v2fly/proxy/shadowsocks/ota.go

package shadowsocks

import (
	"bytes"
	"crypto/hmac"
	"crypto/sha1"
	"io"

	"v2ray.com/core/common/buf"
	"v2ray.com/core/common/serial"
)

const (
	// AuthSize is the number of extra bytes for Shadowsocks OTA.
	AuthSize = 10
)

type KeyGenerator func() []byte

type Authenticator struct {
	key KeyGenerator
}

func NewAuthenticator(keygen KeyGenerator) *Authenticator {
	return &Authenticator{
		key: keygen,
	}
}

func (v *Authenticator) Authenticate(data []byte) buf.Supplier {
	hasher := hmac.New(sha1.New, v.key())
	hasher.Write(data)
	res := hasher.Sum(nil)
	return func(b []byte) (int, error) {
		return copy(b, res[:AuthSize]), nil
	}
}

func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {
	return func() []byte {
		newKey := make([]byte, 0, len(key)+len(iv))
		newKey = append(newKey, iv...)
		newKey = append(newKey, key...)
		return newKey
	}
}

func ChunkKeyGenerator(iv []byte) func() []byte {
	chunkID := 0
	return func() []byte {
		newKey := make([]byte, 0, len(iv)+4)
		newKey = append(newKey, iv...)
		newKey = serial.IntToBytes(chunkID, newKey)
		chunkID++
		return newKey
	}
}

type ChunkReader struct {
	reader io.Reader
	auth   *Authenticator
}

func NewChunkReader(reader io.Reader, auth *Authenticator) *ChunkReader {
	return &ChunkReader{
		reader: reader,
		auth:   auth,
	}
}

func (v *ChunkReader) Read() (buf.MultiBuffer, error) {
	buffer := buf.New()
	if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, 2)); err != nil {
		buffer.Release()
		return nil, err
	}
	// There is a potential buffer overflow here. Large buffer is 64K bytes,
	// while uin16 + 10 will be more than that
	length := serial.BytesToUint16(buffer.BytesTo(2)) + AuthSize
	if length > buf.Size {
		// Theoretically the size of a chunk is 64K, but most Shadowsocks implementations used <4K buffer.
		buffer.Release()
		buffer = buf.NewLocal(int(length) + 128)
	}

	buffer.Clear()
	if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, int(length))); err != nil {
		buffer.Release()
		return nil, err
	}

	authBytes := buffer.BytesTo(AuthSize)
	payload := buffer.BytesFrom(AuthSize)

	actualAuthBytes := make([]byte, AuthSize)
	v.auth.Authenticate(payload)(actualAuthBytes)
	if !bytes.Equal(authBytes, actualAuthBytes) {
		buffer.Release()
		return nil, newError("invalid auth")
	}
	buffer.SliceFrom(AuthSize)

	return buf.NewMultiBufferValue(buffer), nil
}

type ChunkWriter struct {
	writer io.Writer
	auth   *Authenticator
	buffer []byte
}

func NewChunkWriter(writer io.Writer, auth *Authenticator) *ChunkWriter {
	return &ChunkWriter{
		writer: writer,
		auth:   auth,
		buffer: make([]byte, 32*1024),
	}
}

// Write implements buf.MultiBufferWriter.
func (w *ChunkWriter) Write(mb buf.MultiBuffer) error {
	defer mb.Release()

	for {
		payloadLen, _ := mb.Read(w.buffer[2+AuthSize:])
		serial.Uint16ToBytes(uint16(payloadLen), w.buffer[:0])
		w.auth.Authenticate(w.buffer[2+AuthSize : 2+AuthSize+payloadLen])(w.buffer[2:])
		if _, err := w.writer.Write(w.buffer[:2+AuthSize+payloadLen]); err != nil {
			return err
		}
		if mb.IsEmpty() {
			break
		}
	}
	return nil
}
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`package shadowsocks`

			`import (`
Remove serial.Bytes 2016-05-24 16:09:22 -04:00			`"bytes"`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`"crypto/hmac"`
			`"crypto/sha1"`
refactor shadowsocks 2016-01-29 14:54:06 -05:00			`"io"`
remove use of prepend 2016-12-08 05:21:24 -05:00
rename alloc to buf 2016-12-09 05:35:27 -05:00			`"v2ray.com/core/common/buf"`
unified import path 2016-08-20 14:55:45 -04:00			`"v2ray.com/core/common/serial"`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`)`

			`const (`
comments 2016-12-21 17:07:35 -05:00			`// AuthSize is the number of extra bytes for Shadowsocks OTA.`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`AuthSize = 10`
			`)`

			`type KeyGenerator func() []byte`

			`type Authenticator struct {`
			`key KeyGenerator`
			`}`

			`func NewAuthenticator(keygen KeyGenerator) *Authenticator {`
			`return &Authenticator{`
			`key: keygen,`
			`}`
			`}`

refactor buffer 2016-12-09 06:08:25 -05:00			`func (v *Authenticator) Authenticate(data []byte) buf.Supplier {`
rename 'this' 2016-11-27 15:39:09 -05:00			`hasher := hmac.New(sha1.New, v.key())`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`hasher.Write(data)`
			`res := hasher.Sum(nil)`
refactor buffer 2016-12-09 06:08:25 -05:00			`return func(b []byte) (int, error) {`
			`return copy(b, res[:AuthSize]), nil`
rewrite alloc.buffer 2016-12-06 05:03:42 -05:00			`}`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`}`

			`func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {`
			`return func() []byte {`
			`newKey := make([]byte, 0, len(key)+len(iv))`
			`newKey = append(newKey, iv...)`
Fix shadowsocks OTA issue 2016-02-28 15:00:53 -05:00			`newKey = append(newKey, key...)`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`return newKey`
			`}`
			`}`

			`func ChunkKeyGenerator(iv []byte) func() []byte {`
comments 2016-12-21 17:07:35 -05:00			`chunkID := 0`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`return func() []byte {`
			`newKey := make([]byte, 0, len(iv)+4)`
			`newKey = append(newKey, iv...)`
comments 2016-12-21 17:07:35 -05:00			`newKey = serial.IntToBytes(chunkID, newKey)`
			`chunkID++`
complete implementation of shadowsocks ota 2016-01-29 10:43:45 -05:00			`return newKey`
			`}`
			`}`
refactor shadowsocks 2016-01-29 14:54:06 -05:00
			`type ChunkReader struct {`
			`reader io.Reader`
			`auth *Authenticator`
			`}`

			`func NewChunkReader(reader io.Reader, auth Authenticator) ChunkReader {`
			`return &ChunkReader{`
			`reader: reader,`
			`auth: auth,`
			`}`
			`}`

multi buffer 2017-04-15 15:07:23 -04:00			`func (v *ChunkReader) Read() (buf.MultiBuffer, error) {`
refactor buffer 2016-12-09 06:08:25 -05:00			`buffer := buf.New()`
			`if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, 2)); err != nil {`
chunk stream in vmess 2016-02-01 06:22:29 -05:00			`buffer.Release()`
refactor shadowsocks 2016-01-29 14:54:06 -05:00			`return nil, err`
			`}`
			`// There is a potential buffer overflow here. Large buffer is 64K bytes,`
			`// while uin16 + 10 will be more than that`
refine buffer usage 2016-12-05 09:19:14 -05:00			`length := serial.BytesToUint16(buffer.BytesTo(2)) + AuthSize`
refactor buffer 2016-12-09 06:08:25 -05:00			`if length > buf.Size {`
fix shadowsocks ota 2016-11-19 04:57:00 -05:00			`// Theoretically the size of a chunk is 64K, but most Shadowsocks implementations used <4K buffer.`
			`buffer.Release()`
refactor buffer 2016-12-09 06:08:25 -05:00			`buffer = buf.NewLocal(int(length) + 128)`
fix shadowsocks ota 2016-11-19 04:57:00 -05:00			`}`
FillFullFrom 2016-12-05 11:05:47 -05:00
			`buffer.Clear()`
refactor buffer 2016-12-09 06:08:25 -05:00			`if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, int(length))); err != nil {`
chunk stream in vmess 2016-02-01 06:22:29 -05:00			`buffer.Release()`
refactor shadowsocks 2016-01-29 14:54:06 -05:00			`return nil, err`
			`}`

refine buffer usage 2016-12-05 09:19:14 -05:00			`authBytes := buffer.BytesTo(AuthSize)`
			`payload := buffer.BytesFrom(AuthSize)`
refactor shadowsocks 2016-01-29 14:54:06 -05:00
rewrite alloc.buffer 2016-12-06 05:03:42 -05:00			`actualAuthBytes := make([]byte, AuthSize)`
			`v.auth.Authenticate(payload)(actualAuthBytes)`
Remove serial.Bytes 2016-05-24 16:09:22 -04:00			`if !bytes.Equal(authBytes, actualAuthBytes) {`
chunk stream in vmess 2016-02-01 06:22:29 -05:00			`buffer.Release()`
refactor error messages 2017-04-08 19:43:25 -04:00			`return nil, newError("invalid auth")`
refactor shadowsocks 2016-01-29 14:54:06 -05:00			`}`
fix an offset issue in OTA 2016-07-13 05:38:14 -04:00			`buffer.SliceFrom(AuthSize)`
refactor shadowsocks 2016-01-29 14:54:06 -05:00
simplify code 2017-04-16 07:17:35 -04:00			`return buf.NewMultiBufferValue(buffer), nil`
refactor shadowsocks 2016-01-29 14:54:06 -05:00			`}`
chunk writer 2016-10-20 18:33:23 -04:00
			`type ChunkWriter struct {`
			`writer io.Writer`
			`auth *Authenticator`
remove use of prepend 2016-12-08 05:21:24 -05:00			`buffer []byte`
chunk writer 2016-10-20 18:33:23 -04:00			`}`

			`func NewChunkWriter(writer io.Writer, auth Authenticator) ChunkWriter {`
			`return &ChunkWriter{`
			`writer: writer,`
			`auth: auth,`
remove use of prepend 2016-12-08 05:21:24 -05:00			`buffer: make([]byte, 32*1024),`
chunk writer 2016-10-20 18:33:23 -04:00			`}`
			`}`

comments 2017-04-21 09:36:05 -04:00			`// Write implements buf.MultiBufferWriter.`
multi buffer 2017-04-15 15:07:23 -04:00			`func (w *ChunkWriter) Write(mb buf.MultiBuffer) error {`
			`defer mb.Release()`

optimize ota writer 2017-04-15 15:49:18 -04:00			`for {`
bug fixes 2017-04-19 15:27:21 -04:00			`payloadLen, _ := mb.Read(w.buffer[2+AuthSize:])`
optimize ota writer 2017-04-15 15:49:18 -04:00			`serial.Uint16ToBytes(uint16(payloadLen), w.buffer[:0])`
			`w.auth.Authenticate(w.buffer[2+AuthSize : 2+AuthSize+payloadLen])(w.buffer[2:])`
			`if _, err := w.writer.Write(w.buffer[:2+AuthSize+payloadLen]); err != nil {`
			`return err`
			`}`
			`if mb.IsEmpty() {`
			`break`
			`}`
multi buffer 2017-04-15 15:07:23 -04:00			`}`
			`return nil`
			`}`