re-implement phantom selection as it's own submodule. (#36)

* re-implement phantom selection as it's own submodule with testing and support for weighted subnet lists.

* comments and light cleanup

Author: jmwample

tapdance/conjure.go

@@ -15,6 +15,7 @@ import (
 
 	"github.com/golang/protobuf/proto"
 	pb "github.com/refraction-networking/gotapdance/protobuf"
+	ps "github.com/refraction-networking/gotapdance/tapdance/phantoms"
 	tls "github.com/refraction-networking/utls"
 	"golang.org/x/crypto/hkdf"
 )
@@ -741,44 +742,41 @@ func SelectDecoys(sharedSecret []byte, version uint, width uint) []*pb.TLSDecoyS
 	return decoys
 }
 
-var phantomSubnets = []string{
-	"192.122.190.0/24",
-	"2001:48a8:687f:1::/64",
-	"141.219.0.0/16",
-	"35.8.0.0/16",
+// var phantomSubnets = []conjurePhantomSubnet{
+// 	{subnet: "192.122.190.0/24", weight: 90.0},
+// 	{subnet: "2001:48a8:687f:1::/64", weight: 90.0},
+// 	{subnet: "141.219.0.0/16", weight: 10.0},
+// 	{subnet: "35.8.0.0/16", weight: 10.0},
+// }
+
+var phantomSubnets = ps.SubnetConfig{
+	WeightedSubnets: []ps.ConjurePhantomSubnet{
+		{Weight: 9, Subnets: []string{"192.122.190.0/24", "2001:48a8:687f:1::/64"}},
+		{Weight: 1, Subnets: []string{"141.219.0.0/16", "35.8.0.0/16"}},
+	},
 }
 
 // SelectPhantom - select one phantom IP address based on shared secret
 func SelectPhantom(seed []byte, support uint) (*net.IP, *net.IP, error) {
-	ddIPSelector4, err4 := newDDIpSelector(phantomSubnets, false)
-	ddIPSelector6, err6 := newDDIpSelector(phantomSubnets, true)
-
-	// If we got an error that effects the addresses we will be choosing from return error, else go on.
-	if err4 != nil && support != v6 {
-		return nil, nil, err4
-	} else if err6 != nil && support != v4 {
-		return nil, nil, err6
-	}
-
 	switch support {
 	case v4:
-		phantomIPv4, err := ddIPSelector4.selectIpAddr(seed)
+		phantomIPv4, err := ps.SelectPhantom(seed, phantomSubnets, ps.V4Only, true)
 		if err != nil {
 			return nil, nil, err
 		}
 		return phantomIPv4, nil, nil
 	case v6:
-		phantomIPv6, err := ddIPSelector6.selectIpAddr(seed)
+		phantomIPv6, err := ps.SelectPhantom(seed, phantomSubnets, ps.V6Only, true)
 		if err != nil {
 			return nil, nil, err
 		}
 		return nil, phantomIPv6, nil
 	case both:
-		phantomIPv4, err := ddIPSelector4.selectIpAddr(seed)
+		phantomIPv4, err := ps.SelectPhantom(seed, phantomSubnets, ps.V4Only, true)
 		if err != nil {
 			return nil, nil, err
 		}
-		phantomIPv6, err := ddIPSelector6.selectIpAddr(seed)
+		phantomIPv6, err := ps.SelectPhantom(seed, phantomSubnets, ps.V6Only, true)
 		if err != nil {
 			return nil, nil, err
 		}

tapdance/conjure_test.go

@@ -2,94 +2,12 @@ package tapdance
 
 import (
 	"crypto/hmac"
-	"crypto/rand"
 	"encoding/hex"
 	"testing"
 
 	pb "github.com/refraction-networking/gotapdance/protobuf"
 )
 
-func TestSelectIpv4(t *testing.T) {
-
-	_ddIPSelector, err := newDDIpSelector([]string{"192.122.190.0/24", "2001:48a8:687f:1::/64"}, false)
-	if err != nil {
-		t.Fatal("Failed IP selector initialization ", err)
-	}
-
-	for _, _net := range _ddIPSelector.nets {
-		if _net.IP.To4() == nil {
-			t.Fatal("Encountered Non IPv4 Network block")
-		}
-	}
-
-	seed := make([]byte, 16)
-	_, err = rand.Read(seed)
-	if err != nil {
-		t.Fatalf("Crypto/Rand error -- %s\n", err)
-	}
-
-	darDecoyIPAddr, err := _ddIPSelector.selectIpAddr(seed)
-	if err != nil {
-		t.Fatalf("Error selecting decoy address -- %s\n", err)
-	}
-	if darDecoyIPAddr.To4() == nil {
-		t.Fatal("No IPv4 address Selected")
-	}
-
-	seed = []byte{
-		0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
-		0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF,
-	}
-
-	phantomIPAddr4, phantomIPAddr6, err := SelectPhantom(seed, v4)
-	if err != nil || phantomIPAddr4 == nil {
-		t.Fatalf("Failed to select IP address (support: v4): %v", err)
-	} else if phantomIPAddr6 != nil {
-		t.Fatalf("Chose v6 address when v4 specified")
-	} else if phantomIPAddr4.String() != "141.219.19.101" {
-		t.Fatalf("Incorrect Address chosen: %v", phantomIPAddr4.String())
-	}
-}
-
-func TestSelectIpv6(t *testing.T) {
-
-	_ddIPSelector, err := newDDIpSelector([]string{"192.122.190.0/24", "2001:48a8:687f:1::/64"}, true)
-	if err != nil {
-		t.Fatal("Failed IP selector initialization ", err)
-	}
-
-	for _, _net := range _ddIPSelector.nets {
-		if _net.IP.To16() == nil && _net.IP.To4() == nil {
-			t.Fatal("Encountered Unknown Network block")
-		}
-	}
-
-	seed := make([]byte, 16)
-	_, err = rand.Read(seed)
-	if err != nil {
-		t.Fatalf("Crypto/Rand error -- %s\n", err)
-	}
-
-	_, err = _ddIPSelector.selectIpAddr(seed)
-	if err != nil {
-		t.Fatalf("Error selecting decoy address -- %s\n", err)
-	}
-
-	seed = []byte{
-		0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
-		0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF,
-	}
-
-	phantomIPAddr4, phantomIPAddr6, err := SelectPhantom(seed, v6)
-	if err != nil || phantomIPAddr6 == nil || phantomIPAddr4 != nil {
-		t.Fatalf("Failed to select IP address (support: v6): %v", err)
-	} else if phantomIPAddr4 != nil {
-		t.Fatalf("Chose v4 address when v6 specified")
-	} else if phantomIPAddr6.String() != "2001:48a8:687f:1:305:709:b11:2024" {
-		t.Fatalf("Incorrect Address chosen: %s", phantomIPAddr6.String())
-	}
-}
-
 func TestSelectBoth(t *testing.T) {
 	seed := []byte{
 		0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
@@ -103,9 +21,9 @@ func TestSelectBoth(t *testing.T) {
 		t.Fatalf("Failed to select IPv4 address (support: both): %v", err)
 	} else if phantomIPAddr6 == nil {
 		t.Fatalf("Failed to select IPv6 address (support: both): %v", err)
-	} else if phantomIPAddr6.String() != "2001:48a8:687f:1:305:709:b11:2024" {
+	} else if phantomIPAddr6.String() != "2001:48a8:687f:1:41d3:ff12:45b:73c8" {
 		t.Fatalf("Incorrect Address chosen: %s", phantomIPAddr6.String())
-	} else if phantomIPAddr4.String() != "141.219.19.101" {
+	} else if phantomIPAddr4.String() != "192.122.190.194" {
 		t.Fatalf("Incorrect Address chosen: %v", phantomIPAddr4.String())
 	}
 }