alpn: Option<Vec<u8>>,
|
||||
_alpn: Option<Vec<u8>>,
|
||||
new_session_tickets: u8,
|
||||
) -> Vec<u8> {
|
||||
const MIN_APP_DATA: usize = 64;
|
||||
@@ -493,7 +449,6 @@ pub fn build_server_hello(
|
||||
let server_hello = ServerHelloBuilder::new(session_id.to_vec())
|
||||
.with_x25519_key(&x25519_key)
|
||||
.with_tls13_version()
|
||||
.with_alpn(alpn)
|
||||
.build_record();
|
||||
|
||||
// Build Change Cipher Spec record
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
use super::*;
|
||||
use crate::crypto::sha256_hmac;
|
||||
use crate::tls_front::emulator::build_emulated_server_hello;
|
||||
use crate::tls_front::types::{CachedTlsData, ParsedServerHello, TlsBehaviorProfile, TlsProfileSource};
|
||||
use std::time::SystemTime;
|
||||
|
||||
/// Build a TLS-handshake-like buffer that contains a valid HMAC digest
|
||||
/// for the given `secret` and `timestamp`.
|
||||
@@ -369,16 +372,16 @@ fn one_byte_session_id_validates_and_is_preserved() {
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn max_session_id_len_255_with_valid_digest_is_accepted() {
|
||||
fn max_session_id_len_255_with_valid_digest_is_rejected_by_rfc_cap() {
|
||||
let secret = b"sid_len_255_test";
|
||||
let session_id = vec![0xCCu8; 255];
|
||||
let handshake = make_valid_tls_handshake_with_session_id(secret, 0, &session_id);
|
||||
let secrets = vec![("u".to_string(), secret.to_vec())];
|
||||
|
||||
let result = validate_tls_handshake(&handshake, &secrets, true)
|
||||
.expect("session_id_len=255 with valid digest must validate");
|
||||
assert_eq!(result.session_id.len(), 255);
|
||||
assert_eq!(result.session_id, session_id);
|
||||
assert!(
|
||||
validate_tls_handshake(&handshake, &secrets, true).is_none(),
|
||||
"legacy_session_id length > 32 must be rejected even with valid digest"
|
||||
);
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------
|
||||
@@ -1187,17 +1190,158 @@ fn test_gen_fake_x25519_key() {
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_fake_x25519_key_is_quadratic_residue() {
|
||||
use num_bigint::BigUint;
|
||||
use num_traits::One;
|
||||
|
||||
fn test_fake_x25519_key_is_nonzero_and_varies() {
|
||||
let rng = crate::crypto::SecureRandom::new();
|
||||
let key = gen_fake_x25519_key(&rng);
|
||||
let p = curve25519_prime();
|
||||
let k_num = BigUint::from_bytes_le(&key);
|
||||
let exponent = (&p - BigUint::one()) >> 1;
|
||||
let legendre = k_num.modpow(&exponent, &p);
|
||||
assert_eq!(legendre, BigUint::one());
|
||||
let mut unique = std::collections::HashSet::new();
|
||||
let mut saw_non_zero = false;
|
||||
|
||||
for _ in 0..64 {
|
||||
let key = gen_fake_x25519_key(&rng);
|
||||
if key != [0u8; 32] {
|
||||
saw_non_zero = true;
|
||||
}
|
||||
unique.insert(key);
|
||||
}
|
||||
|
||||
assert!(
|
||||
saw_non_zero,
|
||||
"generated X25519 public keys must not collapse to all-zero output"
|
||||
);
|
||||
assert!(
|
||||
unique.len() > 1,
|
||||
"generated X25519 public keys must vary across invocations"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn validate_tls_handshake_rejects_session_id_longer_than_rfc_cap() {
|
||||
let secret = b"session_id_cap_secret";
|
||||
let oversized_sid = vec![0x42u8; 33];
|
||||
let handshake = make_valid_tls_handshake_with_session_id(secret, 0, &oversized_sid);
|
||||
let secrets = vec![("u".to_string(), secret.to_vec())];
|
||||
|
||||
assert!(
|
||||
validate_tls_handshake(&handshake, &secrets, true).is_none(),
|
||||
"legacy_session_id length > 32 must be rejected"
|
||||
);
|
||||
}
|
||||
|
||||
fn server_hello_extension_types(record: &[u8]) -> Vec<u16> {
|
||||
if record.len() < 9 || record[0] != TLS_RECORD_HANDSHAKE || record[5] != 0x02 {
|
||||
return Vec::new();
|
||||
}
|
||||
|
||||
let record_len = u16::from_be_bytes([record[3], record[4]]) as usize;
|
||||
if record.len() < 5 + record_len {
|
||||
return Vec::new();
|
||||
}
|
||||
|
||||
let hs_len = u32::from_be_bytes([0, record[6], record[7], record[8]]) as usize;
|
||||
let hs_start = 5;
|
||||
let hs_end = hs_start + 4 + hs_len;
|
||||
if hs_end > record.len() {
|
||||
return Vec::new();
|
||||
}
|
||||
|
||||
let mut pos = hs_start + 4 + 2 + 32;
|
||||
if pos >= hs_end {
|
||||
return Vec::new();
|
||||
}
|
||||
let sid_len = record[pos] as usize;
|
||||
pos += 1 + sid_len;
|
||||
if pos + 2 + 1 + 2 > hs_end {
|
||||
return Vec::new();
|
||||
}
|
||||
|
||||
pos += 2 + 1;
|
||||
let ext_len = u16::from_be_bytes([record[pos], record[pos + 1]]) as usize;
|
||||
pos += 2;
|
||||
let ext_end = pos + ext_len;
|
||||
if ext_end > hs_end {
|
||||
return Vec::new();
|
||||
}
|
||||
|
||||
let mut out = Vec::new();
|
||||
while pos + 4 <= ext_end {
|
||||
let etype = u16::from_be_bytes([record[pos], record[pos + 1]]);
|
||||
let elen = u16::from_be_bytes([record[pos + 2], record[pos + 3]]) as usize;
|
||||
pos += 4;
|
||||
if pos + elen > ext_end {
|
||||
break;
|
||||
}
|
||||
out.push(etype);
|
||||
pos += elen;
|
||||
}
|
||||
out
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn build_server_hello_never_places_alpn_in_server_hello_extensions() {
|
||||
let secret = b"alpn_sh_forbidden";
|
||||
let client_digest = [0x11u8; 32];
|
||||
let session_id = vec![0xAA; 32];
|
||||
let rng = crate::crypto::SecureRandom::new();
|
||||
|
||||
let response = build_server_hello(
|
||||
secret,
|
||||
&client_digest,
|
||||
&session_id,
|
||||
1024,
|
||||
&rng,
|
||||
Some(b"h2".to_vec()),
|
||||
0,
|
||||
);
|
||||
let exts = server_hello_extension_types(&response);
|
||||
assert!(
|
||||
!exts.contains(&0x0010),
|
||||
"ALPN extension must not appear in ServerHello"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn emulated_server_hello_never_places_alpn_in_server_hello_extensions() {
|
||||
let secret = b"alpn_emulated_forbidden";
|
||||
let client_digest = [0x22u8; 32];
|
||||
let session_id = vec![0xAB; 32];
|
||||
let rng = crate::crypto::SecureRandom::new();
|
||||
let cached = CachedTlsData {
|
||||
server_hello_template: ParsedServerHello {
|
||||
version: TLS_VERSION,
|
||||
random: [0u8; 32],
|
||||
session_id: Vec::new(),
|
||||
cipher_suite: [0x13, 0x01],
|
||||
compression: 0,
|
||||
extensions: Vec::new(),
|
||||
},
|
||||
cert_info: None,
|
||||
cert_payload: None,
|
||||
app_data_records_sizes: vec![1024],
|
||||
total_app_data_len: 1024,
|
||||
behavior_profile: TlsBehaviorProfile {
|
||||
change_cipher_spec_count: 1,
|
||||
app_data_record_sizes: vec![1024],
|
||||
ticket_record_sizes: Vec::new(),
|
||||
source: TlsProfileSource::Default,
|
||||
},
|
||||
fetched_at: SystemTime::now(),
|
||||
domain: "example.com".to_string(),
|
||||
};
|
||||
|
||||
let response = build_emulated_server_hello(
|
||||
secret,
|
||||
&client_digest,
|
||||
&session_id,
|
||||
&cached,
|
||||
false,
|
||||
&rng,
|
||||
Some(b"h2".to_vec()),
|
||||
0,
|
||||
);
|
||||
let exts = server_hello_extension_types(&response);
|
||||
assert!(
|
||||
!exts.contains(&0x0010),
|
||||
"ALPN extension must not appear in emulated ServerHello"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
||||
Reference in New Issue
Block a user