Mimic DTLS 1.3 features (#10)

* Add key_share extension and mimicry of any extension

* Refactor

Author: theodorsm

README.md

@@ -19,6 +19,7 @@ This library was developed as part of a Master thesis: "*[Reducing distinguishab
 ## Features
 
 - Mimicking/replaying *ClientHello*
+  - key_share with fake keys (DTLS 1.3)
 - Randomization of *ClientHello* 
   - cipher suites: shuffle and random size
   - extensions: shuffle

pkg/mimicry/errors.go

@@ -0,0 +1,22 @@
+package mimicry
+
+import (
+	"errors"
+
+	"github.com/pion/dtls/v3/pkg/protocol"
+)
+
+// Typed errors.
+var (
+	errCookieTooLong = &protocol.FatalError{
+		Err: errors.New("cookie must not be longer then 255 bytes"), //nolint:err113
+	}
+	errBufferTooSmall = &protocol.TemporaryError{
+		Err: errors.New("buffer is too small"), //nolint:err113
+	}
+	errLengthMismatch = &protocol.InternalError{
+		Err: errors.New("data length and declared length do not match"), //nolint:err113
+	}
+	errNoFingerprints  = errors.New("no fingerprints available")
+	errHexstringDecode = errors.New("mimicry: failed to decode mimicry hexstring")
+)

pkg/mimicry/extension.go

@@ -0,0 +1,78 @@
+package mimicry
+
+import (
+	"encoding/binary"
+	"github.com/pion/dtls/v3/pkg/protocol/extension"
+	"github.com/theodorsm/covert-dtls/pkg/utils"
+)
+
+// Unmarshal many extensions at once.
+func MimicExtensionsUnmarshal(buf []byte) ([]extension.Extension, error) {
+	switch {
+	case len(buf) == 0:
+		return []extension.Extension{}, nil
+	case len(buf) < 2:
+		return nil, errBufferTooSmall
+	}
+
+	declaredLen := binary.BigEndian.Uint16(buf)
+	if len(buf)-2 != int(declaredLen) {
+		return nil, errLengthMismatch
+	}
+
+	extensions := []extension.Extension{}
+	unmarshalAndAppend := func(data []byte, e extension.Extension) error {
+		err := e.Unmarshal(data)
+		if err != nil {
+			return err
+		}
+		extensions = append(extensions, e)
+
+		return nil
+	}
+
+	for offset := 2; offset < len(buf); {
+		if len(buf) < (offset + 2) {
+			return nil, errBufferTooSmall
+		}
+		var err error
+		switch extension.TypeValue(binary.BigEndian.Uint16(buf[offset:])) {
+		case extension.ServerNameTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.ServerName{})
+		case extension.SupportedEllipticCurvesTypeValue:
+			// Mimic
+			err = unmarshalAndAppend(buf[offset:], &utils.FakeExt{})
+		case extension.SupportedPointFormatsTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.SupportedPointFormats{})
+		case extension.SupportedSignatureAlgorithmsTypeValue:
+			// Mimic
+			err = unmarshalAndAppend(buf[offset:], &utils.FakeExt{})
+		case extension.UseSRTPTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.UseSRTP{})
+		case extension.ALPNTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.ALPN{})
+		case extension.UseExtendedMasterSecretTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.UseExtendedMasterSecret{})
+		case extension.RenegotiationInfoTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.RenegotiationInfo{})
+		case extension.ConnectionIDTypeValue:
+			err = unmarshalAndAppend(buf[offset:], &extension.ConnectionID{})
+		case utils.KeyShareTypeValue:
+			// Unmarshal mimicked KeyShare
+			err = unmarshalAndAppend(buf[offset:], &utils.KeyShare{})
+		default:
+			// Unmarshal any mimicked unimplemented extension
+			err = unmarshalAndAppend(buf[offset:], &utils.FakeExt{})
+		}
+		if err != nil {
+			return nil, err
+		}
+		if len(buf) < (offset + 4) {
+			return nil, errBufferTooSmall
+		}
+		extensionLength := binary.BigEndian.Uint16(buf[offset+2:])
+		offset += (4 + int(extensionLength))
+	}
+
+	return extensions, nil
+}

pkg/mimicry/mimic_client_hello.go

@@ -1,27 +1,29 @@
 package mimicry
 
 import (
+	"encoding/binary"
 	"encoding/hex"
-	"errors"
 
+	"github.com/pion/dtls/v3/pkg/protocol"
 	"github.com/pion/dtls/v3/pkg/protocol/extension"
 	"github.com/pion/dtls/v3/pkg/protocol/handshake"
 	"github.com/theodorsm/covert-dtls/pkg/fingerprints"
 	"github.com/theodorsm/covert-dtls/pkg/utils"
 )
 
-var (
-	errBufferTooSmall  = errors.New("buffer is too small")
-	errNoFingerprints  = errors.New("no fingerprints available")
-	errHexstringDecode = errors.New("mimicry: failed to decode mimicry hexstring")
-)
+const handshakeMessageClientHelloVariableWidthStart = 34
 
 // MimickedClientHello is to be used as a way to replay DTLS client hello messages. To be used with the Pion dtls library.
 type MimickedClientHello struct {
 	clientHelloFingerprint fingerprints.ClientHelloFingerprint
+	Version                protocol.Version
 	Random                 handshake.Random
-	SessionID              []byte
 	Cookie                 []byte
+
+	SessionID []byte
+
+	CipherSuiteIDs         []uint16
+	CompressionMethods     []*protocol.CompressionMethod
 	Extensions             []extension.Extension
 	SRTPProtectionProfiles []extension.SRTPProtectionProfile
 }
@@ -42,31 +44,12 @@ func (m MimickedClientHello) Type() handshake.Type {
 // Parses hexstring fingerprint and sets Extensions and SRTPProtectionProfiles
 func (m *MimickedClientHello) LoadFingerprint(fingerprint fingerprints.ClientHelloFingerprint) error {
 	m.clientHelloFingerprint = fingerprint
-	clientHello := handshake.MessageClientHello{}
 	data, err := hex.DecodeString(string(m.clientHelloFingerprint))
 	if err != nil {
 		return errHexstringDecode
 	}
-	err = clientHello.Unmarshal(data)
-	if err != nil {
-		return err
-	}
-	m.Extensions = clientHello.Extensions
-	for _, ext := range m.Extensions {
-		if ext.TypeValue() == extension.UseSRTPTypeValue {
-			srtp := extension.UseSRTP{}
-			buf, err := ext.Marshal()
-			if err != nil {
-				return err
-			}
-			err = srtp.Unmarshal(buf)
-			if err != nil {
-				return err
-			}
-			m.SRTPProtectionProfiles = srtp.ProtectionProfiles
-		}
-	}
-	return nil
+	err = m.Unmarshal(data)
+	return err
 }
 
 // Loads a random fingerprint to mimic
@@ -79,7 +62,7 @@ func (m *MimickedClientHello) LoadRandomFingerprint() error {
 
 // Marshal encodes the Handshake
 func (m *MimickedClientHello) Marshal() ([]byte, error) {
-	var out []byte
+	out := make([]byte, handshakeMessageClientHelloVariableWidthStart)
 
 	fingerprint := m.clientHelloFingerprint
 
@@ -94,55 +77,110 @@ func (m *MimickedClientHello) Marshal() ([]byte, error) {
 
 	data, err := hex.DecodeString(string(fingerprint))
 	if err != nil {
-		err = errHexstringDecode
+		return out, errHexstringDecode
 	}
 
 	if len(data) <= 2 {
 		return out, errBufferTooSmall
 	}
 
-	// Major and minor version
-	currOffset := 2
-	out = append(out, data[:currOffset]...)
+	if len(m.Cookie) > 255 {
+		return nil, errCookieTooLong
+	}
+
+	out[0] = m.Version.Major
+	out[1] = m.Version.Minor
+
+	rand := m.Random.MarshalFixed()
+	copy(out[2:], rand[:])
+
+	out = append(out, byte(len(m.SessionID)))
+	out = append(out, m.SessionID...)
+
+	out = append(out, byte(len(m.Cookie)))
+	out = append(out, m.Cookie...)
+	out = append(out, utils.EncodeCipherSuiteIDs(m.CipherSuiteIDs)...)
+	out = append(out, protocol.EncodeCompressionMethods(m.CompressionMethods)...)
+
+	extensions, err := utils.ExtensionMarshal(m.Extensions)
+	if err != nil {
+		return nil, err
+	}
+
+	return append(out, extensions...), nil
+}
+
+// Unmarshal populates the message from encoded data
+func (m *MimickedClientHello) Unmarshal(data []byte) error {
+	if len(data) < 2+handshake.RandomLength {
+		return errBufferTooSmall
+	}
+
+	m.Version.Major = data[0]
+	m.Version.Minor = data[1]
 
-	rb := m.Random.MarshalFixed()
-	out = append(out, rb[:]...)
+	var random [handshake.RandomLength]byte
+	copy(random[:], data[2:])
+	m.Random.UnmarshalFixed(random)
 
-	// Skip past random
-	currOffset += 32
+	// rest of packet has variable width sections
+	currOffset := handshakeMessageClientHelloVariableWidthStart
 
 	currOffset++
 	if len(data) <= currOffset {
-		return out, errBufferTooSmall
+		return errBufferTooSmall
 	}
 	n := int(data[currOffset-1])
 	if len(data) <= currOffset+n {
-		return out, errBufferTooSmall
+		return errBufferTooSmall
 	}
-	mimickedSessionID := append([]byte{}, data[currOffset:currOffset+n]...)
-	currOffset += len(mimickedSessionID)
+	m.SessionID = append([]byte{}, data[currOffset:currOffset+n]...)
+	currOffset += len(m.SessionID)
 
 	currOffset++
 	if len(data) <= currOffset {
-		return out, errBufferTooSmall
+		return errBufferTooSmall
 	}
 	n = int(data[currOffset-1])
 	if len(data) <= currOffset+n {
-		return out, errBufferTooSmall
+		return errBufferTooSmall
 	}
-	mimickedCookie := append([]byte{}, data[currOffset:currOffset+n]...)
-	currOffset += len(mimickedCookie)
+	m.Cookie = append([]byte{}, data[currOffset:currOffset+n]...)
+	currOffset += len(m.Cookie)
 
-	out = append(out, byte(len(m.SessionID)))
-	out = append(out, m.SessionID...)
-
-	out = append(out, byte(len(m.Cookie)))
-	out = append(out, m.Cookie...)
+	// Cipher Suites
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	cipherSuiteIDs, err := utils.DecodeCipherSuiteIDs(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	m.CipherSuiteIDs = cipherSuiteIDs
+	if len(data) < currOffset+2 {
+		return errBufferTooSmall
+	}
+	currOffset += int(binary.BigEndian.Uint16(data[currOffset:])) + 2
 
-	out = append(out, data[currOffset:]...)
+	// Compression Methods
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	compressionMethods, err := protocol.DecodeCompressionMethods(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	m.CompressionMethods = compressionMethods
+	if len(data) < currOffset {
+		return errBufferTooSmall
+	}
+	currOffset += int(data[currOffset]) + 1
 
-	return out, err
+	// Extensions
+	extensions, err := MimicExtensionsUnmarshal(data[currOffset:])
+	if err != nil {
+		return err
+	}
+	m.Extensions = extensions
+	return nil
 }
-
-// Unmarshal populates the message from encoded data
-func (m *MimickedClientHello) Unmarshal(data []byte) error { return nil }

pkg/mimicry/mimic_test.go

@@ -0,0 +1,46 @@
+package mimicry
+
+import (
+	"fmt"
+	"github.com/theodorsm/covert-dtls/pkg/utils"
+	"testing"
+)
+
+func TestUnmarshalKeyShare(t *testing.T) {
+	keyShareBytes := []byte{0x0, 0x33, 0x0, 0x6b, 0x0, 0x69, 0x0, 0x1d, 0x0, 0x20, 0x52, 0x61, 0xca, 0x3a, 0xa4, 0xa3, 0x2f, 0xac, 0xf3, 0xf7, 0x1e, 0xdb, 0x5e, 0xbb, 0x7f, 0xdf, 0xa8, 0x8d, 0x4, 0x31, 0x9e, 0x56, 0xe3, 0x81, 0x86, 0x32, 0x3c, 0x24, 0xe8, 0x44, 0x5e, 0xe, 0x0, 0x17, 0x0, 0x41, 0x4, 0x7b, 0xdd, 0xd9, 0xaa, 0xb2, 0xd6, 0x56, 0xb8, 0x23, 0x1e, 0xb0, 0xe3, 0x2c, 0xc7, 0xf2, 0x6a, 0xcd, 0xe0, 0x55, 0xb3, 0x3f, 0x11, 0xa2, 0x22, 0x5e, 0x93, 0xb7, 0x92, 0xbd, 0x15, 0x98, 0xae, 0x5c, 0x8a, 0xcd, 0xd2, 0x57, 0x4e, 0x50, 0x3a, 0x3f, 0x4f, 0x25, 0x82, 0x2b, 0x63, 0x25, 0xe2, 0xe0, 0xb9, 0x17, 0x27, 0x3f, 0x97, 0x77, 0x27, 0x8, 0x77, 0xe5, 0xe3, 0xb8, 0xc7, 0x73, 0x98}
+	keyshare := utils.KeyShare{}
+	err := keyshare.Unmarshal(keyShareBytes)
+	if err != nil {
+		t.Errorf("Unmarshal failed: %v\n", err)
+	}
+	fmt.Printf("%+v\n", keyshare)
+	if len(keyshare.KeyShareEntries) != 2 {
+		t.Errorf("Unmarshal failed: length %v\n", len(keyshare.KeyShareEntries))
+	}
+	entry0 := keyshare.KeyShareEntries[0]
+	expGroup := uint16(29)
+	expKeyLength := uint16(32)
+	if entry0.Group != expGroup || entry0.KeyLength != expKeyLength {
+		t.Errorf("Unmarshal failed, entry #0: %v. Expected Group: %v, KeyLength: %v", entry0, expGroup, expKeyLength)
+	}
+	entry1 := keyshare.KeyShareEntries[1]
+	expGroup = uint16(23)
+	expKeyLength = uint16(65)
+	if entry1.Group != expGroup || entry1.KeyLength != expKeyLength {
+		t.Errorf("Unmarshal failed, entry #1: %v. Expected Group: %v, KeyLength: %v", entry1, expGroup, expKeyLength)
+	}
+}
+
+func TestUnmarshalFakeExt(t *testing.T) {
+	extBytes := []byte{0x0, 0xf6, 0x0, 0x17, 0x0, 0x0, 0xff, 0x1, 0x0, 0x1, 0x0, 0x0, 0xa, 0x0, 0xc, 0x0, 0xa, 0x0, 0x1d, 0x0, 0x17, 0x0, 0x18, 0x1, 0x0, 0x1, 0x1, 0x0, 0xb, 0x0, 0x2, 0x1, 0x0, 0x0, 0x10, 0x0, 0x12, 0x0, 0x10, 0x6, 0x77, 0x65, 0x62, 0x72, 0x74, 0x63, 0x8, 0x63, 0x2d, 0x77, 0x65, 0x62, 0x72, 0x74, 0x63, 0x0, 0x22, 0x0, 0xa, 0x0, 0x8, 0x4, 0x3, 0x5, 0x3, 0x6, 0x3, 0x2, 0x3, 0x0, 0x33, 0x0, 0x6b, 0x0, 0x69, 0x0, 0x1d, 0x0, 0x20, 0x52, 0x61, 0xca, 0x3a, 0xa4, 0xa3, 0x2f, 0xac, 0xf3, 0xf7, 0x1e, 0xdb, 0x5e, 0xbb, 0x7f, 0xdf, 0xa8, 0x8d, 0x4, 0x31, 0x9e, 0x56, 0xe3, 0x81, 0x86, 0x32, 0x3c, 0x24, 0xe8, 0x44, 0x5e, 0xe, 0x0, 0x17, 0x0, 0x41, 0x4, 0x7b, 0xdd, 0xd9, 0xaa, 0xb2, 0xd6, 0x56, 0xb8, 0x23, 0x1e, 0xb0, 0xe3, 0x2c, 0xc7, 0xf2, 0x6a, 0xcd, 0xe0, 0x55, 0xb3, 0x3f, 0x11, 0xa2, 0x22, 0x5e, 0x93, 0xb7, 0x92, 0xbd, 0x15, 0x98, 0xae, 0x5c, 0x8a, 0xcd, 0xd2, 0x57, 0x4e, 0x50, 0x3a, 0x3f, 0x4f, 0x25, 0x82, 0x2b, 0x63, 0x25, 0xe2, 0xe0, 0xb9, 0x17, 0x27, 0x3f, 0x97, 0x77, 0x27, 0x8, 0x77, 0xe5, 0xe3, 0xb8, 0xc7, 0x73, 0x98, 0x0, 0x2b, 0x0, 0x7, 0x6, 0xfe, 0xfc, 0xfe, 0xfd, 0x3, 0x3, 0x0, 0xd, 0x0, 0x20, 0x0, 0x1e, 0x4, 0x3, 0x5, 0x3, 0x6, 0x3, 0x2, 0x3, 0x8, 0x4, 0x8, 0x5, 0x8, 0x6, 0x4, 0x1, 0x5, 0x1, 0x6, 0x1, 0x2, 0x1, 0x4, 0x2, 0x5, 0x2, 0x6, 0x2, 0x2, 0x2, 0x0, 0x1c, 0x0, 0x2, 0x40, 0x1, 0x0, 0xe, 0x0, 0xb, 0x0, 0x8, 0x0, 0x7, 0x0, 0x8, 0x0, 0x1, 0x0, 0x2, 0x0}
+	exts, err := MimicExtensionsUnmarshal(extBytes)
+	if err != nil {
+		t.Errorf("Unmarshal failed: %v\n", err)
+	}
+	fmt.Printf("Extensions: %+v\n", exts)
+	out, err := utils.ExtensionMarshal(exts)
+	if err != nil {
+		t.Errorf("Marshal failed: %v\n", err)
+	}
+	fmt.Printf("length: %v, out: %#v\n", len(out), out)
+}