2016-01-29 10:43:45 -05:00
|
|
|
package shadowsocks
|
|
|
|
|
|
|
|
import (
|
2016-05-24 16:09:22 -04:00
|
|
|
"bytes"
|
2016-01-29 10:43:45 -05:00
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/sha1"
|
2016-01-29 14:54:06 -05:00
|
|
|
"io"
|
2016-12-08 05:21:24 -05:00
|
|
|
|
2016-12-09 05:35:27 -05:00
|
|
|
"v2ray.com/core/common/buf"
|
2016-12-04 03:10:47 -05:00
|
|
|
"v2ray.com/core/common/errors"
|
2016-08-20 14:55:45 -04:00
|
|
|
"v2ray.com/core/common/serial"
|
2016-01-29 10:43:45 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
AuthSize = 10
|
|
|
|
)
|
|
|
|
|
|
|
|
type KeyGenerator func() []byte
|
|
|
|
|
|
|
|
type Authenticator struct {
|
|
|
|
key KeyGenerator
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewAuthenticator(keygen KeyGenerator) *Authenticator {
|
|
|
|
return &Authenticator{
|
|
|
|
key: keygen,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-12-09 06:08:25 -05:00
|
|
|
func (v *Authenticator) Authenticate(data []byte) buf.Supplier {
|
2016-11-27 15:39:09 -05:00
|
|
|
hasher := hmac.New(sha1.New, v.key())
|
2016-01-29 10:43:45 -05:00
|
|
|
hasher.Write(data)
|
|
|
|
res := hasher.Sum(nil)
|
2016-12-09 06:08:25 -05:00
|
|
|
return func(b []byte) (int, error) {
|
|
|
|
return copy(b, res[:AuthSize]), nil
|
2016-12-06 05:03:42 -05:00
|
|
|
}
|
2016-01-29 10:43:45 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {
|
|
|
|
return func() []byte {
|
|
|
|
newKey := make([]byte, 0, len(key)+len(iv))
|
|
|
|
newKey = append(newKey, iv...)
|
2016-02-28 15:00:53 -05:00
|
|
|
newKey = append(newKey, key...)
|
2016-01-29 10:43:45 -05:00
|
|
|
return newKey
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func ChunkKeyGenerator(iv []byte) func() []byte {
|
|
|
|
chunkId := 0
|
|
|
|
return func() []byte {
|
|
|
|
newKey := make([]byte, 0, len(iv)+4)
|
|
|
|
newKey = append(newKey, iv...)
|
2016-07-04 03:47:14 -04:00
|
|
|
newKey = serial.IntToBytes(chunkId, newKey)
|
2016-01-29 10:43:45 -05:00
|
|
|
chunkId++
|
|
|
|
return newKey
|
|
|
|
}
|
|
|
|
}
|
2016-01-29 14:54:06 -05:00
|
|
|
|
|
|
|
type ChunkReader struct {
|
|
|
|
reader io.Reader
|
|
|
|
auth *Authenticator
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewChunkReader(reader io.Reader, auth *Authenticator) *ChunkReader {
|
|
|
|
return &ChunkReader{
|
|
|
|
reader: reader,
|
|
|
|
auth: auth,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *ChunkReader) Release() {
|
|
|
|
v.reader = nil
|
|
|
|
v.auth = nil
|
2016-04-12 15:43:13 -04:00
|
|
|
}
|
|
|
|
|
2016-12-09 05:35:27 -05:00
|
|
|
func (v *ChunkReader) Read() (*buf.Buffer, error) {
|
2016-12-09 06:08:25 -05:00
|
|
|
buffer := buf.New()
|
|
|
|
if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, 2)); err != nil {
|
2016-02-01 06:22:29 -05:00
|
|
|
buffer.Release()
|
2016-01-29 14:54:06 -05:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
// There is a potential buffer overflow here. Large buffer is 64K bytes,
|
|
|
|
// while uin16 + 10 will be more than that
|
2016-12-05 09:19:14 -05:00
|
|
|
length := serial.BytesToUint16(buffer.BytesTo(2)) + AuthSize
|
2016-12-09 06:08:25 -05:00
|
|
|
if length > buf.Size {
|
2016-11-19 04:57:00 -05:00
|
|
|
// Theoretically the size of a chunk is 64K, but most Shadowsocks implementations used <4K buffer.
|
|
|
|
buffer.Release()
|
2016-12-09 06:08:25 -05:00
|
|
|
buffer = buf.NewLocal(int(length) + 128)
|
2016-11-19 04:57:00 -05:00
|
|
|
}
|
2016-12-05 11:05:47 -05:00
|
|
|
|
|
|
|
buffer.Clear()
|
2016-12-09 06:08:25 -05:00
|
|
|
if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, int(length))); err != nil {
|
2016-02-01 06:22:29 -05:00
|
|
|
buffer.Release()
|
2016-01-29 14:54:06 -05:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-12-05 09:19:14 -05:00
|
|
|
authBytes := buffer.BytesTo(AuthSize)
|
|
|
|
payload := buffer.BytesFrom(AuthSize)
|
2016-01-29 14:54:06 -05:00
|
|
|
|
2016-12-06 05:03:42 -05:00
|
|
|
actualAuthBytes := make([]byte, AuthSize)
|
|
|
|
v.auth.Authenticate(payload)(actualAuthBytes)
|
2016-05-24 16:09:22 -04:00
|
|
|
if !bytes.Equal(authBytes, actualAuthBytes) {
|
2016-02-01 06:22:29 -05:00
|
|
|
buffer.Release()
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("Shadowsocks|AuthenticationReader: Invalid auth.")
|
2016-01-29 14:54:06 -05:00
|
|
|
}
|
2016-07-13 05:38:14 -04:00
|
|
|
buffer.SliceFrom(AuthSize)
|
2016-01-29 14:54:06 -05:00
|
|
|
|
|
|
|
return buffer, nil
|
|
|
|
}
|
2016-10-20 18:33:23 -04:00
|
|
|
|
|
|
|
type ChunkWriter struct {
|
|
|
|
writer io.Writer
|
|
|
|
auth *Authenticator
|
2016-12-08 05:21:24 -05:00
|
|
|
buffer []byte
|
2016-10-20 18:33:23 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewChunkWriter(writer io.Writer, auth *Authenticator) *ChunkWriter {
|
|
|
|
return &ChunkWriter{
|
|
|
|
writer: writer,
|
|
|
|
auth: auth,
|
2016-12-08 05:21:24 -05:00
|
|
|
buffer: make([]byte, 32*1024),
|
2016-10-20 18:33:23 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *ChunkWriter) Release() {
|
|
|
|
v.writer = nil
|
|
|
|
v.auth = nil
|
2016-10-20 18:33:23 -04:00
|
|
|
}
|
|
|
|
|
2016-12-09 05:35:27 -05:00
|
|
|
func (v *ChunkWriter) Write(payload *buf.Buffer) error {
|
2016-10-20 18:33:23 -04:00
|
|
|
totalLength := payload.Len()
|
2016-12-08 05:21:24 -05:00
|
|
|
serial.Uint16ToBytes(uint16(totalLength), v.buffer[:0])
|
|
|
|
v.auth.Authenticate(payload.Bytes())(v.buffer[2:])
|
|
|
|
copy(v.buffer[2+AuthSize:], payload.Bytes())
|
|
|
|
_, err := v.writer.Write(v.buffer[:2+AuthSize+payload.Len()])
|
2016-10-31 10:24:28 -04:00
|
|
|
return err
|
2016-10-20 18:33:23 -04:00
|
|
|
}
|