1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-22 10:08:15 -05:00
v2fly/proxy/shadowsocks/protocol.go

379 lines
11 KiB
Go
Raw Normal View History

2016-01-28 06:33:58 -05:00
package shadowsocks
import (
2016-05-24 16:09:22 -04:00
"bytes"
2016-10-31 10:24:28 -04:00
"crypto/rand"
2016-01-28 06:33:58 -05:00
"io"
2016-12-09 06:08:25 -05:00
"v2ray.com/core/common"
2017-10-21 15:04:24 -04:00
"v2ray.com/core/common/bitmask"
2016-12-09 05:35:27 -05:00
"v2ray.com/core/common/buf"
"v2ray.com/core/common/net"
2016-10-31 10:24:28 -04:00
"v2ray.com/core/common/protocol"
2017-12-03 18:55:34 -05:00
"v2ray.com/core/proxy/socks"
2016-01-28 06:33:58 -05:00
)
const (
2017-10-21 15:04:24 -04:00
Version = 1
RequestOptionOneTimeAuth bitmask.Byte = 0x01
2016-10-31 10:24:28 -04:00
2016-01-28 06:33:58 -05:00
AddrTypeIPv4 = 1
AddrTypeIPv6 = 4
AddrTypeDomain = 3
)
2017-12-14 09:02:36 -05:00
// ReadTCPSession reads a Shadowsocks TCP session from the given reader, returns its header and remaining parts.
2016-12-09 07:17:34 -05:00
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) {
2016-10-31 10:24:28 -04:00
rawAccount, err := user.GetTypedAccount()
if err != nil {
2017-04-23 14:41:45 -04:00
return nil, nil, newError("failed to parse account").Base(err).AtError()
2016-05-01 11:18:02 -04:00
}
2017-11-29 16:57:18 -05:00
account := rawAccount.(*MemoryAccount)
2016-05-01 11:18:02 -04:00
2016-12-09 06:08:25 -05:00
buffer := buf.NewLocal(512)
2016-01-28 06:33:58 -05:00
defer buffer.Release()
2016-10-31 10:24:28 -04:00
ivLen := account.Cipher.IVSize()
2017-11-29 16:19:04 -05:00
var iv []byte
if ivLen > 0 {
if err := buffer.AppendSupplier(buf.ReadFullFrom(reader, ivLen)); err != nil {
return nil, nil, newError("failed to read IV").Base(err)
}
2016-01-28 06:33:58 -05:00
2017-11-29 16:19:04 -05:00
iv = append([]byte(nil), buffer.BytesTo(ivLen)...)
}
2016-10-31 10:24:28 -04:00
2017-11-25 18:51:54 -05:00
r, err := account.Cipher.NewDecryptionReader(account.Key, iv, reader)
2016-10-31 10:24:28 -04:00
if err != nil {
2017-04-26 18:09:01 -04:00
return nil, nil, newError("failed to initialize decoding stream").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2017-11-26 10:56:01 -05:00
br := buf.NewBufferedReader(r)
reader = nil
2016-10-31 10:24:28 -04:00
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandTCP,
}
2017-11-26 10:56:01 -05:00
if err := buffer.Reset(buf.ReadFullFrom(br, 1)); err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("failed to read address type").Base(err)
2016-10-31 10:24:28 -04:00
}
2016-01-28 06:33:58 -05:00
2017-11-25 19:02:10 -05:00
if !account.Cipher.IsAEAD() {
if (buffer.Byte(0) & 0x10) == 0x10 {
request.Option.Set(RequestOptionOneTimeAuth)
}
2016-10-31 10:24:28 -04:00
2017-11-25 19:02:10 -05:00
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, newError("rejecting connection with OTA enabled, while server disables OTA")
}
2017-11-25 19:02:10 -05:00
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, newError("rejecting connection with OTA disabled, while server enables OTA")
}
}
2017-11-25 19:02:10 -05:00
addrType := (buffer.Byte(0) & 0x0F)
2016-01-28 06:33:58 -05:00
switch addrType {
case AddrTypeIPv4:
2017-11-26 10:56:01 -05:00
if err := buffer.AppendSupplier(buf.ReadFullFrom(br, 4)); err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("failed to read IPv4 address").Base(err)
2016-01-28 06:33:58 -05:00
}
request.Address = net.IPAddress(buffer.BytesFrom(-4))
2016-01-28 06:33:58 -05:00
case AddrTypeIPv6:
2017-11-26 10:56:01 -05:00
if err := buffer.AppendSupplier(buf.ReadFullFrom(br, 16)); err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("failed to read IPv6 address").Base(err)
2016-01-28 06:33:58 -05:00
}
request.Address = net.IPAddress(buffer.BytesFrom(-16))
2016-01-28 06:33:58 -05:00
case AddrTypeDomain:
2017-11-26 10:56:01 -05:00
if err := buffer.AppendSupplier(buf.ReadFullFrom(br, 1)); err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("failed to read domain lenth.").Base(err)
2016-01-28 06:33:58 -05:00
}
2016-12-05 11:05:47 -05:00
domainLength := int(buffer.BytesFrom(-1)[0])
2017-11-26 10:56:01 -05:00
err = buffer.AppendSupplier(buf.ReadFullFrom(br, domainLength))
2016-01-28 06:33:58 -05:00
if err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("failed to read domain").Base(err)
2016-01-28 06:33:58 -05:00
}
request.Address = net.DomainAddress(string(buffer.BytesFrom(-domainLength)))
2016-01-28 06:33:58 -05:00
default:
2016-12-13 03:17:39 -05:00
// Check address validity after OTA verification.
2016-01-28 06:33:58 -05:00
}
2017-11-26 10:56:01 -05:00
err = buffer.AppendSupplier(buf.ReadFullFrom(br, 2))
2016-01-28 06:33:58 -05:00
if err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("failed to read port").Base(err)
2016-01-28 06:33:58 -05:00
}
request.Port = net.PortFromBytes(buffer.BytesFrom(-2))
2016-10-31 10:24:28 -04:00
if request.Option.Has(RequestOptionOneTimeAuth) {
2016-12-06 05:03:42 -05:00
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(buffer.Bytes())(actualAuth)
2016-12-05 11:05:47 -05:00
2017-11-26 10:56:01 -05:00
err := buffer.AppendSupplier(buf.ReadFullFrom(br, AuthSize))
if err != nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("Failed to read OTA").Base(err)
2016-01-29 15:55:42 -05:00
}
2016-10-31 10:24:28 -04:00
2016-12-05 11:05:47 -05:00
if !bytes.Equal(actualAuth, buffer.BytesFrom(-AuthSize)) {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("invalid OTA")
}
2016-10-31 10:24:28 -04:00
}
2016-12-13 03:17:39 -05:00
if request.Address == nil {
2017-04-08 19:43:25 -04:00
return nil, nil, newError("invalid remote address.")
2016-12-13 03:17:39 -05:00
}
2017-11-26 10:56:01 -05:00
br.SetBuffered(false)
2016-12-09 07:17:34 -05:00
var chunkReader buf.Reader
2016-10-31 10:24:28 -04:00
if request.Option.Has(RequestOptionOneTimeAuth) {
2017-11-26 10:56:01 -05:00
chunkReader = NewChunkReader(br, NewAuthenticator(ChunkKeyGenerator(iv)))
2016-01-29 15:55:42 -05:00
} else {
2017-11-26 10:56:01 -05:00
chunkReader = buf.NewReader(br)
2016-10-31 10:24:28 -04:00
}
return request, chunkReader, nil
}
2017-12-14 09:02:36 -05:00
// WriteTCPRequest writes Shadowsocks request into the given writer, and returns a writer for body.
2016-12-09 07:17:34 -05:00
func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
2016-10-31 10:24:28 -04:00
user := request.User
rawAccount, err := user.GetTypedAccount()
if err != nil {
2017-04-23 14:41:45 -04:00
return nil, newError("failed to parse account").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2017-11-29 16:57:18 -05:00
account := rawAccount.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-11-25 18:58:57 -05:00
if account.Cipher.IsAEAD() {
request.Option.Clear(RequestOptionOneTimeAuth)
}
2017-11-29 16:19:04 -05:00
var iv []byte
if account.Cipher.IVSize() > 0 {
iv = make([]byte, account.Cipher.IVSize())
common.Must2(rand.Read(iv))
_, err = writer.Write(iv)
if err != nil {
return nil, newError("failed to write IV")
}
2016-10-31 10:24:28 -04:00
}
2017-11-25 18:51:54 -05:00
w, err := account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
2016-10-31 10:24:28 -04:00
if err != nil {
2017-04-26 18:09:01 -04:00
return nil, newError("failed to create encoding stream").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2016-12-09 06:08:25 -05:00
header := buf.NewLocal(512)
2016-10-31 10:24:28 -04:00
2017-12-03 18:55:34 -05:00
if err := socks.AppendAddress(header, request.Address, request.Port); err != nil {
return nil, newError("failed to write address").Base(err)
2016-10-31 10:24:28 -04:00
}
if request.Option.Has(RequestOptionOneTimeAuth) {
2016-12-06 05:31:19 -05:00
header.SetByte(0, header.Byte(0)|0x10)
2016-10-31 10:24:28 -04:00
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
common.Must(header.AppendSupplier(authenticator.Authenticate(header.Bytes())))
2016-10-31 10:24:28 -04:00
}
2017-11-26 10:56:01 -05:00
if err := w.WriteMultiBuffer(buf.NewMultiBufferValue(header)); err != nil {
2017-04-09 07:30:46 -04:00
return nil, newError("failed to write header").Base(err)
2016-10-31 10:24:28 -04:00
}
2016-12-09 07:17:34 -05:00
var chunkWriter buf.Writer
2016-10-31 10:24:28 -04:00
if request.Option.Has(RequestOptionOneTimeAuth) {
2017-11-26 10:56:01 -05:00
chunkWriter = NewChunkWriter(w.(io.Writer), NewAuthenticator(ChunkKeyGenerator(iv)))
2016-10-31 10:24:28 -04:00
} else {
2017-11-26 10:56:01 -05:00
chunkWriter = w
2016-10-31 10:24:28 -04:00
}
return chunkWriter, nil
}
2016-12-09 07:17:34 -05:00
func ReadTCPResponse(user *protocol.User, reader io.Reader) (buf.Reader, error) {
2016-10-31 10:24:28 -04:00
rawAccount, err := user.GetTypedAccount()
if err != nil {
2017-04-09 07:30:46 -04:00
return nil, newError("failed to parse account").Base(err).AtError()
2016-01-29 15:55:42 -05:00
}
2017-11-29 16:57:18 -05:00
account := rawAccount.(*MemoryAccount)
2017-11-29 16:19:04 -05:00
var iv []byte
if account.Cipher.IVSize() > 0 {
iv = make([]byte, account.Cipher.IVSize())
_, err = io.ReadFull(reader, iv)
if err != nil {
return nil, newError("failed to read IV").Base(err)
}
2016-10-31 10:24:28 -04:00
}
2017-11-25 18:51:54 -05:00
return account.Cipher.NewDecryptionReader(account.Key, iv, reader)
2016-10-31 10:24:28 -04:00
}
2016-12-09 07:17:34 -05:00
func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
2016-10-31 10:24:28 -04:00
user := request.User
rawAccount, err := user.GetTypedAccount()
if err != nil {
2017-04-09 07:30:46 -04:00
return nil, newError("failed to parse account.").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2017-11-29 16:57:18 -05:00
account := rawAccount.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-11-29 16:19:04 -05:00
var iv []byte
if account.Cipher.IVSize() > 0 {
iv = make([]byte, account.Cipher.IVSize())
common.Must2(rand.Read(iv))
_, err = writer.Write(iv)
if err != nil {
return nil, newError("failed to write IV.").Base(err)
}
2016-10-31 10:24:28 -04:00
}
2017-11-25 18:51:54 -05:00
return account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
2016-10-31 10:24:28 -04:00
}
2017-04-21 08:51:09 -04:00
func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buffer, error) {
2016-10-31 10:24:28 -04:00
user := request.User
rawAccount, err := user.GetTypedAccount()
if err != nil {
2017-04-09 07:30:46 -04:00
return nil, newError("failed to parse account.").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2017-11-29 16:57:18 -05:00
account := rawAccount.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-04-15 15:19:21 -04:00
buffer := buf.New()
2016-10-31 10:24:28 -04:00
ivLen := account.Cipher.IVSize()
2017-11-29 16:19:04 -05:00
if ivLen > 0 {
common.Must(buffer.Reset(buf.ReadFullFrom(rand.Reader, ivLen)))
}
2016-12-06 05:03:42 -05:00
iv := buffer.Bytes()
2016-10-31 10:24:28 -04:00
2017-12-03 18:55:34 -05:00
if err := socks.AppendAddress(buffer, request.Address, request.Port); err != nil {
return nil, newError("failed to write address").Base(err)
2016-10-31 10:24:28 -04:00
}
2017-11-26 15:51:30 -05:00
buffer.Append(payload)
2016-10-31 10:24:28 -04:00
2017-11-26 08:18:23 -05:00
if !account.Cipher.IsAEAD() && request.Option.Has(RequestOptionOneTimeAuth) {
2016-10-31 10:24:28 -04:00
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
2017-11-26 15:51:30 -05:00
buffer.SetByte(ivLen, buffer.Byte(ivLen)|0x10)
2016-10-31 10:24:28 -04:00
2017-11-26 15:51:30 -05:00
common.Must(buffer.AppendSupplier(authenticator.Authenticate(buffer.BytesFrom(ivLen))))
2016-10-31 10:24:28 -04:00
}
2017-11-26 15:51:30 -05:00
if err := account.Cipher.EncodePacket(account.Key, buffer); err != nil {
return nil, newError("failed to encrypt UDP payload").Base(err)
2017-11-25 18:51:54 -05:00
}
2016-10-31 10:24:28 -04:00
return buffer, nil
}
2016-12-09 05:35:27 -05:00
func DecodeUDPPacket(user *protocol.User, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) {
2016-10-31 10:24:28 -04:00
rawAccount, err := user.GetTypedAccount()
if err != nil {
2017-04-09 07:30:46 -04:00
return nil, nil, newError("failed to parse account").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2017-11-29 16:57:18 -05:00
account := rawAccount.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-11-27 04:42:51 -05:00
var iv []byte
2017-11-29 16:19:04 -05:00
if !account.Cipher.IsAEAD() && account.Cipher.IVSize() > 0 {
2017-11-27 04:42:51 -05:00
// Keep track of IV as it gets removed from payload in DecodePacket.
iv = make([]byte, account.Cipher.IVSize())
copy(iv, payload.BytesTo(account.Cipher.IVSize()))
2016-10-31 10:24:28 -04:00
}
2017-11-26 15:51:30 -05:00
if err := account.Cipher.DecodePacket(account.Key, payload); err != nil {
return nil, nil, newError("failed to decrypt UDP payload").Base(err)
2017-11-25 18:51:54 -05:00
}
2016-10-31 10:24:28 -04:00
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandUDP,
}
2017-11-26 08:18:23 -05:00
if !account.Cipher.IsAEAD() {
if (payload.Byte(0) & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
2016-10-31 10:24:28 -04:00
2017-11-26 08:18:23 -05:00
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, newError("rejecting packet with OTA enabled, while server disables OTA").AtWarning()
}
2017-11-26 08:18:23 -05:00
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, newError("rejecting packet with OTA disabled, while server enables OTA").AtWarning()
}
2017-11-26 08:18:23 -05:00
if request.Option.Has(RequestOptionOneTimeAuth) {
payloadLen := payload.Len() - AuthSize
authBytes := payload.BytesFrom(payloadLen)
2016-10-31 10:24:28 -04:00
2017-11-29 17:08:02 -05:00
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
2017-11-26 08:18:23 -05:00
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(payload.BytesTo(payloadLen))(actualAuth)
if !bytes.Equal(actualAuth, authBytes) {
return nil, nil, newError("invalid OTA")
}
2016-10-31 10:24:28 -04:00
2017-11-26 08:18:23 -05:00
payload.Slice(0, payloadLen)
}
2016-10-31 10:24:28 -04:00
}
2017-11-26 08:18:23 -05:00
addrType := (payload.Byte(0) & 0x0F)
2016-10-31 10:24:28 -04:00
payload.SliceFrom(1)
switch addrType {
case AddrTypeIPv4:
request.Address = net.IPAddress(payload.BytesTo(4))
2016-10-31 10:24:28 -04:00
payload.SliceFrom(4)
case AddrTypeIPv6:
request.Address = net.IPAddress(payload.BytesTo(16))
2016-10-31 10:24:28 -04:00
payload.SliceFrom(16)
case AddrTypeDomain:
2016-12-06 05:03:42 -05:00
domainLength := int(payload.Byte(0))
request.Address = net.DomainAddress(string(payload.BytesRange(1, 1+domainLength)))
2016-10-31 10:24:28 -04:00
payload.SliceFrom(1 + domainLength)
default:
2017-04-26 18:09:01 -04:00
return nil, nil, newError("unknown address type: ", addrType).AtError()
}
request.Port = net.PortFromBytes(payload.BytesTo(2))
2016-10-31 10:24:28 -04:00
payload.SliceFrom(2)
return request, payload, nil
2016-01-28 06:33:58 -05:00
}
2016-10-31 11:35:18 -04:00
type UDPReader struct {
Reader io.Reader
User *protocol.User
}
2017-11-09 16:33:15 -05:00
func (v *UDPReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
2017-04-15 15:19:21 -04:00
buffer := buf.New()
2016-12-09 06:08:25 -05:00
err := buffer.AppendSupplier(buf.ReadFrom(v.Reader))
2016-10-31 11:35:18 -04:00
if err != nil {
buffer.Release()
return nil, err
}
2016-11-27 15:39:09 -05:00
_, payload, err := DecodeUDPPacket(v.User, buffer)
2016-10-31 11:35:18 -04:00
if err != nil {
buffer.Release()
return nil, err
}
2017-04-16 07:17:35 -04:00
return buf.NewMultiBufferValue(payload), nil
2016-10-31 11:35:18 -04:00
}
type UDPWriter struct {
Writer io.Writer
Request *protocol.RequestHeader
}
2017-04-21 09:36:05 -04:00
// Write implements io.Writer.
2017-04-21 08:51:09 -04:00
func (w *UDPWriter) Write(payload []byte) (int, error) {
packet, err := EncodeUDPPacket(w.Request, payload)
2016-10-31 11:35:18 -04:00
if err != nil {
2017-04-21 08:51:09 -04:00
return 0, err
2016-10-31 11:35:18 -04:00
}
2017-04-21 08:51:09 -04:00
_, err = w.Writer.Write(packet.Bytes())
packet.Release()
return len(payload), err
2016-10-31 11:35:18 -04:00
}