2023-11-03 16:10:11 -04:00
|
|
|
package shadowsocks2022
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/aes"
|
|
|
|
"crypto/cipher"
|
|
|
|
)
|
|
|
|
|
|
|
|
func newAES256GCMMethod() *AES256GCMMethod {
|
|
|
|
return &AES256GCMMethod{}
|
|
|
|
}
|
|
|
|
|
2023-11-18 19:42:20 -05:00
|
|
|
type AES256GCMMethod struct{}
|
2023-11-03 16:10:11 -04:00
|
|
|
|
2023-11-18 19:42:20 -05:00
|
|
|
func (a AES256GCMMethod) GetSessionSubKeyAndSaltLength() int {
|
2023-11-03 16:10:11 -04:00
|
|
|
return 32
|
|
|
|
}
|
|
|
|
|
2023-11-18 19:42:20 -05:00
|
|
|
func (a AES256GCMMethod) GetStreamAEAD(sessionSubKey []byte) (cipher.AEAD, error) {
|
|
|
|
aesCipher, err := aes.NewCipher(sessionSubKey)
|
2023-11-03 16:10:11 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, newError("failed to create AES cipher").Base(err)
|
|
|
|
}
|
|
|
|
aead, err := cipher.NewGCM(aesCipher)
|
|
|
|
if err != nil {
|
|
|
|
return nil, newError("failed to create AES-GCM AEAD").Base(err)
|
|
|
|
}
|
|
|
|
return aead, nil
|
|
|
|
}
|
|
|
|
|
2023-11-18 19:42:20 -05:00
|
|
|
func (a AES256GCMMethod) GenerateEIH(currentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
|
|
|
|
aesCipher, err := aes.NewCipher(currentIdentitySubKey)
|
2023-11-03 16:10:11 -04:00
|
|
|
if err != nil {
|
|
|
|
return newError("failed to create AES cipher").Base(err)
|
|
|
|
}
|
|
|
|
aesCipher.Encrypt(out, nextPskHash)
|
|
|
|
return nil
|
|
|
|
}
|
2023-11-18 18:09:26 -05:00
|
|
|
|
2023-11-18 19:42:20 -05:00
|
|
|
func (a AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
|
2023-11-18 18:09:26 -05:00
|
|
|
reqSeparateHeaderPsk := psk
|
|
|
|
if ipsk != nil {
|
|
|
|
reqSeparateHeaderPsk = ipsk[0]
|
|
|
|
}
|
|
|
|
reqSeparateHeaderCipher, err := aes.NewCipher(reqSeparateHeaderPsk)
|
|
|
|
if err != nil {
|
|
|
|
return nil, newError("failed to create AES cipher").Base(err)
|
|
|
|
}
|
|
|
|
respSeparateHeaderCipher, err := aes.NewCipher(psk)
|
|
|
|
if err != nil {
|
|
|
|
return nil, newError("failed to create AES cipher").Base(err)
|
|
|
|
}
|
|
|
|
getPacketAEAD := func(sessionID []byte) cipher.AEAD {
|
2023-11-18 19:42:20 -05:00
|
|
|
sessionKey := make([]byte, a.GetSessionSubKeyAndSaltLength())
|
2023-11-18 18:09:26 -05:00
|
|
|
derivation.GetSessionSubKey(psk, sessionID, sessionKey)
|
|
|
|
block, err := aes.NewCipher(sessionKey)
|
2023-11-18 19:42:20 -05:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2023-11-18 18:09:26 -05:00
|
|
|
aead, err := cipher.NewGCM(block)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return aead
|
|
|
|
}
|
|
|
|
eihGenerator := newAESEIHGeneratorContainer(len(ipsk), psk, ipsk)
|
|
|
|
getEIH := func(mask []byte) ExtensibleIdentityHeaders {
|
2023-11-18 19:42:20 -05:00
|
|
|
eih, err := eihGenerator.GenerateEIHUDP(derivation, a, mask)
|
2023-11-18 18:09:26 -05:00
|
|
|
if err != nil {
|
|
|
|
newError("failed to generate EIH").Base(err).WriteToLog()
|
|
|
|
}
|
|
|
|
return eih
|
|
|
|
}
|
|
|
|
return NewAESUDPClientPacketProcessor(reqSeparateHeaderCipher, respSeparateHeaderCipher, getPacketAEAD, getEIH), nil
|
|
|
|
}
|