Merge branch '1498-meek' into 'master'

Use the pluggable transport meek lite where obfs4 is blocked

Closes #1498 and #1418

See merge request briar/briar!1040

bramble-android/build.gradle

@@ -31,7 +31,7 @@ configurations {
 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
 	tor 'org.briarproject:tor-android:0.3.5.7@zip'
-	tor 'org.briarproject:obfs4proxy-android:0.0.7@zip'
+	tor 'org.briarproject:obfs4proxy-android:0.0.9@zip'
 
 	annotationProcessor 'com.google.dagger:dagger-compiler:2.19'
 

bramble-android/witness.gradle

@@ -68,7 +68,7 @@ dependencyVerification {
         'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
         'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
         'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
-        'org.briarproject:obfs4proxy-android:0.0.7:obfs4proxy-android-0.0.7.zip:abdfb5d889d848de9bf214f9276abbf454808a505b870819eccc9a9e985bf617',
+        'org.briarproject:obfs4proxy-android:0.0.9:obfs4proxy-android-0.0.9.zip:9b7e9181535ea8d8bbe8ae6338e08cf4c5fc1e357a779393e0ce49586d459ae0',
         'org.briarproject:tor-android:0.3.5.7:tor-android-0.3.5.7.zip:9ac00f4d362029cd3d40bc3c3d0dc63e081414f8b28ba0c4692ab4a330758093',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
         'org.codehaus.groovy:groovy-all:2.4.12:groovy-all-2.4.12.jar:6a56af4bd48903d56bec62821876cadefafd007360cc6bd0d8f7aa8d72b38be4',

bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java

@@ -17,16 +17,24 @@ public interface CircumventionProvider {
 	String[] BLOCKED = {"CN", "IR", "EG", "BY", "TR", "SY", "VE"};
 
 	/**
-	 * Countries where vanilla bridge connection are likely to work.
+	 * Countries where obfs4 bridge connection are likely to work.
 	 * Should be a subset of {@link #BLOCKED}.
 	 */
-	String[] BRIDGES = { "EG", "BY", "TR", "SY", "VE" };
+	String[] BRIDGES = { "CN", "IR", "EG", "BY", "TR", "SY", "VE" };
+
+	/**
+	 * Countries where obfs4 bridges won't work and meek is needed.
+	 * Should be a subset of {@link #BRIDGES}.
+	 */
+	String[] NEEDS_MEEK = {"CN", "IR"};
 
 	boolean isTorProbablyBlocked(String countryCode);
 
 	boolean doBridgesWork(String countryCode);
 
+	boolean needsMeek(String countryCode);
+
 	@IoExecutor
-	List<String> getBridges();
+	List<String> getBridges(boolean meek);
 
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java

@@ -22,6 +22,8 @@ class CircumventionProviderImpl implements CircumventionProvider {
 			new HashSet<>(asList(BLOCKED));
 	private static final Set<String> BRIDGES_WORK_IN_COUNTRIES =
 			new HashSet<>(asList(BRIDGES));
+	private static final Set<String> BRIDGES_NEED_MEEK =
+			new HashSet<>(asList(NEEDS_MEEK));
 
 	@Nullable
 	private volatile List<String> bridges = null;
@@ -40,9 +42,14 @@ class CircumventionProviderImpl implements CircumventionProvider {
 		return BRIDGES_WORK_IN_COUNTRIES.contains(countryCode);
 	}
 
+	@Override
+	public boolean needsMeek(String countryCode) {
+		return BRIDGES_NEED_MEEK.contains(countryCode);
+	}
+
 	@Override
 	@IoExecutor
-	public List<String> getBridges() {
+	public List<String> getBridges(boolean useMeek) {
 		List<String> bridges = this.bridges;
 		if (bridges != null) return new ArrayList<>(bridges);
 
@@ -53,6 +60,8 @@ class CircumventionProviderImpl implements CircumventionProvider {
 		bridges = new ArrayList<>();
 		while (scanner.hasNextLine()) {
 			String line = scanner.nextLine();
+			boolean isMeekBridge = line.startsWith("Bridge meek");
+			if (useMeek && !isMeekBridge || !useMeek && isMeekBridge) continue;
 			if (!line.startsWith("#")) bridges.add(line);
 		}
 		scanner.close();

bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java

@@ -470,13 +470,19 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		if (!enable) callback.transportDisabled();
 	}
 
-	private void enableBridges(boolean enable) throws IOException {
+	private void enableBridges(boolean enable, boolean needsMeek)
+			throws IOException {
 		if (enable) {
 			Collection<String> conf = new ArrayList<>();
 			conf.add("UseBridges 1");
-			conf.add("ClientTransportPlugin obfs4 exec " +
-					obfs4File.getAbsolutePath());
-			conf.addAll(circumventionProvider.getBridges());
+			if (needsMeek) {
+				conf.add("ClientTransportPlugin meek_lite exec " +
+						obfs4File.getAbsolutePath());
+			} else {
+				conf.add("ClientTransportPlugin obfs4 exec " +
+						obfs4File.getAbsolutePath());
+			}
+			conf.addAll(circumventionProvider.getBridges(needsMeek));
 			controlConnection.setConf(conf);
 		} else {
 			controlConnection.setConf("UseBridges", "0");
@@ -716,12 +722,17 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 					enableNetwork(false);
 				} else if (network == PREF_TOR_NETWORK_WITH_BRIDGES ||
 						(automatic && bridgesWork)) {
-					LOG.info("Enabling network, using bridges");
-					enableBridges(true);
+					if (circumventionProvider.needsMeek(country)) {
+						LOG.info("Enabling network, using meek bridges");
+						enableBridges(true, true);
+					} else {
+						LOG.info("Enabling network, using obfs4 bridges");
+						enableBridges(true, false);
+					}
 					enableNetwork(true);
 				} else {
 					LOG.info("Enabling network, not using bridges");
-					enableBridges(false);
+					enableBridges(false, false);
 					enableNetwork(true);
 				}
 				if (online && wifi && charging) {

bramble-core/src/main/resources/bridges

@@ -1,4 +1,5 @@
 Bridge obfs4 78.46.188.239:37356 5A2D2F4158D0453E00C7C176978D3F41D69C45DB cert=3c0SwxpOisbohNxEc4tb875RVW8eOu1opRTVXJhafaKA/PNNtI7ElQIVOVZg1AdL5bxGCw iat-mode=0
 Bridge obfs4 52.15.78.72:9443 02069A3C5362476936B62BA6F5ACC41ABD573A9B cert=ijYG/OKc7kqu2YzKNFfeXN7/BG2BOgfEP2KyYEiGDQthnHbsOiTWHeIG0WJVW+BckzDgKw iat-mode=0
 Bridge obfs4 13.58.29.242:9443 0C58939A77DA6B6B29D4B5236A75865659607AE0 cert=OylWIEHb/ezpq1zWxW0sgKRn+9ARH2eOcQOZ8/Gew+4l+oKOhQ2jUX/Y+FSl61JorXZUWA iat-mode=0
-Bridge obfs4 45.33.37.112:9443 60A609BB4ABE8D46E634AE81ED29ADAB7776B399 cert=t5v19WmNv5Sc2YPNr8RQids365W7MY8zJwQVkOxBjUMFomMWARDzsbYpcWLLcw0J9Gm+BQ iat-mode=0
+Bridge obfs4 45.33.37.112:9443 60A609BB4ABE8D46E634AE81ED29ADAB7776B399 cert=t5v19WmNv5Sc2YPNr8RQids365W7MY8zJwQVkOxBjUMFomMWARDzsbYpcWLLcw0J9Gm+BQ iat-mode=0
+Bridge meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com

bramble-java/src/test/java/org/briarproject/bramble/plugin/tor/BridgeTest.java

@@ -44,7 +44,7 @@ public class BridgeTest extends BrambleTestCase {
 	public static Iterable<String> data() {
 		BrambleJavaIntegrationTestComponent component =
 				DaggerBrambleJavaIntegrationTestComponent.builder().build();
-		return component.getCircumventionProvider().getBridges();
+		return component.getCircumventionProvider().getBridges(false);
 	}
 
 	private final static long TIMEOUT = SECONDS.toMillis(30);
@@ -104,7 +104,12 @@ public class BridgeTest extends BrambleTestCase {
 			}
 
 			@Override
-			public List<String> getBridges() {
+			public boolean needsMeek(String countryCode) {
+				return false;
+			}
+
+			@Override
+			public List<String> getBridges(boolean useMeek) {
 				return singletonList(bridge);
 			}
 		};