Add noise_handshake for scramble data.

proxy/CMakeLists.txt

@@ -25,6 +25,7 @@ target_sources(libproxy
 	${CMAKE_CURRENT_SOURCE_DIR}/include/proxy/use_awaitable.hpp
 	${CMAKE_CURRENT_SOURCE_DIR}/include/proxy/http_proxy_client.hpp
 	${CMAKE_CURRENT_SOURCE_DIR}/include/proxy/xxhash.hpp
+	${CMAKE_CURRENT_SOURCE_DIR}/include/proxy/proxy_socket.hpp
 
 	${CMAKE_CURRENT_SOURCE_DIR}/src/dummy.cpp
 )

proxy/include/proxy/base_stream.hpp

@@ -8,7 +8,6 @@
 #ifndef INCLUDE__2023_10_18__BASE_STREAM_HPP
 #define INCLUDE__2023_10_18__BASE_STREAM_HPP
 
-
 #include <type_traits>
 
 #include <boost/asio/ip/tcp.hpp>
@@ -25,10 +24,8 @@ namespace util {
 	namespace net = boost::asio;
 
 	using tcp = net::ip::tcp;               // from <boost/asio/ip/tcp.hpp>
-	using udp = net::ip::udp;               // from <boost/asio/ip/udp.hpp>
 
-	using tcp_acceptor = tcp::acceptor;
-	using tcp_socket = tcp::socket;
+	//////////////////////////////////////////////////////////////////////////
 
 	template<typename... T>
 	class base_stream : public boost::variant2::variant<T...>
@@ -50,20 +47,29 @@ namespace util {
 		base_stream(base_stream&&) = default;
 
 		using executor_type = net::any_io_executor;
+		using lowest_layer_type = tcp::socket;
 
 		executor_type get_executor()
 		{
 			return boost::variant2::visit([&](auto& t) mutable
 				{ return t.get_executor(); }, *this);
 		}
 
+		lowest_layer_type& lowest_layer()
+		{
+			return boost::variant2::visit([&](auto& t) mutable -> tcp::socket&
+				{
+					return static_cast<tcp::socket&>(t.lowest_layer());
+				}, *this);
+		}
+
 		template <typename MutableBufferSequence, typename ReadHandler>
 		BOOST_ASIO_INITFN_AUTO_RESULT_TYPE(ReadHandler,
 			void(boost::system::error_code, std::size_t))
 			async_read_some(const MutableBufferSequence& buffers,
 				ReadHandler&& handler)
 		{
-			return boost::variant2::visit([&](auto& t) mutable
+			return boost::variant2::visit([&, handler = std::move(handler)](auto& t) mutable
 				{ return t.async_read_some(buffers,
 					std::forward<ReadHandler>(handler)); }, *this);
 		}
@@ -83,15 +89,7 @@ namespace util {
 		{
 			return boost::variant2::visit([&](auto& t) mutable
 				{
-					if constexpr (std::same_as<tcp_socket,
-						std::decay_t<decltype(t)>>)
-					{
-						return t.remote_endpoint();
-					}
-					else
-					{
-						return t.lowest_layer().remote_endpoint();
-					}
+					return t.lowest_layer().remote_endpoint();
 				}, *this);
 		}
 
@@ -100,86 +98,26 @@ namespace util {
 		{
 			boost::variant2::visit([&](auto& t) mutable
 				{
-					if constexpr (std::same_as<tcp_socket,
-						std::decay_t<decltype(t)>>)
-					{
-						t.shutdown(what, ec);
-					}
-					else
-					{
-						t.lowest_layer().shutdown(what, ec);
-					}
+					t.lowest_layer().shutdown(what, ec);
 				}, *this);
 		}
 
 		bool is_open() const
 		{
 			return boost::variant2::visit([&](auto& t)
 				{
-					if constexpr (std::same_as<tcp_socket,
-						std::decay_t<decltype(t)>>)
-					{
-						return t.is_open();
-					}
-					else
-					{
-						return t.lowest_layer().is_open();
-					}
+					return t.lowest_layer().is_open();
 				}, *this);
 		}
 
 		void close(boost::system::error_code& ec)
 		{
 			boost::variant2::visit([&](auto& t) mutable
 				{
-					if constexpr (std::same_as<tcp_socket,
-						std::decay_t<decltype(t)>>)
-					{
-						t.close(ec);
-					}
-					else
-					{
-						t.lowest_layer().close(ec);
-					}
+					t.lowest_layer().close(ec);
 				}, *this);
 		}
 	};
-
-	using ssl_stream = net::ssl::stream<tcp_socket>;
-	using proxy_stream_type = base_stream<tcp_socket, ssl_stream>;
-
-
-	inline proxy_stream_type instantiate_proxy_stream(
-		proxy_stream_type& s)
-	{
-		return proxy_stream_type(tcp_socket(s.get_executor()));
-	}
-
-	inline proxy_stream_type instantiate_proxy_stream(
-		net::any_io_executor executor)
-	{
-		return proxy_stream_type(tcp_socket(executor));
-	}
-
-	inline proxy_stream_type instantiate_proxy_stream(
-		net::io_context& ioc)
-	{
-		return proxy_stream_type(tcp_socket(ioc));
-	}
-
-	inline proxy_stream_type instantiate_proxy_stream(
-		tcp_socket&& s)
-	{
-		return proxy_stream_type(std::move(s));
-	}
-
-	inline proxy_stream_type instantiate_proxy_stream(
-		tcp_socket&& s, net::ssl::context& sslctx)
-	{
-		return proxy_stream_type(ssl_stream(
-			std::forward<tcp_socket>(s), sslctx));
-	}
-
 }
 
 #endif // INCLUDE__2023_10_18__BASE_STREAM_HPP

proxy/include/proxy/default_cert.hpp

@@ -18013,4 +18013,50 @@ inline std::string_view default_root_certificates()
 	return std::string_view((const char*)&cacert_2023_05_30_pem, cacert_2023_05_30_pem_len);
 }
 
+inline std::string_view default_dh_param()
+{
+	// openssl dhparam -out dh4096.pem 4096
+	static const unsigned char dh4096_pem[] = {
+	  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x44,
+	  0x48, 0x20, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53,
+	  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, 0x44, 0x41,
+	  0x4b, 0x43, 0x41, 0x51, 0x45, 0x41, 0x6f, 0x43, 0x7a, 0x4e, 0x31, 0x6e,
+	  0x66, 0x42, 0x57, 0x79, 0x64, 0x64, 0x46, 0x6b, 0x45, 0x4d, 0x75, 0x2b,
+	  0x37, 0x37, 0x69, 0x7a, 0x43, 0x6e, 0x7a, 0x64, 0x35, 0x5a, 0x54, 0x61,
+	  0x65, 0x4d, 0x2f, 0x45, 0x62, 0x57, 0x42, 0x6d, 0x75, 0x44, 0x53, 0x37,
+	  0x61, 0x6b, 0x48, 0x70, 0x65, 0x53, 0x44, 0x63, 0x64, 0x77, 0x0a, 0x69,
+	  0x59, 0x63, 0x48, 0x53, 0x6a, 0x44, 0x6e, 0x55, 0x41, 0x32, 0x6a, 0x62,
+	  0x4e, 0x51, 0x2f, 0x76, 0x39, 0x6a, 0x31, 0x30, 0x31, 0x41, 0x4a, 0x6d,
+	  0x78, 0x33, 0x32, 0x37, 0x52, 0x31, 0x4a, 0x73, 0x63, 0x43, 0x67, 0x51,
+	  0x69, 0x68, 0x5a, 0x50, 0x38, 0x6b, 0x70, 0x58, 0x78, 0x77, 0x54, 0x34,
+	  0x6c, 0x64, 0x2b, 0x4f, 0x6f, 0x69, 0x69, 0x4b, 0x6e, 0x72, 0x42, 0x33,
+	  0x48, 0x44, 0x62, 0x0a, 0x33, 0x41, 0x4c, 0x45, 0x6c, 0x6e, 0x46, 0x5a,
+	  0x4d, 0x54, 0x53, 0x54, 0x54, 0x33, 0x63, 0x55, 0x47, 0x66, 0x37, 0x30,
+	  0x48, 0x63, 0x78, 0x73, 0x34, 0x65, 0x74, 0x47, 0x79, 0x64, 0x56, 0x37,
+	  0x51, 0x74, 0x74, 0x31, 0x4a, 0x77, 0x6c, 0x76, 0x66, 0x2f, 0x43, 0x70,
+	  0x6b, 0x39, 0x55, 0x49, 0x56, 0x4d, 0x49, 0x2b, 0x69, 0x30, 0x54, 0x32,
+	  0x67, 0x50, 0x67, 0x43, 0x35, 0x6f, 0x4e, 0x69, 0x0a, 0x51, 0x54, 0x6e,
+	  0x5a, 0x73, 0x58, 0x48, 0x6e, 0x6a, 0x6e, 0x32, 0x44, 0x42, 0x69, 0x4d,
+	  0x73, 0x38, 0x79, 0x7a, 0x58, 0x50, 0x4b, 0x44, 0x2f, 0x2b, 0x2f, 0x54,
+	  0x47, 0x77, 0x6a, 0x75, 0x4c, 0x69, 0x39, 0x50, 0x4b, 0x4d, 0x54, 0x4f,
+	  0x61, 0x55, 0x6a, 0x77, 0x54, 0x76, 0x72, 0x37, 0x31, 0x64, 0x56, 0x73,
+	  0x58, 0x69, 0x4f, 0x76, 0x74, 0x66, 0x7a, 0x5a, 0x4c, 0x52, 0x4b, 0x4d,
+	  0x53, 0x0a, 0x34, 0x4f, 0x52, 0x33, 0x45, 0x42, 0x2f, 0x46, 0x73, 0x76,
+	  0x38, 0x74, 0x44, 0x34, 0x76, 0x72, 0x55, 0x67, 0x58, 0x52, 0x75, 0x79,
+	  0x52, 0x43, 0x63, 0x67, 0x67, 0x51, 0x5a, 0x72, 0x37, 0x49, 0x38, 0x38,
+	  0x5a, 0x6f, 0x79, 0x6b, 0x44, 0x33, 0x73, 0x56, 0x65, 0x6b, 0x6b, 0x7a,
+	  0x2f, 0x4a, 0x53, 0x7a, 0x4e, 0x6f, 0x52, 0x31, 0x39, 0x43, 0x31, 0x65,
+	  0x64, 0x79, 0x2f, 0x45, 0x58, 0x4a, 0x0a, 0x74, 0x62, 0x6e, 0x75, 0x67,
+	  0x63, 0x5a, 0x36, 0x5a, 0x7a, 0x6d, 0x6b, 0x74, 0x5a, 0x44, 0x5a, 0x31,
+	  0x46, 0x50, 0x42, 0x68, 0x7a, 0x31, 0x45, 0x33, 0x4c, 0x57, 0x4f, 0x52,
+	  0x45, 0x61, 0x6a, 0x68, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x43, 0x41,
+	  0x4f, 0x45, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44,
+	  0x20, 0x44, 0x48, 0x20, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45,
+	  0x52, 0x53, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
+	};
+	const unsigned int dh4096_pem_len = 428;
+
+	return std::string_view((const char*)&dh4096_pem, dh4096_pem_len);
+}
+
 #endif // INCLUDE__2023_10_18__DEFAULT_CERT_HPP

proxy/include/proxy/http_proxy_client.hpp

@@ -59,10 +59,6 @@ namespace proxy {
 	using http_request = http::request<http::string_body>;
 	using http_response = http::response<http::dynamic_body>;
 
-	using tcp_socket = tcp::socket;
-
-	using ssl_stream = net::ssl::stream<tcp_socket>;
-
 	// Options for the HTTP proxy client
 	struct http_proxy_client_option {
 		std::string target_host;  // Target server host