├── .conan
    ├── profiles
    │   ├── windows
    │   ├── macos
    │   ├── freebsd
    │   ├── ios
    │   ├── linux
    │   └── boost
    ├── scripts
    │   ├── latest.lock
    │   ├── conan.sh
    │   ├── export.sh
    │   └── path.sh
    └── recipes
    │   ├── libmaxminddb
    │       ├── conandata.yml
    │       └── conanfile.py
    │   └── boringssl
    │       ├── conandata.yml
    │       └── conanfile.py
├── schemas
    └── examples
    │   ├── egress
    │       ├── direct.json
    │       ├── reject.json
    │       ├── socks5.json
    │       ├── reject-drop.json
    │       ├── http.json
    │       ├── https.json
    │       ├── socks5s.json
    │       ├── ss.json
    │       ├── vmess.json
    │       ├── trojan.json
    │       ├── https-with-auth.json
    │       ├── socks5-with-auth.json
    │       ├── trojan-with-ws.json
    │       └── vmess-with-tls-ws.json
    │   └── ingress
    │       ├── transparent.json
    │       ├── http.json
    │       ├── socks5.json
    │       ├── ss.json
    │       ├── tunnel.json
    │       ├── vmess.json
    │       ├── https.json
    │       ├── socks5s.json
    │       ├── trojan.json
    │       ├── vmess-with-tls-ws.json
    │       ├── https-with-auth.json
    │       ├── socks5s-with-auth.json
    │       └── trojan-with-ws.json
├── images
    ├── tip.png
    ├── overview.png
    ├── use_case_0.png
    ├── use_case_1.png
    ├── use_case_2.png
    └── use_case_3.png
├── test
    ├── geo.mmdb
    ├── utils.cpp
    ├── utils.hpp
    ├── CMakeLists.txt
    ├── vo.hpp
    ├── base64.cpp
    ├── keys.cpp
    ├── balancer.cpp
    └── method.cpp
├── cmake
    ├── test
    │   ├── sodium-type.c
    │   ├── P0702R1.cpp
    │   ├── boost-test-type.cpp
    │   ├── maxminddb-version.cpp
    │   └── brotli-version.cpp
    ├── AddFoundTarget.cmake
    ├── FindBoringSSL.cmake
    ├── GetLibraryDirectories.cmake
    ├── FindBrotli.cmake
    ├── FindMaxmindDB.cmake
    ├── Findlibsodium.cmake
    ├── FindMbedTLS.cmake
    ├── FindRapidJSON.cmake
    ├── Configure.cmake
    └── HandleDependencies.cmake
├── .gitattributes
├── server
    ├── pichi.json.default
    ├── CMakeLists.txt
    └── main.cpp
├── .github
    └── workflows
    │   ├── macos.yml
    │   ├── linux.yml
    │   ├── windows.yml
    │   ├── ios.yml
    │   ├── android.yml
    │   ├── conan.yml
    │   └── docker.yml
├── include
    ├── pichi
    │   ├── common
    │   │   ├── constants.hpp
    │   │   ├── uri.hpp
    │   │   ├── error.hpp
    │   │   ├── asserts.hpp
    │   │   ├── literals.hpp
    │   │   ├── adapter.hpp
    │   │   ├── endpoint.hpp
    │   │   ├── enumerations.hpp
    │   │   ├── config.hpp.in
    │   │   └── buffer.hpp
    │   ├── crypto
    │   │   ├── key.hpp
    │   │   ├── fingerprint.hpp
    │   │   ├── base64.hpp
    │   │   ├── brotli.hpp
    │   │   ├── aead.hpp
    │   │   └── stream.hpp
    │   ├── vo
    │   │   ├── error.hpp
    │   │   ├── route.hpp
    │   │   ├── rule.hpp
    │   │   ├── egress.hpp
    │   │   ├── ingress.hpp
    │   │   ├── parse.hpp
    │   │   ├── credential.hpp
    │   │   ├── to_json.hpp
    │   │   ├── options.hpp
    │   │   ├── iterator.hpp
    │   │   └── messages.hpp
    │   ├── stream
    │   │   ├── traits.hpp
    │   │   ├── tls.hpp
    │   │   └── test.hpp
    │   ├── net
    │   │   ├── adapter.hpp
    │   │   ├── direct.hpp
    │   │   ├── reject.hpp
    │   │   ├── transparent.hpp
    │   │   ├── spawn.hpp
    │   │   ├── ssstream.hpp
    │   │   ├── tunnel.hpp
    │   │   ├── ssaead.hpp
    │   │   ├── socks5.hpp
    │   │   ├── trojan.hpp
    │   │   └── http.hpp
    │   └── api
    │   │   ├── egress_manager.hpp
    │   │   ├── ingress_holder.hpp
    │   │   ├── rest.hpp
    │   │   ├── session.hpp
    │   │   ├── ingress_manager.hpp
    │   │   ├── balancer.hpp
    │   │   ├── server.hpp
    │   │   └── router.hpp
    └── pichi.h
├── .gitignore
├── src
    ├── vo
    │   ├── error.cpp
    │   ├── route.cpp
    │   └── rule.cpp
    ├── pichi.cpp
    ├── net
    │   ├── direct.cpp
    │   ├── spawn.cpp
    │   ├── reject.cpp
    │   └── tunnel.cpp
    ├── api
    │   ├── egress_manager.cpp
    │   ├── ingress_holder.cpp
    │   ├── ingress_manager.cpp
    │   ├── session.cpp
    │   └── balancer.cpp
    ├── common
    │   ├── asserts.cpp
    │   ├── uri.cpp
    │   └── error.cpp
    ├── crypto
    │   ├── brotli.cpp
    │   ├── fingerprint.cpp
    │   ├── key.cpp
    │   ├── base64.cpp
    │   └── hash.cpp
    └── CMakeLists.txt
├── docker
    └── pichi.dockerfile
├── LICENSE
├── CMakeLists.txt
└── conanfile.py


/.conan/profiles/windows:
--------------------------------------------------------------------------------
1 | include(default)
2 | include(boost)
3 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/direct.json:
--------------------------------------------------------------------------------
1 | {
2 |   "type": "direct"
3 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/reject.json:
--------------------------------------------------------------------------------
1 | {
2 |   "type": "reject"
3 | }


--------------------------------------------------------------------------------
/images/tip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/images/tip.png


--------------------------------------------------------------------------------
/test/geo.mmdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/test/geo.mmdb


--------------------------------------------------------------------------------
/images/overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/images/overview.png


--------------------------------------------------------------------------------
/cmake/test/sodium-type.c:
--------------------------------------------------------------------------------
1 | #include <sodium.h>
2 | 
3 | int main(void) { return sodium_init(); }
4 | 


--------------------------------------------------------------------------------
/images/use_case_0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/images/use_case_0.png


--------------------------------------------------------------------------------
/images/use_case_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/images/use_case_1.png


--------------------------------------------------------------------------------
/images/use_case_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/images/use_case_2.png


--------------------------------------------------------------------------------
/images/use_case_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pichi-router/pichi/HEAD/images/use_case_3.png


--------------------------------------------------------------------------------
/.conan/profiles/macos:
--------------------------------------------------------------------------------
1 | include(default)
2 | include(boost)
3 | 
4 | [options]
5 | pichi/*:transparent=pf
6 | 


--------------------------------------------------------------------------------
/.conan/profiles/freebsd:
--------------------------------------------------------------------------------
1 | include(default)
2 | include(boost)
3 | 
4 | [options]
5 | b2/*:toolset=clang
6 | pichi/*:transparent=pf
7 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/socks5.json:
--------------------------------------------------------------------------------
1 | {
2 |   "type": "socks5",
3 |   "server": {
4 |     "host": "::1",
5 |     "port": 3128
6 |   }
7 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/reject-drop.json:
--------------------------------------------------------------------------------
1 | {
2 |   "type": "reject",
3 |   "reject": {
4 |     "mode": "fixed",
5 |     "delay": 300
6 |   }
7 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/http.json:
--------------------------------------------------------------------------------
1 | {
2 |   "type": "http",
3 |   "server": {
4 |     "host": "proxy.example.com",
5 |     "port": 3128
6 |   }
7 | }


--------------------------------------------------------------------------------
/cmake/test/P0702R1.cpp:
--------------------------------------------------------------------------------
1 | #include <array>
2 | 
3 | int main(int argc, char* argv[])
4 | {
5 |   auto a = std::array{0, 1};
6 |   return a[0];
7 | }
8 | 


--------------------------------------------------------------------------------
/.conan/profiles/ios:
--------------------------------------------------------------------------------
1 | include(default)
2 | include(boost)
3 | 
4 | [settings]
5 | 
6 | [options]
7 | pichi/*:build_test=False
8 | pichi/*:build_server=False
9 | 


--------------------------------------------------------------------------------
/.conan/profiles/linux:
--------------------------------------------------------------------------------
1 | include(default)
2 | include(boost)
3 | 
4 | [settings]
5 | compiler.libcxx=libstdc++11
6 | 
7 | [options]
8 | pichi/*:transparent=iptables
9 | 


--------------------------------------------------------------------------------
/schemas/examples/ingress/transparent.json:
--------------------------------------------------------------------------------
1 | {
2 |   "type": "transparent",
3 |   "bind": [
4 |     {
5 |       "host": "::",
6 |       "port": 1001
7 |     }
8 |   ]
9 | }


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | * text=auto
 2 | 
 3 | *.cmake text
 4 | *.cpp text
 5 | *.h.in text
 6 | *.h text
 7 | *.hpp text
 8 | *.sh text eol=lf
 9 | *.mmdb binary
10 | *.png binary
11 | 


--------------------------------------------------------------------------------
/cmake/test/boost-test-type.cpp:
--------------------------------------------------------------------------------
1 | #define BOOST_TEST_MODULE Check Boost_Test Type
2 | #include <boost/test/unit_test.hpp>
3 | 
4 | BOOST_AUTO_TEST_SUITE(Check)
5 | BOOST_AUTO_TEST_SUITE_END()
6 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/https.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "http",
 3 |   "server": {
 4 |     "host": "::1",
 5 |     "port": 3128
 6 |   },
 7 |   "tls": {
 8 |     "insecure": true
 9 |   }
10 | }


--------------------------------------------------------------------------------
/cmake/test/maxminddb-version.cpp:
--------------------------------------------------------------------------------
1 | #include <iostream>
2 | #include <maxminddb.h>
3 | 
4 | int main(int, char**)
5 | {
6 |   std::cout << MMDB_lib_version() << std::endl;
7 |   return 0;
8 | }
9 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/socks5s.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "socks5",
 3 |   "server": {
 4 |     "host": "::1",
 5 |     "port": 3128
 6 |   },
 7 |   "tls": {
 8 |     "insecure": true
 9 |   }
10 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/http.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "http",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::1",
 6 |       "port": 3128
 7 |     },
 8 |     {
 9 |       "host": "127.0.0.1",
10 |       "port": 3128
11 |     }
12 |   ]
13 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/socks5.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "socks5",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::1",
 6 |       "port": 1080
 7 |     },
 8 |     {
 9 |       "host": "127.0.0.1",
10 |       "port": 1080
11 |     }
12 |   ]
13 | }


--------------------------------------------------------------------------------
/server/pichi.json.default:
--------------------------------------------------------------------------------
 1 | {
 2 |   "ingresses": {},
 3 |   "egresses": {
 4 |     "direct": {
 5 |       "type": "direct"
 6 |     }
 7 |   },
 8 |   "rules": {},
 9 |   "route": {
10 |     "default": "direct",
11 |     "rules": []
12 |   }
13 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/ss.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "ss",
 3 |   "server": {
 4 |     "host": "ss.example.com",
 5 |     "port": 8388
 6 |   },
 7 |   "option": {
 8 |     "password": "shadowsocks password",
 9 |     "method": "rc4-md5"
10 |   }
11 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/vmess.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "vmess",
 3 |   "server": {
 4 |     "host": "vmess.example.com",
 5 |     "port": 443
 6 |   },
 7 |   "credential": {
 8 |     "uuid": "22d1d4eb-3619-48fd-ae74-bfef06ac5c3d",
 9 |     "alter_id": 64
10 |   }
11 | }


--------------------------------------------------------------------------------
/.github/workflows/macos.yml:
--------------------------------------------------------------------------------
 1 | name: macOS
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |       - develop
 8 | 
 9 | jobs:
10 |   macos:
11 |     uses: ./.github/workflows/conan.yml
12 |     with:
13 |       image: macos-14
14 |       os: macos
15 | 


--------------------------------------------------------------------------------
/.github/workflows/linux.yml:
--------------------------------------------------------------------------------
 1 | name: Linux
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |       - develop
 8 | 
 9 | jobs:
10 |   linux:
11 |     uses: ./.github/workflows/conan.yml
12 |     with:
13 |       image: ubuntu-22.04
14 |       os: linux
15 | 


--------------------------------------------------------------------------------
/.github/workflows/windows.yml:
--------------------------------------------------------------------------------
 1 | name: Windows
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |       - develop
 8 | 
 9 | jobs:
10 |   windows:
11 |     uses: ./.github/workflows/conan.yml
12 |     with:
13 |       image: windows-2022
14 |       os: windows
15 | 


--------------------------------------------------------------------------------
/cmake/test/brotli-version.cpp:
--------------------------------------------------------------------------------
1 | #include <brotli/decode.h>
2 | #include <iostream>
3 | 
4 | int main(int, char**)
5 | {
6 |   auto version = BrotliDecoderVersion();
7 |   std::cout << (version >> 24) << "." << ((version >> 12) & 0xfff) << "." << (version & 0xfff);
8 |   return 0;
9 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/trojan.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "trojan",
 3 |   "server": {
 4 |     "host": "trojan.example.com",
 5 |     "port": 443
 6 |   },
 7 |   "credential": {
 8 |     "password": "trojan password"
 9 |   },
10 |   "tls": {
11 |     "insecure": true
12 |   }
13 | }


--------------------------------------------------------------------------------
/.github/workflows/ios.yml:
--------------------------------------------------------------------------------
 1 | name: iOS
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |       - develop
 8 | 
 9 | jobs:
10 |   macos:
11 |     uses: ./.github/workflows/conan.yml
12 |     with:
13 |       image: macos-14
14 |       os: ios
15 |       args: -a armv8 -v 17.0
16 | 


--------------------------------------------------------------------------------
/include/pichi/common/constants.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_CONSTANTS_HPP
 2 | #define PICHI_COMMON_CONSTANTS_HPP
 3 | 
 4 | #include <stdint.h>
 5 | 
 6 | namespace pichi {
 7 | 
 8 | size_t const MAX_FRAME_SIZE = 0x3fff;
 9 | 
10 | }  // namespace pichi
11 | 
12 | #endif  // PICHI_COMMON_CONSTANTS_HPP
13 | 


--------------------------------------------------------------------------------
/.github/workflows/android.yml:
--------------------------------------------------------------------------------
 1 | name: Android
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |       - develop
 8 | 
 9 | jobs:
10 |   android:
11 |     uses: ./.github/workflows/conan.yml
12 |     with:
13 |       image: ubuntu-22.04
14 |       os: android
15 |       args: -r android-ndk/r27c -l 35 -a armv8
16 | 


--------------------------------------------------------------------------------
/.conan/scripts/latest.lock:
--------------------------------------------------------------------------------
 1 | {
 2 |   "version": "0.5",
 3 |   "requires": [
 4 |     "boost/1.85.0",
 5 |     "boringssl/32",
 6 |     "brotli/1.1.0",
 7 |     "libmaxminddb/1.10.0",
 8 |     "libsodium/1.0.20",
 9 |     "mbedtls/3.6.2",
10 |     "rapidjson/1.1.0",
11 |     "openssl/3.3.2"
12 |   ],
13 |   "python_requires": []
14 | }
15 | 


--------------------------------------------------------------------------------
/schemas/examples/ingress/ss.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "ss",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::",
 6 |       "port": 8388
 7 |     },
 8 |     {
 9 |       "host": "0.0.0.0",
10 |       "port": 8388
11 |     }
12 |   ],
13 |   "option": {
14 |     "method": "xchacha20-ietf-poly1305",
15 |     "password": "shadowsocks password"
16 |   }
17 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/tunnel.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "tunnel",
 3 |   "tunnel": {
 4 |     "destinations": [
 5 |       {
 6 |         "host": "tunnel0.example.com",
 7 |         "port": 853
 8 |       },
 9 |       {
10 |         "host": "tunnel1.example.com",
11 |         "port": 853
12 |       }
13 |     ],
14 |     "balance": "random"
15 |   }
16 | }


--------------------------------------------------------------------------------
/cmake/AddFoundTarget.cmake:
--------------------------------------------------------------------------------
 1 | macro(_add_found_target target inc lib)
 2 |   if(NOT TARGET ${target})
 3 |     add_library(${target} UNKNOWN IMPORTED)
 4 |     set_target_properties(${target} PROPERTIES
 5 |       INTERFACE_INCLUDE_DIRECTORIES "${inc}"
 6 |       IMPORTED_LINK_INTERFACE_LANGUAGES "C"
 7 |       IMPORTED_LOCATION "${lib}")
 8 |   endif()
 9 | endmacro()
10 | 


--------------------------------------------------------------------------------
/schemas/examples/ingress/vmess.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "vmess",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::",
 6 |       "port": 443
 7 |     }
 8 |   ],
 9 |   "credentials": [
10 |     {
11 |       "uuid": "fa314a7b-a26b-42ee-8b94-6ac4ca5ae895"
12 |     },
13 |     {
14 |       "uuid": "67f05624-28b4-4470-b6dd-a5802cdb80dc",
15 |       "alter_id": 64
16 |     }
17 |   ]
18 | }


--------------------------------------------------------------------------------
/schemas/examples/egress/https-with-auth.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "http",
 3 |   "server": {
 4 |     "host": "::1",
 5 |     "port": 3128
 6 |   },
 7 |   "credential": {
 8 |     "username": "http_proxy_user_000",
 9 |     "password": "http_proxy_pass_000"
10 |   },
11 |   "tls": {
12 |     "insecure": false,
13 |     "server_name": "example.com",
14 |     "sni": "www.example.com"
15 |   }
16 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/https.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "http",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::1",
 6 |       "port": 3128
 7 |     },
 8 |     {
 9 |       "host": "127.0.0.1",
10 |       "port": 3128
11 |     }
12 |   ],
13 |   "tls": {
14 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
15 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
16 |   }
17 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/socks5s.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "socks5",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::1",
 6 |       "port": 1080
 7 |     },
 8 |     {
 9 |       "host": "127.0.0.1",
10 |       "port": 1080
11 |     }
12 |   ],
13 |   "tls": {
14 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
15 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
16 |   }
17 | }


--------------------------------------------------------------------------------
/include/pichi/crypto/key.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CRYPTO_KEY_HPP
 2 | #define PICHI_CRYPTO_KEY_HPP
 3 | 
 4 | #include <pichi/common/buffer.hpp>
 5 | #include <pichi/crypto/method.hpp>
 6 | #include <span>
 7 | #include <stdint.h>
 8 | 
 9 | namespace pichi::crypto {
10 | 
11 | extern size_t generateKey(CryptoMethod, ConstBuffer, MutableBuffer);
12 | 
13 | }  // namespace pichi::crypto
14 | 
15 | #endif  // PICHI_CRYPTO_KEY_HPP
16 | 


--------------------------------------------------------------------------------
/include/pichi/vo/error.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_ERROR_HPP
 2 | #define PICHI_VO_ERROR_HPP
 3 | 
 4 | #include <rapidjson/document.h>
 5 | #include <string_view>
 6 | 
 7 | namespace pichi::vo {
 8 | 
 9 | struct Error {
10 |   std::string_view message_;
11 | };
12 | 
13 | extern rapidjson::Value toJson(Error const&, rapidjson::Document::AllocatorType&);
14 | 
15 | }  // namespace pichi::vo
16 | 
17 | #endif  // PICHI_VO_ERROR_HPP
18 | 


--------------------------------------------------------------------------------
/include/pichi/crypto/fingerprint.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CRYPTO_FINGERPRINT_HPP
 2 | #define PICHI_CRYPTO_FINGERPRINT_HPP
 3 | 
 4 | #include <openssl/conf.h>
 5 | 
 6 | namespace pichi::crypto {
 7 | 
 8 | extern void enableBrotliCompression(::SSL_CTX*);
 9 | extern void setupTlsFingerprint(::SSL_CTX*);
10 | extern void setupTlsFingerprint(::SSL*);
11 | 
12 | }  // namespace pichi::crypto
13 | 
14 | #endif  // PICHI_CRYPTO_FINGERPRINT_HPP
15 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/socks5-with-auth.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "socks5",
 3 |   "server": {
 4 |     "host": "::1",
 5 |     "port": 3128
 6 |   },
 7 |   "credential": {
 8 |     "username": "socks5_proxy_user_000",
 9 |     "password": "socks5_proxy_pass_000"
10 |   },
11 |   "tls": {
12 |     "insecure": false,
13 |     "ca_file": "/etc/cert/rootCA.pem",
14 |     "server_name": "example.com",
15 |     "sni": "www.example.com"
16 |   }
17 | }


--------------------------------------------------------------------------------
/include/pichi/crypto/base64.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CRYPTO_BASE64_HPP
 2 | #define PICHI_CRYPTO_BASE64_HPP
 3 | 
 4 | #include <pichi/common/enumerations.hpp>
 5 | #include <string_view>
 6 | 
 7 | namespace pichi::crypto {
 8 | 
 9 | extern std::string base64Encode(std::string_view);
10 | extern std::string base64Decode(std::string_view, PichiError = PichiError::MISC);
11 | 
12 | }  // namespace pichi::crypto
13 | 
14 | #endif  // PICHI_CRYPTO_BASE64_HPP
15 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Compiled Object files
 2 | *.slo
 3 | *.lo
 4 | *.o
 5 | 
 6 | # Compiled Dynamic libraries
 7 | *.so
 8 | *.dylib
 9 | 
10 | # Compiled Static libraries
11 | *.lai
12 | *.la
13 | *.a
14 | 
15 | # Temporary files for editors
16 | .#*
17 | .*.swp
18 | 
19 | # Editors
20 | .clang-format
21 | build/
22 | .vscode/
23 | .clang_complete
24 | 
25 | # CMake
26 | CMakePresets.json
27 | CMakeUserPresets.json
28 | 
29 | # Extensions
30 | .devcontainer/
31 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/trojan-with-ws.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "trojan",
 3 |   "server": {
 4 |     "host": "trojan.example.com",
 5 |     "port": 443
 6 |   },
 7 |   "credential": {
 8 |     "password": "trojan password"
 9 |   },
10 |   "tls": {
11 |     "insecure": false,
12 |     "ca_file": "/etc/cert/rootCA.pem",
13 |     "server_name": "example.com",
14 |     "sni": "www.example.com"
15 |   },
16 |   "websocket": {
17 |     "path": "/encryption"
18 |   }
19 | }


--------------------------------------------------------------------------------
/server/CMakeLists.txt:
--------------------------------------------------------------------------------
 1 | set(SERVER pichi)
 2 | 
 3 | add_executable(${SERVER} main.cpp run.cpp)
 4 | 
 5 | target_link_libraries(${SERVER} PRIVATE ${PICHI_LIBRARY}
 6 |   ${COMMON_LIBRARIES} Boost::program_options Boost::filesystem)
 7 | set_target_properties(${SERVER} PROPERTIES
 8 |   INSTALL_RPATH ${INSTALL_RPATH}
 9 |   MSVC_RUNTIME_LIBRARY ${MSVC_CRT}
10 |   INSTALL_RPATH_USE_LINK_PATH TRUE)
11 | install(TARGETS ${SERVER} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
12 | 


--------------------------------------------------------------------------------
/include/pichi/crypto/brotli.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CRYPTO_FINGERPRINT_HPP
 2 | #define PICHI_CRYPTO_FINGERPRINT_HPP
 3 | 
 4 | #include <openssl/conf.h>
 5 | 
 6 | namespace pichi::crypto {
 7 | 
 8 | template <typename CBB> int brotliCompress(SSL*, CBB*, uint8_t const*, size_t);
 9 | template <typename CRYPTO_BUFFER>
10 | int brotliDecompress(SSL*, CRYPTO_BUFFER**, size_t, uint8_t const*, size_t);
11 | 
12 | }  // namespace pichi::crypto
13 | 
14 | #endif  // PICHI_CRYPTO_FINGERPRINT_HPP
15 | 


--------------------------------------------------------------------------------
/schemas/examples/egress/vmess-with-tls-ws.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "vmess",
 3 |   "server": {
 4 |     "host": "vmess.example.com",
 5 |     "port": 443
 6 |   },
 7 |   "credential": {
 8 |     "uuid": "22d1d4eb-3619-48fd-ae74-bfef06ac5c3d",
 9 |     "alter_id": 64,
10 |     "security": "auto"
11 |   },
12 |   "tls": {
13 |     "insecure": false,
14 |     "ca_file": "/etc/cert/rootCA.pem",
15 |     "server_name": "example.com",
16 |     "sni": "www.example.com"
17 |   },
18 |   "websocket": {
19 |     "path": "/encryption"
20 |   }
21 | }


--------------------------------------------------------------------------------
/include/pichi/stream/traits.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_STREAM_TRAITS_HPP
 2 | #define PICHI_STREAM_TRAITS_HPP
 3 | 
 4 | namespace pichi::stream {
 5 | 
 6 | template <typename Stream> struct AsyncStream : public std::true_type {
 7 | };
 8 | 
 9 | template <typename Stream> struct RawStream : public std::true_type {
10 | };
11 | 
12 | template <typename Stream> inline constexpr bool IsRawStream = RawStream<Stream>::value;
13 | template <typename Stream> inline constexpr bool IsAsyncStream = AsyncStream<Stream>::value;
14 | 
15 | }  // namespace pichi::stream
16 | 
17 | #endif  // PICHI_STREAM_TRAITS_HPP
18 | 


--------------------------------------------------------------------------------
/include/pichi.h:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_H
 2 | #define PICHI_H
 3 | 
 4 | #include <stdint.h>
 5 | 
 6 | #ifdef __cplusplus
 7 | extern "C" {
 8 | #endif // __cplusplus
 9 | 
10 | /*
11 |  * Start PICHI server according to
12 |  *   - bind: server listening address, NOT NULL,
13 |  *   - port: server listening port,
14 |  *   - mmdb: IP GEO database, MMDB format, NOT NULL.
15 |  * The function doesn't return if no error occurs, otherwise -1.
16 |  */
17 | extern int pichi_run_server(char const* bind, uint16_t port, char const* mmdb);
18 | 
19 | #ifdef __cplusplus
20 | }
21 | #endif // __cplusplus
22 | 
23 | #endif // PICHI_H
24 | 


--------------------------------------------------------------------------------
/schemas/examples/ingress/trojan.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "trojan",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::",
 6 |       "port": 443
 7 |     },
 8 |     {
 9 |       "host": "0.0.0.0",
10 |       "port": 443
11 |     }
12 |   ],
13 |   "trojan": {
14 |     "remote": {
15 |       "host": "fake.example.com",
16 |       "port": 443
17 |     }
18 |   },
19 |   "credentials": [
20 |     {
21 |       "password": "trojan password"
22 |     }
23 |   ],
24 |   "tls": {
25 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
26 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
27 |   }
28 | }


--------------------------------------------------------------------------------
/include/pichi/vo/route.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_ROUTE_HPP
 2 | #define PICHI_VO_ROUTE_HPP
 3 | 
 4 | #include <optional>
 5 | #include <rapidjson/document.h>
 6 | #include <string>
 7 | #include <utility>
 8 | #include <vector>
 9 | 
10 | namespace pichi::vo {
11 | 
12 | struct Route {
13 |   std::optional<std::string> default_ = {};
14 |   std::vector<std::pair<std::vector<std::string>, std::string>> rules_ = {};
15 | };
16 | 
17 | extern rapidjson::Value toJson(Route const&, rapidjson::Document::AllocatorType&);
18 | 
19 | extern bool operator==(Route const&, Route const&);
20 | 
21 | }  // namespace pichi::vo
22 | 
23 | #endif  // PICHI_VO_ROUTE_HPP
24 | 


--------------------------------------------------------------------------------
/schemas/examples/ingress/vmess-with-tls-ws.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "vmess",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::",
 6 |       "port": 443
 7 |     }
 8 |   ],
 9 |   "credentials": [
10 |     {
11 |       "uuid": "fa314a7b-a26b-42ee-8b94-6ac4ca5ae895"
12 |     },
13 |     {
14 |       "uuid": "67f05624-28b4-4470-b6dd-a5802cdb80dc",
15 |       "alter_id": 64
16 |     }
17 |   ],
18 |   "tls": {
19 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
20 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
21 |   },
22 |   "websocket": {
23 |     "path": "/encryption",
24 |     "host": "example.com"
25 |   }
26 | }


--------------------------------------------------------------------------------
/include/pichi/common/uri.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_URI_HPP
 2 | #define PICHI_COMMON_URI_HPP
 3 | 
 4 | #include <string_view>
 5 | 
 6 | namespace pichi {
 7 | 
 8 | struct Uri {
 9 |   Uri(std::string_view);
10 | 
11 |   std::string_view all_;
12 |   std::string_view scheme_;
13 |   std::string_view host_;
14 |   std::string_view port_;
15 |   std::string_view suffix_;
16 |   std::string_view path_;
17 |   std::string_view query_;
18 | };
19 | 
20 | struct HostAndPort {
21 |   HostAndPort(std::string_view);
22 | 
23 |   std::string_view host_;
24 |   std::string_view port_;
25 | };
26 | 
27 | }  // namespace pichi
28 | 
29 | #endif  // PICHI_COMMON_URI_HPP
30 | 


--------------------------------------------------------------------------------
/schemas/examples/ingress/https-with-auth.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "http",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::1",
 6 |       "port": 3128
 7 |     },
 8 |     {
 9 |       "host": "127.0.0.1",
10 |       "port": 3128
11 |     }
12 |   ],
13 |   "credentials": [
14 |     {
15 |       "username": "http_proxy_user_000",
16 |       "password": "http_proxy_pass_000"
17 |     },
18 |     {
19 |       "username": "http_proxy_user_001",
20 |       "password": "http_proxy_pass_001"
21 |     }
22 |   ],
23 |   "tls": {
24 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
25 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
26 |   }
27 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/socks5s-with-auth.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "socks5",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::1",
 6 |       "port": 1080
 7 |     },
 8 |     {
 9 |       "host": "127.0.0.1",
10 |       "port": 1080
11 |     }
12 |   ],
13 |   "credentials": [
14 |     {
15 |       "username": "socks5_proxy_user_000",
16 |       "password": "socks5_proxy_pass_000"
17 |     },
18 |     {
19 |       "username": "socks5_proxy_user_001",
20 |       "password": "socks5_proxy_pass_001"
21 |     }
22 |   ],
23 |   "tls": {
24 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
25 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
26 |   }
27 | }


--------------------------------------------------------------------------------
/schemas/examples/ingress/trojan-with-ws.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "type": "trojan",
 3 |   "bind": [
 4 |     {
 5 |       "host": "::",
 6 |       "port": 443
 7 |     },
 8 |     {
 9 |       "host": "0.0.0.0",
10 |       "port": 443
11 |     }
12 |   ],
13 |   "trojan": {
14 |     "remote": {
15 |       "host": "fake.example.com",
16 |       "port": 443
17 |     }
18 |   },
19 |   "credentials": [
20 |     {
21 |       "password": "trojan password"
22 |     }
23 |   ],
24 |   "tls": {
25 |     "key_file": "/etc/letsencrypt/live/example.com/privkey.pem",
26 |     "cert_file": "/etc/letsencrypt/live/example.com/fullchain.pem"
27 |   },
28 |   "websocket": {
29 |     "path": "/encryption",
30 |     "host": "example.com"
31 |   }
32 | }


--------------------------------------------------------------------------------
/.conan/scripts/conan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | usage()
 4 | {
 5 |   cat <<EOF
 6 | Usage:
 7 | conan.sh <sub command> [options]
 8 | available sub commands are:
 9 |   build : Build pichi with conan
10 |   export: Export recipe inside .conan/recipes
11 |   path  : Show the path to the conan cache for given options
12 | EOF
13 |   exit 1
14 | }
15 | 
16 | # Main
17 | if [ "$#" -lt 1 ]; then
18 |   usage
19 | fi
20 | 
21 | scripts="$(dirname ${0})"
22 | 
23 | case "${1}" in
24 |   build)
25 |     shift
26 |     "${scripts}/build.sh" "$@"
27 |     ;;
28 |   path)
29 |     shift
30 |     "${scripts}/path.sh" "$@"
31 |     ;;
32 |   export)
33 |     shift
34 |     "${scripts}/export.sh" "$@"
35 |     ;;
36 |   *) usage;;
37 | esac
38 | 


--------------------------------------------------------------------------------
/include/pichi/common/error.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_ERROR_HPP
 2 | #define PICHI_COMMON_ERROR_HPP
 3 | 
 4 | #include <boost/system/error_category.hpp>
 5 | #include <boost/system/error_code.hpp>
 6 | #include <pichi/common/enumerations.hpp>
 7 | #include <type_traits>
 8 | 
 9 | namespace boost::system {
10 | 
11 | template <> struct is_error_code_enum<pichi::PichiError> : public std::true_type {
12 | };
13 | 
14 | }  // namespace boost::system
15 | 
16 | namespace pichi {
17 | 
18 | extern boost::system::error_category const& PICHI_CATEGORY;
19 | extern boost::system::error_code make_error_code(PichiError);
20 | extern boost::system::error_code makeErrorCode(PichiError);
21 | 
22 | }  // namespace pichi
23 | 
24 | #endif  // PICHI_COMMON_ERROR_HPP
25 | 


--------------------------------------------------------------------------------
/.conan/profiles/boost:
--------------------------------------------------------------------------------
 1 | [options]
 2 | boost/*:asio_no_deprecated=True
 3 | boost/*:bzip2=False
 4 | boost/*:filesystem_no_deprecated=True
 5 | boost/*:system_no_deprecated=True
 6 | boost/*:without_contract=True
 7 | boost/*:without_coroutine=True
 8 | boost/*:without_fiber=True
 9 | boost/*:without_graph=True
10 | boost/*:without_graph_parallel=True
11 | boost/*:without_iostreams=True
12 | boost/*:without_locale=True
13 | boost/*:without_log=True
14 | boost/*:without_math=True
15 | boost/*:without_mpi=True
16 | boost/*:without_python=True
17 | boost/*:without_random=True
18 | boost/*:without_regex=True
19 | boost/*:without_stacktrace=True
20 | boost/*:without_timer=True
21 | boost/*:without_type_erasure=True
22 | boost/*:without_wave=True
23 | boost/*:zlib=False
24 | 


--------------------------------------------------------------------------------
/include/pichi/net/adapter.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_ADAPTER_HPP
 2 | #define PICHI_NET_ADAPTER_HPP
 3 | 
 4 | #include <boost/asio/io_context.hpp>
 5 | #include <boost/asio/ip/tcp.hpp>
 6 | #include <memory>
 7 | #include <pichi/common/adapter.hpp>
 8 | 
 9 | namespace pichi::vo {
10 | 
11 | struct Ingress;
12 | struct Egress;
13 | 
14 | }  // namespace pichi::vo
15 | 
16 | namespace pichi::api {
17 | 
18 | struct IngressHolder;
19 | 
20 | }  // namespace pichi::api
21 | 
22 | namespace pichi::net {
23 | 
24 | std::unique_ptr<Ingress> makeIngress(api::IngressHolder&, boost::asio::ip::tcp::socket&&);
25 | std::unique_ptr<Egress> makeEgress(vo::Egress const&, boost::asio::io_context&);
26 | 
27 | }  // namespace pichi::net
28 | 
29 | #endif  // PICHI_NET_ADAPTER_HPP
30 | 


--------------------------------------------------------------------------------
/src/vo/error.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <pichi/vo/error.hpp>
 4 | #include <pichi/vo/keys.hpp>
 5 | 
 6 | using namespace std;
 7 | namespace json = rapidjson;
 8 | using Allocator = json::Document::AllocatorType;
 9 | 
10 | namespace pichi::vo {
11 | 
12 | json::Value toJson(Error const& evo, Allocator& alloc)
13 | {
14 |   using StringRef = json::Value::StringRefType;
15 |   using SizeType = json::SizeType;
16 | 
17 |   auto error = json::Value{};
18 |   error.SetObject();
19 |   error.AddMember(error::MESSAGE,
20 |                   StringRef{evo.message_.data(), static_cast<SizeType>(evo.message_.size())},
21 |                   alloc);
22 |   return error;
23 | }
24 | 
25 | }  // namespace pichi::vo
26 | 


--------------------------------------------------------------------------------
/include/pichi/vo/rule.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_RULE_HPP
 2 | #define PICHI_VO_RULE_HPP
 3 | 
 4 | #include <pichi/common/enumerations.hpp>
 5 | #include <rapidjson/document.h>
 6 | #include <string>
 7 | #include <vector>
 8 | 
 9 | namespace pichi::vo {
10 | 
11 | struct Rule {
12 |   std::vector<std::string> range_ = {};
13 |   std::vector<std::string> ingress_ = {};
14 |   std::vector<AdapterType> type_ = {};
15 |   std::vector<std::string> pattern_ = {};
16 |   std::vector<std::string> domain_ = {};
17 |   std::vector<std::string> country_ = {};
18 | };
19 | 
20 | extern rapidjson::Value toJson(Rule const&, rapidjson::Document::AllocatorType&);
21 | 
22 | extern bool operator==(Rule const&, Rule const&);
23 | 
24 | }  // namespace pichi::vo
25 | 
26 | #endif  // PICHI_VO_RULE_HPP
27 | 


--------------------------------------------------------------------------------
/src/pichi.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/asio/io_context.hpp>
 4 | #include <iostream>
 5 | #include <pichi.h>
 6 | #include <pichi/api/server.hpp>
 7 | #include <pichi/common/asserts.hpp>
 8 | 
 9 | using namespace std;
10 | namespace api = pichi::api;
11 | namespace asio = boost::asio;
12 | 
13 | static asio::io_context io{1};
14 | 
15 | int pichi_run_server(char const* bind, uint16_t port, char const* mmdb)
16 | {
17 |   try {
18 |     pichi::assertFalse(bind == nullptr);
19 |     pichi::assertFalse(mmdb == nullptr);
20 |     auto server = api::Server{io, mmdb};
21 |     server.listen(bind, port);
22 |     io.run();
23 |     return 0;
24 |   }
25 |   catch (exception const& e) {
26 |     cout << "ERROR: " << e.what() << endl;
27 |     return -1;
28 |   }
29 | }
30 | 


--------------------------------------------------------------------------------
/include/pichi/net/direct.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_DIRECT_HPP
 2 | #define PICHI_NET_DIRECT_HPP
 3 | 
 4 | #include <boost/asio/ip/tcp.hpp>
 5 | #include <pichi/common/adapter.hpp>
 6 | 
 7 | namespace pichi::net {
 8 | 
 9 | class DirectAdapter : public Egress {
10 | private:
11 |   using Socket = boost::asio::ip::tcp::socket;
12 | 
13 | public:
14 |   DirectAdapter(boost::asio::io_context&);
15 |   ~DirectAdapter() override = default;
16 | 
17 | public:
18 |   size_t recv(MutableBuffer, Yield) override;
19 |   void send(ConstBuffer, Yield) override;
20 |   void close(Yield) override;
21 |   bool readable() const override;
22 |   bool writable() const override;
23 |   void connect(Endpoint const&, ResolveResults, Yield) override;
24 | 
25 | private:
26 |   Socket socket_;
27 | };
28 | 
29 | }  // namespace pichi::net
30 | 
31 | #endif  // PICHI_NET_DIRECT_HPP
32 | 


--------------------------------------------------------------------------------
/cmake/FindBoringSSL.cmake:
--------------------------------------------------------------------------------
 1 | find_package(OpenSSL QUIET)
 2 | 
 3 | if(OpenSSL_FOUND)
 4 |   find_file(OPENSSL_BASE_H openssl/base.h PATHS ${OPENSSL_INCLUDE_DIR} REQUIRED)
 5 |   file(STRINGS ${OPENSSL_BASE_H} VERSION_LINE REGEX "^#define BORINGSSL_API_VERSION [0-9]+$")
 6 | 
 7 |   if(VERSION_LINE)
 8 |     string(REGEX REPLACE "^#define BORINGSSL_API_VERSION ([0-9]+)$" "\\1" OPENSSL_VERSION ${VERSION_LINE})
 9 |     unset(VERSION_LINE)
10 |   endif()
11 | endif()
12 | 
13 | include(FindPackageHandleStandardArgs)
14 | find_package_handle_standard_args(BoringSSL
15 |   REQUIRED_VARS OPENSSL_SSL_LIBRARY OPENSSL_SSL_LIBRARIES
16 |   OPENSSL_CRYPTO_LIBRARY OPENSSL_CRYPTO_LIBRARIES
17 |   OPENSSL_INCLUDE_DIR OPENSSL_LIBRARIES
18 |   VERSION_VAR OPENSSL_VERSION
19 | )
20 | 
21 | add_library(BoringSSL::Crypto ALIAS OpenSSL::Crypto)
22 | add_library(BoringSSL::SSL ALIAS OpenSSL::SSL)
23 | 


--------------------------------------------------------------------------------
/test/utils.cpp:
--------------------------------------------------------------------------------
 1 | #include "utils.hpp"
 2 | #include <boost/asio/io_context.hpp>
 3 | #include <boost/test/unit_test.hpp>
 4 | #include <sodium/utils.h>
 5 | #include <string.h>
 6 | 
 7 | using namespace std;
 8 | 
 9 | namespace pichi::unit_test {
10 | 
11 | static boost::asio::io_context io;
12 | static boost::asio::detail::Pull* pPull = nullptr;
13 | static boost::asio::detail::Push* pPush = nullptr;
14 | static boost::asio::detail::YieldState* pState = nullptr;
15 | boost::asio::yield_context gYield = {io.get_executor(), *pState, *pPush, *pPull};
16 | 
17 | vector<uint8_t> str2vec(string_view s) { return {cbegin(s), cend(s)}; }
18 | 
19 | vector<uint8_t> hex2bin(string_view hex)
20 | {
21 |   auto v = vector<uint8_t>(hex.size() / 2, 0);
22 |   sodium_hex2bin(v.data(), v.size(), hex.data(), hex.size(), nullptr, nullptr, nullptr);
23 |   return v;
24 | }
25 | 
26 | }  // namespace pichi::unit_test
27 | 


--------------------------------------------------------------------------------
/include/pichi/api/egress_manager.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_EGRESS_MANAGER_HPP
 2 | #define PICHI_API_EGRESS_MANAGER_HPP
 3 | 
 4 | #include <map>
 5 | #include <pichi/common/enumerations.hpp>
 6 | #include <pichi/vo/egress.hpp>
 7 | #include <string>
 8 | #include <string_view>
 9 | 
10 | namespace pichi::api {
11 | 
12 | class EgressManager {
13 | public:
14 |   using VO = vo::Egress;
15 | 
16 | private:
17 |   using Container = std::map<std::string, VO, std::less<>>;
18 |   using ConstIterator = typename Container::const_iterator;
19 | 
20 | public:
21 |   EgressManager();
22 | 
23 |   void update(std::string const&, VO);
24 |   void erase(std::string_view);
25 | 
26 |   ConstIterator begin() const noexcept;
27 |   ConstIterator end() const noexcept;
28 |   ConstIterator find(std::string_view) const;
29 | 
30 | private:
31 |   Container c_;
32 | };
33 | 
34 | }  // namespace pichi::api
35 | 
36 | #endif  // PICHI_API_EGRESS_MANAGER_HPP
37 | 


--------------------------------------------------------------------------------
/include/pichi/net/reject.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_REJECT_HPP
 2 | #define PICHI_NET_REJECT_HPP
 3 | 
 4 | #include <boost/asio/system_timer.hpp>
 5 | #include <pichi/common/adapter.hpp>
 6 | 
 7 | namespace pichi::net {
 8 | 
 9 | class RejectEgress : public Egress {
10 | private:
11 |   using Timer = boost::asio::system_timer;
12 | 
13 | public:
14 |   explicit RejectEgress(boost::asio::io_context&);
15 |   explicit RejectEgress(boost::asio::io_context&, uint16_t);
16 |   ~RejectEgress() override = default;
17 | 
18 |   [[noreturn]] size_t recv(MutableBuffer, Yield) override;
19 |   [[noreturn]] void send(ConstBuffer, Yield) override;
20 |   void close(Yield) override;
21 |   [[noreturn]] bool readable() const override;
22 |   [[noreturn]] bool writable() const override;
23 |   void connect(Endpoint const& remote, ResolveResults next, Yield) override;
24 | 
25 | private:
26 |   Timer t_;
27 | };
28 | 
29 | }  // namespace pichi::net
30 | 
31 | #endif  // PICHI_NET_REJECT_HPP
32 | 


--------------------------------------------------------------------------------
/src/net/direct.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <pichi/net/direct.hpp>
 4 | #include <pichi/net/helper.hpp>
 5 | #include <utility>
 6 | 
 7 | using namespace std;
 8 | namespace asio = boost::asio;
 9 | 
10 | namespace pichi::net {
11 | 
12 | DirectAdapter::DirectAdapter(asio::io_context& io) : socket_{io} {}
13 | 
14 | size_t DirectAdapter::recv(MutableBuffer buf, Yield yield) { return readSome(socket_, buf, yield); }
15 | 
16 | void DirectAdapter::send(ConstBuffer buf, Yield yield) { write(socket_, buf, yield); }
17 | 
18 | void DirectAdapter::close(Yield yield) { pichi::net::close(socket_, yield); }
19 | 
20 | bool DirectAdapter::readable() const { return socket_.is_open(); }
21 | 
22 | bool DirectAdapter::writable() const { return socket_.is_open(); }
23 | 
24 | void DirectAdapter::connect(Endpoint const&, ResolveResults next, Yield yield)
25 | {
26 |   pichi::net::connect(next, socket_, yield);
27 | }
28 | 
29 | }  // namespace pichi::net
30 | 


--------------------------------------------------------------------------------
/docker/pichi.dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:3.20 AS Builder
 2 | 
 3 | ARG FINGERPRINT="false"
 4 | ARG VERSION=latest
 5 | ENV SRC=/tmp/pichi
 6 | 
 7 | RUN apk add --no-cache cmake g++ git go jq linux-headers make perl py3-pip
 8 | RUN pip install --break-system-packages conan
 9 | 
10 | RUN --mount="target=${SRC}" <<EOF
11 | arg="-o"
12 | if [ "${FINGERPRINT}" = "true" ]; then
13 |   arg=""
14 |   "${SRC}/.conan/scripts/conan.sh" export -k "${SRC}/.conan/scripts/latest.lock" boringssl
15 | fi
16 | "${SRC}/.conan/scripts/conan.sh" export -k "${SRC}/.conan/scripts/latest.lock" libmaxminddb
17 | "${SRC}/.conan/scripts/conan.sh" build -k "${SRC}/.conan/scripts/latest.lock" \
18 |   -fp linux "${arg}" "${VERSION}"
19 | cp -f $("${SRC}/.conan/scripts/conan.sh" path -p linux "${arg}" "${VERSION}")/bin/pichi /usr/bin
20 | strip -s /usr/bin/pichi
21 | EOF
22 | 
23 | FROM alpine:3.20
24 | 
25 | RUN apk add --no-cache ca-certificates libstdc++
26 | COPY --from=Builder /usr/bin/pichi /usr/bin
27 | ENTRYPOINT [ "/usr/bin/pichi" ]
28 | 


--------------------------------------------------------------------------------
/include/pichi/vo/egress.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_EGRESS_HPP
 2 | #define PICHI_VO_EGRESS_HPP
 3 | 
 4 | #include <optional>
 5 | #include <pichi/common/enumerations.hpp>
 6 | #include <pichi/vo/credential.hpp>
 7 | #include <pichi/vo/options.hpp>
 8 | #include <rapidjson/document.h>
 9 | #include <variant>
10 | 
11 | namespace pichi::vo {
12 | 
13 | struct Egress {
14 |   using Credential =
15 |       std::variant<UpEgressCredential, TrojanEgressCredential, VMessEgressCredential>;
16 |   using Option = std::variant<RejectOption, ShadowsocksOption>;
17 | 
18 |   AdapterType type_;
19 |   std::optional<Endpoint> server_;
20 |   std::optional<Credential> credential_;
21 |   std::optional<Option> opt_;
22 |   std::optional<TlsEgressOption> tls_;
23 |   std::optional<WebsocketOption> websocket_;
24 | };
25 | 
26 | extern rapidjson::Value toJson(Egress const&, rapidjson::Document::AllocatorType&);
27 | 
28 | extern bool operator==(Egress const&, Egress const&);
29 | 
30 | }  // namespace pichi::vo
31 | 
32 | #endif  // PICHI_VO_EGRESS_HPP
33 | 


--------------------------------------------------------------------------------
/src/api/egress_manager.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <iterator>
 4 | #include <pichi/api/egress_manager.hpp>
 5 | #include <pichi/common/asserts.hpp>
 6 | 
 7 | using namespace std;
 8 | 
 9 | namespace pichi::api {
10 | 
11 | static auto DEFAULT_EGRESS_NAME = "direct";
12 | 
13 | EgressManager::EgressManager() : c_{{DEFAULT_EGRESS_NAME, {}}}
14 | {
15 |   c_[DEFAULT_EGRESS_NAME].type_ = AdapterType::DIRECT;
16 | }
17 | 
18 | void EgressManager::update(string const& name, VO vo) { c_[name] = move(vo); }
19 | 
20 | void EgressManager::erase(string_view name)
21 | {
22 |   auto it = find(name);
23 |   if (it != end()) c_.erase(it);
24 | }
25 | 
26 | EgressManager::ConstIterator EgressManager::begin() const noexcept { return cbegin(c_); }
27 | 
28 | EgressManager::ConstIterator EgressManager::end() const noexcept { return cend(c_); }
29 | 
30 | EgressManager::ConstIterator EgressManager::find(string_view name) const { return c_.find(name); }
31 | 
32 | }  // namespace pichi::api
33 | 


--------------------------------------------------------------------------------
/src/net/spawn.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/beast/http/error.hpp>
 4 | #include <boost/beast/websocket/error.hpp>
 5 | #include <iostream>
 6 | #include <pichi/common/error.hpp>
 7 | #include <pichi/net/spawn.hpp>
 8 | 
 9 | using namespace std;
10 | namespace asio = boost::asio;
11 | namespace http = boost::beast::http;
12 | namespace sys = boost::system;
13 | namespace ws = boost::beast::websocket;
14 | 
15 | namespace pichi::net {
16 | 
17 | void logException(std::exception_ptr eptr) noexcept
18 | {
19 |   try {
20 |     if (eptr) rethrow_exception(eptr);
21 |   }
22 |   catch (sys::system_error& e) {
23 |     if (e.code() == asio::error::eof || e.code() == asio::error::operation_aborted ||
24 |         e.code() == http::error::end_of_stream || e.code() == ws::error::closed)
25 |       return;
26 |     cout << "ERROR: " << e.what() << endl;
27 |   }
28 | }
29 | 
30 | void stubHandler(std::exception_ptr, asio::yield_context) noexcept {}
31 | 
32 | }  // namespace pichi::net
33 | 


--------------------------------------------------------------------------------
/include/pichi/api/ingress_holder.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_INGRESS_HOLDER_HPP
 2 | #define PICHI_API_INGRESS_HOLDER_HPP
 3 | 
 4 | #include <any>
 5 | #include <boost/asio/ip/tcp.hpp>
 6 | #include <pichi/api/balancer.hpp>
 7 | #include <pichi/vo/ingress.hpp>
 8 | #include <vector>
 9 | 
10 | namespace boost::asio {
11 | 
12 | class io_context;
13 | 
14 | }  // namespace boost::asio
15 | 
16 | namespace pichi::api {
17 | 
18 | struct IngressHolder {
19 |   explicit IngressHolder(boost::asio::io_context&, vo::Ingress&&);
20 |   ~IngressHolder() = default;
21 | 
22 |   IngressHolder(IngressHolder const&) = delete;
23 |   IngressHolder(IngressHolder&&) = delete;
24 |   IngressHolder& operator=(IngressHolder const&) = delete;
25 |   IngressHolder& operator=(IngressHolder&&) = delete;
26 | 
27 |   void reset(boost::asio::io_context&, vo::Ingress&&);
28 | 
29 |   vo::Ingress vo_;
30 |   std::vector<boost::asio::ip::tcp::acceptor> acceptors_;
31 |   std::any data_;
32 | };
33 | 
34 | }  // namespace pichi::api
35 | 
36 | #endif  // PICHI_API_INGRESS_HOLDER_HPP
37 | 


--------------------------------------------------------------------------------
/include/pichi/common/asserts.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_ASSERTS_HPP
 2 | #define PICHI_COMMON_ASSERTS_HPP
 3 | 
 4 | #include <boost/system/error_code.hpp>
 5 | #include <pichi/common/enumerations.hpp>
 6 | #include <string_view>
 7 | 
 8 | namespace pichi {
 9 | 
10 | [[noreturn]] extern void fail(PichiError, std::string_view = "");
11 | 
12 | [[noreturn]] extern void fail(std::string_view = "");
13 | 
14 | extern void assertTrue(bool, PichiError e, std::string_view = "");
15 | 
16 | extern void assertTrue(bool, std::string_view = "");
17 | 
18 | extern void assertFalse(bool, PichiError e, std::string_view = "");
19 | 
20 | extern void assertFalse(bool, std::string_view = "");
21 | 
22 | extern void assertTrue(bool, boost::system::error_code const&);
23 | 
24 | // Assertions for system calls
25 | 
26 | [[noreturn]] extern void failWithErrno();
27 | 
28 | extern void assertSuccess(int);
29 | 
30 | template <typename T> void assertSuccess(T const* ptr)
31 | {
32 |   if (ptr == nullptr) failWithErrno();
33 | }
34 | 
35 | }  // namespace pichi
36 | 
37 | #endif  // PICHI_COMMON_ASSERTS_HPP
38 | 


--------------------------------------------------------------------------------
/include/pichi/api/rest.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_REST_HPP
 2 | #define PICHI_API_REST_HPP
 3 | 
 4 | #include <array>
 5 | #include <boost/beast/http/message.hpp>
 6 | #include <boost/beast/http/string_body.hpp>
 7 | #include <exception>
 8 | #include <functional>
 9 | #include <regex>
10 | #include <tuple>
11 | 
12 | namespace pichi::api {
13 | 
14 | class EgressManager;
15 | class IngressManager;
16 | class Router;
17 | 
18 | class Rest {
19 | public:
20 |   using HttpBody = boost::beast::http::string_body;
21 |   using Request = boost::beast::http::request<HttpBody>;
22 |   using Response = boost::beast::http::response<HttpBody>;
23 | 
24 |   explicit Rest(IngressManager&, EgressManager&, Router&);
25 |   Response handle(Request const&);
26 | 
27 |   static Response errorResponse(std::exception_ptr);
28 | 
29 | private:
30 |   using HttpHandler = std::function<Response(Request const&, std::cmatch const&)>;
31 |   using RouteItem = std::tuple<boost::beast::http::verb, std::regex, HttpHandler>;
32 | 
33 |   std::array<RouteItem, 18> apis_;
34 | };
35 | 
36 | } // namespace pichi::api
37 | 
38 | #endif // PICHI_API_REST_HPP
39 | 


--------------------------------------------------------------------------------
/include/pichi/common/literals.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_LITERALS_HPP
 2 | #define PICHI_COMMON_LITERALS_HPP
 3 | 
 4 | #include <cassert>
 5 | #include <limits>
 6 | #include <stddef.h>
 7 | #include <stdint.h>
 8 | #include <type_traits>
 9 | 
10 | namespace pichi {
11 | 
12 | /* TODO
13 |  * MSVC complains C4100 warnings if variant is not used in all branches of if-constexpr.
14 |  * Suppress it explicitly by using following function tmeplate.
15 |  */
16 | template <typename... Args> void suppressC4100(Args&&...) {}
17 | 
18 | inline constexpr size_t operator""_sz(unsigned long long i)
19 | {
20 |   assert(i <= std::numeric_limits<size_t>::max());
21 |   return static_cast<size_t>(i);
22 | }
23 | 
24 | inline constexpr uint8_t operator""_u8(unsigned long long i)
25 | {
26 |   assert(i <= std::numeric_limits<uint8_t>::max());
27 |   return static_cast<uint8_t>(i);
28 | }
29 | 
30 | inline constexpr uint16_t operator""_u16(unsigned long long i)
31 | {
32 |   assert(i <= std::numeric_limits<uint16_t>::max());
33 |   return static_cast<uint16_t>(i);
34 | }
35 | 
36 | }  // namespace pichi
37 | 
38 | #endif  // PICHI_COMMON_LITERALS_HPP
39 | 


--------------------------------------------------------------------------------
/.conan/scripts/export.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | usage()
 4 | {
 5 |   cat <<EOF
 6 | Usage:
 7 | conan.sh export [-k lockfile] [-v version] [-h] <recipe name>
 8 |   -k: specify the recipe version contained within the lockfile
 9 |   -v: specify the recipe version
10 | NOTICE:
11 |   * -k/-v must specify one
12 |   * -v would be ignored if -k is specified
13 | EOF
14 |   exit 1
15 | }
16 | 
17 | # Main
18 | set -o errexit
19 | recipes="$(dirname $0)/../recipes"
20 | 
21 | trap usage EXIT
22 | args="$(getopt k:v: $*)"
23 | set -- ${args}
24 | for i; do
25 |   case "$i" in
26 |     -k)
27 |       shift
28 |       lockfile="$1"
29 |       shift
30 |       ;;
31 |     -v)
32 |       shift
33 |       version="$1"
34 |       shift
35 |       ;;
36 |     --)
37 |       shift
38 |       recipe="$1"
39 |       [ -n "${recipe}" ]
40 |       [ -n "${version}" ] || [ -n "${lockfile}" ]
41 |   esac
42 | done
43 | 
44 | trap - EXIT
45 | if [ -n "${lockfile}" ]; then
46 |   version=$(jq -r ".requires[] | select(test(\"^${recipe}/\")) | sub(\"^[^/]*/\"; \"\")" < \
47 |     "${lockfile}")
48 | fi
49 | conan export --version "${version}" "${recipes}/${recipe}"
50 | 


--------------------------------------------------------------------------------
/include/pichi/vo/ingress.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_INGRESS_HPP
 2 | #define PICHI_VO_INGRESS_HPP
 3 | 
 4 | #include <optional>
 5 | #include <pichi/common/endpoint.hpp>
 6 | #include <pichi/common/enumerations.hpp>
 7 | #include <pichi/vo/credential.hpp>
 8 | #include <pichi/vo/options.hpp>
 9 | #include <rapidjson/document.h>
10 | #include <variant>
11 | #include <vector>
12 | 
13 | namespace pichi::vo {
14 | 
15 | struct Ingress {
16 |   using Credential =
17 |       std::variant<UpIngressCredential, TrojanIngressCredential, VMessIngressCredential>;
18 |   using Options = std::variant<TunnelOption, ShadowsocksOption, TrojanOption>;
19 | 
20 |   AdapterType type_;
21 |   std::vector<Endpoint> bind_ = {};
22 |   std::optional<Credential> credential_ = {};
23 |   std::optional<Options> opt_ = {};
24 |   std::optional<TlsIngressOption> tls_ = {};
25 |   std::optional<WebsocketOption> websocket_ = {};
26 | };
27 | 
28 | extern rapidjson::Value toJson(Ingress const&, rapidjson::Document::AllocatorType&);
29 | 
30 | extern bool operator==(Ingress const&, Ingress const&);
31 | 
32 | }  // namespace pichi::vo
33 | 
34 | #endif  // PICHI_VO_INGRESS_HPP
35 | 


--------------------------------------------------------------------------------
/include/pichi/net/transparent.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_TRANSPARENT_HPP
 2 | #define PICHI_NET_TRANSPARENT_HPP
 3 | 
 4 | #include <pichi/common/adapter.hpp>
 5 | #include <utility>
 6 | 
 7 | namespace pichi::net {
 8 | 
 9 | template <typename Socket> class TransparentIngress : public Ingress {
10 | public:
11 |   template <typename... Args>
12 |   TransparentIngress(Args&&... args) : socket_{std::forward<Args>(args)...}
13 |   {
14 |   }
15 | 
16 |   ~TransparentIngress() = default;
17 |   TransparentIngress(TransparentIngress const&) = delete;
18 |   TransparentIngress(TransparentIngress&&) = delete;
19 |   TransparentIngress& operator=(TransparentIngress const&) = delete;
20 |   TransparentIngress& operator=(TransparentIngress&&) = delete;
21 | 
22 |   size_t recv(MutableBuffer, Yield) override;
23 |   void send(ConstBuffer, Yield) override;
24 |   void close(Yield) override;
25 |   bool readable() const override;
26 |   bool writable() const override;
27 |   Endpoint readRemote(Yield) override;
28 |   void confirm(Yield) override;
29 | 
30 | private:
31 | private:
32 |   Socket socket_;
33 | };
34 | 
35 | }  // namespace pichi::net
36 | 
37 | #endif  // PICHI_NET_TRANSPARENT_HPP
38 | 


--------------------------------------------------------------------------------
/include/pichi/api/session.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_SESSION_HPP
 2 | #define PICHI_API_SESSION_HPP
 3 | 
 4 | #include <boost/asio/io_context.hpp>
 5 | #include <boost/asio/strand.hpp>
 6 | #include <memory>
 7 | #include <pichi/common/adapter.hpp>
 8 | #include <pichi/common/endpoint.hpp>
 9 | 
10 | namespace pichi::api {
11 | 
12 | class Session : public std::enable_shared_from_this<Session> {
13 | private:
14 |   using Strand = boost::asio::io_context::strand;
15 |   using IngressPtr = std::unique_ptr<Ingress>;
16 |   using EgressPtr = std::unique_ptr<Egress>;
17 | 
18 |   template <typename Yield> void close(Yield);
19 | 
20 | public:
21 |   Session(Session const&) = delete;
22 |   Session(Session&&) = delete;
23 |   Session& operator=(Session const&) = delete;
24 |   Session& operator=(Session&&) = delete;
25 | 
26 |   // According to Effective Moderm C++, Item 22.
27 |   ~Session();
28 |   explicit Session(boost::asio::io_context& io, IngressPtr&&, EgressPtr&&);
29 |   void start(Endpoint const&, ResolveResults const&);
30 |   void start();
31 | 
32 | private:
33 |   Strand strand_;
34 |   IngressPtr ingress_;
35 |   EgressPtr egress_;
36 | };
37 | 
38 | }  // namespace pichi::api
39 | 
40 | #endif
41 | 


--------------------------------------------------------------------------------
/include/pichi/net/spawn.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_SPAWN_HPP
 2 | #define PICHI_NET_SPAWN_HPP
 3 | 
 4 | #include <boost/asio/spawn2.hpp>
 5 | #include <exception>
 6 | #include <type_traits>
 7 | #include <utility>
 8 | 
 9 | namespace pichi::net {
10 | 
11 | extern void logException(std::exception_ptr) noexcept;
12 | extern void stubHandler(std::exception_ptr, boost::asio::yield_context) noexcept;
13 | 
14 | template <typename T, typename Function, typename ExceptionHandler = decltype(stubHandler)>
15 | void spawn(T&& t, Function&& f, ExceptionHandler&& eh = stubHandler)
16 | {
17 |   static_assert(std::is_invocable_v<std::decay_t<Function>, boost::asio::yield_context>);
18 |   static_assert(std::is_nothrow_invocable_v<std::decay_t<ExceptionHandler>, std::exception_ptr,
19 |                                             boost::asio::yield_context>);
20 |   boost::asio::spawn(
21 |       std::forward<T>(t),
22 |       [f = std::forward<Function>(f), eh = std::forward<ExceptionHandler>(eh)](auto yield) mutable {
23 |         try {
24 |           f(yield);
25 |         }
26 |         catch (...) {
27 |           auto eptr = std::current_exception();
28 |           eh(eptr, yield);
29 |           logException(eptr);
30 |         }
31 |       });
32 | }
33 | 
34 | } // namespace pichi::net
35 | 
36 | #endif // PICHI_NET_SPAWN_HPP
37 | 


--------------------------------------------------------------------------------
/.github/workflows/conan.yml:
--------------------------------------------------------------------------------
 1 | name: Build Pichi with Conan
 2 | 
 3 | on:
 4 |   workflow_call:
 5 |     inputs:
 6 |       image:
 7 |         required: true
 8 |         type: string
 9 |       os:
10 |         required: true
11 |         type: string
12 |       args:
13 |         required: false
14 |         type: string
15 | 
16 | jobs:
17 |   build:
18 |     runs-on: ${{ inputs.image }}
19 |     steps:
20 |       - uses: actions/checkout@v3
21 |       - name: Install Conan on macOS
22 |         if: ${{ inputs.image == 'macos-14' }}
23 |         run: brew install conan go
24 |       - name: Install Conan on non-macOS
25 |         if: ${{ inputs.image != 'macos-14' }}
26 |         uses: turtlebrowser/get-conan@v1.1
27 |       - name: Install NASM for windows
28 |         if: ${{ inputs.os == 'windows' }}
29 |         run: choco install -y nasm
30 |       - name: Export BoringSSL recipe into the Conan cache
31 |         run: .conan/scripts/conan.sh export -k .conan/scripts/latest.lock boringssl
32 |       - name: Export libmaxminddb recipe into the Conan cache
33 |         run: .conan/scripts/conan.sh export -k .conan/scripts/latest.lock libmaxminddb
34 |       - name: Build pichi recipe
35 |         run: >
36 |           .conan/scripts/conan.sh build -k .conan/scripts/latest.lock
37 |           -p ${{ inputs.os }}
38 |           ${{ inputs.args }}
39 |           latest
40 | 


--------------------------------------------------------------------------------
/.github/workflows/docker.yml:
--------------------------------------------------------------------------------
 1 | name: Release docker image
 2 | 
 3 | on:
 4 |   release:
 5 |     type: [ create, edited ]
 6 |   push:
 7 |     branches:
 8 |       - main
 9 | 
10 | env:
11 |   registry: ghcr.io
12 |   image: ${{ github.actor }}/pichi
13 | 
14 | jobs:
15 |   publish:
16 |     runs-on: ubuntu-latest
17 |     permissions:
18 |       contents: read
19 |       packages: write
20 |     steps:
21 |       - uses: actions/checkout@v3
22 |       - name: Log in to the Container Registry
23 |         uses: docker/login-action@v2.1.0
24 |         with:
25 |           registry: ${{ env.registry }}
26 |           username: ${{ github.actor }}
27 |           password: ${{ secrets.GITHUB_TOKEN }}
28 |       - name: Build & Publish Docker Image with Version
29 |         if: ${{ github.event_name == 'release' }}
30 |         uses: docker/build-push-action@v3.2.0
31 |         with:
32 |           context: .
33 |           file: docker/pichi.dockerfile
34 |           push: true
35 |           tags: ${{ env.registry }}/${{ env.image }}:${{ github.ref_name }}
36 |       - name: Build & Publish latest Docker Image
37 |         if: ${{ github.event_name == 'push' }}
38 |         uses: docker/build-push-action@v3.2.0
39 |         with:
40 |           context: .
41 |           file: docker/pichi.dockerfile
42 |           push: true
43 |           tags: ${{ env.registry }}/${{ env.image }}:latest
44 | 


--------------------------------------------------------------------------------
/include/pichi/api/ingress_manager.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_INGRESS_MANAGER_HPP
 2 | #define PICHI_API_INGRESS_MANAGER_HPP
 3 | 
 4 | #include <functional>
 5 | #include <map>
 6 | #include <pichi/api/balancer.hpp>
 7 | #include <pichi/api/ingress_holder.hpp>
 8 | #include <pichi/vo/iterator.hpp>
 9 | #include <utility>
10 | 
11 | namespace pichi::vo {
12 | 
13 | struct Ingress;
14 | 
15 | }  // namespace pichi::vo
16 | 
17 | namespace pichi::api {
18 | 
19 | class IngressManager {
20 | public:
21 |   using VO = vo::Ingress;
22 | 
23 | private:
24 |   using Container = std::map<std::string, IngressHolder, std::less<>>;
25 |   using DelegateIterator = typename Container::const_iterator;
26 |   using ValueType = std::pair<std::string_view, VO const&>;
27 |   using ConstIterator = vo::Iterator<DelegateIterator, ValueType>;
28 |   using Handler = std::function<void(std::string_view, IngressHolder&)>;
29 | 
30 |   static ValueType generatePair(DelegateIterator);
31 | 
32 | public:
33 |   IngressManager(boost::asio::io_context&, Handler);
34 | 
35 |   void update(std::string const&, VO);
36 |   void erase(std::string_view);
37 | 
38 |   ConstIterator begin() const noexcept;
39 |   ConstIterator end() const noexcept;
40 | 
41 | private:
42 |   boost::asio::io_context& io_;
43 |   Handler onChange_;
44 |   Container c_;
45 | };
46 | 
47 | }  // namespace pichi::api
48 | 
49 | #endif  // PICHI_API_INGRESS_MANAGER_HPP
50 | 


--------------------------------------------------------------------------------
/include/pichi/net/ssstream.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_SSSTREAM_HPP
 2 | #define PICHI_NET_SSSTREAM_HPP
 3 | 
 4 | #include <pichi/common/adapter.hpp>
 5 | #include <pichi/crypto/method.hpp>
 6 | #include <pichi/crypto/stream.hpp>
 7 | 
 8 | namespace pichi::net {
 9 | 
10 | template <CryptoMethod method, typename Stream>
11 | class SSStreamAdapter : public Ingress, public Egress {
12 | public:
13 |   inline static constexpr CryptoMethod METHOD = method;
14 | 
15 |   template <typename... Args>
16 |   SSStreamAdapter(ConstBuffer psk, Args&&... args)
17 |     : stream_{std::forward<Args>(args)...}, encryptor_{psk}, decryptor_{psk}
18 |   {
19 |   }
20 |   ~SSStreamAdapter() override = default;
21 | 
22 |   size_t recv(MutableBuffer, Yield) override;
23 |   void send(ConstBuffer, Yield) override;
24 |   void close(Yield) override;
25 |   bool readable() const override;
26 |   bool writable() const override;
27 |   size_t readIV(MutableBuffer, Yield) override;
28 |   Endpoint readRemote(Yield) override;
29 |   void confirm(Yield) override;
30 |   void connect(Endpoint const& remote, ResolveResults server, Yield) override;
31 | 
32 | private:
33 |   Stream stream_;
34 |   crypto::StreamEncryptor<method> encryptor_;
35 |   crypto::StreamDecryptor<method> decryptor_;
36 |   bool ivSent_ = false;
37 |   bool ivReceived_ = false;
38 | };
39 | 
40 | }  // namespace pichi::net
41 | 
42 | #endif  // PICHI_NET_SSSTREAM_HPP
43 | 


--------------------------------------------------------------------------------
/test/utils.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_TEST_UTILS_HPP
 2 | #define PICHI_TEST_UTILS_HPP
 3 | 
 4 | #include <pichi/common/config.hpp>
 5 | // Include config.hpp first
 6 | #include <boost/asio/error.hpp>
 7 | #include <boost/asio/spawn2.hpp>
 8 | #include <boost/beast/http/error.hpp>
 9 | #include <pichi/common/error.hpp>
10 | #include <string_view>
11 | #include <vector>
12 | 
13 | namespace pichi::unit_test {
14 | 
15 | using SystemError = boost::system::system_error;
16 | 
17 | template <PichiError error> bool verifyException(SystemError const& e) { return e.code() == error; }
18 | 
19 | template <boost::asio::error::basic_errors error> bool verifyException(SystemError const& e)
20 | {
21 |   return e.code() == error;
22 | }
23 | 
24 | template <boost::beast::http::error error> bool verifyException(SystemError const& e)
25 | {
26 |   auto expect = boost::beast::http::make_error_code(error);
27 |   auto fact = e.code();
28 |   // FIXME http_error_category equivalence is failed on Windows shared mode
29 |   return expect.value() == fact.value() &&
30 |          std::string_view{expect.category().name()} == std::string_view{fact.category().name()};
31 | }
32 | 
33 | extern std::vector<uint8_t> str2vec(std::string_view);
34 | extern std::vector<uint8_t> hex2bin(std::string_view);
35 | 
36 | inline decltype(auto) ph = "placeholder";
37 | extern boost::asio::yield_context gYield;
38 | 
39 | }  // namespace pichi::unit_test
40 | 
41 | #endif
42 | 


--------------------------------------------------------------------------------
/include/pichi/api/balancer.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_BALANCER_HPP
 2 | #define PICHI_API_BALANCER_HPP
 3 | 
 4 | #include <iterator>
 5 | #include <memory>
 6 | #include <pichi/common/endpoint.hpp>
 7 | #include <pichi/common/enumerations.hpp>
 8 | #include <vector>
 9 | 
10 | namespace pichi::api {
11 | 
12 | namespace detail {
13 | 
14 | template <typename Offset> struct BalanceSelector {
15 |   virtual Offset select() = 0;
16 |   virtual void release(Offset) = 0;
17 |   virtual ~BalanceSelector() = default;
18 | };
19 | 
20 | }  // namespace detail
21 | 
22 | class Balancer {
23 | private:
24 |   using Endpoints = std::vector<Endpoint>;
25 |   using EndpointIt = typename Endpoints::const_iterator;
26 |   using Offset = std::iterator_traits<EndpointIt>::difference_type;
27 |   using SelectorPtr = std::unique_ptr<detail::BalanceSelector<Offset>>;
28 | 
29 |   static SelectorPtr makeSelector(BalanceType, EndpointIt, EndpointIt);
30 | 
31 | public:
32 |   using Iterator = EndpointIt;
33 | 
34 |   template <typename InputIt>
35 |   Balancer(BalanceType type, InputIt first, InputIt last)
36 |     : endpoints_{first, last},
37 |       selector_{makeSelector(type, std::cbegin(endpoints_), std::cend(endpoints_))}
38 |   {
39 |   }
40 | 
41 |   Iterator select();
42 |   void release(Iterator);
43 | 
44 | private:
45 |   Endpoints endpoints_;
46 |   SelectorPtr selector_;
47 | };
48 | 
49 | }  // namespace pichi::api
50 | 
51 | #endif  // PICHI_API_BALANCER_HPP
52 | 


--------------------------------------------------------------------------------
/src/common/asserts.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/asio/detail/throw_error.hpp>
 4 | #include <boost/system/system_error.hpp>
 5 | #include <errno.h>
 6 | #include <pichi/common/asserts.hpp>
 7 | #include <pichi/common/error.hpp>
 8 | #include <string>
 9 | 
10 | using namespace std;
11 | namespace sys = boost::system;
12 | using ErrorCode = sys::error_code;
13 | using SystemError = sys::system_error;
14 | 
15 | namespace pichi {
16 | 
17 | [[noreturn]] void fail(PichiError e, string_view msg)
18 | {
19 |   throw SystemError{makeErrorCode(e), string{cbegin(msg), cend(msg)}};
20 | }
21 | 
22 | [[noreturn]] void fail(string_view msg) { fail(PichiError::MISC, msg); }
23 | 
24 | void assertTrue(bool b, PichiError e, string_view msg)
25 | {
26 |   if (!b) fail(e, msg);
27 | }
28 | 
29 | void assertTrue(bool b, string_view msg) { assertTrue(b, PichiError::MISC, msg); }
30 | 
31 | void assertFalse(bool b, PichiError e, string_view msg) { assertTrue(!b, e, msg); }
32 | 
33 | void assertFalse(bool b, string_view msg) { assertTrue(!b, PichiError::MISC, msg); }
34 | 
35 | void assertTrue(bool b, ErrorCode const& ec)
36 | {
37 |   if (!b) boost::asio::detail::throw_error(ec);
38 | }
39 | 
40 | [[noreturn]] void failWithErrno() { throw SystemError{ErrorCode{errno, sys::system_category()}}; }
41 | 
42 | void assertSuccess(int ret)
43 | {
44 |   if (ret == -1) failWithErrno();
45 | }
46 | 
47 | }  // namespace pichi
48 | 


--------------------------------------------------------------------------------
/include/pichi/net/tunnel.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_TUNNEL_HPP
 2 | #define PICHI_NET_TUNNEL_HPP
 3 | 
 4 | #include <any>
 5 | #include <memory>
 6 | #include <pichi/api/balancer.hpp>
 7 | #include <pichi/common/adapter.hpp>
 8 | #include <pichi/common/endpoint.hpp>
 9 | 
10 | namespace pichi::net {
11 | 
12 | template <typename Socket> class TunnelIngress : public Ingress {
13 | private:
14 |   using BalancerPtr = std::shared_ptr<api::Balancer>;
15 |   using Iterator = api::Balancer::Iterator;
16 | 
17 | public:
18 |   template <typename... Args>
19 |   TunnelIngress(std::any& data, Args&&... args)
20 |     : pBalancer_{std::any_cast<BalancerPtr>(data)}, socket_{std::forward<Args>(args)...}
21 |   {
22 |   }
23 | 
24 |   ~TunnelIngress();
25 | 
26 |   TunnelIngress(TunnelIngress const&) = delete;
27 |   TunnelIngress(TunnelIngress&&) = delete;
28 |   TunnelIngress& operator=(TunnelIngress const&) = delete;
29 |   TunnelIngress& operator=(TunnelIngress&&) = delete;
30 | 
31 |   size_t recv(MutableBuffer, Yield) override;
32 |   void send(ConstBuffer, Yield) override;
33 |   void close(Yield) override;
34 |   bool readable() const override;
35 |   bool writable() const override;
36 |   Endpoint readRemote(Yield) override;
37 |   void confirm(Yield) override;
38 | 
39 | private:
40 |   BalancerPtr pBalancer_;
41 |   Socket socket_;
42 |   Iterator it_ = {};
43 |   bool released_ = false;
44 | };
45 | 
46 | }  // namespace pichi::net
47 | 
48 | #endif  // PICHI_NET_TUNNEL_HPP
49 | 


--------------------------------------------------------------------------------
/cmake/GetLibraryDirectories.cmake:
--------------------------------------------------------------------------------
 1 | function(_get_library_directory output lib)
 2 |   get_filename_component(dir ${lib} DIRECTORY)
 3 |   set(${output} ${dir} PARENT_SCOPE)
 4 | endfunction()
 5 | 
 6 | function(_get_library_directories output lib)
 7 |   if(TARGET ${lib})
 8 |     get_target_property(type ${lib} TYPE)
 9 | 
10 |     if("${type}" STREQUAL "STATIC_LIBRARY" OR
11 |       "${type}" STREQUAL "SHARED_LIBRARY" OR
12 |       "${type}" STREQUAL "UNKNOWN_LIBRARY" OR
13 |       "${type}" STREQUAL "INTERFACE_LIBRARY")
14 |       get_target_property(dirs ${lib} INTERFACE_LINK_DIRECTORIES)
15 | 
16 |       if(NOT dirs)
17 |         unset(dirs)
18 |         get_target_property(deps ${lib} INTERFACE_LINK_LIBRARIES)
19 | 
20 |         if(deps)
21 |           foreach(dep IN LISTS deps)
22 |             _get_library_directories(dir ${dep})
23 | 
24 |             if(dir)
25 |               list(APPEND dirs ${dir})
26 |             endif()
27 |           endforeach()
28 |         endif()
29 |       endif()
30 | 
31 |       if(NOT "${type}" STREQUAL "INTERFACE_LIBRARY")
32 |         get_target_property(lib ${lib} IMPORTED_LOCATION)
33 |         _get_library_directories(dir ${lib})
34 |       endif()
35 | 
36 |       if(dirs AND dir)
37 |         list(APPEND dirs ${dir})
38 |       elseif(dir)
39 |         set(dirs ${dir})
40 |       endif()
41 |     endif()
42 |   elseif(EXISTS ${lib})
43 |     _get_library_directory(dirs ${lib})
44 |   endif()
45 | 
46 |   if(dirs)
47 |     list(REMOVE_DUPLICATES dirs)
48 |     set(${output} ${dirs} PARENT_SCOPE)
49 |   endif()
50 | endfunction()
51 | 


--------------------------------------------------------------------------------
/src/net/reject.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/asio/ip/tcp.hpp>
 4 | #include <chrono>
 5 | #include <pichi/common/asserts.hpp>
 6 | #include <pichi/net/reject.hpp>
 7 | #include <random>
 8 | 
 9 | using namespace std;
10 | namespace asio = boost::asio;
11 | namespace sys = boost::system;
12 | 
13 | namespace pichi::net {
14 | 
15 | RejectEgress::RejectEgress(asio::io_context& io) : t_{io}
16 | {
17 |   auto g = mt19937{random_device{}()};
18 |   auto r = uniform_int_distribution<>{0, 300};
19 |   t_.expires_after(r(g) * 1s);
20 | }
21 | 
22 | RejectEgress::RejectEgress(asio::io_context& io, uint16_t delay) : t_{io}
23 | {
24 |   t_.expires_after(delay * 1s);
25 | }
26 | 
27 | [[noreturn]] size_t RejectEgress::recv(MutableBuffer, Yield)
28 | {
29 |   fail("RejectEgress::recv shouldn't be invoked");
30 | }
31 | 
32 | [[noreturn]] void RejectEgress::send(ConstBuffer, Yield)
33 | {
34 |   fail("RejectEgress::send shouldn't be invoked");
35 | }
36 | 
37 | void RejectEgress::close(Yield) { t_.cancel(); }
38 | 
39 | [[noreturn]] bool RejectEgress::readable() const
40 | {
41 |   fail("RejectEgress::readable shouldn't be invoked");
42 | }
43 | 
44 | [[noreturn]] bool RejectEgress::writable() const
45 | {
46 |   fail("RejectEgress::writable shouldn't be invoked");
47 | }
48 | 
49 | void RejectEgress::connect(Endpoint const&, ResolveResults, Yield yield)
50 | {
51 |   auto ec = sys::error_code{};
52 |   t_.async_wait(yield[ec]);
53 |   if (ec != asio::error::operation_aborted) fail("Force to reject connection");
54 | }
55 | 
56 | }  // namespace pichi::net
57 | 


--------------------------------------------------------------------------------
/src/net/tunnel.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/asio/ip/tcp.hpp>
 4 | #include <pichi/net/helper.hpp>
 5 | #include <pichi/net/tunnel.hpp>
 6 | 
 7 | using namespace std;
 8 | 
 9 | namespace pichi::net {
10 | 
11 | template <typename Socket> TunnelIngress<Socket>::~TunnelIngress()
12 | {
13 |   if (!released_) {
14 |     pBalancer_->release(it_);
15 |     released_ = true;
16 |   }
17 | }
18 | 
19 | template <typename Socket> size_t TunnelIngress<Socket>::recv(MutableBuffer buf, Yield yield)
20 | {
21 |   return pichi::net::readSome(socket_, buf, yield);
22 | }
23 | 
24 | template <typename Socket> void TunnelIngress<Socket>::send(ConstBuffer buf, Yield yield)
25 | {
26 |   pichi::net::write(socket_, buf, yield);
27 | }
28 | 
29 | template <typename Socket> void TunnelIngress<Socket>::close(Yield yield)
30 | {
31 |   pichi::net::close(socket_, yield);
32 |   if (!released_) {
33 |     pBalancer_->release(it_);
34 |     released_ = true;
35 |   }
36 | }
37 | 
38 | template <typename Socket> bool TunnelIngress<Socket>::readable() const
39 | {
40 |   return socket_.is_open();
41 | }
42 | 
43 | template <typename Socket> bool TunnelIngress<Socket>::writable() const
44 | {
45 |   return socket_.is_open();
46 | }
47 | 
48 | template <typename Socket> Endpoint TunnelIngress<Socket>::readRemote(Yield)
49 | {
50 |   it_ = pBalancer_->select();
51 |   return *it_;
52 | }
53 | 
54 | template <typename Socket> void TunnelIngress<Socket>::confirm(Yield) {}
55 | 
56 | template class TunnelIngress<boost::asio::ip::tcp::socket>;
57 | 
58 | }  // namespace pichi::net
59 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2018, Pichi Router
 4 | All rights reserved.
 5 | 
 6 | Redistribution and use in source and binary forms, with or without
 7 | modification, are permitted provided that the following conditions are met:
 8 | 
 9 | * Redistributions of source code must retain the above copyright notice, this
10 |   list of conditions and the following disclaimer.
11 | 
12 | * Redistributions in binary form must reproduce the above copyright notice,
13 |   this list of conditions and the following disclaimer in the documentation
14 |   and/or other materials provided with the distribution.
15 | 
16 | * Neither the name of the copyright holder nor the names of its
17 |   contributors may be used to endorse or promote products derived from
18 |   this software without specific prior written permission.
19 | 
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 | 


--------------------------------------------------------------------------------
/include/pichi/common/adapter.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_ADAPTER_HPP
 2 | #define PICHI_COMMON_ADAPTER_HPP
 3 | 
 4 | #include <boost/asio/spawn2.hpp>
 5 | #include <exception>
 6 | #include <pichi/common/buffer.hpp>
 7 | #include <pichi/common/endpoint.hpp>
 8 | #include <pichi/common/enumerations.hpp>
 9 | #include <stdint.h>
10 | 
11 | namespace boost::asio::ip {
12 | 
13 | class tcp;
14 | template <typename InternetProtocol> class basic_resolver_results;
15 | 
16 | }  // namespace boost::asio::ip
17 | 
18 | namespace pichi {
19 | 
20 | using ResolveResults = boost::asio::ip::basic_resolver_results<boost::asio::ip::tcp>;
21 | 
22 | struct Adapter {
23 |   using Yield = boost::asio::yield_context;
24 | 
25 |   Adapter(Adapter const&) = delete;
26 |   Adapter(Adapter&&) = delete;
27 |   Adapter& operator=(Adapter const&) = delete;
28 |   Adapter& operator=(Adapter&&) = delete;
29 | 
30 |   Adapter() = default;
31 |   virtual ~Adapter() = default;
32 | 
33 |   virtual size_t recv(MutableBuffer, Yield) = 0;
34 |   virtual void send(ConstBuffer, Yield) = 0;
35 |   virtual void close(Yield) = 0;
36 |   virtual bool readable() const = 0;
37 |   virtual bool writable() const = 0;
38 | };
39 | 
40 | struct Ingress : public Adapter {
41 |   virtual size_t readIV(MutableBuffer, Yield) { return 0; };
42 |   virtual Endpoint readRemote(Yield) = 0;
43 |   virtual void confirm(Yield) = 0;
44 |   virtual void disconnect(std::exception_ptr, Yield) {}
45 | };
46 | 
47 | struct Egress : public Adapter {
48 |   virtual void connect(Endpoint const& remote, ResolveResults next, Yield) = 0;
49 | };
50 | 
51 | }  // namespace pichi
52 | 
53 | #endif  // PICHI_COMMON_ADAPTER_HPP
54 | 


--------------------------------------------------------------------------------
/src/api/ingress_holder.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/asio/io_context.hpp>
 4 | #include <pichi/api/balancer.hpp>
 5 | #include <pichi/api/ingress_holder.hpp>
 6 | #include <pichi/common/asserts.hpp>
 7 | #include <pichi/vo/ingress.hpp>
 8 | #include <utility>
 9 | 
10 | using namespace std;
11 | namespace asio = boost::asio;
12 | namespace ip = asio::ip;
13 | 
14 | namespace pichi::api {
15 | 
16 | static auto createAcceptors(asio::io_context& io, vo::Ingress const& vo)
17 | {
18 |   auto acceptors = vector<ip::tcp::acceptor>{};
19 |   transform(cbegin(vo.bind_), cend(vo.bind_), back_inserter(acceptors), [&io](auto&& endpoint) {
20 |     assertFalse(endpoint.type_ == EndpointType::DOMAIN_NAME);
21 |     return ip::tcp::acceptor{io, {ip::make_address(endpoint.host_), endpoint.port_}};
22 |   });
23 |   return acceptors;
24 | }
25 | 
26 | static any createData(vo::Ingress const& vo)
27 | {
28 |   switch (vo.type_) {
29 |   case AdapterType::TUNNEL: {
30 |     auto& opt = get<vo::TunnelOption>(*vo.opt_);
31 |     return make_shared<Balancer>(opt.balance_, cbegin(opt.destinations_), cend(opt.destinations_));
32 |   }
33 |   default:
34 |     return {};
35 |   }
36 | }
37 | 
38 | IngressHolder::IngressHolder(asio::io_context& io, vo::Ingress&& vo)
39 |   : vo_{move(vo)}, acceptors_{createAcceptors(io, vo_)}, data_{createData(vo_)}
40 | {
41 | }
42 | 
43 | void IngressHolder::reset(asio::io_context& io, vo::Ingress&& vo)
44 | {
45 |   // TODO Exception safety
46 |   auto acceptors = createAcceptors(io, vo);
47 |   data_ = createData(vo);
48 |   swap(acceptors_, acceptors);
49 |   vo_ = move(vo);
50 | }
51 | 
52 | }  // namespace pichi::api
53 | 


--------------------------------------------------------------------------------
/CMakeLists.txt:
--------------------------------------------------------------------------------
 1 | cmake_minimum_required(VERSION 3.15.0 FATAL_ERROR)
 2 | cmake_policy(SET CMP0091 NEW)
 3 | project(pichi)
 4 | 
 5 | # Options
 6 | option(BUILD_SERVER "Build pichi application" ON)
 7 | option(BUILD_TEST "Build unit test cases" ON)
 8 | option(BUILD_SHARED_LIBS "Build shared library" OFF)
 9 | option(INSTALL_DEVEL "Install files for development" OFF)
10 | option(ENABLE_CONAN "Enable conan" OFF)
11 | option(TRANSPARENT_PF "Implement transparent ingress via Packet Filter" OFF)
12 | option(TRANSPARENT_IPTABLES "Implement transparent ingress via Linux IPTables" OFF)
13 | option(TLS_FINGERPRINT "Enable TLS fingerprint" ON)
14 | 
15 | # C++ standard options
16 | set(CMAKE_CXX_STANDARD 20)
17 | set(CMAKE_CXX_STANDARD_REQUIRED ON)
18 | set(CMAKE_CXX_EXTENSIONS OFF)
19 | 
20 | # Preprocessing
21 | if(ENABLE_CONAN AND CMAKE_CROSSCOMPILING)
22 |   set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE BOTH)
23 |   set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY BOTH)
24 | endif()
25 | 
26 | set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake)
27 | include(HandleDependencies)
28 | include(Configure)
29 | include(GNUInstallDirs)
30 | 
31 | # Setup global variables
32 | # PICHI_LIBRARY:    the target name of pichi library
33 | # INSTALL_RPATH:    the runtime paths for all targets
34 | # MSVC_CRT:         the correct library name for target property MSVC_RUNTIME_LIBRARY
35 | set(PICHI_LIBRARY pichi_lib)
36 | set(INSTALL_RPATH "$<IF:$<BOOL:${APPLE}>,@executable_path/../lib,$ORIGIN/../lib>")
37 | set(MSVC_CRT "MultiThreaded$<$<CONFIG:Debug>:Debug>$<$<BOOL:${BUILD_SHARED_LIBS}>:DLL>")
38 | 
39 | # Setup the targets
40 | add_subdirectory(src)
41 | 
42 | if(BUILD_SERVER)
43 |   add_subdirectory(server)
44 | endif()
45 | 
46 | if(BUILD_TEST)
47 |   enable_testing()
48 |   add_subdirectory(test)
49 | endif()
50 | 


--------------------------------------------------------------------------------
/src/api/ingress_manager.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <pichi/api/ingress_manager.hpp>
 4 | #include <pichi/common/asserts.hpp>
 5 | #include <pichi/vo/ingress.hpp>
 6 | 
 7 | using namespace std;
 8 | namespace asio = boost::asio;
 9 | namespace ip = asio::ip;
10 | namespace sys = boost::system;
11 | using ip::tcp;
12 | 
13 | namespace pichi::api {
14 | 
15 | IngressManager::IngressManager(boost::asio::io_context& io, Handler onChange)
16 |   : io_{io}, onChange_{onChange}, c_{}
17 | {
18 | }
19 | 
20 | IngressManager::ValueType IngressManager::generatePair(DelegateIterator it)
21 | {
22 |   return make_pair(cref(it->first), cref(it->second.vo_));
23 | }
24 | 
25 | IngressManager::ConstIterator IngressManager::begin() const noexcept
26 | {
27 |   return {cbegin(c_), cend(c_), &IngressManager::generatePair};
28 | }
29 | 
30 | IngressManager::ConstIterator IngressManager::end() const noexcept
31 | {
32 |   return {cend(c_), cend(c_), &IngressManager::generatePair};
33 | }
34 | 
35 | void IngressManager::update(string const& name, VO ivo)
36 | {
37 |   assertFalse(ivo.type_ == AdapterType::DIRECT, PichiError::MISC);
38 |   assertFalse(ivo.type_ == AdapterType::REJECT, PichiError::MISC);
39 | 
40 |   auto it = c_.find(name);
41 |   if (it == std::end(c_)) {
42 |     auto [nit, inserted] = c_.try_emplace(name, io_, move(ivo));
43 |     assertTrue(inserted, PichiError::MISC);
44 |     it = nit;
45 |   }
46 |   else {
47 |     it->second.reset(io_, move(ivo));
48 |   }
49 |   auto&& [iname, holder] = *it;
50 |   invoke(onChange_, iname, holder);
51 | }
52 | 
53 | void IngressManager::erase(string_view name)
54 | {
55 |   auto it = c_.find(name);
56 |   if (it != std::end(c_)) c_.erase(it);
57 | }
58 | 
59 | }  // namespace pichi::api
60 | 


--------------------------------------------------------------------------------
/cmake/FindBrotli.cmake:
--------------------------------------------------------------------------------
 1 | find_path(Brotli_INCLUDE_DIRS NAMES brotli/decode.h)
 2 | find_library(Brotli_COMMON_LIBRARY NAMES brotlicommon brotlicommon-static)
 3 | find_library(Brotli_DECODER_LIBRARY NAMES "brotlidec" "brotlidec-static")
 4 | find_library(Brotli_ENCODER_LIBRARY NAMES "brotlienc" "brotlienc-static")
 5 | 
 6 | set(Brotli_LIBRARIES ${Brotli_COMMON_LIBRARY} ${Brotli_DECODER_LIBRARY} ${Brotli_ENCODER_LIBRARY})
 7 | 
 8 | if(NOT CMAKE_CROSSCOMPILING)
 9 |   try_run(VERSION_FOUND _ ${CMAKE_BINARY_DIR}/brotli ${CMAKE_SOURCE_DIR}/cmake/test/brotli-version.cpp
10 |     CMAKE_FLAGS -DINCLUDE_DIRECTORIES=${Brotli_INCLUDE_DIRS}
11 |     COMPILE_DEFINITIONS -DBROTLI_DECODER_VERSION
12 |     LINK_LIBRARIES ${Brotli_LIBRARIES}
13 |     RUN_OUTPUT_VARIABLE Brotli_VERSION
14 |     CXX_STANDARD 17 CXX_STANDARD_REQUIRED ON CXX_EXTENSIONS OFF)
15 | else()
16 |   set(Brotli_VERSION "1.0.0")
17 | endif()
18 | 
19 | include(FindPackageHandleStandardArgs)
20 | find_package_handle_standard_args(Brotli
21 |   REQUIRED_VARS Brotli_COMMON_LIBRARY Brotli_DECODER_LIBRARY Brotli_ENCODER_LIBRARY
22 |   Brotli_LIBRARIES Brotli_INCLUDE_DIRS
23 |   VERSION_VAR Brotli_VERSION
24 | )
25 | 
26 | if(Brotli_FOUND)
27 |   include(AddFoundTarget)
28 |   _add_found_target(brotli::common "${Brotli_INCLUDE_DIRS}" "${Brotli_COMMON_LIBRARY}")
29 |   _add_found_target(brotli::decoder "${Brotli_INCLUDE_DIRS}" "${Brotli_DECODER_LIBRARY}")
30 |   target_link_libraries(brotli::decoder INTERFACE brotli::common)
31 |   _add_found_target(brotli::encoder "${Brotli_INCLUDE_DIRS}" "${Brotli_ENCODER_LIBRARY}")
32 |   target_link_libraries(brotli::encoder INTERFACE brotli::common)
33 |   add_library(brotli::brotli INTERFACE IMPORTED)
34 |   target_link_libraries(brotli::brotli INTERFACE brotli::decoder brotli::encoder)
35 | endif()
36 | 


--------------------------------------------------------------------------------
/include/pichi/common/endpoint.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_ENDPOINT_HPP
 2 | #define PICHI_COMMON_ENDPOINT_HPP
 3 | 
 4 | #include <algorithm>
 5 | #include <cassert>
 6 | #include <functional>
 7 | #include <iterator>
 8 | #include <pichi/common/buffer.hpp>
 9 | #include <pichi/common/enumerations.hpp>
10 | #include <stdint.h>
11 | #include <string>
12 | #include <string_view>
13 | #include <type_traits>
14 | 
15 | namespace std {
16 | 
17 | inline string to_string(string_view sv) { return {cbegin(sv), cend(sv)}; }
18 | 
19 | }  // namespace std
20 | 
21 | namespace pichi {
22 | 
23 | struct Endpoint {
24 |   EndpointType type_;
25 |   std::string host_;
26 |   uint16_t port_;
27 | };
28 | 
29 | template <typename Int> void hton(Int src, MutableBuffer dst)
30 | {
31 |   static_assert(std::is_integral_v<Int>, "input type must be integral.");
32 |   assert(sizeof(Int) <= dst.size());
33 |   auto p = reinterpret_cast<uint8_t*>(&src);
34 |   std::reverse_copy(p, p + sizeof(Int), std::begin(dst));
35 | }
36 | 
37 | template <typename Int> Int ntoh(ConstBuffer src)
38 | {
39 |   static_assert(std::is_integral_v<Int>, "output type must be integral.");
40 |   assert(src.size() >= sizeof(Int));
41 | 
42 |   Int dst;
43 |   std::reverse_copy(std::cbegin(src), std::cend(src), reinterpret_cast<uint8_t*>(&dst));
44 |   return dst;
45 | }
46 | 
47 | extern size_t serializeEndpoint(Endpoint const&, MutableBuffer);
48 | extern Endpoint parseEndpoint(std::function<void(MutableBuffer)>);
49 | extern EndpointType detectHostType(std::string_view);
50 | extern Endpoint makeEndpoint(std::string_view, uint16_t);
51 | extern Endpoint makeEndpoint(std::string_view, std::string_view);
52 | 
53 | extern bool operator==(Endpoint const&, Endpoint const&);
54 | 
55 | }  // namespace pichi
56 | 
57 | #endif  // PICHI_COMMON_ENDPOINT_HPP
58 | 


--------------------------------------------------------------------------------
/include/pichi/api/server.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_SERVER_HPP
 2 | #define PICHI_API_SERVER_HPP
 3 | 
 4 | #include <array>
 5 | #include <boost/asio/io_context.hpp>
 6 | #include <boost/asio/strand.hpp>
 7 | #include <pichi/api/egress_manager.hpp>
 8 | #include <pichi/api/ingress_manager.hpp>
 9 | #include <pichi/api/rest.hpp>
10 | #include <pichi/api/router.hpp>
11 | #include <pichi/common/buffer.hpp>
12 | #include <string>
13 | #include <string_view>
14 | #include <unordered_set>
15 | #include <utility>
16 | 
17 | namespace pichi::api {
18 | 
19 | struct IngressHolder;
20 | 
21 | class Server {
22 | private:
23 |   using ResolveResult = boost::asio::ip::tcp::resolver::results_type;
24 | 
25 |   template <typename Acceptor, typename Yield>
26 |   void listen(Acceptor&, std::string_view, IngressHolder&, Yield yield);
27 |   template <typename ExceptionPtr> void removeIngress(ExceptionPtr, std::string_view);
28 |   vo::Egress const& route(Endpoint const&, std::string_view ingress, AdapterType,
29 |                           ResolveResult const&);
30 |   bool isDuplicated(ConstBuffer);
31 | 
32 | public:
33 |   Server(Server const&) = delete;
34 |   Server(Server&&) = delete;
35 |   Server& operator=(Server const&) = delete;
36 |   Server& operator=(Server&&) = delete;
37 | 
38 |   Server(boost::asio::io_context&, char const*);
39 |   ~Server() = default;
40 | 
41 |   void listen(std::string_view, uint16_t);
42 |   void startIngress(std::string_view, IngressHolder&);
43 | 
44 | private:
45 |   boost::asio::io_context::strand strand_;
46 |   std::unordered_set<std::string> ivs_;
47 |   Router router_;
48 |   EgressManager egresses_;
49 |   IngressManager ingresses_;
50 |   Rest rest_;
51 |   std::string bind_;
52 |   uint16_t port_;
53 | };
54 | 
55 | }  // namespace pichi::api
56 | 
57 | #endif  // PICHI_API_SERVER_HPP
58 | 


--------------------------------------------------------------------------------
/.conan/recipes/libmaxminddb/conandata.yml:
--------------------------------------------------------------------------------
 1 | sources:
 2 |   1.5.0:
 3 |     sha256: 7c56e791ff2a655215e7ed3864b1ffdd7d34a38835779efed56a42f056bd58aa
 4 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.5.0/libmaxminddb-1.5.0.tar.gz
 5 |   1.5.1:
 6 |     sha256: c9405be88f6dc057827eef2d143a8ceab408f2d6d94d8f0538de9d62b1e67e98
 7 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.5.1/libmaxminddb-1.5.1.tar.gz
 8 |   1.5.2:
 9 |     sha256: 5237076d250a5f7c297e331c35a433eeaaf0dc205e070e4db353c9ba10f340a2
10 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.5.2/libmaxminddb-1.5.2.tar.gz
11 |   1.6.0:
12 |     sha256: 7620ac187c591ce21bcd7bf352376a3c56a933e684558a1f6bef4bd4f3f98267
13 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz
14 |   1.7.0:
15 |     sha256: 4ad6cf891957535f37b6e6b6162e12204579c5d3e4b191311d0bd6163db7158c
16 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.7.0/libmaxminddb-1.7.0.tar.gz
17 |   1.7.1:
18 |     sha256: e8414f0dedcecbc1f6c31cb65cd81650952ab0677a4d8c49cab603b3b8fb083e
19 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.7.1/libmaxminddb-1.7.1.tar.gz
20 |   1.8.0:
21 |     sha256: 1107799f77be6aa3b9796ad0eed8ffcc334bf45f8bd18e6a984d8adf3e719c6d
22 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.8.0/libmaxminddb-1.8.0.tar.gz
23 |   1.9.1:
24 |     sha256: a80682a89d915fdf60b35d316232fb04ebf36fff27fda9bd39fe8a38d3cd3f12
25 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.9.1/libmaxminddb-1.9.1.tar.gz
26 |   1.10.0:
27 |     sha256: 5e6db72df423ae225bfe8897069f6def40faa8931f456b99d79b8b4d664c6671
28 |     url: https://github.com/maxmind/libmaxminddb/releases/download/1.10.0/libmaxminddb-1.10.0.tar.gz
29 | 


--------------------------------------------------------------------------------
/cmake/FindMaxmindDB.cmake:
--------------------------------------------------------------------------------
 1 | find_path(MaxmindDB_INCLUDE_DIRS NAMES maxminddb.h PATH_SUFFIXES maxminddb)
 2 | find_library(MaxmindDB_LIBRARY NAMES maxminddb)
 3 | set(MaxmindDB_LIBRARIES ${MaxmindDB_LIBRARY})
 4 | 
 5 | if(MaxmindDB_INCLUDE_DIRS)
 6 |   file(STRINGS "${MaxmindDB_INCLUDE_DIRS}/maxminddb.h" version_line
 7 |     REGEX "^#define[\t ]+PACKAGE_VERSION[\t ]+\".*\"")
 8 | 
 9 |   if(version_line)
10 |     string(REGEX REPLACE "^#define[\t ]+PACKAGE_VERSION[\t ]+\"(.*)\""
11 |       "\\1" MaxmindDB_VERSION_STRING "${version_line}")
12 |     unset(version_line)
13 |   else()
14 |     try_compile(HAS_MMDB_LIB_VERSION
15 |       ${CMAKE_BINARY_DIR}/maxminddb ${CMAKE_SOURCE_DIR}/cmake/test/maxminddb-version.cpp
16 |       CMAKE_FLAGS -DINCLUDE_DIRECTORIES=${MaxmindDB_INCLUDE_DIRS}
17 |       LINK_LIBRARIES ${MaxmindDB_LIBRARY}
18 |     )
19 | 
20 |     if(HAS_MMDB_LIB_VERSION AND NOT CMAKE_CROSSCOMPILING)
21 |       try_run(VERSION_FOUND _
22 |         ${CMAKE_BINARY_DIR}/maxminddb ${CMAKE_SOURCE_DIR}/cmake/test/maxminddb-version.cpp
23 |         CMAKE_FLAGS -DINCLUDE_DIRECTORIES=${MaxmindDB_INCLUDE_DIRS}
24 |         LINK_LIBRARIES ${MaxmindDB_LIBRARY}
25 |         RUN_OUTPUT_VARIABLE MaxmindDB_VERSION_STRING
26 |         CXX_STANDARD 17 CXX_STANDARD_REQUIRED ON CXX_EXTENSIONS OFF)
27 |     elseif(HAS_MMDB_LIB_VERSION)
28 |       set(MaxmindDB_VERSION_STRING "1.8.0")
29 |     endif()
30 |   endif()
31 | endif()
32 | 
33 | include(FindPackageHandleStandardArgs)
34 | find_package_handle_standard_args(MaxmindDB
35 |   REQUIRED_VARS MaxmindDB_LIBRARY MaxmindDB_LIBRARIES
36 |   MaxmindDB_INCLUDE_DIRS MaxmindDB_VERSION_STRING
37 |   VERSION_VAR MaxmindDB_VERSION_STRING
38 | )
39 | 
40 | if(MaxmindDB_FOUND)
41 |   include(AddFoundTarget)
42 |   _add_found_target(maxminddb::maxminddb "${MaxmindDB_INCLUDE_DIRS}" "${MaxmindDB_LIBRARY}")
43 | endif()
44 | 


--------------------------------------------------------------------------------
/include/pichi/net/ssaead.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_SSAEAD_HPP
 2 | #define PICHI_NET_SSAEAD_HPP
 3 | 
 4 | #include <boost/beast/core/flat_buffer.hpp>
 5 | #include <pichi/common/adapter.hpp>
 6 | #include <pichi/crypto/aead.hpp>
 7 | #include <pichi/crypto/method.hpp>
 8 | 
 9 | namespace pichi::net {
10 | 
11 | template <CryptoMethod method, typename Stream>
12 | class SSAeadAdapter : public pichi::Ingress, public pichi::Egress {
13 | private:
14 |   using Cache = boost::beast::basic_flat_buffer<std::allocator<uint8_t>>;
15 | 
16 | public:
17 |   inline static constexpr CryptoMethod METHOD = method;
18 | 
19 |   template <typename... Args>
20 |   SSAeadAdapter(ConstBuffer psk, Args&&... args)
21 |     : stream_{std::forward<Args>(args)...}, encryptor_{psk}, decryptor_{psk}
22 |   {
23 |   }
24 |   ~SSAeadAdapter() override = default;
25 | 
26 | public:
27 |   size_t recv(MutableBuffer, Yield) override;
28 |   void send(ConstBuffer, Yield) override;
29 |   void close(Yield) override;
30 |   bool readable() const override;
31 |   bool writable() const override;
32 |   size_t readIV(MutableBuffer, Yield) override;
33 |   Endpoint readRemote(Yield) override;
34 |   void connect(Endpoint const& remote, ResolveResults next, Yield) override;
35 |   void confirm(Yield) override;
36 | 
37 | private:
38 |   MutableBuffer prepare(size_t n, MutableBuffer provided);
39 |   size_t copyTo(MutableBuffer);
40 |   void recvBlock(MutableBuffer block, Yield);
41 |   size_t recvFrame(MutableBuffer, Yield);
42 |   size_t encrypt(ConstBuffer plain, MutableBuffer cipher);
43 | 
44 | private:
45 |   Stream stream_;
46 |   Cache cache_;
47 |   crypto::AeadEncryptor<method> encryptor_;
48 |   crypto::AeadDecryptor<method> decryptor_;
49 |   bool ivSent_ = false;
50 |   bool ivReceived_ = false;
51 | };
52 | 
53 | }  // namespace pichi::net
54 | 
55 | #endif  // PICHI_NET_SSAEAD_HPP
56 | 


--------------------------------------------------------------------------------
/cmake/Findlibsodium.cmake:
--------------------------------------------------------------------------------
 1 | find_path(libsodium_INCLUDE_DIRS NAMES sodium/version.h)
 2 | 
 3 | find_library(libsodium_LIBRARY NAMES sodium libsodium)
 4 | 
 5 | set(libsodium_LIBRARIES ${libsodium_LIBRARY})
 6 | 
 7 | if(libsodium_INCLUDE_DIRS)
 8 |   file(STRINGS "${libsodium_INCLUDE_DIRS}/sodium/version.h" version_line
 9 |     REGEX "^#define[\t ]+SODIUM_VERSION_STRING[\t ]+\".*\"")
10 | 
11 |   if(version_line)
12 |     string(REGEX REPLACE "^#define[\t ]+SODIUM_VERSION_STRING[\t ]+\"(.*)\""
13 |       "\\1" libsodium_VERSION_STRING "${version_line}")
14 |     unset(version_line)
15 |   endif()
16 | endif()
17 | 
18 | include(FindPackageHandleStandardArgs)
19 | find_package_handle_standard_args(libsodium
20 |   REQUIRED_VARS libsodium_LIBRARY libsodium_LIBRARIES libsodium_INCLUDE_DIRS libsodium_VERSION_STRING
21 |   VERSION_VAR libsodium_VERSION_STRING
22 | )
23 | 
24 | if(libsodium_FOUND)
25 |   include(AddFoundTarget)
26 |   _add_found_target(libsodium::libsodium "${libsodium_INCLUDE_DIRS}" "${libsodium_LIBRARY}")
27 | 
28 |   # According to libsodium's manual https://libsodium.gitbook.io/doc/usage,
29 |   # SODIUM_STATIC=1 & SODIUM_EXPORT are mandatory when MSVC & static linking.
30 |   if(MSVC)
31 |     message(STATUS "Detecting Sodium libraries type")
32 |     try_compile(libsodium_SHARED
33 |       ${CMAKE_BINARY_DIR}/cmake ${CMAKE_SOURCE_DIR}/cmake/test/sodium-type.c
34 |       CMAKE_FLAGS -DINCLUDE_DIRECTORIES=${libsodium_INCLUDE_DIRS}
35 |       LINK_LIBRARIES ${libsodium_LIBRARIES}
36 |     )
37 | 
38 |     if(libsodium_SHARED)
39 |       message(STATUS "Detecting Sodium libraries type - SHARED")
40 |     else()
41 |       set_target_properties(Sodium::sodium PROPERTIES
42 |         INTERFACE_COMPILE_DEFINITIONS "SODIUM_STATIC=1;SODIUM_EXPORT")
43 |       message(STATUS "Detecting Sodium libraries type - STATIC")
44 |     endif()
45 |   endif()
46 | endif()
47 | 


--------------------------------------------------------------------------------
/include/pichi/common/enumerations.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_ENUMERATIONS_HPP
 2 | #define PICHI_COMMON_ENUMERATIONS_HPP
 3 | 
 4 | #ifdef _MSC_VER
 5 | #ifdef TRANSPARENT
 6 | #undef TRANSPARENT
 7 | #endif  // TRANSPARENT
 8 | #endif  // _MSC_VER
 9 | 
10 | namespace pichi {
11 | 
12 | enum class EndpointType { DOMAIN_NAME, IPV4, IPV6 };
13 | 
14 | enum class AdapterType { DIRECT, REJECT, SOCKS5, HTTP, SS, TUNNEL, TROJAN, VMESS, TRANSPARENT };
15 | 
16 | enum class HashAlgorithm { MD5, SHA1, SHA224, SHA256, SHA384, SHA512 };
17 | 
18 | enum class CryptoMethod {
19 |   // Stream Crypto Method begin
20 |   // Misc methods
21 |   RC4_MD5,
22 |   BF_CFB,
23 | 
24 |   // AES-CTR methods
25 |   AES_128_CTR,
26 |   AES_192_CTR,
27 |   AES_256_CTR,
28 | 
29 |   // AES-CFB methods
30 |   AES_128_CFB,
31 |   AES_192_CFB,
32 |   AES_256_CFB,
33 | 
34 |   // CAMELLIA-CFB methods
35 |   CAMELLIA_128_CFB,
36 |   CAMELLIA_192_CFB,
37 |   CAMELLIA_256_CFB,
38 | 
39 |   // CHACHA & SALSA methods
40 |   CHACHA20,
41 |   SALSA20,
42 |   CHACHA20_IETF,
43 |   // Stream Crypto Method end
44 | 
45 |   // AEAD Crypto Method begin
46 |   // AES-GCM methods
47 |   AES_128_GCM,
48 |   AES_192_GCM,
49 |   AES_256_GCM,
50 | 
51 |   // CHACHA20 methods
52 |   CHACHA20_IETF_POLY1305,
53 |   XCHACHA20_IETF_POLY1305
54 |   // AEAD Crypto Method end
55 | };
56 | 
57 | enum class DelayMode { RANDOM, FIXED };
58 | enum class BalanceType { RANDOM, ROUND_ROBIN, LEAST_CONN };
59 | enum class VMessSecurity { AUTO, NONE, CHACHA20_IETF_POLY1305, AES_128_GCM };
60 | 
61 | enum class PichiError {
62 |   OK = 0,
63 |   BAD_PROTO,
64 |   CRYPTO_ERROR,
65 |   BUFFER_OVERFLOW,
66 |   BAD_JSON,
67 |   SEMANTIC_ERROR,
68 |   RES_IN_USE,
69 |   RES_LOCKED,
70 |   CONN_FAILURE,
71 |   BAD_AUTH_METHOD,
72 |   UNAUTHENTICATED,
73 |   MISC
74 | };
75 | 
76 | }  // namespace pichi
77 | 
78 | #endif  // PICHI_COMMON_ENUMERATIONS_HPP
79 | 


--------------------------------------------------------------------------------
/cmake/FindMbedTLS.cmake:
--------------------------------------------------------------------------------
 1 | find_path(MbedTLS_INCLUDE_DIRS NAMES mbedtls/version.h)
 2 | 
 3 | find_library(MbedTLS_CRYPTO_LIBRARY NAMES mbedcrypto)
 4 | find_library(MbedTLS_TLS_LIBRARY NAMES mbedtls)
 5 | find_library(MbedTLS_X509_LIBRARY NAMES mbedx509)
 6 | 
 7 | if(MbedTLS_INCLUDE_DIRS)
 8 |   find_file(has_build_info "build_info.h" PATHS "${MbedTLS_INCLUDE_DIRS}/mbedtls")
 9 | 
10 |   if(has_build_info)
11 |     set(ver_file "${MbedTLS_INCLUDE_DIRS}/mbedtls/build_info.h")
12 |   else()
13 |     set(ver_file "${MbedTLS_INCLUDE_DIRS}/mbedtls/version.h")
14 |   endif()
15 | 
16 |   file(STRINGS "${ver_file}" version_line
17 |     REGEX "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\".*\"")
18 | 
19 |   if(version_line)
20 |     string(REGEX REPLACE "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"(.*)\""
21 |       "\\1" MbedTLS_VERSION_STRING "${version_line}")
22 |     unset(version_line)
23 |   endif()
24 | endif()
25 | 
26 | set(MbedTLS_LIBRARIES ${MbedTLS_TLS_LIBRARY} ${MbedTLS_X509_LIBRARY} ${MbedTLS_CRYPTO_LIBRARY})
27 | include(FindPackageHandleStandardArgs)
28 | find_package_handle_standard_args(MbedTLS
29 |   REQUIRED_VARS MbedTLS_TLS_LIBRARY MbedTLS_X509_LIBRARY MbedTLS_CRYPTO_LIBRARY MbedTLS_LIBRARIES
30 |   MbedTLS_INCLUDE_DIRS MbedTLS_VERSION_STRING
31 |   VERSION_VAR MbedTLS_VERSION_STRING
32 | )
33 | 
34 | if(MbedTLS_FOUND)
35 |   include(AddFoundTarget)
36 |   _add_found_target(MbedTLS::crypto "${MbedTLS_INCLUDE_DIRS}" "${MbedTLS_CRYPTO_LIBRARY}")
37 |   _add_found_target(MbedTLS::tls "${MbedTLS_INCLUDE_DIRS}" "${MbedTLS_TLS_LIBRARY}")
38 |   target_link_libraries(MbedTLS::tls INTERFACE MbedTLS::crypto)
39 |   _add_found_target(MbedTLS::x509 "${MbedTLS_INCLUDE_DIRS}" "${MbedTLS_X509_LIBRARY}")
40 |   target_link_libraries(MbedTLS::x509 INTERFACE MbedTLS::crypto)
41 |   add_library(MbedTLS::mbedtls INTERFACE IMPORTED)
42 |   target_link_libraries(MbedTLS::mbedtls INTERFACE MbedTLS::crypto MbedTLS::tls)
43 | endif()
44 | 


--------------------------------------------------------------------------------
/cmake/FindRapidJSON.cmake:
--------------------------------------------------------------------------------
 1 | find_path(RapidJSON_INCLUDE_DIRS NAMES rapidjson/rapidjson.h)
 2 | 
 3 | if(RapidJSON_INCLUDE_DIRS)
 4 |   file(STRINGS "${RapidJSON_INCLUDE_DIRS}/rapidjson/rapidjson.h" major_version_line
 5 |     REGEX "^#define[\t ]+RAPIDJSON_MAJOR_VERSION[\t ]+[0-9]*")
 6 | 
 7 |   if(major_version_line)
 8 |     string(REGEX REPLACE "^#define[\t ]+RAPIDJSON_MAJOR_VERSION[\t ]+([0-9]*)"
 9 |       "\\1" major_version "${major_version_line}")
10 |     unset(major_version_line)
11 |   endif()
12 | 
13 |   file(STRINGS "${RapidJSON_INCLUDE_DIRS}/rapidjson/rapidjson.h" minor_version_line
14 |     REGEX "^#define[\t ]+RAPIDJSON_MINOR_VERSION[\t ]+[0-9]*")
15 | 
16 |   if(minor_version_line)
17 |     string(REGEX REPLACE "^#define[\t ]+RAPIDJSON_MINOR_VERSION[\t ]+([0-9]*)"
18 |       "\\1" minor_version "${minor_version_line}")
19 |     unset(minor_version_line)
20 |   endif()
21 | 
22 |   file(STRINGS "${RapidJSON_INCLUDE_DIRS}/rapidjson/rapidjson.h" patch_version_line
23 |     REGEX "^#define[\t ]+RAPIDJSON_PATCH_VERSION[\t ]+[0-9]*")
24 | 
25 |   if(patch_version_line)
26 |     string(REGEX REPLACE "^#define[\t ]+RAPIDJSON_PATCH_VERSION[\t ]+([0-9]*)"
27 |       "\\1" patch_version "${patch_version_line}")
28 |     unset(patch_version_line)
29 |   endif()
30 | 
31 |   if(DEFINED major_version AND DEFINED minor_version AND DEFINED patch_version)
32 |     set(RapidJSON_VERSION_STRING "${major_version}.${minor_version}.${patch_version}")
33 |   endif()
34 | 
35 |   unset(major_version)
36 |   unset(minor_version)
37 |   unset(patch_version)
38 | endif()
39 | 
40 | include(FindPackageHandleStandardArgs)
41 | find_package_handle_standard_args(RapidJSON
42 |   REQUIRED_VARS RapidJSON_INCLUDE_DIRS RapidJSON_VERSION_STRING
43 |   VERSION_VAR RapidJSON_VERSION_STRING
44 | )
45 | 
46 | if(RapidJSON_FOUND)
47 |   add_library(rapidjson INTERFACE IMPORTED)
48 |   target_include_directories(rapidjson INTERFACE ${RapidJSON_INCLUDE_DIRS})
49 | endif()
50 | 


--------------------------------------------------------------------------------
/src/crypto/brotli.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | 
 4 | #ifdef TLS_FINGERPRINT
 5 | #include <brotli/decode.h>
 6 | #include <brotli/encode.h>
 7 | #include <openssl/bytestring.h>
 8 | #endif  // TLS_FINGERPRINT
 9 | 
10 | #include <openssl/ssl.h>
11 | #include <pichi/common/literals.hpp>
12 | #include <pichi/crypto/brotli.hpp>
13 | 
14 | using namespace std;
15 | 
16 | namespace pichi::crypto {
17 | 
18 | #ifdef TLS_FINGERPRINT
19 | 
20 | template <typename CBB> int brotliCompress(SSL*, CBB* buf, uint8_t const* in, size_t in_len)
21 | {
22 |   auto out_len = BrotliEncoderMaxCompressedSize(in_len);
23 |   auto out = static_cast<uint8_t*>(nullptr);
24 |   if (CBB_reserve(buf, &out, out_len) == 0) {
25 |     return 0;
26 |   }
27 |   if (BrotliEncoderCompress(BROTLI_DEFAULT_QUALITY, BROTLI_DEFAULT_WINDOW, BROTLI_DEFAULT_MODE,
28 |                             in_len, in, &out_len, out) != BROTLI_DECODER_RESULT_SUCCESS) {
29 |     CBB_did_write(buf, 0_sz);
30 |     return 0;
31 |   }
32 |   CBB_did_write(buf, out_len);
33 |   return 1;
34 | }
35 | 
36 | template <typename CRYPTO_BUFFER>
37 | int brotliDecompress(SSL*, CRYPTO_BUFFER** out, size_t uncompressed_len, uint8_t const* in,
38 |                      size_t in_len)
39 | {
40 |   auto data = static_cast<uint8_t*>(nullptr);
41 |   *out = CRYPTO_BUFFER_alloc(&data, uncompressed_len);
42 |   if (*out == nullptr) return 0;
43 | 
44 |   auto out_len = uncompressed_len;
45 |   if (BrotliDecoderDecompress(in_len, in, &out_len, data) != BROTLI_DECODER_RESULT_SUCCESS ||
46 |       out_len != uncompressed_len) {
47 |     CRYPTO_BUFFER_free(*out);
48 |     return 0;
49 |   }
50 | 
51 |   return 1;
52 | }
53 | 
54 | template int brotliCompress<CBB>(SSL*, CBB*, uint8_t const*, size_t);
55 | template int brotliDecompress<CRYPTO_BUFFER>(SSL*, CRYPTO_BUFFER**, size_t, uint8_t const*, size_t);
56 | 
57 | #endif  // TLS_FINGERPRINT
58 | 
59 | }  // namespace pichi::crypto
60 | 


--------------------------------------------------------------------------------
/test/CMakeLists.txt:
--------------------------------------------------------------------------------
 1 | list(APPEND RAW_TESTS keys hash hmac hkdf base64 method cryptogram router uri endpoint
 2 |   socks5 http ss balancer trojan)
 3 | list(APPEND VO_TESTS vos vo_credential vo_ingress vo_egress vo_rule vo_route vo_options)
 4 | 
 5 | configure_file(geo.mmdb ${CMAKE_CURRENT_BINARY_DIR}/geo.mmdb COPYONLY)
 6 | 
 7 | set(UTILS_SRC utils.cpp)
 8 | set(VO_SRC vo.cpp)
 9 | 
10 | foreach(CASE IN LISTS RAW_TESTS)
11 |   add_executable(${CASE} "${CASE}.cpp" ${UTILS_SRC})
12 | endforeach()
13 | 
14 | foreach(CASE IN LISTS VO_TESTS)
15 |   add_executable(${CASE} "${CASE}.cpp" ${UTILS_SRC} ${VO_SRC})
16 | endforeach()
17 | 
18 | foreach(CASE IN LISTS RAW_TESTS VO_TESTS)
19 |   add_test(NAME ${CASE} COMMAND ${CASE})
20 |   target_link_libraries(${CASE} PRIVATE ${PICHI_LIBRARY}
21 |     ${COMMON_LIBRARIES} Boost::unit_test_framework)
22 |   set_target_properties(${CASE} PROPERTIES MSVC_RUNTIME_LIBRARY ${MSVC_CRT})
23 | endforeach()
24 | 
25 | include(GetLibraryDirectories)
26 | 
27 | foreach(lib IN LISTS COMMON_LIBRARIES)
28 |   _get_library_directories(dir ${lib})
29 |   list(APPEND COMMON_LIB_DIRS ${dir})
30 | endforeach()
31 | 
32 | list(REMOVE_DUPLICATES COMMON_LIB_DIRS)
33 | 
34 | if(ENABLE_CONAN AND BUILD_SHARED_LIBS)
35 |   if(WIN32)
36 |     foreach(LIB_DIR IN LISTS COMMON_LIB_DIRS)
37 |       list(APPEND TEST_PATH "$<PATH:APPEND,${LIB_DIR},..,${CMAKE_INSTALL_BINDIR}>")
38 |     endforeach()
39 | 
40 |     set_tests_properties(${RAW_TESTS} ${VO_TESTS} PROPERTIES ENVIRONMENT
41 |       "PATH=$<TARGET_FILE_DIR:${PICHI_LIBRARY}>\;$<JOIN:${TEST_PATH},\;>")
42 |   elseif(APPLE)
43 |     set_tests_properties(${RAW_TESTS} ${VO_TESTS} PROPERTIES ENVIRONMENT
44 |       "DYLD_LIBRARY_PATH=$<TARGET_FILE_DIR:${PICHI_LIBRARY}>:$<JOIN:${COMMON_LIB_DIRS},:>")
45 |   else()
46 |     set_tests_properties(${RAW_TESTS} ${VO_TESTS} PROPERTIES ENVIRONMENT
47 |       "LD_LIBRARY_PATH=$<TARGET_FILE_DIR:${PICHI_LIBRARY}>:$<JOIN:${COMMON_LIB_DIRS},:>")
48 |   endif()
49 | endif()
50 | 


--------------------------------------------------------------------------------
/include/pichi/vo/parse.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_PARSE_HPP
 2 | #define PICHI_VO_PARSE_HPP
 3 | 
 4 | #include <algorithm>
 5 | #include <iterator>
 6 | #include <pichi/common/asserts.hpp>
 7 | #include <pichi/common/endpoint.hpp>
 8 | #include <pichi/common/enumerations.hpp>
 9 | #include <pichi/vo/messages.hpp>
10 | #include <rapidjson/document.h>
11 | #include <stdint.h>
12 | #include <string>
13 | #include <string_view>
14 | #include <type_traits>
15 | #include <utility>
16 | #include <vector>
17 | 
18 | namespace pichi::vo {
19 | 
20 | template <typename T> T parse(rapidjson::Value const&);
21 | 
22 | extern std::string parseNameOrPassword(rapidjson::Value const&);
23 | extern std::vector<Endpoint> parseDestinantions(rapidjson::Value const&);
24 | 
25 | template <typename T> T parse(std::string_view src)
26 | {
27 |   auto doc = rapidjson::Document{};
28 |   doc.Parse(src.data(), src.size());
29 |   assertFalse(doc.HasParseError(), PichiError::BAD_JSON, "JSON syntax error");
30 |   return parse<T>(doc);
31 | }
32 | 
33 | template <typename Parser> auto parsePair(rapidjson::Value const& v, Parser&& parseItem)
34 | {
35 |   static_assert(std::is_invocable_r_v<std::string, Parser, rapidjson::Value const&>);
36 |   assertTrue(v.IsArray(), PichiError::BAD_JSON, msg::ARY_TYPE_ERROR);
37 |   auto array = v.GetArray();
38 |   assertTrue(array.Size() == 2, PichiError::BAD_JSON, msg::PAIR_TYPE_ERROR);
39 |   return std::make_pair(parseItem(array[0]), parseItem(array[1]));
40 | }
41 | 
42 | template <typename OutputIt, typename T, typename Converter>
43 | void parseArray(rapidjson::Value const& root, T const& key, OutputIt out, Converter&& convert)
44 | {
45 |   if (!root.HasMember(key)) return;
46 |   assertTrue(root[key].IsArray(), PichiError::BAD_JSON, msg::ARY_TYPE_ERROR);
47 |   auto array = root[key].GetArray();
48 |   std::transform(std::begin(array), std::end(array), out, std::forward<Converter>(convert));
49 | }
50 | 
51 | }  // namespace pichi::vo
52 | 
53 | #endif  // PICHI_VO_PARSE_HPP
54 | 


--------------------------------------------------------------------------------
/include/pichi/net/socks5.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_SOCKS5_HPP
 2 | #define PICHI_NET_SOCKS5_HPP
 3 | 
 4 | #include <functional>
 5 | #include <optional>
 6 | #include <pichi/common/adapter.hpp>
 7 | #include <pichi/common/literals.hpp>
 8 | #include <string>
 9 | 
10 | namespace pichi::net {
11 | 
12 | template <typename Stream> class Socks5Ingress : public Ingress {
13 | private:
14 |   using Authenticator = std::optional<std::function<bool(std::string const&, std::string const&)>>;
15 | 
16 |   void authenticate(Yield);
17 | 
18 | public:
19 |   template <typename... Args>
20 |   Socks5Ingress(Authenticator auth, Args&&... args)
21 |     : stream_{std::forward<Args>(args)...}, auth_{std::move(auth)}
22 |   {
23 |   }
24 | 
25 |   size_t recv(MutableBuffer, Yield) override;
26 |   void send(ConstBuffer, Yield) override;
27 |   void close(Yield) override;
28 |   bool readable() const override;
29 |   bool writable() const override;
30 |   Endpoint readRemote(Yield) override;
31 |   void confirm(Yield) override;
32 |   void disconnect(std::exception_ptr, Yield) override;
33 | 
34 | private:
35 |   Stream stream_;
36 |   Authenticator auth_;
37 | };
38 | 
39 | template <typename Stream> class Socks5Egress : public Egress {
40 | private:
41 |   using Credential = std::pair<std::string, std::string>;
42 | 
43 |   void authenticate(Yield);
44 | 
45 | public:
46 |   template <typename... Args>
47 |   Socks5Egress(std::optional<Credential> credential, Args&&... args)
48 |     : stream_{std::forward<Args>(args)...}, credential_{std::move(credential)}
49 |   {
50 |   }
51 | 
52 |   size_t recv(MutableBuffer, Yield) override;
53 |   void send(ConstBuffer, Yield) override;
54 |   void close(Yield) override;
55 |   bool readable() const override;
56 |   bool writable() const override;
57 |   void connect(Endpoint const& remote, ResolveResults next, Yield) override;
58 | 
59 | private:
60 |   Stream stream_;
61 |   std::optional<Credential> credential_;
62 | };
63 | 
64 | }  // namespace pichi::net
65 | 
66 | #endif  // PICHI_NET_SOCKS5_HPP
67 | 


--------------------------------------------------------------------------------
/include/pichi/net/trojan.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_NET_TROJAN_HPP
 2 | #define PICHI_NET_TROJAN_HPP
 3 | 
 4 | #include <boost/beast/core/flat_buffer.hpp>
 5 | #include <memory>
 6 | #include <pichi/common/adapter.hpp>
 7 | #include <string>
 8 | #include <string_view>
 9 | #include <unordered_set>
10 | 
11 | namespace pichi::net {
12 | 
13 | extern std::string sha224(std::string_view);
14 | 
15 | template <typename Stream> class TrojanIngress : public Ingress {
16 | public:
17 |   template <typename InputIt, typename... Args>
18 |   TrojanIngress(Endpoint remote, InputIt first, InputIt last, Args&&... args)
19 |     : remote_{remote}, passwords_{}, stream_{std::forward<Args>(args)...}
20 |   {
21 |     std::transform(first, last, std::inserter(passwords_, std::end(passwords_)), &sha224);
22 |   }
23 | 
24 |   size_t recv(MutableBuffer, Yield) override;
25 |   void send(ConstBuffer, Yield) override;
26 |   void close(Yield) override;
27 |   bool readable() const override;
28 |   bool writable() const override;
29 |   Endpoint readRemote(Yield) override;
30 |   void confirm(Yield) override;
31 | 
32 | private:
33 |   Endpoint remote_;
34 |   std::unordered_set<std::string> passwords_;
35 |   Stream stream_;
36 |   boost::beast::flat_buffer buf_ = {};
37 |   std::unique_ptr<Adapter> delegate_ = nullptr;
38 | };
39 | 
40 | template <typename Stream> class TrojanEgress : public Egress {
41 | public:
42 |   template <typename... Args>
43 |   TrojanEgress(std::string_view password, Args&&... args)
44 |     : stream_{std::forward<Args>(args)...}, password_{sha224(password)}
45 |   {
46 |   }
47 | 
48 |   size_t recv(MutableBuffer, Yield) override;
49 |   void send(ConstBuffer, Yield) override;
50 |   void close(Yield) override;
51 |   bool readable() const override;
52 |   bool writable() const override;
53 |   void connect(Endpoint const& remote, ResolveResults next, Yield) override;
54 | 
55 | private:
56 |   Stream stream_;
57 |   std::string password_;
58 | };
59 | 
60 | }  // namespace pichi::net
61 | 
62 | #endif  // PICHI_NET_TROJAN_HPP
63 | 


--------------------------------------------------------------------------------
/include/pichi/common/config.hpp.in:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CONFIG_H
 2 | #define PICHI_CONFIG_H
 3 | 
 4 | #cmakedefine HAS_CLASS_TEMPLATE_ARGUMENT_DEDUCTION
 5 | 
 6 | #cmakedefine TRANSPARENT_PF
 7 | #cmakedefine TRANSPARENT_IPTABLES
 8 | #cmakedefine TLS_FINGERPRINT
 9 | 
10 | #cmakedefine HAS_UNISTD_H
11 | #cmakedefine HAS_SIGNAL_H
12 | #cmakedefine HAS_PWD_H
13 | #cmakedefine HAS_GRP_H
14 | #cmakedefine HAS_GETPWNAM
15 | #cmakedefine HAS_SETUID
16 | #cmakedefine HAS_GETGRNAM
17 | #cmakedefine HAS_SETGID
18 | #cmakedefine HAS_FORK
19 | #cmakedefine HAS_SETSID
20 | #cmakedefine HAS_CLOSE
21 | #cmakedefine HAS_STRERROR_S
22 | #cmakedefine HAS_STRERROR_R
23 | 
24 | #ifdef __GNUC__
25 | 
26 | #if __GNUC__ >= 8
27 | #pragma GCC diagnostic ignored "-Wclass-memaccess"
28 | #endif  // __GNUC__ >= 8
29 | 
30 | #if __GNUC__ >= 10
31 | #pragma GCC diagnostic ignored "-Wignored-attributes"
32 | #endif  // __GNUC__ >= 10
33 | 
34 | #cmakedefine DISABLE_GCC_IGNORED_ATTRIBUTES
35 | #ifdef DISABLE_GCC_IGNORED_ATTRIBUTES
36 | #pragma GCC diagnostic ignored "-Wignored-attributes"
37 | #endif  // DISABLE_GCC_IGNORED_ATTRIBUTES
38 | 
39 | #endif  // __GNUC__
40 | 
41 | #ifdef __clang__
42 | 
43 | #if (defined(__APPLE__) && __clang_major__ >= 12) || __clang_major__ >= 11
44 | #pragma clang diagnostic ignored "-Wdeprecated-declarations"
45 | #endif
46 | 
47 | #cmakedefine DISABLE_CLANG_UNQUALIFIED_STD_CAST_CALL
48 | #ifdef DISABLE_CLANG_UNQUALIFIED_STD_CAST_CALL
49 | #pragma clang diagnostic ignored "-Wunqualified-std-cast-call"
50 | #endif
51 | 
52 | #endif  // __clang__
53 | 
54 | #ifdef _MSC_VER
55 | 
56 | #pragma warning(disable : 4459)
57 | #pragma warning(disable : 4646)
58 | #pragma warning(disable : 4702)
59 | 
60 | #endif  // _MSC_VER
61 | 
62 | #cmakedefine CMAKE_INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@"
63 | 
64 | #ifdef CMAKE_INSTALL_PREFIX
65 | #define PICHI_PREFIX CMAKE_INSTALL_PREFIX
66 | #else  // CMAKE_INSTALL_PREFIX
67 | #error "CMAKE_INSTALL_PREFIX not defined"
68 | #endif  // CMAKE_INSTALL_PREFIX
69 | 
70 | #cmakedefine BUILD_TEST
71 | 
72 | #endif  // PICHI_CONFIG_H
73 | 


--------------------------------------------------------------------------------
/.conan/recipes/boringssl/conandata.yml:
--------------------------------------------------------------------------------
 1 | sources:
 2 |   "18":
 3 |     url: https://boringssl.googlesource.com/boringssl/+archive/97d48dbeb8010365a1d5cb029bee29617261d8a0.tar.gz
 4 |   "19":
 5 |     url: https://boringssl.googlesource.com/boringssl/+archive/048d21cc1412429f2fa3c470ac95d2e4b2d2abf9.tar.gz
 6 |   "20":
 7 |     url: https://boringssl.googlesource.com/boringssl/+archive/b1c6f45f1fe6d808555d04a41bb44b322e4f4c1d.tar.gz
 8 |   "21":
 9 |     url: https://boringssl.googlesource.com/boringssl/+archive/335523a2c456e7444297ed0786e65771839931c3.tar.gz
10 |   "22":
11 |     url: https://boringssl.googlesource.com/boringssl/+archive/cbb96b4ffd29b7fd280b04f59790cf9b060bc7bc.tar.gz
12 |   "23":
13 |     url: https://boringssl.googlesource.com/boringssl/+archive/a36ac0a2e78adc0752a46eb01b7e048272241769.tar.gz
14 |   "24":
15 |     url: https://boringssl.googlesource.com/boringssl/+archive/e9f816b12b3e68de575d21e2a9b7d76e4e5c58ac.tar.gz
16 |   "25":
17 |     url: https://boringssl.googlesource.com/boringssl/+archive/8dec463a609706480a6ae9057702ec662843acc2.tar.gz
18 |   "26":
19 |     url: https://boringssl.googlesource.com/boringssl/+archive/1e3da32f3754b1b9136247ee26308cfd959cbeba.tar.gz
20 |   "27":
21 |     url: https://boringssl.googlesource.com/boringssl/+archive/2ba7634b9e2b33875e2a40dec9e04abffe061f2c.tar.gz
22 |   "28":
23 |     url: https://boringssl.googlesource.com/boringssl/+archive/23d58423169a2d473a6028228e46f68d1e65f503.tar.gz
24 |   "29":
25 |     url: https://boringssl.googlesource.com/boringssl/+archive/58a318edc892a595a5b043359a5d441869158699.tar.gz
26 |   "30":
27 |     url: https://boringssl.googlesource.com/boringssl/+archive/860db9e98f23c6e2692afb143a04987cc232e1f5.tar.gz
28 |   "31":
29 |     url: https://boringssl.googlesource.com/boringssl/+archive/1a118bbf76ab52698961a1c7ec717ab0080b037d.tar.gz
30 |   "32":
31 |     url: https://boringssl.googlesource.com/boringssl/+archive/4ad93a8c50451ee4c7cc31ecc49aeb19200a4e78.tar.gz
32 |   "33":
33 |     url: https://boringssl.googlesource.com/boringssl/+archive/803062a053a86cff4ef1ffac90d12a82885688f3.tar.gz
34 | 


--------------------------------------------------------------------------------
/src/api/session.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <array>
 4 | #include <boost/asio/ip/tcp.hpp>
 5 | #include <iostream>
 6 | #include <pichi/api/session.hpp>
 7 | #include <pichi/common/adapter.hpp>
 8 | #include <pichi/common/constants.hpp>
 9 | #include <pichi/common/endpoint.hpp>
10 | #include <pichi/net/spawn.hpp>
11 | 
12 | using namespace std;
13 | namespace asio = boost::asio;
14 | namespace sys = boost::system;
15 | 
16 | using asio::ip::tcp;
17 | 
18 | namespace pichi::api {
19 | 
20 | static void bridge(Adapter& from, Adapter& to, asio::yield_context yield)
21 | {
22 |   auto buf = array<uint8_t, MAX_FRAME_SIZE>{};
23 |   while (from.readable() && to.writable()) to.send({buf, from.recv(buf, yield)}, yield);
24 | }
25 | 
26 | Session::~Session() = default;
27 | 
28 | Session::Session(asio::io_context& io, Session::IngressPtr&& ingress, Session::EgressPtr&& egress)
29 |   : strand_{io}, ingress_{move(ingress)}, egress_{move(egress)}
30 | {
31 | }
32 | 
33 | void Session::start(Endpoint const& remote, ResolveResults const& next)
34 | {
35 |   // FIXME Not copying for self because net::spawn ensures that
36 |   //   Function and ExceptionHandler share the same scope.
37 |   net::spawn(
38 |       strand_,
39 |       [=, this, self = shared_from_this()](auto yield) {
40 |         egress_->connect(remote, next, yield);
41 |         ingress_->confirm(yield);
42 |         net::spawn(
43 |             strand_, [self, this](auto yield) { bridge(*ingress_, *egress_, yield); },
44 |             [this](auto, auto yield) noexcept { this->close(yield); });
45 |         net::spawn(
46 |             strand_, [self, this](auto yield) { bridge(*egress_, *ingress_, yield); },
47 |             [this](auto, auto yield) noexcept { this->close(yield); });
48 |       },
49 |       [this](auto eptr, auto yield) noexcept { ingress_->disconnect(eptr, yield); });
50 | }
51 | 
52 | void Session::start() { start({}, {}); }
53 | 
54 | template <typename Yield> void Session::close(Yield yield)
55 | {
56 |   ingress_->close(yield);
57 |   egress_->close(yield);
58 | }
59 | 
60 | }  // namespace pichi::api
61 | 


--------------------------------------------------------------------------------
/include/pichi/vo/credential.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_CREDENTIAL_HPP
 2 | #define PICHI_VO_CREDENTIAL_HPP
 3 | 
 4 | #include <pichi/common/enumerations.hpp>
 5 | #include <rapidjson/document.h>
 6 | #include <string>
 7 | #include <unordered_map>
 8 | #include <unordered_set>
 9 | 
10 | namespace pichi::vo {
11 | 
12 | struct UpIngressCredential {
13 |   std::unordered_map<std::string, std::string> credential_;
14 | };
15 | 
16 | struct UpEgressCredential {
17 |   std::pair<std::string, std::string> credential_;
18 | };
19 | 
20 | extern rapidjson::Value toJson(UpIngressCredential const&, rapidjson::Document::AllocatorType&);
21 | extern rapidjson::Value toJson(UpEgressCredential const&, rapidjson::Document::AllocatorType&);
22 | 
23 | struct TrojanIngressCredential {
24 |   std::unordered_set<std::string> credential_;
25 | };
26 | 
27 | struct TrojanEgressCredential {
28 |   std::string credential_;
29 | };
30 | 
31 | extern rapidjson::Value toJson(TrojanIngressCredential const&, rapidjson::Document::AllocatorType&);
32 | extern rapidjson::Value toJson(TrojanEgressCredential const&, rapidjson::Document::AllocatorType&);
33 | 
34 | struct VMessIngressCredential {
35 |   std::unordered_map<std::string, uint16_t> credential_;
36 | };
37 | 
38 | struct VMessEgressCredential {
39 |   std::string uuid_;
40 |   uint16_t alter_id_;
41 |   VMessSecurity security_;
42 | };
43 | 
44 | extern rapidjson::Value toJson(VMessIngressCredential const&, rapidjson::Document::AllocatorType&);
45 | extern rapidjson::Value toJson(VMessEgressCredential const&, rapidjson::Document::AllocatorType&);
46 | 
47 | extern bool operator==(UpIngressCredential const&, UpIngressCredential const&);
48 | extern bool operator==(UpEgressCredential const&, UpEgressCredential const&);
49 | extern bool operator==(TrojanIngressCredential const&, TrojanIngressCredential const&);
50 | extern bool operator==(TrojanEgressCredential const&, TrojanEgressCredential const&);
51 | extern bool operator==(VMessIngressCredential const&, VMessIngressCredential const&);
52 | extern bool operator==(VMessEgressCredential const&, VMessEgressCredential const&);
53 | 
54 | }  // namespace pichi::vo
55 | 
56 | #endif  // PICHI_VO_CREDENTIAL_HPP
57 | 


--------------------------------------------------------------------------------
/.conan/recipes/libmaxminddb/conanfile.py:
--------------------------------------------------------------------------------
 1 | from conan import ConanFile
 2 | from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout
 3 | from conan.tools.files import get, replace_in_file
 4 | import os
 5 | 
 6 | 
 7 | class LibmaxminddbConan(ConanFile):
 8 |   name = "libmaxminddb"
 9 |   license = "Apache-2.0 License"
10 |   author = "Maxmind <support@maxmind.com>"
11 |   url = "http://www.maxmind.com/"
12 |   description = "C library for the MaxMind DB file format"
13 |   topics = ()
14 |   settings = "os", "compiler", "build_type", "arch"
15 |   options = {"shared": [True, False], "fPIC": [True, False]}
16 |   default_options = {"shared": False, "fPIC": True}
17 | 
18 |   def config_options(self):
19 |     if self.settings.os == "Windows":
20 |       self.options.rm_safe("fPIC")
21 | 
22 |   def configure(self):
23 |     if self.options.shared:
24 |       self.options.rm_safe("fPIC")
25 | 
26 |   def layout(self):
27 |     cmake_layout(self, src_folder="src")
28 | 
29 |   def source(self):
30 |     get(self, **self.conan_data["sources"][self.version],
31 |         destination=self.source_folder, strip_root=True)
32 |     replace_in_file(self, os.path.join(self.source_folder, "bin", "CMakeLists.txt"),
33 |                     "target_link_libraries(mmdblookup maxminddb pthread)",
34 |                     """
35 |                     find_package(Threads REQUIRED)
36 |                     target_link_libraries(mmdblookup maxminddb Threads::Threads)
37 |                     """)
38 |   
39 |   def generate(self):
40 |     tc = CMakeToolchain(self)
41 |     tc.cache_variables["BUILD_TESTING"] = False
42 |     tc.cache_variables["BUILD_SHARED_LIBS"] = self.options.shared
43 |     tc.generate()
44 | 
45 |   def build(self):
46 |     cmake = CMake(self)
47 |     cmake.configure()
48 |     cmake.build()
49 | 
50 |   def package(self):
51 |     cmake = CMake(self)
52 |     cmake.install()
53 | 
54 |   def package_info(self):
55 |     self.cpp_info.set_property("cmake_find_mode", "both")
56 |     self.cpp_info.set_property("cmake_file_name", "MaxmindDB")
57 |     self.cpp_info.set_property("cmake_target_name", "maxminddb::maxminddb")
58 |     self.cpp_info.set_property("pkg_config_name", "libmaxminddb")
59 |     self.cpp_info.libs = ["maxminddb"]
60 | 


--------------------------------------------------------------------------------
/src/common/uri.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/algorithm/string.hpp>
 4 | #include <cmath>
 5 | #include <pichi/common/asserts.hpp>
 6 | #include <pichi/common/uri.hpp>
 7 | #include <regex>
 8 | 
 9 | using namespace std;
10 | using namespace std::string_view_literals;
11 | 
12 | namespace pichi {
13 | 
14 | // This URI regex isn't intended to follow RFC3986
15 | static auto const URI_REGEX =
16 |     regex{"^(https?)://(([^:/?#\\[\\]]+)|\\[([a-f0-9:.]+)\\])(:(\\d+))?(/[^#?]*([#?].*)?)?$",
17 |           regex::icase};
18 | static auto const URI_REGEX_SIZE = 9;
19 | static auto const HOST_REGEX = regex{"^(([^:/\\[\\]]+)|\\[([a-f0-9:.]+)\\])(:(\\d+))?$"};
20 | static auto const HOST_REGEX_SIZE = 6;
21 | 
22 | static string_view r2sv(csub_match const& m, csub_match::difference_type size)
23 | {
24 |   assert(size <= m.length());
25 |   return {m.first, static_cast<size_t>(abs(size))};
26 | }
27 | 
28 | static string_view r2sv(csub_match const& m) { return r2sv(m, m.length()); }
29 | 
30 | static auto matching(string_view s, regex const& re, size_t size)
31 | {
32 |   auto r = cmatch{};
33 |   assertTrue(regex_match(s.data(), s.data() + s.size(), r, re), PichiError::BAD_PROTO);
34 |   assertTrue(r.size() == size, PichiError::BAD_PROTO);
35 |   return r;
36 | }
37 | 
38 | static string_view scheme2port(string_view scheme)
39 | {
40 |   if (boost::iequals("http"sv, scheme))
41 |     return "80"sv;
42 |   else if (boost::iequals("https"sv, scheme))
43 |     return "443"sv;
44 |   else
45 |     fail(PichiError::BAD_PROTO);
46 | }
47 | 
48 | Uri::Uri(string_view s)
49 | {
50 |   auto r = matching(s, URI_REGEX, URI_REGEX_SIZE);
51 | 
52 |   all_ = r2sv(r[0]);
53 |   scheme_ = r2sv(r[1]);
54 |   host_ = r2sv(r[2]);
55 |   host_ = r[3].matched ? r2sv(r[3]) : r2sv(r[4]);
56 |   port_ = r[5].matched ? r2sv(r[6]) : scheme2port(scheme_);
57 |   suffix_ = r[7].matched ? r2sv(r[7]) : "/"sv;
58 |   path_ = r[7].matched ? r2sv(r[7], distance(r[7].first, r[8].first)) : "/"sv;
59 |   query_ = r2sv(r[8]);
60 | }
61 | 
62 | HostAndPort::HostAndPort(string_view s)
63 | {
64 |   auto r = matching(s, HOST_REGEX, HOST_REGEX_SIZE);
65 |   host_ = r[2].matched ? r2sv(r[2]) : r2sv(r[3]);
66 |   port_ = r[4].matched ? r2sv(r[5]) : "80"sv;
67 | }
68 | 
69 | }  // namespace pichi
70 | 


--------------------------------------------------------------------------------
/include/pichi/crypto/aead.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CRYPTO_AEAD_HPP
 2 | #define PICHI_CRYPTO_AEAD_HPP
 3 | 
 4 | #include <array>
 5 | #include <mbedtls/gcm.h>
 6 | #include <pichi/common/buffer.hpp>
 7 | #include <pichi/crypto/method.hpp>
 8 | 
 9 | namespace pichi::crypto {
10 | 
11 | /*
12 |  * For AES-GCMs: context means mbedtls context
13 |  * For CHACHA20 and XCHACHA20: context means subkey generated by HKDF_SHA1
14 |  */
15 | template <CryptoMethod method>
16 | using AeadContext =
17 |     std::conditional_t<detail::isGcm<method>(), mbedtls_gcm_context,
18 |                        std::conditional_t<detail::isSodiumAead<method>(),
19 |                                           std::array<uint8_t, KEY_SIZE<method>>, void>>;
20 | 
21 | template <CryptoMethod method> class AeadEncryptor {
22 | public:
23 |   static_assert(detail::isAead<method>(), "Not an AEAD crypto method");
24 | 
25 |   AeadEncryptor(AeadEncryptor const&) = delete;
26 |   AeadEncryptor(AeadEncryptor&&) = delete;
27 |   AeadEncryptor& operator=(AeadEncryptor const&) = delete;
28 |   AeadEncryptor& operator=(AeadEncryptor&&) = delete;
29 | 
30 | public:
31 |   AeadEncryptor(ConstBuffer key, ConstBuffer iv = {});
32 |   ~AeadEncryptor();
33 | 
34 |   ConstBuffer getIv() const;
35 |   size_t encrypt(ConstBuffer plain, MutableBuffer cipher);
36 | 
37 | private:
38 |   std::array<uint8_t, NONCE_SIZE<method>> nonce_;
39 |   std::array<uint8_t, IV_SIZE<method>> salt_;
40 |   AeadContext<method> ctx_;
41 | };
42 | 
43 | template <CryptoMethod method> class AeadDecryptor {
44 | public:
45 |   static_assert(detail::isAead<method>(), "Not an AEAD crypto method");
46 | 
47 |   AeadDecryptor(AeadDecryptor const&) = delete;
48 |   AeadDecryptor(AeadDecryptor&&) = delete;
49 |   AeadDecryptor& operator=(AeadDecryptor const&) = delete;
50 |   AeadDecryptor& operator=(AeadDecryptor&&) = delete;
51 | 
52 | public:
53 |   AeadDecryptor(ConstBuffer key);
54 |   ~AeadDecryptor();
55 | 
56 |   size_t getIvSize() const;
57 |   void setIv(ConstBuffer iv);
58 |   size_t decrypt(ConstBuffer cipher, MutableBuffer plain);
59 | 
60 | private:
61 |   std::array<uint8_t, KEY_SIZE<method>> ikm_;
62 |   std::array<uint8_t, NONCE_SIZE<method>> nonce_;
63 |   AeadContext<method> ctx_;
64 |   bool initialized_ = false;
65 | };
66 | 
67 | }  // namespace pichi::crypto
68 | 
69 | #endif
70 | 


--------------------------------------------------------------------------------
/include/pichi/vo/to_json.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_TO_JSON_HPP
 2 | #define PICHI_VO_TO_JSON_HPP
 3 | 
 4 | #include <algorithm>
 5 | #include <pichi/common/asserts.hpp>
 6 | #include <pichi/common/endpoint.hpp>
 7 | #include <pichi/common/enumerations.hpp>
 8 | #include <pichi/vo/iterator.hpp>
 9 | #include <rapidjson/document.h>
10 | #include <string>
11 | #include <string_view>
12 | #include <type_traits>
13 | 
14 | namespace pichi::vo {
15 | 
16 | extern rapidjson::Value portToJson(std::string const&);
17 | extern rapidjson::Value toJson(AdapterType, rapidjson::Document::AllocatorType&);
18 | extern rapidjson::Value toJson(CryptoMethod, rapidjson::Document::AllocatorType&);
19 | extern rapidjson::Value toJson(DelayMode, rapidjson::Document::AllocatorType&);
20 | extern rapidjson::Value toJson(BalanceType, rapidjson::Document::AllocatorType&);
21 | extern rapidjson::Value toJson(VMessSecurity, rapidjson::Document::AllocatorType&);
22 | extern rapidjson::Value toJson(std::string_view, rapidjson::Document::AllocatorType&);
23 | extern rapidjson::Value toJson(Endpoint const&, rapidjson::Document::AllocatorType&);
24 | 
25 | template <typename InputIt>
26 | auto toJson(InputIt first, InputIt last, rapidjson::Document::AllocatorType& alloc)
27 | {
28 |   auto ret = rapidjson::Value{};
29 |   if constexpr (IsPairV<std::decay_t<typename std::iterator_traits<InputIt>::value_type>>) {
30 |     ret.SetObject();
31 |     std::for_each(first, last, [&ret, &alloc](auto&& i) {
32 |       assertFalse(i.first.empty(), PichiError::MISC);
33 |       ret.AddMember(toJson(i.first, alloc), toJson(i.second, alloc), alloc);
34 |     });
35 |   }
36 |   else if constexpr (std::is_same_v<
37 |                          std::decay_t<typename std::iterator_traits<InputIt>::value_type>,
38 |                          Endpoint>) {
39 |     ret.SetObject();
40 |     std::for_each(first, last, [&ret, &alloc](auto&& endpoint) {
41 |       ret.AddMember(toJson(endpoint.host_, alloc), rapidjson::Value{endpoint.port_}, alloc);
42 |     });
43 |   }
44 |   else {
45 |     ret.SetArray();
46 |     std::for_each(first, last, [&ret, &alloc](auto&& i) { ret.PushBack(toJson(i, alloc), alloc); });
47 |   }
48 |   return ret;
49 | }
50 | 
51 | extern std::string toString(rapidjson::Value const&);
52 | 
53 | }  // namespace pichi::vo
54 | 
55 | #endif  // PICHI_VO_TO_JSON_HPP
56 | 


--------------------------------------------------------------------------------
/include/pichi/vo/options.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_OPTIONS_HPP
 2 | #define PICHI_VO_OPTIONS_HPP
 3 | 
 4 | #include <optional>
 5 | #include <pichi/common/endpoint.hpp>
 6 | #include <pichi/common/enumerations.hpp>
 7 | #include <rapidjson/document.h>
 8 | #include <string>
 9 | #include <vector>
10 | 
11 | namespace pichi::vo {
12 | 
13 | struct ShadowsocksOption {
14 |   std::string password_;
15 |   CryptoMethod method_;
16 | };
17 | 
18 | extern rapidjson::Value toJson(ShadowsocksOption const&, rapidjson::Document::AllocatorType&);
19 | extern bool operator==(ShadowsocksOption const&, ShadowsocksOption const&);
20 | 
21 | struct TunnelOption {
22 |   std::vector<Endpoint> destinations_;
23 |   BalanceType balance_;
24 | };
25 | 
26 | extern rapidjson::Value toJson(TunnelOption const&, rapidjson::Document::AllocatorType&);
27 | extern bool operator==(TunnelOption const&, TunnelOption const&);
28 | 
29 | struct RejectOption {
30 |   DelayMode mode_;
31 |   std::optional<uint16_t> delay_;
32 | };
33 | 
34 | extern rapidjson::Value toJson(RejectOption const&, rapidjson::Document::AllocatorType&);
35 | extern bool operator==(RejectOption const&, RejectOption const&);
36 | 
37 | struct TrojanOption {
38 |   Endpoint remote_;
39 | };
40 | 
41 | extern rapidjson::Value toJson(TrojanOption const&, rapidjson::Document::AllocatorType&);
42 | extern bool operator==(TrojanOption const&, TrojanOption const&);
43 | 
44 | struct TlsIngressOption {
45 |   std::string certFile_;
46 |   std::string keyFile_;
47 | };
48 | 
49 | extern rapidjson::Value toJson(TlsIngressOption const&, rapidjson::Document::AllocatorType&);
50 | extern bool operator==(TlsIngressOption const&, TlsIngressOption const&);
51 | 
52 | struct TlsEgressOption {
53 |   bool insecure_;
54 |   std::optional<std::string> caFile_;
55 |   std::optional<std::string> serverName_;
56 |   std::optional<std::string> sni_;
57 | };
58 | 
59 | extern rapidjson::Value toJson(TlsEgressOption const&, rapidjson::Document::AllocatorType&);
60 | extern bool operator==(TlsEgressOption const&, TlsEgressOption const&);
61 | 
62 | struct WebsocketOption {
63 |   std::string path_;
64 |   std::optional<std::string> host_;
65 | };
66 | 
67 | extern rapidjson::Value toJson(WebsocketOption const&, rapidjson::Document::AllocatorType&);
68 | extern bool operator==(WebsocketOption const&, WebsocketOption const&);
69 | 
70 | }  // namespace pichi::vo
71 | 
72 | #endif  // PICHI_VO_OPTIONS_HPP
73 | 


--------------------------------------------------------------------------------
/include/pichi/vo/iterator.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_ITERATOR_HPP
 2 | #define PICHI_VO_ITERATOR_HPP
 3 | 
 4 | #include <functional>
 5 | #include <iterator>
 6 | #include <optional>
 7 | #include <string_view>
 8 | #include <type_traits>
 9 | 
10 | namespace pichi::vo {
11 | 
12 | template <typename T> struct IsPair : public std::false_type {
13 | };
14 | 
15 | template <typename T1, typename T2> struct IsPair<std::pair<T1, T2>> : public std::true_type {
16 | };
17 | 
18 | template <typename T> inline constexpr bool IsPairV = IsPair<T>::value;
19 | 
20 | template <typename Delegate, typename ValueType> class Iterator {
21 | private:
22 |   static_assert(std::is_base_of_v<std::forward_iterator_tag,
23 |                                   typename std::iterator_traits<Delegate>::iterator_category>);
24 |   static_assert(IsPairV<ValueType>);
25 |   static_assert(std::is_copy_constructible_v<ValueType>);
26 |   using Holder = std::optional<ValueType>;
27 |   using Generator = std::function<ValueType(Delegate)>;
28 | 
29 | public:
30 |   using iterator_category = std::forward_iterator_tag;
31 |   using value_type = ValueType;
32 |   using difference_type = typename std::iterator_traits<Delegate>::difference_type;
33 |   using reference = value_type const&;
34 |   using pointer = value_type const*;
35 | 
36 | public:
37 |   Iterator(Delegate delegate, Delegate last, Generator g) : delegate_{delegate}, last_{last}, g_{g}
38 |   {
39 |     if (delegate_ != last_) holder_.emplace(g_(delegate_));
40 |   }
41 | 
42 |   reference operator*() const { return *holder_; }
43 | 
44 |   pointer operator->() const { return std::addressof(*holder_); }
45 | 
46 |   Iterator& operator++()
47 |   {
48 |     if (++delegate_ != last_)
49 |       holder_.emplace(g_(delegate_));
50 |     else
51 |       holder_.reset();
52 |     return *this;
53 |   }
54 | 
55 |   Iterator operator++(int)
56 |   {
57 |     auto ret = *this;
58 |     ++(*this);
59 |     return ret;
60 |   }
61 | 
62 |   friend inline bool operator==(Iterator const& lhs, Iterator const& rhs)
63 |   {
64 |     return lhs.delegate_ == rhs.delegate_;
65 |   }
66 | 
67 |   friend inline bool operator!=(Iterator const& lhs, Iterator const& rhs)
68 |   {
69 |     return lhs.delegate_ != rhs.delegate_;
70 |   }
71 | 
72 | private:
73 |   Delegate delegate_;
74 |   Delegate last_;
75 |   Generator g_;
76 |   Holder holder_ = {};
77 | };
78 | 
79 | }  // namespace pichi::vo
80 | 
81 | #endif  // PICHI_VO_ITERATOR_HPP
82 | 


--------------------------------------------------------------------------------
/test/vo.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_TEST_VO_HPP
 2 | #define PICHI_TEST_VO_HPP
 3 | 
 4 | #include "utils.hpp"
 5 | #include <boost/mpl/set.hpp>
 6 | #include <pichi/common/enumerations.hpp>
 7 | #include <pichi/vo/credential.hpp>
 8 | #include <pichi/vo/egress.hpp>
 9 | #include <pichi/vo/ingress.hpp>
10 | #include <pichi/vo/options.hpp>
11 | #include <rapidjson/document.h>
12 | #include <type_traits>
13 | 
14 | namespace pichi::unit_test {
15 | 
16 | using AllCredentials = boost::mpl::set<vo::UpIngressCredential, vo::TrojanIngressCredential,
17 |                                        vo::VMessIngressCredential, vo::UpEgressCredential,
18 |                                        vo::TrojanEgressCredential, vo::VMessEgressCredential>;
19 | 
20 | using IngressCredentials = boost::mpl::set<vo::UpIngressCredential, vo::TrojanIngressCredential,
21 |                                            vo::VMessIngressCredential>;
22 | 
23 | using EgressCredentials =
24 |     boost::mpl::set<vo::UpEgressCredential, vo::TrojanEgressCredential, vo::VMessEgressCredential>;
25 | 
26 | template <typename Credential> Credential defaultCredential();
27 | template <typename Credential> rapidjson::Value defaultCredentialJson();
28 | 
29 | using AllOptions =
30 |     boost::mpl::set<vo::ShadowsocksOption, vo::TunnelOption, vo::RejectOption, vo::TrojanOption,
31 |                     vo::TlsIngressOption, vo::TlsEgressOption, vo::WebsocketOption>;
32 | 
33 | template <typename Key, typename Set> using HasKeyT = typename boost::mpl::has_key<Set, Key>::type;
34 | template <typename Key, typename Set> inline constexpr bool HasKey = HasKeyT<Key, Set>::value;
35 | 
36 | template <typename Option> rapidjson::Value defaultOptionJson();
37 | template <typename Option> Option defaultOption();
38 | 
39 | extern rapidjson::Document::AllocatorType& alloc;
40 | extern Endpoint const DEFAULT_ENDPOINT;
41 | 
42 | template <typename Modifier> rapidjson::Value createJsonObject(Modifier&& modify)
43 | {
44 |   static_assert(std::is_invocable_v<Modifier, rapidjson::Value&>);
45 |   auto ret = rapidjson::Value{rapidjson::kObjectType};
46 |   modify(ret);
47 |   return ret;
48 | }
49 | 
50 | template <typename Modifier> rapidjson::Value createJsonArray(Modifier&& modify)
51 | {
52 |   auto ret = rapidjson::Value{rapidjson::kArrayType};
53 |   ret.PushBack(createJsonObject(std::forward<Modifier>(modify)), alloc);
54 |   return ret;
55 | }
56 | 
57 | }  // namespace pichi::unit_test
58 | 
59 | #endif  // PICHI_TEST_VO_HPP
60 | 


--------------------------------------------------------------------------------
/src/common/error.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <boost/system/error_category.hpp>
 4 | #include <boost/system/error_condition.hpp>
 5 | #include <pichi/common/error.hpp>
 6 | #include <string>
 7 | 
 8 | using namespace std;
 9 | namespace sys = boost::system;
10 | 
11 | namespace pichi {
12 | 
13 | using ErrorCode = sys::error_code;
14 | using ErrorCondition = sys::error_condition;
15 | 
16 | struct ErrorCategory : public sys::error_category {
17 |   char const* name() const noexcept override { return "pichi"; }
18 | 
19 |   string message(int ev) const override
20 |   {
21 |     switch (static_cast<PichiError>(ev)) {
22 |     case PichiError::OK:
23 |       return "OK";
24 |     case PichiError::BAD_PROTO:
25 |       return "Bad protocol";
26 |     case PichiError::CRYPTO_ERROR:
27 |       return "Crypto error";
28 |     case PichiError::BUFFER_OVERFLOW:
29 |       return "Buffer maximum exceeded";
30 |     case PichiError::BAD_JSON:
31 |       return "Invalid JSON";
32 |     case PichiError::SEMANTIC_ERROR:
33 |       return "JSON semantic error";
34 |     case PichiError::RES_IN_USE:
35 |       return "Resource in use";
36 |     case PichiError::RES_LOCKED:
37 |       return "Resource locked";
38 |     case PichiError::CONN_FAILURE:
39 |       return "Connection failure";
40 |     case PichiError::BAD_AUTH_METHOD:
41 |       return "Bad authentication method";
42 |     case PichiError::UNAUTHENTICATED:
43 |       return "Authentication failure";
44 |     case PichiError::MISC:
45 |       return "Misc error";
46 |     default:
47 |       return "Unknown";
48 |     }
49 |   }
50 | 
51 |   ErrorCondition default_error_condition(int ev) const noexcept override { return {ev, *this}; }
52 | 
53 |   bool equivalent(int ev, ErrorCondition const& condition) const noexcept override
54 |   {
55 |     return condition.value() == ev && addressof(condition.category()) == this;
56 |   }
57 | 
58 |   bool equivalent(ErrorCode const& ec, int ev) const noexcept override
59 |   {
60 |     return ec.value() == ev && addressof(ec.category()) == this;
61 |   }
62 | };
63 | 
64 | static auto const GLOBAL_CATEGORY = ErrorCategory{};
65 | 
66 | sys::error_category const& PICHI_CATEGORY = GLOBAL_CATEGORY;
67 | 
68 | ErrorCode make_error_code(PichiError e) { return makeErrorCode(e); }
69 | 
70 | ErrorCode makeErrorCode(PichiError e)
71 | {
72 |   return ErrorCode{static_cast<underlying_type_t<PichiError>>(e), GLOBAL_CATEGORY};
73 | }
74 | 
75 | }  // namespace pichi
76 | 


--------------------------------------------------------------------------------
/test/base64.cpp:
--------------------------------------------------------------------------------
 1 | #define BOOST_TEST_MODULE pichi base64 test
 2 | 
 3 | #include "utils.hpp"
 4 | #include <array>
 5 | #include <boost/test/unit_test.hpp>
 6 | #include <pichi/common/literals.hpp>
 7 | #include <pichi/crypto/base64.hpp>
 8 | #include <unordered_map>
 9 | 
10 | using namespace std;
11 | 
12 | namespace pichi::unit_test {
13 | 
14 | using namespace crypto;
15 | 
16 | BOOST_AUTO_TEST_SUITE(Base64)
17 | 
18 | BOOST_AUTO_TEST_CASE(encode_Empty_String_View)
19 | {
20 |   BOOST_CHECK_EQUAL(""sv, base64Encode(string_view{nullptr, 0}));
21 | }
22 | 
23 | BOOST_AUTO_TEST_CASE(decode_Empty_String_View)
24 | {
25 |   BOOST_CHECK_EQUAL(""sv, base64Decode(string_view{nullptr, 0}, PichiError::MISC));
26 | }
27 | 
28 | /*
29 |  * According to RFC 4648 10
30 |  * BASE64("") = ""
31 |  * BASE64("f") = "Zg=="
32 |  * BASE64("fo") = "Zm8="
33 |  * BASE64("foo") = "Zm9v"
34 |  * BASE64("foob") = "Zm9vYg=="
35 |  * BASE64("fooba") = "Zm9vYmE="
36 |  * BASE64("foobar") = "Zm9vYmFy"
37 |  */
38 | 
39 | BOOST_AUTO_TEST_CASE(encode_RFC4648)
40 | {
41 |   auto pairs = unordered_map<string_view, string_view>{{""sv, ""sv},
42 |                                                        {"f"sv, "Zg=="sv},
43 |                                                        {"fo"sv, "Zm8="sv},
44 |                                                        {"foo"sv, "Zm9v"sv},
45 |                                                        {"foob"sv, "Zm9vYg=="sv},
46 |                                                        {"fooba"sv, "Zm9vYmE="sv},
47 |                                                        {"foobar"sv, "Zm9vYmFy"sv}};
48 |   for (auto p : pairs) {
49 |     BOOST_CHECK_EQUAL(p.second, base64Encode(p.first));
50 |   }
51 | }
52 | 
53 | BOOST_AUTO_TEST_CASE(decode_RFC4648)
54 | {
55 |   auto pairs = unordered_map<string_view, string_view>{{""sv, ""sv},
56 |                                                        {"Zg=="sv, "f"sv},
57 |                                                        {"Zm8="sv, "fo"sv},
58 |                                                        {"Zm9v"sv, "foo"sv},
59 |                                                        {"Zm9vYg=="sv, "foob"sv},
60 |                                                        {"Zm9vYmE="sv, "fooba"sv},
61 |                                                        {"Zm9vYmFy"sv, "foobar"sv}};
62 |   for (auto p : pairs) {
63 |     BOOST_CHECK_EQUAL(p.second, base64Decode(p.first));
64 |   }
65 | }
66 | 
67 | BOOST_AUTO_TEST_SUITE_END()
68 | 
69 | }  // namespace pichi::unit_test
70 | 


--------------------------------------------------------------------------------
/include/pichi/api/router.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_API_ROUTER_HPP
 2 | #define PICHI_API_ROUTER_HPP
 3 | 
 4 | #include <map>
 5 | #include <memory>
 6 | #include <pichi/vo/iterator.hpp>
 7 | #include <pichi/vo/route.hpp>
 8 | #include <pichi/vo/rule.hpp>
 9 | 
10 | struct MMDB_s;
11 | 
12 | namespace boost::asio::ip {
13 | 
14 | class tcp;
15 | template <typename Protocol> class basic_endpoint;
16 | template <typename Protocol> class basic_resolver_results;
17 | 
18 | }  // namespace boost::asio::ip
19 | 
20 | namespace pichi {
21 | 
22 | struct Endpoint;
23 | 
24 | namespace api {
25 | 
26 | extern bool matchPattern(std::string_view remote, std::string_view pattern);
27 | extern bool matchDomain(std::string_view subdomain, std::string_view domain);
28 | 
29 | class Geo {
30 | public:
31 |   Geo(char const* fn);
32 |   ~Geo();
33 | 
34 |   Geo(Geo&&) noexcept = default;
35 |   Geo& operator=(Geo&&) noexcept = default;
36 | 
37 |   Geo(Geo const&) = delete;
38 |   Geo& operator=(Geo const&) = delete;
39 | 
40 | public:
41 |   bool match(boost::asio::ip::basic_endpoint<boost::asio::ip::tcp> const&,
42 |              std::string_view country) const;
43 | 
44 | private:
45 |   std::unique_ptr<MMDB_s> db_;
46 | };
47 | 
48 | class Router {
49 | public:
50 |   using VO = vo::Rule;
51 | 
52 | private:
53 |   using ResolvedResult = boost::asio::ip::basic_resolver_results<boost::asio::ip::tcp>;
54 |   using Matcher =
55 |       std::function<bool(Endpoint const&, ResolvedResult const&, std::string_view, AdapterType)>;
56 |   using Container = std::map<std::string, std::pair<VO, std::vector<Matcher>>, std::less<>>;
57 |   using DelegateIterator = typename Container::const_iterator;
58 |   using ValueType = std::pair<std::string_view, VO const&>;
59 |   using ConstIterator = vo::Iterator<DelegateIterator, ValueType>;
60 | 
61 |   static ValueType generatePair(DelegateIterator);
62 | 
63 | public:
64 |   Router(char const* fn);
65 | 
66 |   std::string_view route(Endpoint const&, std::string_view ingress, AdapterType,
67 |                          ResolvedResult const&) const;
68 | 
69 |   void update(std::string const&, VO);
70 |   void erase(std::string_view);
71 | 
72 |   ConstIterator begin() const noexcept;
73 |   ConstIterator end() const noexcept;
74 |   bool isUsed(std::string_view) const;
75 |   bool needResloving() const;
76 | 
77 |   vo::Route getRoute() const;
78 |   void setRoute(vo::Route);
79 | 
80 | private:
81 |   Geo geo_;
82 |   Container rules_ = {};
83 |   bool needResolving_ = false;
84 |   vo::Route route_ = {"direct"};
85 | };
86 | 
87 | }  // namespace api
88 | }  // namespace pichi
89 | 
90 | #endif  // PICHI_API_ROUTER_HPP
91 | 


--------------------------------------------------------------------------------
/include/pichi/common/buffer.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_COMMON_BUFFER_HPP
 2 | #define PICHI_COMMON_BUFFER_HPP
 3 | 
 4 | #include <concepts>
 5 | #include <ranges>
 6 | #include <span>
 7 | #include <stdint.h>
 8 | #include <type_traits>
 9 | 
10 | namespace pichi {
11 | 
12 | template <typename T>
13 | concept VoidPointer = std::same_as<void, std::remove_const_t<std::remove_pointer_t<T>>>;
14 | 
15 | template <typename Pod>
16 | concept PodType = std::is_standard_layout_v<Pod> && std::is_trivial_v<Pod>;
17 | 
18 | template <typename R>
19 | concept ConstContiguousRange = std::ranges::contiguous_range<R> && requires(R r)
20 | {
21 |   {
22 |     std::ranges::data(r)
23 |     } -> std::same_as<decltype(std::ranges::cdata(r))>;
24 | };
25 | 
26 | template <typename R>
27 | concept CStyleRange = requires(R r)
28 | {
29 |   {
30 |     r.data()
31 |     } -> VoidPointer;
32 |   {
33 |     r.size()
34 |     } -> std::same_as<size_t>;
35 | };
36 | 
37 | template <PodType Pod> struct Buffer : public std::span<Pod> {
38 |   template <typename... Args>
39 |   requires std::constructible_from<std::span<Pod>, Args...>
40 |   constexpr Buffer(Args&&... args) : std::span<Pod>{std::forward<Args>(args)...} {}
41 | 
42 |   template <std::ranges::contiguous_range R>
43 |   requires(sizeof(std::ranges::range_value_t<R>) == sizeof(Pod) &&
44 |            (std::is_const_v<Pod> || !ConstContiguousRange<R>)) constexpr Buffer(R&& r)
45 |     : Buffer{reinterpret_cast<Pod*>(std::ranges::data(r)), std::ranges::size(r)}
46 |   {
47 |   }
48 | 
49 |   template <std::ranges::contiguous_range R>
50 |   requires(std::constructible_from<Buffer, R>) constexpr Buffer(R&& r, size_t n)
51 |     : Buffer{reinterpret_cast<Pod*>(std::ranges::data(r)), n}
52 |   {
53 |   }
54 | 
55 |   template <CStyleRange R> constexpr Buffer(R&& r) : Buffer{static_cast<Pod*>(r.data()), r.size()}
56 |   {
57 |   }
58 | 
59 |   template <CStyleRange R>
60 |   constexpr Buffer(R&& r, size_t n) : Buffer{static_cast<Pod*>(r.data()), n}
61 |   {
62 |   }
63 | 
64 |   Buffer& operator+=(size_t n)
65 |   {
66 |     auto it = std::ranges::begin(*this);
67 |     auto d = std::ranges::advance(it, n, std::ranges::end(*this));
68 |     *this = Buffer{it, d == 0 ? std::ranges::size(*this) - n : 0};
69 |     return *this;
70 |   }
71 | };
72 | 
73 | template <PodType Pod> Buffer<Pod> operator+(Buffer<Pod> const& b, size_t n)
74 | {
75 |   auto ret = b;
76 |   ret += n;
77 |   return ret;
78 | }
79 | 
80 | template <PodType Pod> Buffer<Pod> operator+(size_t n, Buffer<Pod> const& b) { return b + n; }
81 | 
82 | using ConstBuffer = Buffer<uint8_t const>;
83 | using MutableBuffer = Buffer<uint8_t>;
84 | 
85 | }  // namespace pichi
86 | 
87 | #endif  // PICHI_COMMON_BUFFER_HPP
88 | 


--------------------------------------------------------------------------------
/src/vo/route.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <algorithm>
 4 | #include <iterator>
 5 | #include <numeric>
 6 | #include <pichi/common/asserts.hpp>
 7 | #include <pichi/common/enumerations.hpp>
 8 | #include <pichi/vo/keys.hpp>
 9 | #include <pichi/vo/messages.hpp>
10 | #include <pichi/vo/parse.hpp>
11 | #include <pichi/vo/route.hpp>
12 | #include <pichi/vo/to_json.hpp>
13 | 
14 | using namespace std;
15 | namespace json = rapidjson;
16 | using Allocator = json::Document::AllocatorType;
17 | 
18 | namespace pichi::vo {
19 | 
20 | json::Value toJson(Route const& rvo, Allocator& alloc)
21 | {
22 |   // "default" is required when sending to clients
23 |   assertTrue(rvo.default_.has_value(), PichiError::MISC);
24 |   assertFalse(rvo.default_->empty(), PichiError::MISC);
25 | 
26 |   auto route = json::Value{};
27 |   route.SetObject();
28 |   route.AddMember(route::DEFAULT, toJson(*rvo.default_, alloc), alloc);
29 | 
30 |   auto rules = json::Value{};
31 |   rules.SetArray();
32 |   for_each(cbegin(rvo.rules_), cend(rvo.rules_), [&](auto&& item) {
33 |     auto rule = json::Value{};
34 |     rule.SetArray();
35 |     for_each(cbegin(item.first), cend(item.first),
36 |              [&](auto&& name) { rule.PushBack(toJson(name, alloc), alloc); });
37 |     rule.PushBack(toJson(item.second, alloc), alloc);
38 |     rules.PushBack(move(rule), alloc);
39 |   });
40 |   route.AddMember(route::RULES, move(rules), alloc);
41 |   return route;
42 | }
43 | 
44 | template <> Route parse(json::Value const& v)
45 | {
46 |   assertTrue(v.IsObject(), PichiError::BAD_JSON, msg::OBJ_TYPE_ERROR);
47 | 
48 |   auto rvo = Route{};
49 | 
50 |   if (v.HasMember(route::DEFAULT)) rvo.default_.emplace(parse<string>(v[route::DEFAULT]));
51 | 
52 |   parseArray(v, route::RULES, back_inserter(rvo.rules_), [](auto&& v) {
53 |     assertTrue(v.IsArray(), PichiError::BAD_JSON, msg::ARY_TYPE_ERROR);
54 |     auto array = v.GetArray();
55 |     assertTrue(array.Size() >= 2, PichiError::BAD_JSON, msg::ARY_SIZE_ERROR);
56 |     auto first = array.Begin();
57 |     auto last = first + (array.Size() - 1);
58 |     return make_pair(accumulate(first, last, vector<string>{},
59 |                                 [](auto&& full, auto&& item) {
60 |                                   full.push_back(parse<string>(item));
61 |                                   return move(full);
62 |                                 }),
63 |                      parse<string>(*last));
64 |   });
65 | 
66 |   return rvo;
67 | }
68 | 
69 | bool operator==(Route const& lhs, Route const& rhs)
70 | {
71 |   return lhs.default_ == rhs.default_ &&
72 |          equal(begin(lhs.rules_), end(lhs.rules_), begin(rhs.rules_), end(rhs.rules_));
73 | }
74 | 
75 | }  // namespace pichi::vo


--------------------------------------------------------------------------------
/src/vo/rule.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <iterator>
 4 | #include <pichi/vo/keys.hpp>
 5 | #include <pichi/vo/parse.hpp>
 6 | #include <pichi/vo/rule.hpp>
 7 | #include <pichi/vo/to_json.hpp>
 8 | 
 9 | using namespace std;
10 | namespace json = rapidjson;
11 | using Allocator = json::Document::AllocatorType;
12 | 
13 | namespace pichi::vo {
14 | 
15 | json::Value toJson(Rule const& rvo, Allocator& alloc)
16 | {
17 |   auto rule = json::Value{};
18 |   rule.SetObject();
19 |   if (!rvo.range_.empty())
20 |     rule.AddMember(rule::RANGE, toJson(begin(rvo.range_), end(rvo.range_), alloc), alloc);
21 |   if (!rvo.ingress_.empty())
22 |     rule.AddMember(rule::INGRESS, toJson(begin(rvo.ingress_), end(rvo.ingress_), alloc), alloc);
23 |   if (!rvo.type_.empty())
24 |     rule.AddMember(rule::TYPE, toJson(begin(rvo.type_), end(rvo.type_), alloc), alloc);
25 |   if (!rvo.pattern_.empty())
26 |     rule.AddMember(rule::PATTERN, toJson(begin(rvo.pattern_), end(rvo.pattern_), alloc), alloc);
27 |   if (!rvo.domain_.empty())
28 |     rule.AddMember(rule::DOMAIN_NAME, toJson(begin(rvo.domain_), end(rvo.domain_), alloc), alloc);
29 |   if (!rvo.country_.empty())
30 |     rule.AddMember(rule::COUNTRY, toJson(begin(rvo.country_), end(rvo.country_), alloc), alloc);
31 |   return rule;
32 | }
33 | 
34 | template <> Rule parse(json::Value const& v)
35 | {
36 |   assertTrue(v.IsObject(), PichiError::BAD_JSON, msg::OBJ_TYPE_ERROR);
37 | 
38 |   auto rvo = Rule{};
39 |   auto parseString = [](auto&& v) { return parse<string>(v); };
40 |   auto parseAdapterType = [](auto&& v) { return parse<AdapterType>(v); };
41 | 
42 |   parseArray(v, rule::RANGE, back_inserter(rvo.range_), parseString);
43 |   parseArray(v, rule::INGRESS, back_inserter(rvo.ingress_), parseString);
44 |   parseArray(v, rule::TYPE, back_inserter(rvo.type_), parseAdapterType);
45 |   parseArray(v, rule::PATTERN, back_inserter(rvo.pattern_), parseString);
46 |   parseArray(v, rule::DOMAIN_NAME, back_inserter(rvo.domain_), parseString);
47 |   parseArray(v, rule::COUNTRY, back_inserter(rvo.country_), parseString);
48 | 
49 |   return rvo;
50 | }
51 | 
52 | bool operator==(Rule const& lhs, Rule const& rhs)
53 | {
54 |   return equal(begin(lhs.range_), end(lhs.range_), begin(rhs.range_), end(rhs.range_)) &&
55 |          equal(begin(lhs.ingress_), end(lhs.ingress_), begin(rhs.ingress_), end(rhs.ingress_)) &&
56 |          equal(begin(lhs.type_), end(lhs.type_), begin(rhs.type_), end(rhs.type_)) &&
57 |          equal(begin(lhs.pattern_), end(lhs.pattern_), begin(rhs.pattern_), end(rhs.pattern_)) &&
58 |          equal(begin(lhs.domain_), end(lhs.domain_), begin(rhs.domain_), end(rhs.domain_)) &&
59 |          equal(begin(lhs.country_), end(lhs.country_), begin(rhs.country_), end(rhs.country_));
60 | }
61 | 
62 | }  // namespace pichi::vo
63 | 


--------------------------------------------------------------------------------
/src/crypto/fingerprint.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/config.hpp>
 2 | // Include config.hpp first
 3 | #include <array>
 4 | #include <openssl/ssl.h>
 5 | #include <pichi/common/literals.hpp>
 6 | #include <pichi/crypto/brotli.hpp>
 7 | #include <pichi/crypto/fingerprint.hpp>
 8 | 
 9 | using namespace std;
10 | 
11 | namespace pichi::crypto {
12 | 
13 | #ifdef TLS_FINGERPRINT
14 | void enableBrotliCompression(::SSL_CTX* ctx)
15 | {
16 |   ::SSL_CTX_add_cert_compression_alg(ctx, TLSEXT_cert_compression_brotli, &brotliCompress<::CBB>,
17 |                                      nullptr);
18 | #else   // TLS_FINGERPRINT
19 | void enableBrotliCompression(::SSL_CTX*)
20 | {
21 | #endif  // TLS_FINGERPRINT
22 | }
23 | 
24 | // Simulate the TLS fingerprint according to https://tlsfingerprint.io/id/e47eae8f8c4887b6
25 | 
26 | #ifdef TLS_FINGERPRINT
27 | void setupTlsFingerprint(::SSL_CTX* ctx)
28 | {
29 |   static decltype(auto) CIPHER_SUITES =
30 |       "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
31 |       "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:"
32 |       "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"
33 |       "ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:"
34 |       "AES128-SHA:AES256-SHA";
35 | 
36 |   static auto const ALPN = array{0x02_u8, 0x68_u8, 0x32_u8, 0x08_u8, 0x68_u8, 0x74_u8,
37 |                                  0x74_u8, 0x70_u8, 0x2f_u8, 0x31_u8, 0x2e_u8, 0x31_u8};
38 | 
39 |   static auto const ALGORITHMS =
40 |       array{NID_sha256, EVP_PKEY_EC,      NID_sha256, EVP_PKEY_RSA_PSS, NID_sha256, EVP_PKEY_RSA,
41 |             NID_sha384, EVP_PKEY_EC,      NID_sha384, EVP_PKEY_RSA_PSS, NID_sha384, EVP_PKEY_RSA,
42 |             NID_sha512, EVP_PKEY_RSA_PSS, NID_sha512, EVP_PKEY_RSA};
43 | 
44 |   ::SSL_CTX_set_permute_extensions(ctx, 1);
45 |   ::SSL_CTX_set_grease_enabled(ctx, 1);
46 |   ::SSL_CTX_enable_ocsp_stapling(ctx);
47 |   ::SSL_CTX_set_cipher_list(ctx, CIPHER_SUITES);
48 |   ::SSL_CTX_enable_signed_cert_timestamps(ctx);
49 |   ::SSL_CTX_set_alpn_protos(ctx, ALPN.data(), static_cast<unsigned>(ALPN.size()));
50 |   ::SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
51 |   ::SSL_CTX_set1_sigalgs(ctx, ALGORITHMS.data(), ALGORITHMS.size());
52 |   ::SSL_CTX_add_cert_compression_alg(ctx, TLSEXT_cert_compression_brotli, nullptr,
53 |                                      &brotliDecompress<::CRYPTO_BUFFER>);
54 | #else   // TLS_FINGERPRINT
55 | void setupTlsFingerprint(::SSL_CTX*)
56 | {
57 | #endif  // TLS_FINGERPRINT
58 | }
59 | 
60 | #ifdef TLS_FINGERPRINT
61 | void setupTlsFingerprint(::SSL* ssl)
62 | {
63 |   ::SSL_add_application_settings(ssl, reinterpret_cast<uint8_t const*>("h2"), 2, NULL, 0);
64 | #else   // TLS_FINGERPRINT
65 | void setupTlsFingerprint(::SSL*)
66 | {
67 | #endif  // TLS_FINGERPRINT
68 | }
69 | 
70 | }  // namespace pichi::crypto
71 | 


--------------------------------------------------------------------------------
/.conan/scripts/path.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | 
  3 | usage()
  4 | {
  5 |   cat <<EOF
  6 | Usage:
  7 | conan.sh path [-p platform] [-d] [-o] [-s] [platform specific options] <version>
  8 |   -d: set build_type=Debug if sepecified, otherwise Release.
  9 |   -o: tls_fingerprint=False is set if specified, otherwise True.
 10 |   -p: available platforms are: windows/freebsd/macos/linux/ios/android.
 11 |   -s: shared=True is set if specified, otherwise False.
 12 |   version: pichi version
 13 | platform specific options:
 14 |   -a arch       : settings.arch
 15 |   -v ios_version: os.version
 16 |   -l api_level  : settings.os.api_level
 17 | EOF
 18 |   exit 1
 19 | }
 20 | 
 21 | check_mandatory_arg()
 22 | {
 23 |   if [ -z "$2" ]; then
 24 |     echo "$1 is mandatory"
 25 |     false
 26 |   fi
 27 | }
 28 | 
 29 | find_pkg()
 30 | {
 31 |   conan list -f json 'pichi:*' | \
 32 |     jq -r "\
 33 |       first(.\"Local Cache\".\"pichi/${version}\".revisions[]).packages | to_entries | .[] \
 34 |       | select(.value.info.settings.build_type == \"${build_type}\") \
 35 |       | select(.value.info.options.shared == \"${shared}\") \
 36 |       | select(.value.info.options.tls_fingerprint == \"${fingerprint}\") \
 37 |       ${selector} \
 38 |       | .key"
 39 | }
 40 | 
 41 | set -o errexit
 42 | 
 43 | code_root="$(dirname $0)/../.."
 44 | build_type="Release"
 45 | shared="False"
 46 | fingerprint="True"
 47 | selector=""
 48 | 
 49 | trap usage EXIT
 50 | args=`getopt a:dl:op:r:sv: $*`
 51 | set -- $args
 52 | for i; do
 53 |   case "$i" in
 54 |     -a)
 55 |       shift
 56 |       selector="${selector} | select(.value.info.settings.arch == \"${1}\")"
 57 |       shift
 58 |       ;;
 59 |     -d)
 60 |       shift
 61 |       build_type="Debug"
 62 |       ;;
 63 |     -l)
 64 |       shift
 65 |       selector="${selector} | select(.value.info.settings.\"os.api_level\" == \"${1}\")"
 66 |       shift
 67 |       ;;
 68 |     -p)
 69 |       shift
 70 |       case "${1}" in
 71 |         windows) platform="Windows";;
 72 |         freebsd) platform="FreeBSD";;
 73 |         macos) platform="Macos";;
 74 |         linux) platform="Linux";;
 75 |         ios) platform="iOS";;
 76 |         android) platform="Android";;
 77 |         *) false;;
 78 |       esac
 79 |       selector="${selector} | select(.value.info.settings.os == \"${platform}\")"
 80 |       shift
 81 |       ;;
 82 |     -o)
 83 |       shift
 84 |       fingerprint="False"
 85 |       ;;
 86 |     -s)
 87 |       shift
 88 |       shared="True"
 89 |       ;;
 90 |     -v)
 91 |       shift
 92 |       selector="${selector} | select(.value.info.settings.\"os.version\" == \"${1}\")"
 93 |       shift
 94 |       ;;
 95 |     --)
 96 |       shift
 97 |       check_mandatory_arg "version" "$1"
 98 |       version="${1}"
 99 |       ;;
100 |   esac
101 | done
102 | 
103 | trap - EXIT
104 | 
105 | for pkg in $(find_pkg); do
106 |   conan cache path "pichi/${version}:${pkg}"
107 | done
108 | 


--------------------------------------------------------------------------------
/src/crypto/key.cpp:
--------------------------------------------------------------------------------
 1 | #include <pichi/common/asserts.hpp>
 2 | #include <pichi/crypto/hash.hpp>
 3 | #include <pichi/crypto/key.hpp>
 4 | 
 5 | using namespace std;
 6 | 
 7 | namespace pichi::crypto {
 8 | 
 9 | template <CryptoMethod method> size_t generateKey(ConstBuffer pw, MutableBuffer psk)
10 | {
11 |   assertTrue(psk.size() >= KEY_SIZE<method>, PichiError::MISC);
12 |   auto ct = ConstBuffer{};
13 |   auto mt = MutableBuffer{psk, KEY_SIZE<method>};
14 |   while (mt.size() != 0) {
15 |     auto md5 = Hash<HashAlgorithm::MD5>{};
16 |     md5.append(ct);
17 |     md5.append(pw);
18 |     auto len = md5.hash(mt);
19 |     ct = {mt, len};
20 |     mt = {mt.data() + len, mt.size() > len ? mt.size() - len : 0};
21 |   }
22 |   return KEY_SIZE<method>;
23 | }
24 | 
25 | size_t generateKey(CryptoMethod method, ConstBuffer pw, MutableBuffer psk)
26 | {
27 |   switch (method) {
28 |   case CryptoMethod::RC4_MD5:
29 |     return generateKey<CryptoMethod::RC4_MD5>(pw, psk);
30 |   case CryptoMethod::BF_CFB:
31 |     return generateKey<CryptoMethod::BF_CFB>(pw, psk);
32 |   case CryptoMethod::AES_128_CTR:
33 |     return generateKey<CryptoMethod::AES_128_CTR>(pw, psk);
34 |   case CryptoMethod::AES_192_CTR:
35 |     return generateKey<CryptoMethod::AES_192_CTR>(pw, psk);
36 |   case CryptoMethod::AES_256_CTR:
37 |     return generateKey<CryptoMethod::AES_256_CTR>(pw, psk);
38 |   case CryptoMethod::AES_128_CFB:
39 |     return generateKey<CryptoMethod::AES_128_CFB>(pw, psk);
40 |   case CryptoMethod::AES_192_CFB:
41 |     return generateKey<CryptoMethod::AES_192_CFB>(pw, psk);
42 |   case CryptoMethod::AES_256_CFB:
43 |     return generateKey<CryptoMethod::AES_256_CFB>(pw, psk);
44 |   case CryptoMethod::CAMELLIA_128_CFB:
45 |     return generateKey<CryptoMethod::CAMELLIA_128_CFB>(pw, psk);
46 |   case CryptoMethod::CAMELLIA_192_CFB:
47 |     return generateKey<CryptoMethod::CAMELLIA_192_CFB>(pw, psk);
48 |   case CryptoMethod::CAMELLIA_256_CFB:
49 |     return generateKey<CryptoMethod::CAMELLIA_256_CFB>(pw, psk);
50 |   case CryptoMethod::CHACHA20:
51 |     return generateKey<CryptoMethod::CHACHA20>(pw, psk);
52 |   case CryptoMethod::SALSA20:
53 |     return generateKey<CryptoMethod::SALSA20>(pw, psk);
54 |   case CryptoMethod::CHACHA20_IETF:
55 |     return generateKey<CryptoMethod::CHACHA20_IETF>(pw, psk);
56 |   case CryptoMethod::AES_128_GCM:
57 |     return generateKey<CryptoMethod::AES_128_GCM>(pw, psk);
58 |   case CryptoMethod::AES_192_GCM:
59 |     return generateKey<CryptoMethod::AES_192_GCM>(pw, psk);
60 |   case CryptoMethod::AES_256_GCM:
61 |     return generateKey<CryptoMethod::AES_256_GCM>(pw, psk);
62 |   case CryptoMethod::CHACHA20_IETF_POLY1305:
63 |     return generateKey<CryptoMethod::CHACHA20_IETF_POLY1305>(pw, psk);
64 |   case CryptoMethod::XCHACHA20_IETF_POLY1305:
65 |     return generateKey<CryptoMethod::XCHACHA20_IETF_POLY1305>(pw, psk);
66 |   default:
67 |     fail(PichiError::MISC);
68 |   }
69 | }
70 | 
71 | }  // namespace pichi::crypto
72 | 


--------------------------------------------------------------------------------
/include/pichi/crypto/stream.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_CRYPTO_STREAM_HPP
 2 | #define PICHI_CRYPTO_STREAM_HPP
 3 | 
 4 | #include <algorithm>
 5 | #include <array>
 6 | #include <mbedtls/aes.h>
 7 | #include <mbedtls/camellia.h>
 8 | #include <pichi/common/buffer.hpp>
 9 | #include <pichi/crypto/method.hpp>
10 | #include <stdint.h>
11 | 
12 | #if MBEDTLS_VERSION_MAJOR < 3
13 | #include <mbedtls/arc4.h>
14 | #include <mbedtls/blowfish.h>
15 | #endif  // MBEDTLS_VERSION_MAJOR < 3
16 | 
17 | namespace pichi::crypto {
18 | 
19 | template <CryptoMethod method>
20 | using StreamContext = std::conditional_t<
21 | #if MBEDTLS_VERSION_MAJOR < 3
22 |     detail::isArc<method>(), mbedtls_arc4_context,
23 |     std::conditional_t<
24 |         detail::isBlowfish<method>(), mbedtls_blowfish_context,
25 |         std::conditional_t<
26 | #endif  // MBEDTLS_VERSION_MAJOR < 3
27 |             detail::isAesCtr<method>() || detail::isAesCfb<method>(), mbedtls_aes_context,
28 |             std::conditional_t<detail::isCamellia<method>(), mbedtls_camellia_context,
29 |                                std::conditional_t<detail::isSodiumStream<method>(),
30 |                                                   std::array<uint8_t, KEY_SIZE<method>>, void>>>
31 | #if MBEDTLS_VERSION_MAJOR < 3
32 |         >>
33 | #endif  // MBEDTLS_VERSION_MAJOR < 3
34 |     ;
35 | 
36 | template <CryptoMethod method>
37 | inline constexpr size_t BLK_SIZE = detail::isAesCtr<method>() ? 16 : 0;
38 | 
39 | template <CryptoMethod method> class StreamEncryptor {
40 | public:
41 |   static_assert(detail::isStream<method>(), "Not a stream crypto method");
42 | 
43 |   StreamEncryptor(StreamEncryptor const&) = delete;
44 |   StreamEncryptor(StreamEncryptor&&) = delete;
45 |   StreamEncryptor& operator=(StreamEncryptor const&) = delete;
46 |   StreamEncryptor& operator=(StreamEncryptor&&) = delete;
47 | 
48 | public:
49 |   explicit StreamEncryptor(ConstBuffer key, ConstBuffer iv = {});
50 |   ~StreamEncryptor();
51 | 
52 |   ConstBuffer getIv() const;
53 |   size_t encrypt(ConstBuffer plain, MutableBuffer cipher);
54 | 
55 | private:
56 |   StreamContext<method> ctx_;
57 |   std::array<uint8_t, IV_SIZE<method> + BLK_SIZE<method>> iv_;
58 |   size_t offset_ = 0;
59 | };
60 | 
61 | template <CryptoMethod method> class StreamDecryptor {
62 | public:
63 |   static_assert(detail::isStream<method>(), "Not a stream crypto method");
64 | 
65 |   StreamDecryptor(StreamDecryptor const&) = delete;
66 |   StreamDecryptor(StreamDecryptor&&) = delete;
67 |   StreamDecryptor& operator=(StreamDecryptor const&) = delete;
68 |   StreamDecryptor& operator=(StreamDecryptor&&) = delete;
69 | 
70 | public:
71 |   explicit StreamDecryptor(ConstBuffer key);
72 |   ~StreamDecryptor();
73 | 
74 |   size_t getIvSize() const;
75 |   void setIv(ConstBuffer iv);
76 |   size_t decrypt(ConstBuffer cipher, MutableBuffer plain);
77 | 
78 | private:
79 |   StreamContext<method> ctx_;
80 |   std::array<uint8_t, std::max(IV_SIZE<method> + BLK_SIZE<method>, KEY_SIZE<method>)> iv_;
81 |   size_t offset_ = 0;
82 |   bool initialized_ = false;
83 | };
84 | 
85 | }  // namespace pichi::crypto
86 | 
87 | #endif  // PICHI_CRYPTO_STREAM_HPP
88 | 


--------------------------------------------------------------------------------
/test/keys.cpp:
--------------------------------------------------------------------------------
 1 | #define BOOST_TEST_MODULE pichi key test
 2 | 
 3 | #include "utils.hpp"
 4 | #include <algorithm>
 5 | #include <array>
 6 | #include <boost/mpl/list.hpp>
 7 | #include <boost/test/unit_test.hpp>
 8 | #include <pichi/crypto/key.hpp>
 9 | #include <pichi/crypto/method.hpp>
10 | #include <utility>
11 | #include <vector>
12 | 
13 | using namespace std;
14 | namespace mpl = boost::mpl;
15 | 
16 | namespace pichi::unit_test {
17 | 
18 | using namespace crypto;
19 | 
20 | static auto const cases = vector<pair<vector<uint8_t>, vector<uint8_t>>>{
21 |     make_pair(vector<uint8_t>{},
22 |               hex2bin("d41d8cd98f00b204e9800998ecf8427e59adb24ef3cdbe0297f05b395827453f")),
23 |     make_pair(str2vec("Hi There"),
24 |               hex2bin("5b49b515f3173e4540b7d39bb57a4482f1b1d0d6dbb76cc6a54c6432fc7d361c")),
25 |     make_pair(str2vec("what do ya want for nothing?"),
26 |               hex2bin("d03cb659cbf9192dcd066272249f841235f9a69f9840003edb22e6edd60543cf")),
27 |     make_pair(vector<uint8_t>(50, 0xdd),
28 |               hex2bin("b3af4940b3b7a0e7448cbfbb6ab04cc8a2faf9a0491cbbc4640315166074c17c")),
29 |     make_pair(vector<uint8_t>(50, 0xcd),
30 |               hex2bin("999732b72ceff665b3f7608411db66a4ff7072fd61273c9a6b14a27091a5cea8")),
31 |     make_pair(str2vec("Test With Truncation"),
32 |               hex2bin("dbcc9d8a88e5287213bc3556f8f8a4987d38b56b1b662007ed68265a574b7637"))};
33 | 
34 | template <CryptoMethod method, size_t size> struct MHelper {
35 |   static constexpr auto METHOD = method;
36 |   static constexpr auto SIZE = size;
37 | };
38 | 
39 | using Helpers = mpl::list<
40 |     MHelper<CryptoMethod::RC4_MD5, 16>, MHelper<CryptoMethod::BF_CFB, 16>,
41 |     MHelper<CryptoMethod::AES_128_CTR, 16>, MHelper<CryptoMethod::AES_192_CTR, 24>,
42 |     MHelper<CryptoMethod::AES_256_CTR, 32>, MHelper<CryptoMethod::AES_128_CFB, 16>,
43 |     MHelper<CryptoMethod::AES_192_CFB, 24>, MHelper<CryptoMethod::AES_256_CFB, 32>,
44 |     MHelper<CryptoMethod::CAMELLIA_128_CFB, 16>, MHelper<CryptoMethod::CAMELLIA_192_CFB, 24>,
45 |     MHelper<CryptoMethod::CAMELLIA_256_CFB, 32>, MHelper<CryptoMethod::CHACHA20, 32>,
46 |     MHelper<CryptoMethod::SALSA20, 32>, MHelper<CryptoMethod::CHACHA20_IETF, 32>,
47 |     MHelper<CryptoMethod::AES_128_GCM, 16>, MHelper<CryptoMethod::AES_192_GCM, 24>,
48 |     MHelper<CryptoMethod::AES_256_GCM, 32>, MHelper<CryptoMethod::CHACHA20_IETF_POLY1305, 32>,
49 |     MHelper<CryptoMethod::XCHACHA20_IETF_POLY1305, 32>>;
50 | 
51 | BOOST_AUTO_TEST_SUITE(KEYS)
52 | 
53 | BOOST_AUTO_TEST_CASE_TEMPLATE(generateKey_Normal, Helper, Helpers)
54 | {
55 |   for_each(cbegin(cases), cend(cases), [](auto const& pair) {
56 |     auto container = array<uint8_t, 1024>{0};
57 |     auto pw = ConstBuffer{pair.first};
58 |     auto expt = ConstBuffer{std::cbegin(pair.second), Helper::SIZE};
59 |     auto fact = MutableBuffer{std::begin(container), Helper::SIZE};
60 |     BOOST_CHECK(generateKey(Helper::METHOD, pw, fact) == Helper::SIZE);
61 |     BOOST_CHECK_EQUAL_COLLECTIONS(cbegin(expt), cend(expt), cbegin(fact), cend(fact));
62 |   });
63 | }
64 | 
65 | BOOST_AUTO_TEST_SUITE_END()
66 | 
67 | }  // namespace pichi::unit_test
68 | 


--------------------------------------------------------------------------------
/include/pichi/vo/messages.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_VO_MESSAGES_HPP
 2 | #define PICHI_VO_MESSAGES_HPP
 3 | 
 4 | #include <string_view>
 5 | 
 6 | namespace pichi::vo::msg {
 7 | 
 8 | inline std::string_view const OBJ_TYPE_ERROR = "JSON object required";
 9 | inline std::string_view const ARY_TYPE_ERROR = "JSON array required";
10 | inline std::string_view const INT_TYPE_ERROR = "Integer required";
11 | inline std::string_view const STR_TYPE_ERROR = "String required";
12 | inline std::string_view const BOOL_TYPE_ERROR = "Boolean required";
13 | inline std::string_view const PAIR_TYPE_ERROR = "Pair type required";
14 | inline std::string_view const ARY_SIZE_ERROR = "Array size error";
15 | inline std::string_view const AT_INVALID = "Invalid adapter type string";
16 | inline std::string_view const CM_INVALID = "Invalid crypto method string";
17 | inline std::string_view const UINT16_INVALID = "Exceed the range of uint16_t [0, 65536)";
18 | inline std::string_view const DM_INVALID = "Invalid delay mode type string";
19 | inline std::string_view const DL_INVALID = "Delay time must be in range [0, 300]";
20 | inline std::string_view const BA_INVALID = "Invalid balance string";
21 | inline std::string_view const SEC_INVALID = "Invalid security string";
22 | inline std::string_view const STR_EMPTY = "Empty string";
23 | inline std::string_view const MISSING_TYPE_FIELD = "Missing type field";
24 | inline std::string_view const MISSING_HOST_FIELD = "Missing host field";
25 | inline std::string_view const MISSING_BIND_FIELD = "Missing bind field";
26 | inline std::string_view const MISSING_PORT_FIELD = "Missing port field";
27 | inline std::string_view const MISSING_METHOD_FIELD = "Missing method field";
28 | inline std::string_view const MISSING_UN_FIELD = "Missing username field";
29 | inline std::string_view const MISSING_PW_FIELD = "Missing password field";
30 | inline std::string_view const MISSING_MODE_FIELD = "Missing mode field";
31 | inline std::string_view const MISSING_CERT_FILE_FIELD = "Missing cert_file field";
32 | inline std::string_view const MISSING_KEY_FILE_FIELD = "Missing key_file field";
33 | inline std::string_view const MISSING_UUID_FIELD = "Missing uuid field";
34 | inline std::string_view const MISSING_REMOTE_FIELD = "Missing remote field";
35 | inline std::string_view const MISSING_PATH_FIELD = "Missing remote field";
36 | inline std::string_view const MISSING_DESTINATIONS_FIELD = "Missiong destinations field";
37 | inline std::string_view const MISSING_BALANCE_FIELD = "Missiong balance field";
38 | inline std::string_view const MISSING_OPTION_FIELD = "Missing option field";
39 | inline std::string_view const MISSING_TLS_FIELD = "Missing tls field";
40 | inline std::string_view const MISSING_CRED_FIELD = "Missing credential field";
41 | inline std::string_view const MISSING_SERVER_FIELD = "Missing server field";
42 | 
43 | inline std::string_view const TOO_LONG_NAME_PASSWORD = "Name or password is too long";
44 | inline std::string_view const DUPLICATED_ITEMS = "Duplicated items";
45 | 
46 | inline std::string_view const NOT_IMPLEMENTED = "Not implemented";
47 | inline std::string_view const DEPRECATED_METHOD = "rc4-md5 & bf-cfb are deprecated";
48 | 
49 | }  // namespace pichi::vo::msg
50 | 
51 | #endif  // PICHI_VO_MESSAGES_HPP
52 | 


--------------------------------------------------------------------------------
/src/CMakeLists.txt:
--------------------------------------------------------------------------------
 1 | file(GLOB_RECURSE SRCS *.cpp)
 2 | 
 3 | add_library(${PICHI_LIBRARY} ${SRCS})
 4 | 
 5 | # Configure C/C++ macros & compilation options
 6 | if(TRANSPARENT_PF AND APPLE)
 7 |   # "-D" prefix is necessary because "PRIVATE" is a key word
 8 |   list(APPEND PICHI_MACROS -DPRIVATE)
 9 | endif()
10 | 
11 | if(MSVC)
12 |   # Enable complaining all warnings as errors
13 |   list(APPEND PICHI_OPTIONS /W4 /WX)
14 | 
15 |   # In MSVC, the default Exception Handling option is /EHsc, Which wouldn't catch exceptions
16 |   # thrown by boost::context. '/EHs' would make it correctly at least.
17 |   # Further information:
18 |   # - https://docs.microsoft.com/en-us/cpp/build/reference/eh-exception-handling-model?view=vs-2017
19 |   # - https://www.boost.org/doc/libs/release/libs/context/doc/html/context/requirements.html
20 |   list(APPEND PICHI_OPTIONS /EHs)
21 | 
22 |   # Avoid C1128 error
23 |   list(APPEND PICHI_OPTIONS /bigobj)
24 | 
25 |   # Avoid warning STL4015, caused by rapidjson
26 |   list(APPEND PICHI_MACROS _SILENCE_CXX17_ITERATOR_BASE_CLASS_DEPRECATION_WARNING)
27 | 
28 |   # Avoid warning STL4009, which should be incorrectly complained.
29 |   # https://github.com/chriskohlhoff/asio/issues/290
30 |   if(MSVC_VERSION VERSION_LESS "1920")
31 |     list(APPEND PICHI_MACROS _SILENCE_CXX17_ALLOCATOR_VOID_DEPRECATION_WARNING)
32 |   endif()
33 | else()
34 |   # Enable complaining all warnings as errors
35 |   list(APPEND PICHI_OPTIONS -Wall -Wextra -Werror)
36 | endif()
37 | 
38 | if(WIN32 AND CMAKE_SYSTEM_VERSION)
39 |   string(REGEX REPLACE "^([0-9]+)\.[0-9]+\.[0-9]+$" "\\1" major ${CMAKE_SYSTEM_VERSION})
40 |   string(REGEX REPLACE "^[0-9]+\.([0-9]+)\.[0-9]+$" "\\1" minor ${CMAKE_SYSTEM_VERSION})
41 |   math(EXPR win32_version "(${major} << 8) + ${minor}" OUTPUT_FORMAT HEXADECIMAL)
42 |   list(APPEND PICHI_MACROS _WIN32_WINNT=${win32_version})
43 | endif()
44 | 
45 | target_compile_options(${PICHI_LIBRARY} PUBLIC ${PICHI_OPTIONS})
46 | target_compile_definitions(${PICHI_LIBRARY} PUBLIC ${PICHI_MACROS})
47 | target_include_directories(${PICHI_LIBRARY} PUBLIC
48 |   ${CMAKE_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include)
49 | target_link_libraries(${PICHI_LIBRARY} PRIVATE ${COMMON_LIBRARIES})
50 | 
51 | set_target_properties(${PICHI_LIBRARY} PROPERTIES
52 |   OUTPUT_NAME pichi
53 |   WINDOWS_EXPORT_ALL_SYMBOLS ON
54 |   MSVC_RUNTIME_LIBRARY ${MSVC_CRT}
55 |   INSTALL_RPATH ${INSTALL_RPATH}
56 |   INSTALL_RPATH_USE_LINK_PATH TRUE)
57 | 
58 | if(VERSION)
59 |   set_target_properties(${PICHI_LIBRARY} PROPERTIES VERSION ${VERSION})
60 | endif()
61 | 
62 | if(INSTALL_DEVEL OR BUILD_SHARED_LIBS)
63 |   install(TARGETS ${PICHI_LIBRARY}
64 |     ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
65 |     LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
66 |     RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
67 | endif()
68 | 
69 | if(INSTALL_DEVEL)
70 |   install(DIRECTORY ${CMAKE_SOURCE_DIR}/include/pichi DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
71 |     FILES_MATCHING PATTERN "*.hpp")
72 |   install(DIRECTORY ${CMAKE_SOURCE_DIR}/include/boost DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
73 |   install(FILES ${CMAKE_SOURCE_DIR}/include/pichi.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
74 |   install(DIRECTORY ${CMAKE_BINARY_DIR}/include/pichi DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
75 |     FILES_MATCHING PATTERN "*.hpp")
76 | endif()
77 | 


--------------------------------------------------------------------------------
/conanfile.py:
--------------------------------------------------------------------------------
 1 | from conan import ConanFile
 2 | from conan.tools.cmake import CMakeToolchain, CMakeDeps, CMake, cmake_layout
 3 | from conan.tools.files import copy
 4 | import os
 5 | 
 6 | 
 7 | class PichiConan(ConanFile):
 8 |   name = "pichi"
 9 |   license = "BSD-3-Clause License"
10 |   author = "Pichi <pichi@elude.in>"
11 |   url = "https://github.com/pichi-router/pichi"
12 |   description = "Flexible Rule-Based Proxy"
13 |   topics = ("shadowsocks", "proxy", "http-proxy",
14 |             "trojan", "socks5-proxy", "trojan-gfw")
15 |   settings = "os", "compiler", "build_type", "arch"
16 |   options = {"shared": [True, False], "fPIC": [True, False],
17 |              "build_test": [True, False], "build_server": [True, False],
18 |              "tls_fingerprint": [True, False],
19 |              "transparent": ["none", "pf", "iptables"]}
20 |   default_options = {"shared": False, "fPIC": True, "build_test": True, "build_server": True,
21 |                      "tls_fingerprint": False, "transparent": "none"}
22 |   requires = "boost/[>=1.72.0]", "mbedtls/[>=3.0.0]", "libsodium/[>=1.0.12]", \
23 |              "libmaxminddb/[>=1.5.0]", "rapidjson/1.1.0"
24 |   exports_sources = "CMakeLists.txt", "cmake/*", "include/*", "src/*", "server/*", "test/*"
25 | 
26 |   def config_options(self):
27 |     if self.settings.os == "Windows":
28 |       self.options.rm_safe("fPIC")
29 |     if self.settings.os in ["Android", "iOS", "tvOS", "watchOS"]:
30 |       self.options.build_test = False
31 |       self.options.build_server = False
32 |       self.options.shared = False
33 |     self.settings.compiler.cppstd = "20"
34 | 
35 |   def configure(self):
36 |     if self.options.shared:
37 |       self.options.rm_safe("fPIC")
38 | 
39 |   def requirements(self):
40 |     if self.options.tls_fingerprint:
41 |       self.requires("brotli/[>=1.0.0]")
42 |       self.requires("boringssl/[>=18]")
43 |     else:
44 |       self.requires("openssl/3.2.0")
45 | 
46 |   def layout(self):
47 |     cmake_layout(self)
48 |   
49 |   def generate(self):
50 |     deps = CMakeDeps(self)
51 |     deps.generate()
52 | 
53 |     tc = CMakeToolchain(self)
54 |     tc.cache_variables["ENABLE_CONAN"] = True
55 |     tc.cache_variables["INSTALL_DEVEL"] = True
56 |     tc.cache_variables["VERSION"] = self.version
57 |     tc.cache_variables["BUILD_SERVER"] = self.options.build_server
58 |     tc.cache_variables["BUILD_TEST"] = self.options.build_test
59 |     tc.cache_variables["TRANSPARENT_PF"] = self.options.transparent == "pf"
60 |     tc.cache_variables["TRANSPARENT_IPTABLES"] = self.options.transparent == "iptables"
61 |     tc.cache_variables["TLS_FINGERPRINT"] = self.options.tls_fingerprint
62 |     tc.cache_variables["BUILD_SHARED_LIBS"] = self.options.shared
63 |     tc.cache_variables["_BOOST_SHARED"] = self.dependencies["boost"].options.shared
64 |     tc.cache_variables["_SODIUM_SHARED"] = self.dependencies["libsodium"].options.shared
65 |     tc.generate()
66 | 
67 |   def build(self):
68 |     cmake = CMake(self)
69 |     cmake.configure()
70 |     cmake.build()
71 |     if self.options.build_test:
72 |       cmake.test()
73 | 
74 |   def package(self):
75 |     cmake = CMake(self)
76 |     cmake.install()
77 | 
78 |   def package_info(self):
79 |     self.cpp_info.set_property("cmake_find_mode", "both")
80 |     self.cpp_info.set_property("cmake_file_name", "pichi")
81 |     self.cpp_info.set_property("cmake_target_name", "pichi::pichi")
82 |     self.cpp_info.set_property("pkg_config_name", "libpichi")
83 |     self.cpp_info.libs = ["pichi"]
84 | 


--------------------------------------------------------------------------------
/include/pichi/stream/tls.hpp:
--------------------------------------------------------------------------------
 1 | #ifndef PICHI_STREAM_TLS_HPP
 2 | #define PICHI_STREAM_TLS_HPP
 3 | 
 4 | #include <boost/asio/ssl/context.hpp>
 5 | #include <boost/asio/ssl/stream.hpp>
 6 | #include <pichi/crypto/fingerprint.hpp>
 7 | #include <pichi/stream/traits.hpp>
 8 | #include <type_traits>
 9 | 
10 | namespace pichi::stream {
11 | 
12 | /*
13 |  *  1. TlsStream is about to implement both of AsyncReadStream and
14 |  * AsyncWriteStream concepts, which is required by the HTTP functions provided
15 |  * by Boost.Beast.
16 |  *  2. The main difference bewteen TlsStream and boost::asio::ssl::stream is
17 |  * TlsStream keeps boost::asio::ssl::context in its scope.
18 |  */
19 | 
20 | template <typename Socket> class TlsStream {
21 | private:
22 |   static_assert(std::is_same_v<std::decay_t<Socket>, Socket>);
23 | 
24 |   using Context = boost::asio::ssl::context;
25 |   using Stream = boost::asio::ssl::stream<Socket>;
26 |   using ErrorCode = boost::system::error_code;
27 | 
28 | public:
29 |   using executor_type = typename Stream::executor_type;
30 |   using next_layer_type = typename Stream::next_layer_type;
31 | 
32 |   template <typename... Args>
33 |   TlsStream(Context&& ctx, Args&&... args)
34 |     : ctx_{std::move(ctx)}, stream_{Socket{std::forward<Args>(args)...}, ctx_}
35 |   {
36 |   }
37 | 
38 |   template <typename... Args>
39 |   TlsStream(std::optional<std::string> const& sni, Args&&... args)
40 |     : TlsStream{std::forward<Args>(args)...}
41 |   {
42 |     if (sni.has_value())
43 |       assertTrue(SSL_set_tlsext_host_name(stream_.native_handle(), sni->c_str()) == 1);
44 |     crypto::setupTlsFingerprint(stream_.native_handle());
45 |   }
46 | 
47 |   auto get_executor() { return stream_.get_executor(); }
48 | 
49 |   bool is_open() const { return stream_.next_layer().is_open(); }
50 | 
51 |   auto& next_layer() { return stream_.next_layer(); }
52 |   auto const& next_layer() const { return stream_.next_layer(); }
53 | 
54 |   template <typename HandshakeHandler> auto async_handshake(HandshakeHandler&& handler)
55 |   {
56 |     return stream_.async_handshake(boost::asio::ssl::stream_base::client,
57 |                                    std::forward<HandshakeHandler>(handler));
58 |   }
59 | 
60 |   template <typename AcceptHandler> auto async_accept(AcceptHandler&& handler)
61 |   {
62 |     return stream_.async_handshake(boost::asio::ssl::stream_base::server,
63 |                                    std::forward<AcceptHandler>(handler));
64 |   }
65 | 
66 |   template <typename ShutdownHandler> auto async_shutdown(ShutdownHandler&& handler)
67 |   {
68 |     return stream_.async_shutdown(std::forward<ShutdownHandler>(handler));
69 |   }
70 | 
71 |   template <typename MutableBufferSequence, typename ReadHandler>
72 |   auto async_read_some(MutableBufferSequence const& buf, ReadHandler&& handler)
73 |   {
74 |     return stream_.async_read_some(buf, std::forward<ReadHandler>(handler));
75 |   }
76 | 
77 |   template <typename ConstBufferSequence, typename WriteHandler>
78 |   auto async_write_some(ConstBufferSequence const& buf, WriteHandler&& handler)
79 |   {
80 |     static_assert(std::is_invocable_v<std::decay_t<WriteHandler>, ErrorCode const&, size_t>);
81 |     return stream_.async_write_some(buf, std::forward<WriteHandler>(handler));
82 |   }
83 | 
84 | private:
85 |   Context ctx_;
86 |   Stream stream_;
87 | };
88 | 
89 | template <typename Socket> struct RawStream<TlsStream<Socket>> : public std::false_type {
90 | };
91 | 
92 | }  // namespace pichi::stream
93 | 
94 | #endif  // PICHI_STREAM_TLS_HPP
95 | 


--------------------------------------------------------------------------------
/test/balancer.cpp:
--------------------------------------------------------------------------------
  1 | #define BOOST_TEST_MODULE pichi balancer test
  2 | 
  3 | #include "utils.hpp"
  4 | #include <array>
  5 | #include <boost/test/unit_test.hpp>
  6 | #include <cmath>
  7 | #include <pichi/api/balancer.hpp>
  8 | #include <pichi/common/literals.hpp>
  9 | #include <unordered_map>
 10 | #include <unordered_set>
 11 | #include <vector>
 12 | 
 13 | using namespace std;
 14 | 
 15 | namespace pichi::unit_test {
 16 | 
 17 | using namespace api;
 18 | 
 19 | static auto const BALANCE_TYPES =
 20 |     array{BalanceType::RANDOM, BalanceType::ROUND_ROBIN, BalanceType::LEAST_CONN};
 21 | 
 22 | static auto const ENDPOINTS = invoke([]() {
 23 |   auto ret = array<Endpoint, 100_sz>{};
 24 |   for (auto i = 0_u16; i < ret.size(); ++i) {
 25 |     ret[i] = makeEndpoint("localhost", i);
 26 |   }
 27 |   return ret;
 28 | });
 29 | 
 30 | static auto const N = ENDPOINTS.size();
 31 | 
 32 | BOOST_AUTO_TEST_SUITE(BALANCER)
 33 | 
 34 | BOOST_AUTO_TEST_CASE(select_Empty)
 35 | {
 36 |   for (auto type : BALANCE_TYPES) {
 37 |     BOOST_CHECK_EXCEPTION((Balancer{type, cbegin(ENDPOINTS), cbegin(ENDPOINTS)}), SystemError,
 38 |                           verifyException<PichiError::MISC>);
 39 |   }
 40 | }
 41 | 
 42 | BOOST_AUTO_TEST_CASE(RANDOM_select_Probability)
 43 | {
 44 |   auto const K = 1000;
 45 |   auto data = unordered_map<uint16_t, int>{};
 46 |   auto balancer = Balancer{BalanceType::RANDOM, cbegin(ENDPOINTS), cend(ENDPOINTS)};
 47 |   for (auto i = 0_sz; i < N * K; ++i) ++data[balancer.select()->port_];
 48 | 
 49 |   BOOST_CHECK_EQUAL(N, data.size());
 50 |   for_each(cbegin(data), cend(data), [K, delta = sqrt(N * K) / 2.0](auto&& item) {
 51 |     BOOST_CHECK_LE(abs(item.second - K), delta);
 52 |   });
 53 | }
 54 | 
 55 | BOOST_AUTO_TEST_CASE(ROUND_ROBIN_select)
 56 | {
 57 |   auto balancer = Balancer{BalanceType::ROUND_ROBIN, cbegin(ENDPOINTS), cend(ENDPOINTS)};
 58 |   for (auto i = 0_u16; i < N; ++i) BOOST_CHECK_EQUAL(balancer.select()->port_, i);
 59 |   for (auto i = 0_u16; i < N; ++i) BOOST_CHECK_EQUAL(balancer.select()->port_, i);
 60 | }
 61 | 
 62 | BOOST_AUTO_TEST_CASE(LEAST_CONN_select)
 63 | {
 64 |   auto container = unordered_set<uint16_t>{};
 65 |   auto balancer = Balancer{BalanceType::LEAST_CONN, cbegin(ENDPOINTS), cend(ENDPOINTS)};
 66 |   for (auto i = 0_sz; i < N; ++i) {
 67 |     generate_n(inserter(container, end(container)), N, [&]() { return balancer.select()->port_; });
 68 |     BOOST_CHECK_EQUAL(N, container.size());
 69 |     container.clear();
 70 |   }
 71 | }
 72 | 
 73 | BOOST_AUTO_TEST_CASE(LEAST_CONN_release_No_Connection_Iterator)
 74 | {
 75 |   auto balancer = Balancer{BalanceType::LEAST_CONN, cbegin(ENDPOINTS), cend(ENDPOINTS)};
 76 |   auto it = balancer.select();
 77 |   balancer.release(it);
 78 |   advance(it, -it->port_);
 79 |   for (auto i = 0_sz; i < N; ++i)
 80 |     BOOST_CHECK_EXCEPTION(balancer.release(it++), SystemError, verifyException<PichiError::MISC>);
 81 | }
 82 | 
 83 | BOOST_AUTO_TEST_CASE(LEAST_CONN_release)
 84 | {
 85 |   auto balancer = Balancer{BalanceType::LEAST_CONN, cbegin(ENDPOINTS), cend(ENDPOINTS)};
 86 |   auto iterators = vector<Balancer::Iterator>{};
 87 |   generate_n(back_inserter(iterators), N, [&]() { return balancer.select(); });
 88 | 
 89 |   for_each(cbegin(iterators), cend(iterators), [&](auto it) {
 90 |     for (auto i = 0_sz; i < N; ++i) {
 91 |       balancer.release(it);
 92 |       BOOST_CHECK(it == balancer.select());
 93 |     }
 94 |   });
 95 | }
 96 | 
 97 | BOOST_AUTO_TEST_SUITE_END()
 98 | 
 99 | }  // namespace pichi::unit_test
100 | 


--------------------------------------------------------------------------------
/.conan/recipes/boringssl/conanfile.py:
--------------------------------------------------------------------------------
 1 | from conan import ConanFile
 2 | from conan.tools.cmake import CMakeToolchain, CMake, cmake_layout
 3 | from conan.tools.files import get, replace_in_file
 4 | import os
 5 | 
 6 | 
 7 | class BoringSSLConan(ConanFile):
 8 |   name = "boringssl"
 9 | 
10 |   url = "https://boringssl.googlesource.com/boringssl"
11 |   homepage = "https://boringssl.googlesource.com/boringssl"
12 |   description = "BoringSSL is a fork of OpenSSL that is designed to meet Google's needs."
13 |   topics = ("SSL", "TLS", "openssl")
14 | 
15 |   settings = "os", "compiler", "build_type", "arch"
16 |   options = {"shared": [True, False], "fPIC": [True, False]}
17 |   default_options = {"shared": False, "fPIC": True}
18 | 
19 |   def config_options(self):
20 |     if self.settings.os == "Windows":
21 |       self.options.rm_safe("fPIC")
22 | 
23 |   def configure(self):
24 |     if self.options.shared:
25 |       self.options.rm_safe("fPIC")
26 | 
27 |   def layout(self):
28 |     cmake_layout(self, src_folder="src")
29 | 
30 |   def source(self):
31 |     get(self, **self.conan_data["sources"][self.version], verify=False)
32 |     if int(self.version) >= 23:
33 |       s = "add_executable(bssl ${BSSL_SOURCES})"
34 |       a = "set_target_properties(bssl PROPERTIES MACOSX_BUNDLE False)"
35 |       replace_in_file(
36 |         self, os.path.join(self.source_folder, "CMakeLists.txt"),
37 |         s, f"{s}\n{a}")
38 |     else:
39 |       s = "install_if_enabled(TARGETS bssl DESTINATION ${INSTALL_DESTINATION_DEFAULT})"
40 |       a = "set_target_properties(bssl PROPERTIES MACOSX_BUNDLE False)"
41 |       replace_in_file(
42 |         self, os.path.join(self.source_folder, "tool", "CMakeLists.txt"),
43 |         s, f"{a}\n{s}")
44 | 
45 |   def generate(self):
46 |     tc = CMakeToolchain(self)
47 |     tc.cache_variables["FUZZ"] = False
48 |     tc.cache_variables["RUST_BINDINGS"] = False
49 |     tc.cache_variables["FIPS"] = False
50 |     tc.cache_variables["BUILD_SHARED_LIBS"] = self.options.shared
51 |     tc.generate()
52 | 
53 |   def build(self):
54 |     cmake = CMake(self)
55 |     cmake.configure()
56 |     # Only target 'bssl' is necessary for installation
57 |     cmake.build(target="bssl")
58 | 
59 |   def package(self):
60 |     # CMake.install invokes 'cmake --target install', which leads to building tests.
61 |     # As a result, try 'cmake --install' instead
62 |     self.run("cmake --install %s --config %s" %
63 |              (os.path.join(self.source_folder, self.build_folder), self.settings.build_type))
64 | 
65 |   def package_info(self):
66 |     self.cpp_info.set_property("cmake_find_mode", "both")
67 |     self.cpp_info.set_property("cmake_file_name", "BoringSSL")
68 |     self.cpp_info.set_property("pkg_config_name", "openssl")
69 | 
70 |     # Crypto
71 |     self.cpp_info.components["crypto"].set_property("cmake_target_name", "BoringSSL::Crypto")
72 |     self.cpp_info.components["crypto"].set_property("pkg_config_name", "libcrypto")
73 |     self.cpp_info.components["crypto"].libs = ["crypto"]
74 | 
75 |     # SSL
76 |     self.cpp_info.components["ssl"].set_property("cmake_target_name", "BoringSSL::SSL")
77 |     self.cpp_info.components["ssl"].set_property("pkg_config_name", "libssl")
78 |     self.cpp_info.components["ssl"].libs = ["ssl"]
79 |     self.cpp_info.components["ssl"].requires = ["crypto"]
80 | 
81 |     if self.settings.os == "Windows":
82 |       self.cpp_info.components["crypto"].system_libs.extend(["crypt32", "ws2_32", "advapi32",
83 |                                                              "user32", "bcrypt"])
84 |     elif self.settings.os in ["Linux", "FreeBSD"]:
85 |       self.cpp_info.components["crypto"].system_libs.extend(["dl", "rt", "pthread"])
86 | 


--------------------------------------------------------------------------------
/src/crypto/base64.cpp:
--------------------------------------------------------------------------------
  1 | #include <array>
  2 | #include <pichi/common/asserts.hpp>
  3 | #include <pichi/common/literals.hpp>
  4 | #include <pichi/crypto/base64.hpp>
  5 | #include <string>
  6 | 
  7 | using namespace std;
  8 | 
  9 | namespace pichi::crypto {
 10 | 
 11 | static auto const OTECTS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"sv;
 12 | 
 13 | static char otect2offset(char otect, PichiError e)
 14 | {
 15 |   if (otect >= 'A' && otect <= 'Z') {
 16 |     return otect - 'A';
 17 |   }
 18 |   else if (otect >= 'a' && otect <= 'z') {
 19 |     return otect - 'a' + 26;
 20 |   }
 21 |   else if (otect >= '0' && otect <= '9') {
 22 |     return otect - '0' + 52;
 23 |   }
 24 |   else if (otect == '+') {
 25 |     return 62;
 26 |   }
 27 |   else if (otect == '/') {
 28 |     return 63;
 29 |   }
 30 |   else
 31 |     fail(e);
 32 | }
 33 | 
 34 | string base64Encode(string_view text)
 35 | {
 36 |   if (text.empty()) return ""s;
 37 | 
 38 |   auto padding = (3 - (text.size() % 3)) % 3;
 39 |   auto len = (text.size() + padding) / 3 * 4;
 40 |   auto base64 = string(len, '\0');
 41 |   auto i = 0;
 42 |   while (i + 4_sz < len) {
 43 |     auto j = i / 4 * 3;
 44 |     base64[i] = OTECTS[(text[j] >> 2) & 0x3f];
 45 |     base64[i + 1] = OTECTS[((text[j] << 4) + ((text[j + 1] >> 4) & 0x0f)) & 0x3f];
 46 |     base64[i + 2] = OTECTS[((text[j + 1] << 2) + ((text[j + 2] >> 6) & 0x03)) & 0x3f];
 47 |     base64[i + 3] = OTECTS[text[j + 2] & 0x3f];
 48 |     i += 4;
 49 |   }
 50 |   auto j = i / 4 * 3;
 51 |   base64[i] = OTECTS[(text[j] >> 2) & 0x3f];
 52 |   switch (padding) {
 53 |   case 0:
 54 |     base64[i + 1] = OTECTS[((text[j] << 4) + ((text[j + 1] >> 4) & 0x0f)) & 0x3f];
 55 |     base64[i + 2] = OTECTS[((text[j + 1] << 2) + ((text[j + 2] >> 6) & 0x03)) & 0x3f];
 56 |     base64[i + 3] = OTECTS[text[j + 2] & 0x3f];
 57 |     break;
 58 |   case 1:
 59 |     base64[i + 1] = OTECTS[((text[j] << 4) + ((text[j + 1] >> 4) & 0x0f)) & 0x3f];
 60 |     base64[i + 2] = OTECTS[(text[j + 1] << 2) & 0x3c];
 61 |     base64[i + 3] = '=';
 62 |     break;
 63 |   default:
 64 |     base64[i + 1] = OTECTS[(text[j] << 4) & 0x30];
 65 |     base64[i + 2] = '=';
 66 |     base64[i + 3] = '=';
 67 |     break;
 68 |   }
 69 |   return base64;
 70 | }
 71 | 
 72 | string base64Decode(string_view base64, PichiError e)
 73 | {
 74 |   if (base64.empty()) return {};
 75 |   assertTrue(base64.size() % 4 == 0, e);
 76 |   auto padding = base64.find_last_not_of('=');
 77 |   padding = padding == string_view::npos ? 0_sz : base64.size() - padding - 1_sz;
 78 |   assertTrue(padding < 3, e);
 79 | 
 80 |   auto text = string(base64.size() / 4 * 3 - padding, '\0');
 81 |   auto i = 0;
 82 |   while (i + 3_sz < text.size()) {
 83 |     auto j = i / 3 * 4;
 84 |     text[i] = (otect2offset(base64[j], e) << 2) + (otect2offset(base64[j + 1], e) >> 4);
 85 |     text[i + 1] = (otect2offset(base64[j + 1], e) << 4) + (otect2offset(base64[j + 2], e) >> 2);
 86 |     text[i + 2] = (otect2offset(base64[j + 2], e) << 6) + otect2offset(base64[j + 3], e);
 87 |     i += 3;
 88 |   }
 89 |   auto j = i / 3 * 4;
 90 | 
 91 | #ifdef __GNUC__
 92 | #pragma GCC diagnostic push
 93 | #pragma GCC diagnostic ignored "-Wimplicit-fallthrough"
 94 | #endif  // __GNUC__
 95 | 
 96 |   switch (padding) {
 97 |   case 0:
 98 |     text[i + 2] = (otect2offset(base64[j + 2], e) << 6) + otect2offset(base64[j + 3], e);
 99 |     // Don't break here
100 |   case 1:
101 |     text[i + 1] = (otect2offset(base64[j + 1], e) << 4) + (otect2offset(base64[j + 2], e) >> 2);
102 |     // Don't break here
103 |   default:
104 |     text[i] = (otect2offset(base64[j], e) << 2) + (otect2offset(base64[j + 1], e) >> 4);
105 |     break;
106 |   }
107 | 
108 | #ifdef __GNUC__
109 | #pragma GCC diagnostic pop
110 | #endif  // __GNUC__
111 | 
112 |   return text;
113 | }
114 | 
115 | }  // namespace pichi::crypto
116 | 


--------------------------------------------------------------------------------
/test/method.cpp:
--------------------------------------------------------------------------------
 1 | #define BOOST_TEST_MODULE pichi method test
 2 | 
 3 | #include "utils.hpp"
 4 | #include <boost/test/unit_test.hpp>
 5 | #include <pichi/common/literals.hpp>
 6 | #include <pichi/crypto/method.hpp>
 7 | 
 8 | namespace pichi::unit_test {
 9 | 
10 | using namespace crypto;
11 | 
12 | BOOST_AUTO_TEST_SUITE(METHOD)
13 | 
14 | BOOST_AUTO_TEST_CASE(KEY_SIZE_Test)
15 | {
16 |   BOOST_CHECK_EQUAL(16_sz, KEY_SIZE<CryptoMethod::RC4_MD5>);
17 |   BOOST_CHECK_EQUAL(16_sz, KEY_SIZE<CryptoMethod::BF_CFB>);
18 |   BOOST_CHECK_EQUAL(16_sz, KEY_SIZE<CryptoMethod::AES_128_CTR>);
19 |   BOOST_CHECK_EQUAL(24_sz, KEY_SIZE<CryptoMethod::AES_192_CTR>);
20 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::AES_256_CTR>);
21 |   BOOST_CHECK_EQUAL(16_sz, KEY_SIZE<CryptoMethod::AES_128_CFB>);
22 |   BOOST_CHECK_EQUAL(24_sz, KEY_SIZE<CryptoMethod::AES_192_CFB>);
23 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::AES_256_CFB>);
24 |   BOOST_CHECK_EQUAL(16_sz, KEY_SIZE<CryptoMethod::CAMELLIA_128_CFB>);
25 |   BOOST_CHECK_EQUAL(24_sz, KEY_SIZE<CryptoMethod::CAMELLIA_192_CFB>);
26 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::CAMELLIA_256_CFB>);
27 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::CHACHA20>);
28 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::SALSA20>);
29 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::CHACHA20_IETF>);
30 |   BOOST_CHECK_EQUAL(16_sz, KEY_SIZE<CryptoMethod::AES_128_GCM>);
31 |   BOOST_CHECK_EQUAL(24_sz, KEY_SIZE<CryptoMethod::AES_192_GCM>);
32 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::AES_256_GCM>);
33 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::CHACHA20_IETF_POLY1305>);
34 |   BOOST_CHECK_EQUAL(32_sz, KEY_SIZE<CryptoMethod::XCHACHA20_IETF_POLY1305>);
35 | }
36 | 
37 | BOOST_AUTO_TEST_CASE(IV_SIZE_Test)
38 | {
39 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::RC4_MD5>);
40 |   BOOST_CHECK_EQUAL(8_sz, IV_SIZE<CryptoMethod::BF_CFB>);
41 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_128_CTR>);
42 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_192_CTR>);
43 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_256_CTR>);
44 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_128_CFB>);
45 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_192_CFB>);
46 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_256_CFB>);
47 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::CAMELLIA_128_CFB>);
48 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::CAMELLIA_192_CFB>);
49 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::CAMELLIA_256_CFB>);
50 |   BOOST_CHECK_EQUAL(8_sz, IV_SIZE<CryptoMethod::CHACHA20>);
51 |   BOOST_CHECK_EQUAL(8_sz, IV_SIZE<CryptoMethod::SALSA20>);
52 |   BOOST_CHECK_EQUAL(12_sz, IV_SIZE<CryptoMethod::CHACHA20_IETF>);
53 |   BOOST_CHECK_EQUAL(16_sz, IV_SIZE<CryptoMethod::AES_128_GCM>);
54 |   BOOST_CHECK_EQUAL(24_sz, IV_SIZE<CryptoMethod::AES_192_GCM>);
55 |   BOOST_CHECK_EQUAL(32_sz, IV_SIZE<CryptoMethod::AES_256_GCM>);
56 |   BOOST_CHECK_EQUAL(32_sz, IV_SIZE<CryptoMethod::CHACHA20_IETF_POLY1305>);
57 |   BOOST_CHECK_EQUAL(32_sz, IV_SIZE<CryptoMethod::XCHACHA20_IETF_POLY1305>);
58 | }
59 | 
60 | BOOST_AUTO_TEST_CASE(NONCE_SIZE_Test)
61 | {
62 |   BOOST_CHECK_EQUAL(12_sz, NONCE_SIZE<CryptoMethod::AES_128_GCM>);
63 |   BOOST_CHECK_EQUAL(12_sz, NONCE_SIZE<CryptoMethod::AES_192_GCM>);
64 |   BOOST_CHECK_EQUAL(12_sz, NONCE_SIZE<CryptoMethod::AES_256_GCM>);
65 |   BOOST_CHECK_EQUAL(12_sz, NONCE_SIZE<CryptoMethod::CHACHA20_IETF_POLY1305>);
66 |   BOOST_CHECK_EQUAL(24_sz, NONCE_SIZE<CryptoMethod::XCHACHA20_IETF_POLY1305>);
67 | }
68 | 
69 | BOOST_AUTO_TEST_CASE(TAG_SIZE_Test)
70 | {
71 |   BOOST_CHECK_EQUAL(16_sz, TAG_SIZE<CryptoMethod::AES_128_GCM>);
72 |   BOOST_CHECK_EQUAL(16_sz, TAG_SIZE<CryptoMethod::AES_192_GCM>);
73 |   BOOST_CHECK_EQUAL(16_sz, TAG_SIZE<CryptoMethod::AES_256_GCM>);
74 |   BOOST_CHECK_EQUAL(16_sz, TAG_SIZE<CryptoMethod::CHACHA20_IETF_POLY1305>);
75 |   BOOST_CHECK_EQUAL(16_sz, TAG_SIZE<CryptoMethod::XCHACHA20_IETF_POLY1305>);
76 | }
77 | 
78 | BOOST_AUTO_TEST_SUITE_END()
79 | 
80 | }  // namespace pichi::unit_test
81 | 


--------------------------------------------------------------------------------
/include/pichi/stream/test.hpp:
--------------------------------------------------------------------------------
  1 | #ifndef PICHI_STREAM_TEST_HPP
  2 | #define PICHI_STREAM_TEST_HPP
  3 | 
  4 | #include <algorithm>
  5 | #include <boost/asio/buffers_iterator.hpp>
  6 | #include <boost/beast/core/flat_buffer.hpp>
  7 | #include <deque>
  8 | #include <pichi/common/asserts.hpp>
  9 | #include <pichi/common/buffer.hpp>
 10 | #include <pichi/stream/traits.hpp>
 11 | 
 12 | namespace pichi::stream {
 13 | 
 14 | class TestSocket {
 15 | private:
 16 |   using Buffer = boost::beast::flat_buffer;
 17 | 
 18 |   template <typename OutputIt> static auto read(Buffer& buf, OutputIt it, size_t n)
 19 |   {
 20 |     assertTrue(buf.size() > 0);
 21 |     auto copied = std::min(buf.size(), n);
 22 |     std::copy_n(boost::asio::buffers_begin(buf.data()), copied, it);
 23 |     buf.consume(copied);
 24 |     return copied;
 25 |   }
 26 | 
 27 |   template <typename InputIt> static auto write(Buffer& buf, InputIt it, size_t n)
 28 |   {
 29 |     std::copy_n(it, n, boost::asio::buffers_begin(buf.prepare(n)));
 30 |     buf.commit(n);
 31 |     return n;
 32 |   }
 33 | 
 34 | public:
 35 |   template <typename MutableBufferSequence> auto read(MutableBufferSequence const& buf)
 36 |   {
 37 |     assertFalse(rBufs_.empty());
 38 |     auto ret = read(rBufs_.front(), boost::asio::buffers_begin(buf), boost::asio::buffer_size(buf));
 39 |     if (rBufs_.front().size() == 0) rBufs_.pop_front();
 40 |     return ret;
 41 |   }
 42 | 
 43 |   template <typename ConstBufferSequence> auto write(ConstBufferSequence const& buf)
 44 |   {
 45 |     return write(wBuf_, boost::asio::buffers_begin(buf), boost::asio::buffer_size(buf));
 46 |   }
 47 | 
 48 |   auto fill(std::initializer_list<uint8_t> l)
 49 |   {
 50 |     rBufs_.emplace_back();
 51 |     return write(rBufs_.back(), std::cbegin(l), l.size());
 52 |   }
 53 | 
 54 |   auto fill(ConstBuffer buf)
 55 |   {
 56 |     rBufs_.emplace_back();
 57 |     return write(rBufs_.back(), std::cbegin(buf), buf.size());
 58 |   }
 59 | 
 60 |   auto flush(MutableBuffer buf) { return read(wBuf_, std::cbegin(buf), buf.size()); }
 61 | 
 62 |   auto available() const { return wBuf_.size(); }
 63 | 
 64 | private:
 65 |   std::deque<Buffer> rBufs_;
 66 |   Buffer wBuf_;
 67 | };
 68 | 
 69 | /*
 70 |  * Faked stream class used for unit test. It's supposed to satisfy the following
 71 |  * concepts at least:
 72 |  *   - SyncReadStream: \
 73 |  *       https://www.boost.org/doc/libs/release/doc/html/boost_asio/reference/SyncReadStream.html
 74 |  *   - SyncWriteStream: \
 75 |  *       https://www.boost.org/doc/libs/release/doc/html/boost_asio/reference/SyncWriteStream.html
 76 |  * w
 77 |  */
 78 | class TestStream {
 79 | private:
 80 |   using ErrorCode = boost::system::error_code;
 81 | 
 82 | public:
 83 |   explicit TestStream(TestSocket& socket, bool open = false) : socket_{socket}, open_{open} {}
 84 | 
 85 |   bool is_open() const { return open_; }
 86 | 
 87 |   void close(ErrorCode& ec)
 88 |   {
 89 |     ec = {};
 90 |     open_ = false;
 91 |   }
 92 | 
 93 |   void connect() { open_ = true; }
 94 | 
 95 |   template <typename MutableBufferSequence> auto read_some(MutableBufferSequence const& buf)
 96 |   {
 97 |     assertTrue(is_open());
 98 |     return socket_.read(buf);
 99 |   }
100 | 
101 |   template <typename MutableBufferSequence>
102 |   auto read_some(MutableBufferSequence const& buf, ErrorCode& ec)
103 |   {
104 |     ec = {};
105 |     return read_some(buf);
106 |   }
107 | 
108 |   template <typename ConstBufferSequence> auto write_some(ConstBufferSequence const& buf)
109 |   {
110 |     assertTrue(is_open());
111 |     return socket_.write(buf);
112 |   }
113 | 
114 |   template <typename ConstBufferSequence>
115 |   auto write_some(ConstBufferSequence const& buf, ErrorCode& ec)
116 |   {
117 |     ec = {};
118 |     return write_some(buf);
119 |   }
120 | 
121 | private:
122 |   TestSocket& socket_;
123 |   bool open_;
124 | };
125 | 
126 | template <> struct AsyncStream<TestStream> : public std::false_type {
127 | };
128 | 
129 | }  // namespace pichi::stream
130 | 
131 | #endif  // PICHI_STREAM_TEST_HPP
132 | 


--------------------------------------------------------------------------------
/server/main.cpp:
--------------------------------------------------------------------------------
  1 | #include <pichi/common/config.hpp>
  2 | // Include config.hpp first
  3 | #include <boost/filesystem/operations.hpp>
  4 | #include <boost/filesystem/path.hpp>
  5 | #include <boost/program_options.hpp>
  6 | #include <fstream>
  7 | #include <iostream>
  8 | #include <memory>
  9 | #include <pichi/common/asserts.hpp>
 10 | #include <stdio.h>
 11 | #ifdef HAS_UNISTD_H
 12 | #include <errno.h>
 13 | #include <unistd.h>
 14 | #endif  // HAS_UNISTD_H
 15 | #ifdef HAS_PWD_H
 16 | #include <pwd.h>
 17 | #endif  // HAS_PWD_H
 18 | #ifdef HAS_GRP_H
 19 | #include <grp.h>
 20 | #endif  // HAS_GRP_H
 21 | 
 22 | using namespace std;
 23 | namespace fs = boost::filesystem;
 24 | namespace po = boost::program_options;
 25 | namespace sys = boost::system;
 26 | 
 27 | using pichi::assertSuccess;
 28 | 
 29 | static auto const PID_FILE = (fs::path{PICHI_PREFIX} / "var" / "run" / "pichi.pid");
 30 | static auto const LOG_FILE = (fs::path{PICHI_PREFIX} / "var" / "log" / "pichi.log");
 31 | 
 32 | extern void run(string const&, uint16_t, string const&, string const&);
 33 | 
 34 | int main(int argc, char const* argv[])
 35 | {
 36 |   auto listen = string{};
 37 |   auto port = uint16_t{};
 38 |   auto json = string{};
 39 |   auto geo = string{};
 40 |   auto user = string{};
 41 |   auto group = string{};
 42 |   auto desc = po::options_description{"Allow options"};
 43 |   desc.add_options()("help,h", "produce help message")(
 44 |       "listen,l", po::value<string>(&listen)->default_value("::1"),
 45 |       "API server address")("port,p", po::value<uint16_t>(&port), "API server port")(
 46 |       "geo,g", po::value<string>(&geo), "GEO file")("json", po::value<string>(&json),
 47 |                                                     "Initial configration(JSON format)")
 48 | #if defined(HAS_FORK) && defined(HAS_SETSID)
 49 |       ("daemon,d", "daemonize")
 50 | #endif  // HAS_SETUID && HAS_GETPWNAM
 51 | #if defined(HAS_SETUID) && defined(HAS_GETPWNAM)
 52 |           ("user,u", po::value<string>(&user), "run as user")
 53 | #endif  // HAS_SETUID && HAS_GETPWNAM
 54 | #if defined(HAS_SETGID) && defined(HAS_GETGRNAM)
 55 |               ("group", po::value<string>(&group), "run as group")
 56 | #endif  // HAS_SETGID && HAS_GETGRNAM
 57 |       ;
 58 |   auto vm = po::variables_map{};
 59 | 
 60 |   try {
 61 |     po::store(po::parse_command_line(argc, argv, desc), vm);
 62 |     po::notify(vm);
 63 | 
 64 |     if (vm.count("help") || !vm.count("port") || !vm.count("geo")) {
 65 |       cout << desc << endl;
 66 |       return 1;
 67 |     }
 68 | 
 69 |     errno = 0;
 70 | 
 71 | #if defined(HAS_FORK) && defined(HAS_SETSID)
 72 |     if (vm.count("daemon")) {
 73 |       assertSuccess(chdir(fs::path{PICHI_PREFIX}.root_directory().c_str()));
 74 |       auto pid = fork();
 75 |       assertSuccess(pid);
 76 |       if (pid > 0) {
 77 |         auto ec = sys::error_code{};
 78 |         fs::create_directories(PID_FILE.parent_path(), ec);
 79 |         if (!ec) ofstream{PID_FILE.string()} << pid << endl;
 80 |         exit(0);
 81 |       }
 82 |       setsid();
 83 | #ifdef HAS_CLOSE
 84 |       close(STDIN_FILENO);
 85 |       close(STDOUT_FILENO);
 86 |       close(STDERR_FILENO);
 87 | #endif  // HAS_CLOSE
 88 |       auto ec = sys::error_code{};
 89 |       fs::create_directories(LOG_FILE.parent_path(), ec);
 90 |       if (!ec) {
 91 |         assertSuccess(freopen(LOG_FILE.c_str(), "a", stdout));
 92 |         assertSuccess(freopen(LOG_FILE.c_str(), "a", stderr));
 93 |       }
 94 |     }
 95 | #endif  // HAS_FORK && HAS_SETSID
 96 | 
 97 | #if defined(HAS_SETGID) && defined(HAS_GETGRNAM)
 98 |     if (!group.empty()) {
 99 |       auto grp = getgrnam(group.c_str());
100 |       assertSuccess(grp);
101 |       assertSuccess(setgid(grp->gr_gid));
102 |     }
103 | #endif  // HAS_SETGID && HAS_GETGRNAM
104 | 
105 | #if defined(HAS_SETUID) && defined(HAS_GETPWNAM)
106 |     if (!user.empty()) {
107 |       auto pw = getpwnam(user.c_str());
108 |       assertSuccess(pw);
109 |       assertSuccess(setuid(pw->pw_uid));
110 |     }
111 | #endif  // HAS_SETUID && HAS_GETPWNAM
112 | 
113 |     run(listen, port, json, geo);
114 |     return 0;
115 |   }
116 |   catch (exception const& e) {
117 |     cout << "ERROR: " << e.what() << endl;
118 |     return 1;
119 |   }
120 | }
121 | 


--------------------------------------------------------------------------------
/cmake/Configure.cmake:
--------------------------------------------------------------------------------
 1 | if(TRANSPARENT_PF AND APPLE)
 2 |   message(STATUS "Downloading the essential Darwin-XNU header files")
 3 |   execute_process(COMMAND sw_vers --productVersion OUTPUT_VARIABLE macos_ver)
 4 |   if(macos_ver VERSION_GREATER_EQUAL 15.1)
 5 |     set(xnu_ver "11215.41.3")
 6 |   elseif(macos_ver VERSION_GREATER_EQUAL 15.0)
 7 |     set(xnu_ver "11215.1.10")
 8 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.6)
 9 |     set(xnu_ver "10063.141.1")
10 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.5)
11 |     set(xnu_ver "10063.121.3")
12 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.4)
13 |     set(xnu_ver "10063.101.15")
14 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.3)
15 |     set(xnu_ver "10002.81.5")
16 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.2)
17 |     set(xnu_ver "10002.61.3")
18 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.1)
19 |     set(xnu_ver "10002.41.9")
20 |   elseif(macos_ver VERSION_GREATER_EQUAL 14.0)
21 |     set(xnu_ver "10002.1.13")
22 |   elseif(macos_ver VERSION_GREATER_EQUAL 13.5)
23 |     set(xnu_ver "8796.141.3")
24 |   elseif(macos_ver VERSION_GREATER_EQUAL 13.4)
25 |     set(xnu_ver "8796.121.2")
26 |   elseif(macos_ver VERSION_GREATER_EQUAL 13.3)
27 |     set(xnu_ver "8796.101.5")
28 |   elseif(macos_ver VERSION_GREATER_EQUAL 13.2)
29 |     set(xnu_ver "8792.81.2")
30 |   elseif(macos_ver VERSION_GREATER_EQUAL 13.1)
31 |     set(xnu_ver "8792.61.2")
32 |   elseif(macos_ver VERSION_GREATER_EQUAL 13.0)
33 |     set(xnu_ver "8792.41.9")
34 |   elseif(macos_ver VERSION_GREATER_EQUAL 12.5)
35 |     set(xnu_ver "8020.140.41")
36 |   elseif(macos_ver VERSION_GREATER_EQUAL 12.4)
37 |     set(xnu_ver "8020.121.3")
38 |   elseif(macos_ver VERSION_GREATER_EQUAL 12.3)
39 |     set(xnu_ver "8020.101.4")
40 |   elseif(macos_ver VERSION_GREATER_EQUAL 12.2)
41 |     set(xnu_ver "8019.80.24")
42 |   elseif(macos_ver VERSION_GREATER_EQUAL 12.1)
43 |     set(xnu_ver "8019.61.5")
44 |   else()
45 |     set(xnu_ver "8019.41.5")
46 |   endif()
47 |   file(DOWNLOAD
48 |     "https://raw.githubusercontent.com/apple-oss-distributions/xnu/refs/tags/xnu-${xnu_ver}/libkern/libkern/tree.h"
49 |     "${CMAKE_BINARY_DIR}/include/libkern/tree.h")
50 |   file(DOWNLOAD
51 |     "https://raw.githubusercontent.com/apple-oss-distributions/xnu/refs/tags/xnu-${xnu_ver}/bsd/net/pfvar.h"
52 |     "${CMAKE_BINARY_DIR}/include/net/pfvar.h")
53 |   file(DOWNLOAD
54 |     "https://raw.githubusercontent.com/apple-oss-distributions/xnu/refs/tags/xnu-${xnu_ver}/bsd/net/radix.h"
55 |     "${CMAKE_BINARY_DIR}/include/net/radix.h")
56 |   message(STATUS "Downloading the essential Darwin-XNU header files -- done")
57 | endif()
58 | 
59 | # Generating config.hpp
60 | message(STATUS "Generating config.hpp")
61 | 
62 | if(Sodium_VERSION_STRING VERSION_GREATER_EQUAL "1.0.17")
63 |   # From libsodium 1.0.17, the declarations of crypto_stream_xxx functions contain
64 |   # '__attribute__ ((nonnull))', which might let GCC cause '-Wignored-attributes' warning
65 |   # if using std::is_same to detect function signature equation.
66 |   set(DISABLE_GCC_IGNORED_ATTRIBUTES ON)
67 | endif()
68 | 
69 | if(${CMAKE_CXX_COMPILER_ID} STREQUAL "AppleClang" OR ${CMAKE_CXX_COMPILER_ID} STREQUAL "Clang")
70 |   # https://reviews.llvm.org/D119670?id=408276
71 |   include(CheckCXXCompilerFlag)
72 |   check_cxx_compiler_flag("-Wno-unqualified-std-cast-call" DISABLE_CLANG_UNQUALIFIED_STD_CAST_CALL)
73 | endif()
74 | 
75 | if(BUILD_SERVER)
76 |   include(CheckIncludeFiles)
77 |   include(CheckFunctionExists)
78 |   check_include_files("unistd.h" HAS_UNISTD_H)
79 |   check_include_files("signal.h" HAS_SIGNAL_H)
80 |   check_include_files("pwd.h" HAS_PWD_H)
81 |   check_include_files("grp.h" HAS_GRP_H)
82 |   check_function_exists("getpwnam" HAS_GETPWNAM)
83 |   check_function_exists("setuid" HAS_SETUID)
84 |   check_function_exists("getgrnam" HAS_GETGRNAM)
85 |   check_function_exists("setgid" HAS_SETGID)
86 |   check_function_exists("fork" HAS_FORK)
87 |   check_function_exists("setsid" HAS_SETSID)
88 |   check_function_exists("close" HAS_CLOSE)
89 |   check_function_exists("strerror_s" HAS_STRERROR_S)
90 |   check_function_exists("strerror_r" HAS_STRERROR_R)
91 | endif()
92 | 
93 | configure_file(${CMAKE_SOURCE_DIR}/include/pichi/common/config.hpp.in
94 |   ${CMAKE_BINARY_DIR}/include/pichi/common/config.hpp)
95 | 
96 | message(STATUS "Generating config.hpp - done")
97 | 


--------------------------------------------------------------------------------
/src/api/balancer.cpp:
--------------------------------------------------------------------------------
  1 | #include <pichi/common/config.hpp>
  2 | // Include config.hpp first
  3 | #include <map>
  4 | #include <pichi/api/balancer.hpp>
  5 | #include <pichi/api/ingress_holder.hpp>
  6 | #include <pichi/common/asserts.hpp>
  7 | #include <pichi/common/literals.hpp>
  8 | #include <random>
  9 | #include <unordered_map>
 10 | #include <unordered_set>
 11 | 
 12 | using namespace std;
 13 | 
 14 | namespace pichi::api {
 15 | 
 16 | namespace detail {
 17 | 
 18 | template <typename Offset> class Random : public BalanceSelector<Offset> {
 19 | public:
 20 |   Random(Offset capacity) : g_{random_device{}()}, rand_{0, capacity - 1} {}
 21 | 
 22 |   Offset select() override { return rand_(g_); }
 23 | 
 24 |   void release(Offset) override {}
 25 | 
 26 | private:
 27 |   mt19937_64 g_;
 28 |   uniform_int_distribution<Offset> rand_;
 29 | };
 30 | 
 31 | template <typename Offset> class RoundRobin : public BalanceSelector<Offset> {
 32 | public:
 33 |   RoundRobin(Offset capacity) : current_{0}, capacity_{capacity} {}
 34 | 
 35 |   Offset select() override
 36 |   {
 37 |     auto ret = current_++;
 38 |     if (current_ == capacity_) current_ = 0;
 39 |     return ret;
 40 |   }
 41 | 
 42 |   void release(Offset) override {}
 43 | 
 44 | private:
 45 |   Offset current_;
 46 |   Offset capacity_;
 47 | };
 48 | 
 49 | template <typename Offset> class LeastConn : public BalanceSelector<Offset> {
 50 | private:
 51 |   using Offsets = unordered_set<Offset>;
 52 |   using SortedDb = map<size_t, Offsets>;
 53 |   using DbIt = typename SortedDb::iterator;
 54 |   using OffsetIt = typename Offsets::iterator;
 55 |   using ReversedIndex = unordered_map<Offset, DbIt>;
 56 | 
 57 |   static auto initDb(Offset capacity)
 58 |   {
 59 |     auto ret = SortedDb{{0_sz, Offsets{}}};
 60 |     auto& offsets = ret[0_sz];
 61 |     for (Offset i = 0; i < capacity; ++i) offsets.emplace(i);
 62 |     return ret;
 63 |   }
 64 | 
 65 |   static auto initIndex(DbIt first, DbIt last)
 66 |   {
 67 |     auto index = ReversedIndex{};
 68 |     for (auto it = first; it != last; ++it) {
 69 |       transform(cbegin(it->second), cend(it->second), inserter(index, end(index)),
 70 |                 [it](auto offset) { return make_pair(offset, it); });
 71 |     }
 72 |     return index;
 73 |   }
 74 | 
 75 |   auto popOffset(DbIt dbIt, OffsetIt offsetIt)
 76 |   {
 77 |     auto& offsets = dbIt->second;
 78 |     auto ret = *offsetIt;
 79 |     offsets.erase(offsetIt);
 80 |     if (offsets.empty()) db_.erase(dbIt);
 81 |     return ret;
 82 |   }
 83 | 
 84 |   auto insertItem(size_t conn, Offset offset)
 85 |   {
 86 |     auto [dbIt, _] = db_.emplace(conn, Offsets{});
 87 |     dbIt->second.emplace(offset);
 88 |     return dbIt;
 89 |   }
 90 | 
 91 | public:
 92 |   explicit LeastConn(Offset capacity)
 93 |     : db_{initDb(capacity)}, index_{initIndex(begin(db_), end(db_))}
 94 |   {
 95 |   }
 96 | 
 97 |   Offset select() override
 98 |   {
 99 |     assertFalse(db_.empty());
100 |     auto least = begin(db_);
101 |     auto conn = least->first;
102 |     auto offset = popOffset(least, begin(least->second));
103 |     index_[offset] = insertItem(++conn, offset);
104 |     return offset;
105 |   }
106 | 
107 |   void release(Offset offset) override
108 |   {
109 |     auto idxIt = index_.find(offset);
110 |     assertFalse(idxIt == end(index_));
111 |     auto dbIt = idxIt->second;
112 |     auto conn = dbIt->first;
113 |     assertFalse(conn == 0);
114 |     popOffset(dbIt, dbIt->second.find(offset));
115 |     index_[offset] = insertItem(--conn, offset);
116 |   }
117 | 
118 | private:
119 |   SortedDb db_;
120 |   ReversedIndex index_;
121 | };
122 | 
123 | }  // namespace detail
124 | 
125 | Balancer::SelectorPtr Balancer::makeSelector(BalanceType type, EndpointIt first, EndpointIt last)
126 | {
127 |   auto capacity = distance(first, last);
128 |   assertTrue(capacity > 0);
129 |   switch (type) {
130 |   case BalanceType::RANDOM:
131 |     return make_unique<detail::Random<Offset>>(capacity);
132 |   case BalanceType::ROUND_ROBIN:
133 |     return make_unique<detail::RoundRobin<Offset>>(capacity);
134 |   case BalanceType::LEAST_CONN:
135 |     return make_unique<detail::LeastConn<Offset>>(capacity);
136 |   default:
137 |     fail();
138 |   }
139 | }
140 | 
141 | Balancer::Iterator Balancer::select()
142 | {
143 |   auto ret = cbegin(endpoints_);
144 |   advance(ret, selector_->select());
145 |   return ret;
146 | }
147 | 
148 | void Balancer::release(Iterator it)
149 | {
150 |   auto offset = distance(cbegin(endpoints_), it);
151 |   assertTrue(offset >= 0);
152 |   selector_->release(offset);
153 | }
154 | 
155 | }  // namespace pichi::api
156 | 


--------------------------------------------------------------------------------
/include/pichi/net/http.hpp:
--------------------------------------------------------------------------------
  1 | #ifndef PICHI_NET_HTTP_HPP
  2 | #define PICHI_NET_HTTP_HPP
  3 | 
  4 | #include <boost/asio/ip/tcp.hpp>
  5 | #include <boost/beast/core/flat_buffer.hpp>
  6 | #include <boost/beast/http/empty_body.hpp>
  7 | #include <boost/beast/http/parser.hpp>
  8 | #include <functional>
  9 | #include <limits>
 10 | #include <optional>
 11 | #include <pichi/common/adapter.hpp>
 12 | #include <pichi/common/asserts.hpp>
 13 | #include <pichi/common/buffer.hpp>
 14 | #include <pichi/common/endpoint.hpp>
 15 | #include <string_view>
 16 | #include <utility>
 17 | 
 18 | namespace pichi::net {
 19 | 
 20 | namespace detail {
 21 | 
 22 | using Cache = boost::beast::flat_buffer;
 23 | using Body = boost::beast::http::empty_body;
 24 | 
 25 | template <bool isRequest> using Parser = boost::beast::http::parser<isRequest, Body>;
 26 | using RequestParser = Parser<true>;
 27 | using ResponseParser = Parser<false>;
 28 | template <bool isRequest> using Header = boost::beast::http::header<isRequest>;
 29 | template <bool isRequest> using Message = boost::beast::http::message<isRequest, Body>;
 30 | using Request = Message<true>;
 31 | using Response = Message<false>;
 32 | 
 33 | template <typename R, typename... Args> R badInvoking(Args&&...)
 34 | {
 35 |   using namespace std;
 36 |   fail("Bad invocation"sv);
 37 | }
 38 | 
 39 | // FIXME hardcode HTTP header limit to 1M
 40 | inline uint32_t const HEADER_LIMIT = 1024ul * 1024ul;
 41 | 
 42 | }  // namespace detail
 43 | 
 44 | template <typename Stream> class HttpIngress : public Ingress {
 45 | private:
 46 |   using Authenticator = std::optional<std::function<bool(std::string const&, std::string const&)>>;
 47 | 
 48 | public:
 49 |   template <typename... Args>
 50 |   HttpIngress(Authenticator auth, Args&&... args)
 51 |     : stream_{std::forward<Args>(args)...},
 52 |       confirm_{detail::badInvoking<void, Yield>},
 53 |       send_{detail::badInvoking<void, ConstBuffer, Yield>},
 54 |       recv_{detail::badInvoking<size_t, MutableBuffer, Yield>},
 55 |       auth_{std::move(auth)}
 56 |   {
 57 |     reqParser_.header_limit(detail::HEADER_LIMIT);
 58 |     reqParser_.body_limit(std::numeric_limits<uint64_t>::max());
 59 |     respParser_.header_limit(detail::HEADER_LIMIT);
 60 |     respParser_.body_limit(std::numeric_limits<uint64_t>::max());
 61 |   }
 62 | 
 63 |   size_t recv(MutableBuffer, Yield) override;
 64 |   void send(ConstBuffer, Yield) override;
 65 | 
 66 |   void close(Yield) override;
 67 | 
 68 |   bool readable() const override;
 69 |   bool writable() const override;
 70 |   void confirm(Yield yield) override;
 71 |   void disconnect(std::exception_ptr, Yield) override;
 72 |   Endpoint readRemote(Yield) override;
 73 | 
 74 | private:
 75 |   Stream stream_;
 76 |   detail::RequestParser reqParser_;
 77 |   detail::Cache reqCache_;
 78 |   detail::ResponseParser respParser_;
 79 |   detail::Cache respCache_;
 80 |   std::function<void(Yield)> confirm_;
 81 |   std::function<void(ConstBuffer, Yield)> send_;
 82 |   std::function<size_t(MutableBuffer, Yield)> recv_;
 83 |   Authenticator auth_;
 84 | };
 85 | 
 86 | template <typename Stream> class HttpEgress : public Egress {
 87 | private:
 88 |   using Credential = std::pair<std::string, std::string>;
 89 | 
 90 | public:
 91 |   template <typename... Args>
 92 |   HttpEgress(std::optional<Credential> credential, Args&&... args)
 93 |     : stream_{std::forward<Args>(args)...},
 94 |       send_(detail::badInvoking<void, ConstBuffer, Yield>),
 95 |       recv_(detail::badInvoking<size_t, MutableBuffer, Yield>),
 96 |       credential_{std::move(credential)}
 97 |   {
 98 |     reqParser_.header_limit(detail::HEADER_LIMIT);
 99 |     reqParser_.body_limit(std::numeric_limits<uint64_t>::max());
100 |     respParser_.header_limit(detail::HEADER_LIMIT);
101 |     respParser_.body_limit(std::numeric_limits<uint64_t>::max());
102 |   }
103 | 
104 |   ~HttpEgress() override = default;
105 | 
106 |   size_t recv(MutableBuffer, Yield) override;
107 |   void send(ConstBuffer, Yield) override;
108 |   void close(Yield) override;
109 |   bool readable() const override;
110 |   bool writable() const override;
111 |   void connect(Endpoint const&, ResolveResults, Yield) override;
112 | 
113 | private:
114 |   Stream stream_;
115 |   std::function<void(ConstBuffer, Yield)> send_;
116 |   std::function<size_t(MutableBuffer, Yield)> recv_;
117 |   detail::RequestParser reqParser_;
118 |   detail::Cache reqCache_;
119 |   detail::ResponseParser respParser_;
120 |   detail::Cache respCache_;
121 |   std::optional<Credential> credential_;
122 | };
123 | 
124 | }  // namespace pichi::net
125 | 
126 | #endif  // PICHI_NET_HTTP_HPP
127 | 


--------------------------------------------------------------------------------
/cmake/HandleDependencies.cmake:
--------------------------------------------------------------------------------
  1 | macro(_find_all_dependencies search_mode)
  2 |   find_package(Boost 1.77.0 REQUIRED COMPONENTS ${BOOST_COMPONENTS} REQUIRED ${search_mode})
  3 |   find_package(MbedTLS REQUIRED ${search_mode})
  4 |   find_package(libsodium 1.0.12 REQUIRED ${search_mode})
  5 |   find_package(MaxmindDB 1.3.0 REQUIRED ${search_mode})
  6 |   find_package(RapidJSON 1.1.0 REQUIRED EXACT ${search_mode})
  7 |   find_package(Threads REQUIRED)
  8 | 
  9 |   if(TLS_FINGERPRINT)
 10 |     find_package(BoringSSL REQUIRED ${search_mode})
 11 |     find_package(Brotli 1.0.0 REQUIRED ${search_mode})
 12 |     set(SSL_LIB BoringSSL)
 13 |   else()
 14 |     find_package(OpenSSL REQUIRED)
 15 |     set(SSL_LIB OpenSSL)
 16 |   endif()
 17 | endmacro()
 18 | 
 19 | # To find boost
 20 | list(APPEND BOOST_COMPONENTS context system thread)
 21 | 
 22 | if(BUILD_SERVER)
 23 |   list(APPEND BOOST_COMPONENTS filesystem program_options)
 24 | endif()
 25 | 
 26 | if(BUILD_TEST)
 27 |   list(APPEND BOOST_COMPONENTS unit_test_framework)
 28 | endif()
 29 | 
 30 | if(ENABLE_CONAN)
 31 |   _find_all_dependencies(CONFIG)
 32 | else()
 33 |   if(BUILD_SHARED_LIBS)
 34 |     set(Boost_USE_STATIC_LIBS OFF)
 35 |   else()
 36 |     set(Boost_USE_STATIC_LIBS ON)
 37 |   endif()
 38 | 
 39 |   if(UNIX)
 40 |     if(NOT BUILD_SHARED_LIBS)
 41 |       list(PREPEND CMAKE_FIND_LIBRARY_SUFFIXES .a)
 42 |     elseif(APPLE)
 43 |       list(PREPEND CMAKE_FIND_LIBRARY_SUFFIXES .dylib)
 44 |     else()
 45 |       list(PREPEND CMAKE_FIND_LIBRARY_SUFFIXES .so)
 46 |     endif()
 47 |   endif()
 48 | 
 49 |   list(REMOVE_DUPLICATES CMAKE_FIND_LIBRARY_SUFFIXES)
 50 | 
 51 |   _find_all_dependencies("")
 52 | endif()
 53 | 
 54 | if(BUILD_TEST)
 55 |   # TODO Because Boost_USE_STATIC_LIB=OFF doesn't ensure boost libraries are shared ones,
 56 |   # the additional detection is mandatory here to determine
 57 |   # whether BOOST_ALL_DYN_LINK is necessary or not.
 58 |   message(STATUS "Detecting Boost libraries type")
 59 | 
 60 |   if(NOT DEFINED _BOOST_SHARED)
 61 |     try_compile(_BOOST_SHARED
 62 |       ${CMAKE_BINARY_DIR}/cmake ${CMAKE_SOURCE_DIR}/cmake/test/boost-test-type.cpp
 63 |       COMPILE_DEFINITIONS -DBOOST_TEST_DYN_LINK
 64 |       LINK_LIBRARIES Boost::boost Boost::unit_test_framework
 65 |     )
 66 |   endif()
 67 | 
 68 |   if(_BOOST_SHARED)
 69 |     message(STATUS "Detecting Boost libraries type - SHARED")
 70 |     set_target_properties(Boost::unit_test_framework PROPERTIES
 71 |       INTERFACE_COMPILE_DEFINITIONS BOOST_TEST_DYN_LINK)
 72 |   else()
 73 |     message(STATUS "Detecting Boost libraries type - STATIC")
 74 |     set_target_properties(Boost::unit_test_framework PROPERTIES
 75 |       INTERFACE_COMPILE_DEFINITIONS BOOST_TEST_NO_LIB)
 76 |   endif()
 77 | endif()
 78 | 
 79 | if(MSVC)
 80 |   # According to libsodium's manual https://libsodium.gitbook.io/doc/usage,
 81 |   # SODIUM_STATIC=1 & SODIUM_EXPORT are mandatory when MSVC & static linking.
 82 |   message(STATUS "Detecting Sodium libraries type")
 83 | 
 84 |   if(NOT DEFINED _SODIUM_SHARED)
 85 |     try_compile(_SODIUM_SHARED
 86 |       ${CMAKE_BINARY_DIR}/cmake ${CMAKE_SOURCE_DIR}/cmake/test/sodium-type.c
 87 |       LINK_LIBRARIES libsodium::libsodium
 88 |     )
 89 |   endif()
 90 | 
 91 |   if(_SODIUM_SHARED)
 92 |     message(STATUS "Detecting Sodium libraries type - SHARED")
 93 |   else()
 94 |     set_target_properties(libsodium::libsodium PROPERTIES
 95 |       INTERFACE_COMPILE_DEFINITIONS "SODIUM_STATIC=1;SODIUM_EXPORT")
 96 |     message(STATUS "Detecting Sodium libraries type - STATIC")
 97 |   endif()
 98 | endif()
 99 | 
100 | # Patch OpenSSL::Crypto target when building on windows & dynamic linking
101 | if(WIN32 AND NOT BUILD_SHARED_LIBS)
102 |   get_target_property(deps ${SSL_LIB}::Crypto INTERFACE_LINK_LIBRARIES)
103 | 
104 |   if(NOT deps)
105 |     unset(deps)
106 |   endif()
107 | 
108 |   list(APPEND deps crypt32 bcrypt)
109 |   set_target_properties(${SSL_LIB}::Crypto PROPERTIES INTERFACE_LINK_LIBRARIES "${deps}")
110 | endif()
111 | 
112 | if(${Boost_VERSION} VERSION_EQUAL "1.81.0")
113 |   # Boost.Beast 1.81.0 contains an error when BOOST_BEAST_NO_SOURCE_LOCATION enabled
114 |   set_target_properties(Boost::boost PROPERTIES INTERFACE_COMPILE_DEFINITIONS
115 |     "BOOST_ASIO_NO_DEPRECATED;BOOST_ASIO_DISABLE_ERROR_LOCATION"
116 |   )
117 | else()
118 |   set_target_properties(Boost::boost PROPERTIES INTERFACE_COMPILE_DEFINITIONS
119 |     "BOOST_ASIO_NO_DEPRECATED;BOOST_ASIO_DISABLE_ERROR_LOCATION;BOOST_BEAST_NO_SOURCE_LOCATION"
120 |   )
121 | endif()
122 | 
123 | # Setup COMMON_LIBRARIES for later usage
124 | list(APPEND COMMON_LIBRARIES
125 |   Boost::boost Boost::context Boost::system
126 |   MbedTLS::mbedtls libsodium::libsodium maxminddb::maxminddb rapidjson
127 |   Threads::Threads ${CMAKE_DL_LIBS} ${SSL_LIB}::SSL)
128 | 
129 | if(TLS_FINGERPRINT)
130 |   list(APPEND COMMON_LIBRARIES brotli::brotli)
131 | endif()
132 | 


--------------------------------------------------------------------------------
/src/crypto/hash.cpp:
--------------------------------------------------------------------------------
  1 | #include <algorithm>
  2 | #include <array>
  3 | #include <pichi/common/asserts.hpp>
  4 | #include <pichi/common/literals.hpp>
  5 | #include <pichi/crypto/hash.hpp>
  6 | #include <sodium/utils.h>
  7 | #include <string>
  8 | 
  9 | using namespace std;
 10 | 
 11 | namespace pichi::crypto {
 12 | 
 13 | template <HashAlgorithm algorithm> Hash<algorithm>::Hash()
 14 | {
 15 |   Traits::initialize(&ctx_);
 16 |   assertTrue(Traits::start(&ctx_) == 0, PichiError::MISC);
 17 | }
 18 | 
 19 | template <HashAlgorithm algorithm> Hash<algorithm>::~Hash() { Traits::release(&ctx_); }
 20 | 
 21 | template <HashAlgorithm algorithm> Hash<algorithm>::Hash(Hash const& other)
 22 | {
 23 |   Traits::clone(&ctx_, &other.ctx_);
 24 | }
 25 | 
 26 | template <HashAlgorithm algorithm> Hash<algorithm>::Hash(Hash&& other)
 27 | {
 28 |   Traits::clone(&ctx_, &other.ctx_);
 29 | }
 30 | 
 31 | template <HashAlgorithm algorithm> void Hash<algorithm>::append(ConstBuffer src)
 32 | {
 33 |   if (src.size() == 0) return;
 34 |   assertTrue(Traits::update(&ctx_, src.data(), src.size()) == 0, PichiError::MISC);
 35 | }
 36 | 
 37 | template <HashAlgorithm algorithm> size_t Hash<algorithm>::hash(MutableBuffer dst)
 38 | {
 39 |   if (dst.size() < Traits::length) {
 40 |     auto tmp = array<uint8_t, Traits::length>{};
 41 |     assertTrue(Traits::finish(&ctx_, tmp.data()) == 0, PichiError::MISC);
 42 |     copy_n(begin(tmp), dst.size(), begin(dst));
 43 |     return dst.size();
 44 |   }
 45 |   assertTrue(Traits::finish(&ctx_, dst.data()) == 0, PichiError::MISC);
 46 |   return Traits::length;
 47 | }
 48 | 
 49 | template <HashAlgorithm algorithm> size_t Hash<algorithm>::hash(ConstBuffer src, MutableBuffer dst)
 50 | {
 51 |   append(src);
 52 |   return hash(dst);
 53 | }
 54 | 
 55 | template class Hash<HashAlgorithm::MD5>;
 56 | template class Hash<HashAlgorithm::SHA1>;
 57 | template class Hash<HashAlgorithm::SHA224>;
 58 | template class Hash<HashAlgorithm::SHA256>;
 59 | template class Hash<HashAlgorithm::SHA384>;
 60 | template class Hash<HashAlgorithm::SHA512>;
 61 | 
 62 | template <HashAlgorithm algorithm> Hmac<algorithm>::Hmac(ConstBuffer key)
 63 | {
 64 |   auto k = array<uint8_t, Traits::block_size>{0};
 65 |   if (key.size() > Traits::block_size)
 66 |     Hash<algorithm>{}.hash(key, k);
 67 |   else
 68 |     copy_n(begin(key), key.size(), begin(k));
 69 | 
 70 |   auto padding = array<uint8_t, Traits::block_size>{0};
 71 | 
 72 |   transform(begin(k), end(k), begin(padding), [](auto c) -> uint8_t { return c ^ 0x5c; });
 73 |   o_.append(padding);
 74 | 
 75 |   transform(begin(k), end(k), begin(padding), [](auto c) -> uint8_t { return c ^ 0x36; });
 76 |   i_.append(padding);
 77 | }
 78 | 
 79 | template <HashAlgorithm algorithm> void Hmac<algorithm>::append(ConstBuffer src) { i_.append(src); }
 80 | 
 81 | template <HashAlgorithm algorithm> size_t Hmac<algorithm>::hash(MutableBuffer dst)
 82 | {
 83 |   auto tmp = array<uint8_t, Traits::length>{};
 84 |   i_.hash(tmp);
 85 |   return o_.hash(tmp, dst);
 86 | }
 87 | 
 88 | template <HashAlgorithm algorithm> size_t Hmac<algorithm>::hash(ConstBuffer src, MutableBuffer dst)
 89 | {
 90 |   append(src);
 91 |   return hash(dst);
 92 | }
 93 | 
 94 | template class Hmac<HashAlgorithm::MD5>;
 95 | template class Hmac<HashAlgorithm::SHA1>;
 96 | template class Hmac<HashAlgorithm::SHA224>;
 97 | template class Hmac<HashAlgorithm::SHA256>;
 98 | template class Hmac<HashAlgorithm::SHA384>;
 99 | template class Hmac<HashAlgorithm::SHA512>;
100 | 
101 | template <HashAlgorithm algorithm>
102 | void hkdf(MutableBuffer okm, ConstBuffer ikm, ConstBuffer salt, ConstBuffer info)
103 | {
104 |   auto prk = array<uint8_t, HashTraits<algorithm>::length>{0};
105 |   Hmac<algorithm>{salt}.hash(ikm, prk);
106 |   auto n = okm.size() / HashTraits<algorithm>::length;
107 |   if (okm.size() % HashTraits<algorithm>::length != 0) n++;
108 |   assertTrue(n <= 0xff, PichiError::MISC);
109 | 
110 |   auto prev = okm.data();
111 |   auto curr = okm.data();
112 |   for (auto i = 1_sz; i <= n; ++i) {
113 |     auto c = static_cast<uint8_t>(i);
114 |     auto hmac = Hmac<algorithm>{prk};
115 |     hmac.append({prev, static_cast<size_t>(curr - prev)});
116 |     hmac.append(info);
117 |     hmac.append({&c, 1_sz});
118 |     prev = curr;
119 |     curr += hmac.hash({curr, static_cast<size_t>(okm.data() + okm.size() - curr)});
120 |   }
121 | }
122 | 
123 | template void hkdf<HashAlgorithm::MD5>(MutableBuffer, ConstBuffer, ConstBuffer, ConstBuffer);
124 | template void hkdf<HashAlgorithm::SHA1>(MutableBuffer, ConstBuffer, ConstBuffer, ConstBuffer);
125 | template void hkdf<HashAlgorithm::SHA224>(MutableBuffer, ConstBuffer, ConstBuffer, ConstBuffer);
126 | template void hkdf<HashAlgorithm::SHA256>(MutableBuffer, ConstBuffer, ConstBuffer, ConstBuffer);
127 | template void hkdf<HashAlgorithm::SHA384>(MutableBuffer, ConstBuffer, ConstBuffer, ConstBuffer);
128 | template void hkdf<HashAlgorithm::SHA512>(MutableBuffer, ConstBuffer, ConstBuffer, ConstBuffer);
129 | 
130 | string bin2hex(ConstBuffer bin)
131 | {
132 |   auto hex = string(bin.size() * 2 + 1, '\0');
133 |   sodium_bin2hex(hex.data(), hex.size(), bin.data(), bin.size());
134 |   hex.erase(cbegin(hex) + hex.size() - 1);
135 |   return hex;
136 | }
137 | 
138 | }  // namespace pichi::crypto
139 | 


--------------------------------------------------------------------------------