From b023593a2c64e385d772b129ec1d05aa26025a72 Mon Sep 17 00:00:00 2001 From: Torsten Grote Date: Mon, 4 Feb 2019 15:56:47 -0200 Subject: [PATCH] Use the pluggable transport meek lite where obfs4 is blocked --- bramble-android/build.gradle | 2 +- bramble-android/witness.gradle | 2 +- .../plugin/tor/CircumventionProvider.java | 14 ++++++++--- .../plugin/tor/CircumventionProviderImpl.java | 11 +++++++- .../bramble/plugin/tor/TorPlugin.java | 25 +++++++++++++------ bramble-core/src/main/resources/bridges | 3 ++- .../bramble/plugin/tor/BridgeTest.java | 9 +++++-- 7 files changed, 50 insertions(+), 16 deletions(-) diff --git a/bramble-android/build.gradle b/bramble-android/build.gradle index d195c2191..b989a6d45 100644 --- a/bramble-android/build.gradle +++ b/bramble-android/build.gradle @@ -31,7 +31,7 @@ configurations { dependencies { implementation project(path: ':bramble-core', configuration: 'default') tor 'org.briarproject:tor-android:0.3.5.7@zip' - tor 'org.briarproject:obfs4proxy-android:0.0.7@zip' + tor 'org.briarproject:obfs4proxy-android:0.0.9@zip' annotationProcessor 'com.google.dagger:dagger-compiler:2.19' diff --git a/bramble-android/witness.gradle b/bramble-android/witness.gradle index 1b3fdcbec..f47c97f19 100644 --- a/bramble-android/witness.gradle +++ b/bramble-android/witness.gradle @@ -68,7 +68,7 @@ dependencyVerification { 'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8', 'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca', 'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349', - 'org.briarproject:obfs4proxy-android:0.0.7:obfs4proxy-android-0.0.7.zip:abdfb5d889d848de9bf214f9276abbf454808a505b870819eccc9a9e985bf617', + 'org.briarproject:obfs4proxy-android:0.0.9:obfs4proxy-android-0.0.9.zip:9b7e9181535ea8d8bbe8ae6338e08cf4c5fc1e357a779393e0ce49586d459ae0', 'org.briarproject:tor-android:0.3.5.7:tor-android-0.3.5.7.zip:9ac00f4d362029cd3d40bc3c3d0dc63e081414f8b28ba0c4692ab4a330758093', 'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d', 'org.codehaus.groovy:groovy-all:2.4.12:groovy-all-2.4.12.jar:6a56af4bd48903d56bec62821876cadefafd007360cc6bd0d8f7aa8d72b38be4', diff --git a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java index 3625e206e..1e670de96 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java @@ -17,16 +17,24 @@ public interface CircumventionProvider { String[] BLOCKED = {"CN", "IR", "EG", "BY", "TR", "SY", "VE"}; /** - * Countries where vanilla bridge connection are likely to work. + * Countries where obfs4 bridge connection are likely to work. * Should be a subset of {@link #BLOCKED}. */ - String[] BRIDGES = { "EG", "BY", "TR", "SY", "VE" }; + String[] BRIDGES = { "CN", "IR", "EG", "BY", "TR", "SY", "VE" }; + + /** + * Countries where obfs4 bridges won't work and meek is needed. + * Should be a subset of {@link #BRIDGES}. + */ + String[] NEEDS_MEEK = {"CN", "IR"}; boolean isTorProbablyBlocked(String countryCode); boolean doBridgesWork(String countryCode); + boolean needsMeek(String countryCode); + @IoExecutor - List getBridges(); + List getBridges(boolean meek); } diff --git a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java index 57c3b5ca8..2e8c8ad90 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProviderImpl.java @@ -22,6 +22,8 @@ class CircumventionProviderImpl implements CircumventionProvider { new HashSet<>(asList(BLOCKED)); private static final Set BRIDGES_WORK_IN_COUNTRIES = new HashSet<>(asList(BRIDGES)); + private static final Set BRIDGES_NEED_MEEK = + new HashSet<>(asList(NEEDS_MEEK)); @Nullable private volatile List bridges = null; @@ -40,9 +42,14 @@ class CircumventionProviderImpl implements CircumventionProvider { return BRIDGES_WORK_IN_COUNTRIES.contains(countryCode); } + @Override + public boolean needsMeek(String countryCode) { + return BRIDGES_NEED_MEEK.contains(countryCode); + } + @Override @IoExecutor - public List getBridges() { + public List getBridges(boolean useMeek) { List bridges = this.bridges; if (bridges != null) return new ArrayList<>(bridges); @@ -53,6 +60,8 @@ class CircumventionProviderImpl implements CircumventionProvider { bridges = new ArrayList<>(); while (scanner.hasNextLine()) { String line = scanner.nextLine(); + boolean isMeekBridge = line.startsWith("Bridge meek"); + if (useMeek && !isMeekBridge || !useMeek && isMeekBridge) continue; if (!line.startsWith("#")) bridges.add(line); } scanner.close(); diff --git a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java index d672b4cb4..b2d0f45bf 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java @@ -470,13 +470,19 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener { if (!enable) callback.transportDisabled(); } - private void enableBridges(boolean enable) throws IOException { + private void enableBridges(boolean enable, boolean needsMeek) + throws IOException { if (enable) { Collection conf = new ArrayList<>(); conf.add("UseBridges 1"); - conf.add("ClientTransportPlugin obfs4 exec " + - obfs4File.getAbsolutePath()); - conf.addAll(circumventionProvider.getBridges()); + if (needsMeek) { + conf.add("ClientTransportPlugin meek_lite exec " + + obfs4File.getAbsolutePath()); + } else { + conf.add("ClientTransportPlugin obfs4 exec " + + obfs4File.getAbsolutePath()); + } + conf.addAll(circumventionProvider.getBridges(needsMeek)); controlConnection.setConf(conf); } else { controlConnection.setConf("UseBridges", "0"); @@ -716,12 +722,17 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener { enableNetwork(false); } else if (network == PREF_TOR_NETWORK_WITH_BRIDGES || (automatic && bridgesWork)) { - LOG.info("Enabling network, using bridges"); - enableBridges(true); + if (circumventionProvider.needsMeek(country)) { + LOG.info("Enabling network, using meek bridges"); + enableBridges(true, true); + } else { + LOG.info("Enabling network, using obfs4 bridges"); + enableBridges(true, false); + } enableNetwork(true); } else { LOG.info("Enabling network, not using bridges"); - enableBridges(false); + enableBridges(false, false); enableNetwork(true); } if (online && wifi && charging) { diff --git a/bramble-core/src/main/resources/bridges b/bramble-core/src/main/resources/bridges index 68f55760e..7e1833253 100644 --- a/bramble-core/src/main/resources/bridges +++ b/bramble-core/src/main/resources/bridges @@ -1,4 +1,5 @@ Bridge obfs4 78.46.188.239:37356 5A2D2F4158D0453E00C7C176978D3F41D69C45DB cert=3c0SwxpOisbohNxEc4tb875RVW8eOu1opRTVXJhafaKA/PNNtI7ElQIVOVZg1AdL5bxGCw iat-mode=0 Bridge obfs4 52.15.78.72:9443 02069A3C5362476936B62BA6F5ACC41ABD573A9B cert=ijYG/OKc7kqu2YzKNFfeXN7/BG2BOgfEP2KyYEiGDQthnHbsOiTWHeIG0WJVW+BckzDgKw iat-mode=0 Bridge obfs4 13.58.29.242:9443 0C58939A77DA6B6B29D4B5236A75865659607AE0 cert=OylWIEHb/ezpq1zWxW0sgKRn+9ARH2eOcQOZ8/Gew+4l+oKOhQ2jUX/Y+FSl61JorXZUWA iat-mode=0 -Bridge obfs4 45.33.37.112:9443 60A609BB4ABE8D46E634AE81ED29ADAB7776B399 cert=t5v19WmNv5Sc2YPNr8RQids365W7MY8zJwQVkOxBjUMFomMWARDzsbYpcWLLcw0J9Gm+BQ iat-mode=0 \ No newline at end of file +Bridge obfs4 45.33.37.112:9443 60A609BB4ABE8D46E634AE81ED29ADAB7776B399 cert=t5v19WmNv5Sc2YPNr8RQids365W7MY8zJwQVkOxBjUMFomMWARDzsbYpcWLLcw0J9Gm+BQ iat-mode=0 +Bridge meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com \ No newline at end of file diff --git a/bramble-java/src/test/java/org/briarproject/bramble/plugin/tor/BridgeTest.java b/bramble-java/src/test/java/org/briarproject/bramble/plugin/tor/BridgeTest.java index 1eaa8c07e..e9c57086a 100644 --- a/bramble-java/src/test/java/org/briarproject/bramble/plugin/tor/BridgeTest.java +++ b/bramble-java/src/test/java/org/briarproject/bramble/plugin/tor/BridgeTest.java @@ -44,7 +44,7 @@ public class BridgeTest extends BrambleTestCase { public static Iterable data() { BrambleJavaIntegrationTestComponent component = DaggerBrambleJavaIntegrationTestComponent.builder().build(); - return component.getCircumventionProvider().getBridges(); + return component.getCircumventionProvider().getBridges(false); } private final static long TIMEOUT = SECONDS.toMillis(30); @@ -104,7 +104,12 @@ public class BridgeTest extends BrambleTestCase { } @Override - public List getBridges() { + public boolean needsMeek(String countryCode) { + return false; + } + + @Override + public List getBridges(boolean useMeek) { return singletonList(bridge); } };