2016-07-23 07:17:51 -04:00
|
|
|
package encoding
|
2016-02-26 18:05:53 -05:00
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/md5"
|
2016-11-19 08:38:13 -05:00
|
|
|
"errors"
|
2016-02-26 18:05:53 -05:00
|
|
|
"hash/fnv"
|
|
|
|
"io"
|
2016-08-20 14:55:45 -04:00
|
|
|
"v2ray.com/core/common/crypto"
|
|
|
|
"v2ray.com/core/common/log"
|
|
|
|
v2net "v2ray.com/core/common/net"
|
|
|
|
"v2ray.com/core/common/protocol"
|
|
|
|
"v2ray.com/core/common/serial"
|
|
|
|
"v2ray.com/core/proxy/vmess"
|
2016-02-26 18:05:53 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
type ServerSession struct {
|
|
|
|
userValidator protocol.UserValidator
|
|
|
|
requestBodyKey []byte
|
|
|
|
requestBodyIV []byte
|
|
|
|
responseBodyKey []byte
|
|
|
|
responseBodyIV []byte
|
|
|
|
responseHeader byte
|
|
|
|
responseWriter io.Writer
|
|
|
|
}
|
|
|
|
|
2016-04-28 16:31:33 -04:00
|
|
|
// NewServerSession creates a new ServerSession, using the given UserValidator.
|
|
|
|
// The ServerSession instance doesn't take ownership of the validator.
|
2016-02-27 11:28:21 -05:00
|
|
|
func NewServerSession(validator protocol.UserValidator) *ServerSession {
|
|
|
|
return &ServerSession{
|
|
|
|
userValidator: validator,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-28 16:31:33 -04:00
|
|
|
// Release implements common.Releaseable.
|
2016-04-25 12:39:30 -04:00
|
|
|
func (this *ServerSession) Release() {
|
|
|
|
this.userValidator = nil
|
|
|
|
this.requestBodyIV = nil
|
|
|
|
this.requestBodyKey = nil
|
|
|
|
this.responseBodyIV = nil
|
|
|
|
this.responseBodyKey = nil
|
|
|
|
this.responseWriter = nil
|
|
|
|
}
|
|
|
|
|
2016-02-26 18:05:53 -05:00
|
|
|
func (this *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
|
2016-07-16 06:11:45 -04:00
|
|
|
buffer := make([]byte, 512)
|
2016-02-26 18:05:53 -05:00
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
_, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen])
|
2016-02-26 18:05:53 -05:00
|
|
|
if err != nil {
|
2016-05-30 18:21:41 -04:00
|
|
|
log.Info("Raw: Failed to read request header: ", err)
|
|
|
|
return nil, io.EOF
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
user, timestamp, valid := this.userValidator.Get(buffer[:protocol.IDBytesLen])
|
2016-02-26 18:05:53 -05:00
|
|
|
if !valid {
|
2016-06-27 02:53:35 -04:00
|
|
|
return nil, protocol.ErrInvalidUser
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
timestampHash := md5.New()
|
|
|
|
timestampHash.Write(hashTimestamp(timestamp))
|
|
|
|
iv := timestampHash.Sum(nil)
|
2016-10-16 08:22:21 -04:00
|
|
|
account, err := user.GetTypedAccount()
|
2016-09-17 18:41:21 -04:00
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Failed to get user account: " + err.Error())
|
2016-09-17 18:41:21 -04:00
|
|
|
}
|
2016-10-16 08:22:21 -04:00
|
|
|
|
2016-10-12 12:43:55 -04:00
|
|
|
aesStream := crypto.NewAesDecryptionStream(account.(*vmess.InternalAccount).ID.CmdKey(), iv)
|
2016-02-26 18:05:53 -05:00
|
|
|
decryptor := crypto.NewCryptionReader(aesStream, reader)
|
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
nBytes, err := io.ReadFull(decryptor, buffer[:41])
|
2016-02-26 18:05:53 -05:00
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Failed to read request header: " + err.Error())
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
bufferLen := nBytes
|
|
|
|
|
|
|
|
request := &protocol.RequestHeader{
|
|
|
|
User: user,
|
2016-07-16 06:11:45 -04:00
|
|
|
Version: buffer[0],
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
if request.Version != Version {
|
2016-11-19 08:38:13 -05:00
|
|
|
log.Info("VMess|Server: Invalid protocol version ", request.Version)
|
2016-06-27 02:53:35 -04:00
|
|
|
return nil, protocol.ErrInvalidVersion
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
this.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
|
|
|
|
this.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
|
|
|
|
this.responseHeader = buffer[33] // 1 byte
|
|
|
|
request.Option = protocol.RequestOption(buffer[34]) // 1 byte + 2 bytes reserved
|
|
|
|
request.Command = protocol.RequestCommand(buffer[37])
|
2016-02-26 18:05:53 -05:00
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
request.Port = v2net.PortFromBytes(buffer[38:40])
|
2016-02-26 18:05:53 -05:00
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
switch buffer[40] {
|
2016-02-26 18:05:53 -05:00
|
|
|
case AddrTypeIPv4:
|
2016-07-16 06:11:45 -04:00
|
|
|
nBytes, err = io.ReadFull(decryptor, buffer[41:45]) // 4 bytes
|
2016-02-26 18:05:53 -05:00
|
|
|
bufferLen += 4
|
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Failed to read IPv4: " + err.Error())
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
2016-07-16 06:11:45 -04:00
|
|
|
request.Address = v2net.IPAddress(buffer[41:45])
|
2016-02-26 18:05:53 -05:00
|
|
|
case AddrTypeIPv6:
|
2016-07-16 06:11:45 -04:00
|
|
|
nBytes, err = io.ReadFull(decryptor, buffer[41:57]) // 16 bytes
|
2016-02-26 18:05:53 -05:00
|
|
|
bufferLen += 16
|
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Failed to read IPv6 address: " + err.Error())
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
2016-07-16 06:11:45 -04:00
|
|
|
request.Address = v2net.IPAddress(buffer[41:57])
|
2016-02-26 18:05:53 -05:00
|
|
|
case AddrTypeDomain:
|
2016-11-19 08:38:13 -05:00
|
|
|
_, err = io.ReadFull(decryptor, buffer[41:42])
|
2016-02-26 18:05:53 -05:00
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess:Server: Failed to read domain: " + err.Error())
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
2016-07-16 06:11:45 -04:00
|
|
|
domainLength := int(buffer[41])
|
2016-02-26 18:05:53 -05:00
|
|
|
if domainLength == 0 {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Zero domain length.")
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
2016-07-16 06:11:45 -04:00
|
|
|
nBytes, err = io.ReadFull(decryptor, buffer[42:42+domainLength])
|
2016-02-26 18:05:53 -05:00
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Failed to read domain: " + err.Error())
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
bufferLen += 1 + domainLength
|
2016-07-16 06:11:45 -04:00
|
|
|
request.Address = v2net.DomainAddress(string(buffer[42 : 42+domainLength]))
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
2016-07-16 06:11:45 -04:00
|
|
|
nBytes, err = io.ReadFull(decryptor, buffer[bufferLen:bufferLen+4])
|
2016-02-26 18:05:53 -05:00
|
|
|
if err != nil {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Failed to read checksum: " + err.Error())
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
fnv1a := fnv.New32a()
|
2016-07-16 06:11:45 -04:00
|
|
|
fnv1a.Write(buffer[:bufferLen])
|
2016-02-26 18:05:53 -05:00
|
|
|
actualHash := fnv1a.Sum32()
|
2016-07-16 06:11:45 -04:00
|
|
|
expectedHash := serial.BytesToUint32(buffer[bufferLen : bufferLen+4])
|
2016-02-26 18:05:53 -05:00
|
|
|
|
|
|
|
if actualHash != expectedHash {
|
2016-11-19 08:38:13 -05:00
|
|
|
return nil, errors.New("VMess|Server: Invalid auth.")
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
return request, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (this *ServerSession) DecodeRequestBody(reader io.Reader) io.Reader {
|
|
|
|
aesStream := crypto.NewAesDecryptionStream(this.requestBodyKey, this.requestBodyIV)
|
|
|
|
return crypto.NewCryptionReader(aesStream, reader)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (this *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, writer io.Writer) {
|
|
|
|
responseBodyKey := md5.Sum(this.requestBodyKey)
|
|
|
|
responseBodyIV := md5.Sum(this.requestBodyIV)
|
|
|
|
this.responseBodyKey = responseBodyKey[:]
|
2016-02-27 11:28:21 -05:00
|
|
|
this.responseBodyIV = responseBodyIV[:]
|
2016-02-26 18:05:53 -05:00
|
|
|
|
|
|
|
aesStream := crypto.NewAesEncryptionStream(this.responseBodyKey, this.responseBodyIV)
|
|
|
|
encryptionWriter := crypto.NewCryptionWriter(aesStream, writer)
|
|
|
|
this.responseWriter = encryptionWriter
|
|
|
|
|
2016-06-02 15:34:25 -04:00
|
|
|
encryptionWriter.Write([]byte{this.responseHeader, byte(header.Option)})
|
2016-02-27 11:28:21 -05:00
|
|
|
err := MarshalCommand(header.Command, encryptionWriter)
|
|
|
|
if err != nil {
|
|
|
|
encryptionWriter.Write([]byte{0x00, 0x00})
|
|
|
|
}
|
2016-02-27 10:41:21 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func (this *ServerSession) EncodeResponseBody(writer io.Writer) io.Writer {
|
|
|
|
return this.responseWriter
|
2016-02-26 18:05:53 -05:00
|
|
|
}
|