Use bidirectional registration API to connect

The first steps towards using Conjure's bidirectional registration API to get phantom IP addresses to connect to.

Use bidirectional registration API to connect
The first steps towards using Conjure's bidirectional registration API to get phantom IP addresses to connect to.
65ad508a · Cecylia Bocovich · 51da40cb · 65ad508a · 65ad508a · 65ad508a
Verified Commit 65ad508a authored Jun 02, 2022 by Cecylia Bocovich
--- a/README.md
+++ b/README.md
 # conjure

-Conjure is a refraction networking system that routes traffic to endpoints in an ISP's unused IP address space. This repository is for developing a Conjure pluggable transport for Tor. See https://jhalderm.com/pub/papers/conjure-ccs19.pdf
\ No newline at end of file
+Conjure is a refraction networking system that routes traffic to endpoints in an ISP's unused IP address space. This repository is for developing a Conjure pluggable transport for Tor. See https://jhalderm.com/pub/papers/conjure-ccs19.pdf
+
+# Running the client
+
+```
+tor -f torrc
+```
--- a/conjure.go
+++ b/conjure.go
@@ -12,22 +12,27 @@ import (
 	"path/filepath"
 	"syscall"

+	"github.com/refraction-networking/gotapdance/tapdance"
+
 	pt "git.torproject.org/pluggable-transports/goptlib.git"
 	"git.torproject.org/pluggable-transports/snowflake.git/common/safelog"
 )

 type ConjureConfig struct {
-	assetDir string
+	assetDir    string
+	registerURL string //URL of the conjure bidirectional registration API endpoint
+	front       string
 }

 // Get SOCKS arguments and populate config
 func getSOCKSArgs(conn net.Conn, config *ConjureConfig) {
+	return

 }

 // handle the SOCKS conn
-func handler(conn net.Conn, config *ConjureConfig) {
-
+func handler(conn net.Conn, config *ConjureConfig) error {
+	return handle(conn, config)
 }

 //TODO: pass in shutdown channel?
@@ -45,7 +50,12 @@ func acceptLoop(ln *pt.SocksListener, config *ConjureConfig) error {
 		}
 		log.Printf("SOCKS accepted: %v", conn.Req)
 		getSOCKSArgs(conn, config)
-		go handler(conn, config)
+		go func() {
+			err := handler(conn, config)
+			if err != nil {
+				log.Println(err)
+			}
+		}()
 	}
 	return nil
 }
@@ -56,6 +66,9 @@ func main() {
 	logToStateDir := flag.Bool("log-to-state-dir", false,
 		"resolve the log file relative to tor's pt state dir")
 	unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
+	front := flag.String("front", "", "domain front")
+	registerURL := flag.String("registerURL", "", "URL of the conjure registration station")
+
 	flag.Parse()

 	// Set up logging
@@ -82,9 +95,14 @@ func main() {
 	log.SetFlags(log.LstdFlags | log.LUTC)
 	log.SetOutput(logFile)

+	tapdance.SetLoggerOutput(logFile)
+	tapdance.Logger().Warnf("Redirecting log to file")
+
 	// Configure Conjure
 	config := &ConjureConfig{
-		assetDir: *assetDir,
+		assetDir:    *assetDir,
+		registerURL: *registerURL,
+		front:       *front,
 	}

 	// Tor client-side transport setup

--- a/go.mod
+++ b/go.mod
@@ -4,4 +4,11 @@ go 1.17

 require git.torproject.org/pluggable-transports/goptlib.git v1.2.0

-require git.torproject.org/pluggable-transports/snowflake.git v1.1.0 // indirect
+require (
+	git.torproject.org/pluggable-transports/snowflake.git v1.1.0
+	github.com/golang/protobuf v1.5.2
+	github.com/refraction-networking/gotapdance v1.2.0
+	github.com/refraction-networking/utls v1.1.0 // indirect
+)
+
+replace github.com/refraction-networking/gotapdance => github.com/cohosh/gotapdance v0.0.0-20220602200913-1c737ba57600
--- a/go.sum
+++ b/go.sum
--- a/registration.go
+++ b/registration.go
+package main
+
+import (
+	"context"
+	"log"
+	"net"
+	"net/http"
+	"time"
+
+	proto "github.com/refraction-networking/gotapdance/protobuf"
+	"github.com/refraction-networking/gotapdance/tapdance"
+)
+
+type Rendezvous struct {
+	registerURL string
+	front       string
+	transport   *http.Transport
+}
+
+func (r *Rendezvous) RoundTrip(req *http.Request) (*http.Response, error) {
+
+	log.Println("Performing a Conjure registration with domain fronting...")
+	log.Println("Conjure station URL: ", r.registerURL)
+	log.Println("Domain front: ", r.front)
+
+	if r.front != "" {
+		req.Host = req.URL.Host
+		req.URL.Host = r.front
+	}
+
+	return r.transport.RoundTrip(req)
+}
+
+func handle(conn net.Conn, config *ConjureConfig) error {
+
+	ctx, cancelFunc := context.WithCancel(context.Background())
+	defer cancelFunc()
+
+	dialer := &tapdance.Dialer{
+		//this specifies that we're using conjure, not vanilla tapdance
+		DarkDecoy: true,
+		//TODO: what is this?
+		SplitFlows: false,
+		//TODO: what is this?
+		// Apparently psiphon for android needs it but i'm not sure why yet
+		TcpDialer: nil,
+		//TODO: what is this and do we need it?
+		// I think we'll need this for connection to the server
+		UseProxyHeader: true,
+		//TODO: what is this?
+		// Might be connections to v6 phantoms?
+		V6Support: false,
+		//TODO: double check this
+		Width: 0,
+	}
+
+	// The registration step connects a client with a phantom IP address.
+	// There are currently two options for registration:
+	//   1) APIRegistrarBidirectional: this is a bidirectional registration process that allows a
+	//        a client to submit a REST API request over HTTP for the phantom IP
+	//   2) DecoyRegistrar: this is a unidirectional registration process used by the
+	//        original TapDance protocol in which the client essentially tells the refraction
+	//        station which phantom IP to use
+	// For simplicity, we use the bidirectional registration process. Different censorship
+	// resistant transport methods can be used to tunnel the HTTP requests, such as domain fronting
+	registrar := tapdance.APIRegistrarBidirectional{
+		Endpoint: config.registerURL + "/register-bidirectional", //Note: this goes in the HTTP request
+		// TODO: reach out and ask what a reasonable value to set this to is
+		ConnectionDelay: time.Second,
+		MaxRetries:      0,
+	}
+
+	transport := http.DefaultTransport.(*http.Transport)
+	transport.Proxy = nil
+
+	// APIRegistrarBidirectional expects an HTTP client for sending the registration request.
+	// The http.RoundTripper associated with this client dictates the censorship-resistant
+	// rendezvous method used to establish a connection with the registration server.
+	// As of now, the deployed Conjure station supports direct HTTP connections and domain
+	// fronted connections.
+	registrar.Client = &http.Client{
+		Transport: &Rendezvous{
+			registerURL: config.registerURL,
+			front:       config.front,
+			transport:   transport,
+		},
+	}
+
+	dialer.DarkDecoyRegistrar = registrar
+
+	// There are currently three available transports:
+	//   1) min
+	//   2) obfs4
+	//   3) webrtc
+	dialer.Transport = proto.TransportType_Obfs4
+
+	log.Printf("Using the registration API at %s", config.registerURL)
+	// Make a connection to the bridge through the phantom
+	// This will register the client, obtaining a phantom address and connect
+	// to that phantom address all in one go
+	phantomConn, err := dialer.DialContext(ctx, "tcp", "http://192.168.122.2")
+	if err != nil {
+		return err
+	}
+	defer phantomConn.Close()
+
+	log.Println("Successfully connected to phantom proxy!")
+
+	return nil
+}
--- a/torrc
+++ b/torrc
+UseBridges 1
+DataDirectory datadir
+
+ClientTransportPlugin conjure exec ./conjure -log conjure.log -unsafe-logging -registerURL http://192.168.122.2:8080
+
+Bridge conjure 192.0.3.3:1
+
+SocksPort auto