From 425acc5f8b220cf2912f25f4b0b73075dcb93bb1 Mon Sep 17 00:00:00 2001 From: albexk Date: Mon, 23 Sep 2024 17:53:56 +0300 Subject: [PATCH] Add support for obfuscated WG on Android --- client/android/awg/src/main/kotlin/Awg.kt | 17 +-- .../android/awg/src/main/kotlin/AwgConfig.kt | 108 ------------------ .../vpn/protocol/wireguard/Wireguard.kt | 17 +++ .../vpn/protocol/wireguard/WireguardConfig.kt | 73 +++++++++++- 4 files changed, 93 insertions(+), 122 deletions(-) delete mode 100644 client/android/awg/src/main/kotlin/AwgConfig.kt diff --git a/client/android/awg/src/main/kotlin/Awg.kt b/client/android/awg/src/main/kotlin/Awg.kt index fbd1cce0..c147ae03 100644 --- a/client/android/awg/src/main/kotlin/Awg.kt +++ b/client/android/awg/src/main/kotlin/Awg.kt @@ -1,28 +1,21 @@ package org.amnezia.vpn.protocol.awg import org.amnezia.vpn.protocol.wireguard.Wireguard -import org.amnezia.vpn.util.optStringOrNull +import org.amnezia.vpn.protocol.wireguard.WireguardConfig import org.json.JSONObject class Awg : Wireguard() { override val ifName: String = "awg0" - override fun parseConfig(config: JSONObject): AwgConfig { + override fun parseConfig(config: JSONObject): WireguardConfig { val configData = config.getJSONObject("awg_config_data") - return AwgConfig.build { + return WireguardConfig.build { + setUseProtocolExtension(true) + configExtensionParameters(configData) configWireguard(config, configData) configSplitTunneling(config) configAppSplitTunneling(config) - configData.optStringOrNull("Jc")?.let { setJc(it.toInt()) } - configData.optStringOrNull("Jmin")?.let { setJmin(it.toInt()) } - configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) } - configData.optStringOrNull("S1")?.let { setS1(it.toInt()) } - configData.optStringOrNull("S2")?.let { setS2(it.toInt()) } - configData.optStringOrNull("H1")?.let { setH1(it.toLong()) } - configData.optStringOrNull("H2")?.let { setH2(it.toLong()) } - configData.optStringOrNull("H3")?.let { setH3(it.toLong()) } - configData.optStringOrNull("H4")?.let { setH4(it.toLong()) } } } } diff --git a/client/android/awg/src/main/kotlin/AwgConfig.kt b/client/android/awg/src/main/kotlin/AwgConfig.kt deleted file mode 100644 index 014c6e0a..00000000 --- a/client/android/awg/src/main/kotlin/AwgConfig.kt +++ /dev/null @@ -1,108 +0,0 @@ -package org.amnezia.vpn.protocol.awg - -import org.amnezia.vpn.protocol.BadConfigException -import org.amnezia.vpn.protocol.wireguard.WireguardConfig - -class AwgConfig private constructor( - wireguardConfigBuilder: WireguardConfig.Builder, - val jc: Int, - val jmin: Int, - val jmax: Int, - val s1: Int, - val s2: Int, - val h1: Long, - val h2: Long, - val h3: Long, - val h4: Long -) : WireguardConfig(wireguardConfigBuilder) { - - private constructor(builder: Builder) : this( - builder, - builder.jc, - builder.jmin, - builder.jmax, - builder.s1, - builder.s2, - builder.h1, - builder.h2, - builder.h3, - builder.h4 - ) - - override fun appendDeviceLine(sb: StringBuilder) = with(sb) { - super.appendDeviceLine(this) - appendLine("jc=$jc") - appendLine("jmin=$jmin") - appendLine("jmax=$jmax") - appendLine("s1=$s1") - appendLine("s2=$s2") - appendLine("h1=$h1") - appendLine("h2=$h2") - appendLine("h3=$h3") - appendLine("h4=$h4") - } - - class Builder : WireguardConfig.Builder() { - - private var _jc: Int? = null - internal var jc: Int - get() = _jc ?: throw BadConfigException("AWG: parameter jc is undefined") - private set(value) { _jc = value } - - private var _jmin: Int? = null - internal var jmin: Int - get() = _jmin ?: throw BadConfigException("AWG: parameter jmin is undefined") - private set(value) { _jmin = value } - - private var _jmax: Int? = null - internal var jmax: Int - get() = _jmax ?: throw BadConfigException("AWG: parameter jmax is undefined") - private set(value) { _jmax = value } - - private var _s1: Int? = null - internal var s1: Int - get() = _s1 ?: throw BadConfigException("AWG: parameter s1 is undefined") - private set(value) { _s1 = value } - - private var _s2: Int? = null - internal var s2: Int - get() = _s2 ?: throw BadConfigException("AWG: parameter s2 is undefined") - private set(value) { _s2 = value } - - private var _h1: Long? = null - internal var h1: Long - get() = _h1 ?: throw BadConfigException("AWG: parameter h1 is undefined") - private set(value) { _h1 = value } - - private var _h2: Long? = null - internal var h2: Long - get() = _h2 ?: throw BadConfigException("AWG: parameter h2 is undefined") - private set(value) { _h2 = value } - - private var _h3: Long? = null - internal var h3: Long - get() = _h3 ?: throw BadConfigException("AWG: parameter h3 is undefined") - private set(value) { _h3 = value } - - private var _h4: Long? = null - internal var h4: Long - get() = _h4 ?: throw BadConfigException("AWG: parameter h4 is undefined") - private set(value) { _h4 = value } - - fun setJc(jc: Int) = apply { this.jc = jc } - fun setJmin(jmin: Int) = apply { this.jmin = jmin } - fun setJmax(jmax: Int) = apply { this.jmax = jmax } - fun setS1(s1: Int) = apply { this.s1 = s1 } - fun setS2(s2: Int) = apply { this.s2 = s2 } - fun setH1(h1: Long) = apply { this.h1 = h1 } - fun setH2(h2: Long) = apply { this.h2 = h2 } - fun setH3(h3: Long) = apply { this.h3 = h3 } - fun setH4(h4: Long) = apply { this.h4 = h4 } - - override fun build(): AwgConfig = configBuild().run { AwgConfig(this@Builder) } - } - - companion object { - inline fun build(block: Builder.() -> Unit): AwgConfig = Builder().apply(block).build() - } -} diff --git a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt index 31e7f9be..ac11374b 100644 --- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt +++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt @@ -129,12 +129,29 @@ open class Wireguard : Protocol() { val port = configData.getInt("port") setEndpoint(InetEndpoint(host, port)) + if (configData.optBoolean("isObfuscationEnabled")) { + setUseProtocolExtension(true) + configExtensionParameters(configData) + } + configData.optStringOrNull("persistent_keep_alive")?.let { setPersistentKeepalive(it.toInt()) } configData.getString("client_priv_key").let { setPrivateKeyHex(it.base64ToHex()) } configData.getString("server_pub_key").let { setPublicKeyHex(it.base64ToHex()) } configData.optStringOrNull("psk_key")?.let { setPreSharedKeyHex(it.base64ToHex()) } } + protected fun WireguardConfig.Builder.configExtensionParameters(configData: JSONObject) { + configData.optStringOrNull("Jc")?.let { setJc(it.toInt()) } + configData.optStringOrNull("Jmin")?.let { setJmin(it.toInt()) } + configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) } + configData.optStringOrNull("S1")?.let { setS1(it.toInt()) } + configData.optStringOrNull("S2")?.let { setS2(it.toInt()) } + configData.optStringOrNull("H1")?.let { setH1(it.toLong()) } + configData.optStringOrNull("H2")?.let { setH2(it.toLong()) } + configData.optStringOrNull("H3")?.let { setH3(it.toLong()) } + configData.optStringOrNull("H4")?.let { setH4(it.toLong()) } + } + private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) { if (tunnelHandle != -1) { Log.w(TAG, "Tunnel already up") diff --git a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt index 09269f54..7ae3d43b 100644 --- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt +++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt @@ -1,6 +1,7 @@ package org.amnezia.vpn.protocol.wireguard import android.util.Base64 +import org.amnezia.vpn.protocol.BadConfigException import org.amnezia.vpn.protocol.ProtocolConfig import org.amnezia.vpn.util.net.InetEndpoint @@ -12,7 +13,17 @@ open class WireguardConfig protected constructor( val persistentKeepalive: Int, val publicKeyHex: String, val preSharedKeyHex: String?, - val privateKeyHex: String + val privateKeyHex: String, + val useProtocolExtension: Boolean, + val jc: Int?, + val jmin: Int?, + val jmax: Int?, + val s1: Int?, + val s2: Int?, + val h1: Long?, + val h2: Long?, + val h3: Long?, + val h4: Long? ) : ProtocolConfig(protocolConfigBuilder) { protected constructor(builder: Builder) : this( @@ -21,7 +32,17 @@ open class WireguardConfig protected constructor( builder.persistentKeepalive, builder.publicKeyHex, builder.preSharedKeyHex, - builder.privateKeyHex + builder.privateKeyHex, + builder.useProtocolExtension, + builder.jc, + builder.jmin, + builder.jmax, + builder.s1, + builder.s2, + builder.h1, + builder.h2, + builder.h3, + builder.h4 ) fun toWgUserspaceString(): String = with(StringBuilder()) { @@ -33,6 +54,30 @@ open class WireguardConfig protected constructor( open fun appendDeviceLine(sb: StringBuilder) = with(sb) { appendLine("private_key=$privateKeyHex") + if (useProtocolExtension) { + validateProtocolExtensionParameters() + appendLine("jc=$jc") + appendLine("jmin=$jmin") + appendLine("jmax=$jmax") + appendLine("s1=$s1") + appendLine("s2=$s2") + appendLine("h1=$h1") + appendLine("h2=$h2") + appendLine("h3=$h3") + appendLine("h4=$h4") + } + } + + private fun validateProtocolExtensionParameters() { + if (jc == null) throw BadConfigException("Parameter jc is undefined") + if (jmin == null) throw BadConfigException("Parameter jmin is undefined") + if (jmax == null) throw BadConfigException("Parameter jmax is undefined") + if (s1 == null) throw BadConfigException("Parameter s1 is undefined") + if (s2 == null) throw BadConfigException("Parameter s2 is undefined") + if (h1 == null) throw BadConfigException("Parameter h1 is undefined") + if (h2 == null) throw BadConfigException("Parameter h2 is undefined") + if (h3 == null) throw BadConfigException("Parameter h3 is undefined") + if (h4 == null) throw BadConfigException("Parameter h4 is undefined") } open fun appendPeerLine(sb: StringBuilder) = with(sb) { @@ -65,6 +110,18 @@ open class WireguardConfig protected constructor( override var mtu: Int = WIREGUARD_DEFAULT_MTU + internal var useProtocolExtension: Boolean = false + + internal var jc: Int? = null + internal var jmin: Int? = null + internal var jmax: Int? = null + internal var s1: Int? = null + internal var s2: Int? = null + internal var h1: Long? = null + internal var h2: Long? = null + internal var h3: Long? = null + internal var h4: Long? = null + fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint } fun setPersistentKeepalive(persistentKeepalive: Int) = apply { this.persistentKeepalive = persistentKeepalive } @@ -75,6 +132,18 @@ open class WireguardConfig protected constructor( fun setPrivateKeyHex(privateKeyHex: String) = apply { this.privateKeyHex = privateKeyHex } + fun setUseProtocolExtension(useProtocolExtension: Boolean) = apply { this.useProtocolExtension = useProtocolExtension } + + fun setJc(jc: Int) = apply { this.jc = jc } + fun setJmin(jmin: Int) = apply { this.jmin = jmin } + fun setJmax(jmax: Int) = apply { this.jmax = jmax } + fun setS1(s1: Int) = apply { this.s1 = s1 } + fun setS2(s2: Int) = apply { this.s2 = s2 } + fun setH1(h1: Long) = apply { this.h1 = h1 } + fun setH2(h2: Long) = apply { this.h2 = h2 } + fun setH3(h3: Long) = apply { this.h3 = h3 } + fun setH4(h4: Long) = apply { this.h4 = h4 } + override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) } }