2016-01-27 06:46:40 -05:00
|
|
|
package shadowsocks
|
|
|
|
|
|
|
|
import (
|
2016-10-31 10:24:28 -04:00
|
|
|
"bytes"
|
2017-11-25 18:51:54 -05:00
|
|
|
"crypto/aes"
|
2016-02-23 12:16:13 -05:00
|
|
|
"crypto/cipher"
|
2016-01-28 06:33:58 -05:00
|
|
|
"crypto/md5"
|
2017-11-25 18:51:54 -05:00
|
|
|
"crypto/sha1"
|
|
|
|
"io"
|
2021-09-06 00:59:40 -04:00
|
|
|
"strings"
|
2016-12-16 11:31:13 -05:00
|
|
|
|
2017-11-25 18:51:54 -05:00
|
|
|
"golang.org/x/crypto/chacha20poly1305"
|
|
|
|
"golang.org/x/crypto/hkdf"
|
|
|
|
|
2022-01-02 10:16:23 -05:00
|
|
|
"github.com/v2fly/v2ray-core/v5/common"
|
|
|
|
"github.com/v2fly/v2ray-core/v5/common/antireplay"
|
|
|
|
"github.com/v2fly/v2ray-core/v5/common/buf"
|
|
|
|
"github.com/v2fly/v2ray-core/v5/common/crypto"
|
|
|
|
"github.com/v2fly/v2ray-core/v5/common/protocol"
|
2016-01-27 06:46:40 -05:00
|
|
|
)
|
|
|
|
|
2017-11-29 16:57:18 -05:00
|
|
|
// MemoryAccount is an account type converted from Account.
|
|
|
|
type MemoryAccount struct {
|
2020-10-03 18:29:21 -04:00
|
|
|
Cipher Cipher
|
|
|
|
Key []byte
|
2021-03-05 02:53:28 -05:00
|
|
|
|
|
|
|
replayFilter antireplay.GeneralizedReplayFilter
|
2022-01-14 07:11:29 -05:00
|
|
|
|
|
|
|
ReducedIVEntropy bool
|
2016-10-31 10:24:28 -04:00
|
|
|
}
|
|
|
|
|
2017-11-29 16:57:18 -05:00
|
|
|
// Equals implements protocol.Account.Equals().
|
|
|
|
func (a *MemoryAccount) Equals(another protocol.Account) bool {
|
|
|
|
if account, ok := another.(*MemoryAccount); ok {
|
|
|
|
return bytes.Equal(a.Key, account.Key)
|
2016-10-31 10:24:28 -04:00
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-03-05 02:53:28 -05:00
|
|
|
func (a *MemoryAccount) CheckIV(iv []byte) error {
|
|
|
|
if a.replayFilter == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if a.replayFilter.Check(iv) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return newError("IV is not unique")
|
|
|
|
}
|
|
|
|
|
2017-11-25 18:51:54 -05:00
|
|
|
func createAesGcm(key []byte) cipher.AEAD {
|
|
|
|
block, err := aes.NewCipher(key)
|
|
|
|
common.Must(err)
|
|
|
|
gcm, err := cipher.NewGCM(block)
|
|
|
|
common.Must(err)
|
|
|
|
return gcm
|
|
|
|
}
|
|
|
|
|
2020-12-31 21:18:00 -05:00
|
|
|
func createChaCha20Poly1305(key []byte) cipher.AEAD {
|
|
|
|
ChaChaPoly1305, err := chacha20poly1305.New(key)
|
2017-11-25 18:51:54 -05:00
|
|
|
common.Must(err)
|
2020-12-31 21:18:00 -05:00
|
|
|
return ChaChaPoly1305
|
2017-11-25 18:51:54 -05:00
|
|
|
}
|
|
|
|
|
2017-11-29 16:57:18 -05:00
|
|
|
func (a *Account) getCipher() (Cipher, error) {
|
2017-11-29 16:19:04 -05:00
|
|
|
switch a.CipherType {
|
2017-11-25 18:51:54 -05:00
|
|
|
case CipherType_AES_128_GCM:
|
|
|
|
return &AEADCipher{
|
|
|
|
KeyBytes: 16,
|
|
|
|
IVBytes: 16,
|
|
|
|
AEADAuthCreator: createAesGcm,
|
|
|
|
}, nil
|
|
|
|
case CipherType_AES_256_GCM:
|
|
|
|
return &AEADCipher{
|
|
|
|
KeyBytes: 32,
|
|
|
|
IVBytes: 32,
|
|
|
|
AEADAuthCreator: createAesGcm,
|
|
|
|
}, nil
|
|
|
|
case CipherType_CHACHA20_POLY1305:
|
|
|
|
return &AEADCipher{
|
|
|
|
KeyBytes: 32,
|
|
|
|
IVBytes: 32,
|
2020-12-31 21:18:00 -05:00
|
|
|
AEADAuthCreator: createChaCha20Poly1305,
|
2017-11-25 18:51:54 -05:00
|
|
|
}, nil
|
2017-11-29 16:19:04 -05:00
|
|
|
case CipherType_NONE:
|
|
|
|
return NoneCipher{}, nil
|
2016-09-25 16:19:49 -04:00
|
|
|
default:
|
2017-04-08 19:43:25 -04:00
|
|
|
return nil, newError("Unsupported cipher.")
|
2016-09-17 18:41:21 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-29 16:57:18 -05:00
|
|
|
// AsAccount implements protocol.AsAccount.
|
2017-11-29 16:19:04 -05:00
|
|
|
func (a *Account) AsAccount() (protocol.Account, error) {
|
2020-12-31 21:18:00 -05:00
|
|
|
Cipher, err := a.getCipher()
|
2016-10-31 10:24:28 -04:00
|
|
|
if err != nil {
|
2017-04-08 19:43:25 -04:00
|
|
|
return nil, newError("failed to get cipher").Base(err)
|
2016-10-31 10:24:28 -04:00
|
|
|
}
|
2017-11-29 16:57:18 -05:00
|
|
|
return &MemoryAccount{
|
2020-12-31 21:18:00 -05:00
|
|
|
Cipher: Cipher,
|
|
|
|
Key: passwordToCipherKey([]byte(a.Password), Cipher.KeySize()),
|
2021-03-05 02:53:28 -05:00
|
|
|
replayFilter: func() antireplay.GeneralizedReplayFilter {
|
2021-03-05 02:58:27 -05:00
|
|
|
if a.IvCheck {
|
2021-03-13 05:34:13 -05:00
|
|
|
return antireplay.NewBloomRing()
|
2021-03-05 02:53:28 -05:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}(),
|
2022-01-14 07:23:22 -05:00
|
|
|
ReducedIVEntropy: a.ExperimentReducedIvHeadEntropy,
|
2016-10-31 10:24:28 -04:00
|
|
|
}, nil
|
2016-09-17 18:41:21 -04:00
|
|
|
}
|
|
|
|
|
2017-11-29 16:57:18 -05:00
|
|
|
// Cipher is an interface for all Shadowsocks ciphers.
|
2016-01-27 06:46:40 -05:00
|
|
|
type Cipher interface {
|
2018-04-02 14:00:50 -04:00
|
|
|
KeySize() int32
|
|
|
|
IVSize() int32
|
2017-11-25 18:51:54 -05:00
|
|
|
NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error)
|
|
|
|
NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error)
|
2017-11-25 18:58:57 -05:00
|
|
|
IsAEAD() bool
|
2017-11-26 15:51:30 -05:00
|
|
|
EncodePacket(key []byte, b *buf.Buffer) error
|
|
|
|
DecodePacket(key []byte, b *buf.Buffer) error
|
2016-01-27 06:46:40 -05:00
|
|
|
}
|
|
|
|
|
2017-11-25 18:51:54 -05:00
|
|
|
type AEADCipher struct {
|
2018-04-02 14:00:50 -04:00
|
|
|
KeyBytes int32
|
|
|
|
IVBytes int32
|
2017-11-25 18:51:54 -05:00
|
|
|
AEADAuthCreator func(key []byte) cipher.AEAD
|
|
|
|
}
|
|
|
|
|
2017-11-25 18:58:57 -05:00
|
|
|
func (*AEADCipher) IsAEAD() bool {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-04-02 14:00:50 -04:00
|
|
|
func (c *AEADCipher) KeySize() int32 {
|
2017-11-25 18:51:54 -05:00
|
|
|
return c.KeyBytes
|
|
|
|
}
|
|
|
|
|
2018-04-02 14:00:50 -04:00
|
|
|
func (c *AEADCipher) IVSize() int32 {
|
2017-11-25 18:51:54 -05:00
|
|
|
return c.IVBytes
|
|
|
|
}
|
|
|
|
|
2017-11-26 15:51:30 -05:00
|
|
|
func (c *AEADCipher) createAuthenticator(key []byte, iv []byte) *crypto.AEADAuthenticator {
|
2018-04-14 07:10:12 -04:00
|
|
|
nonce := crypto.GenerateInitialAEADNonce()
|
2017-11-25 18:51:54 -05:00
|
|
|
subkey := make([]byte, c.KeyBytes)
|
|
|
|
hkdfSHA1(key, iv, subkey)
|
2017-11-26 15:51:30 -05:00
|
|
|
return &crypto.AEADAuthenticator{
|
2017-11-25 18:51:54 -05:00
|
|
|
AEAD: c.AEADAuthCreator(subkey),
|
|
|
|
NonceGenerator: nonce,
|
|
|
|
}
|
2017-11-26 15:51:30 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
|
|
|
|
auth := c.createAuthenticator(key, iv)
|
2017-11-25 18:51:54 -05:00
|
|
|
return crypto.NewAuthenticationWriter(auth, &crypto.AEADChunkSizeParser{
|
|
|
|
Auth: auth,
|
2018-07-07 09:42:24 -04:00
|
|
|
}, writer, protocol.TransferTypeStream, nil), nil
|
2017-11-25 18:51:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
|
2017-11-26 15:51:30 -05:00
|
|
|
auth := c.createAuthenticator(key, iv)
|
2017-11-25 18:51:54 -05:00
|
|
|
return crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
|
|
|
|
Auth: auth,
|
2018-07-07 09:42:24 -04:00
|
|
|
}, reader, protocol.TransferTypeStream, nil), nil
|
2016-02-23 12:16:13 -05:00
|
|
|
}
|
|
|
|
|
2017-11-26 15:51:30 -05:00
|
|
|
func (c *AEADCipher) EncodePacket(key []byte, b *buf.Buffer) error {
|
|
|
|
ivLen := c.IVSize()
|
|
|
|
payloadLen := b.Len()
|
|
|
|
auth := c.createAuthenticator(key, b.BytesTo(ivLen))
|
2018-11-02 16:34:04 -04:00
|
|
|
|
|
|
|
b.Extend(int32(auth.Overhead()))
|
|
|
|
_, err := auth.Seal(b.BytesTo(ivLen), b.BytesRange(ivLen, payloadLen))
|
|
|
|
return err
|
2017-11-26 15:51:30 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AEADCipher) DecodePacket(key []byte, b *buf.Buffer) error {
|
2018-01-19 08:08:45 -05:00
|
|
|
if b.Len() <= c.IVSize() {
|
2018-01-19 05:08:34 -05:00
|
|
|
return newError("insufficient data: ", b.Len())
|
|
|
|
}
|
2017-11-26 15:51:30 -05:00
|
|
|
ivLen := c.IVSize()
|
|
|
|
payloadLen := b.Len()
|
|
|
|
auth := c.createAuthenticator(key, b.BytesTo(ivLen))
|
2018-11-02 16:34:04 -04:00
|
|
|
|
|
|
|
bbb, err := auth.Open(b.BytesTo(ivLen), b.BytesRange(ivLen, payloadLen))
|
|
|
|
if err != nil {
|
2017-11-26 15:51:30 -05:00
|
|
|
return err
|
|
|
|
}
|
2018-11-02 17:04:52 -04:00
|
|
|
b.Resize(ivLen, int32(len(bbb)))
|
2017-11-26 15:51:30 -05:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-11-29 16:19:04 -05:00
|
|
|
type NoneCipher struct{}
|
|
|
|
|
2018-04-02 14:00:50 -04:00
|
|
|
func (NoneCipher) KeySize() int32 { return 0 }
|
|
|
|
func (NoneCipher) IVSize() int32 { return 0 }
|
2017-11-29 16:19:04 -05:00
|
|
|
func (NoneCipher) IsAEAD() bool {
|
2020-12-31 21:18:00 -05:00
|
|
|
return false
|
2017-11-29 16:19:04 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func (NoneCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
|
|
|
|
return buf.NewReader(reader), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (NoneCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
|
|
|
|
return buf.NewWriter(writer), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (NoneCipher) EncodePacket(key []byte, b *buf.Buffer) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (NoneCipher) DecodePacket(key []byte, b *buf.Buffer) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-09-06 00:59:40 -04:00
|
|
|
func CipherFromString(c string) CipherType {
|
|
|
|
switch strings.ToLower(c) {
|
|
|
|
case "aes-128-gcm", "aead_aes_128_gcm":
|
|
|
|
return CipherType_AES_128_GCM
|
|
|
|
case "aes-256-gcm", "aead_aes_256_gcm":
|
|
|
|
return CipherType_AES_256_GCM
|
|
|
|
case "chacha20-poly1305", "aead_chacha20_poly1305", "chacha20-ietf-poly1305":
|
|
|
|
return CipherType_CHACHA20_POLY1305
|
|
|
|
case "none", "plain":
|
|
|
|
return CipherType_NONE
|
|
|
|
default:
|
|
|
|
return CipherType_UNKNOWN
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-02 14:00:50 -04:00
|
|
|
func passwordToCipherKey(password []byte, keySize int32) []byte {
|
2016-01-28 06:33:58 -05:00
|
|
|
key := make([]byte, 0, keySize)
|
|
|
|
|
2017-11-29 16:19:04 -05:00
|
|
|
md5Sum := md5.Sum(password)
|
2016-01-28 06:33:58 -05:00
|
|
|
key = append(key, md5Sum[:]...)
|
|
|
|
|
2018-04-02 14:00:50 -04:00
|
|
|
for int32(len(key)) < keySize {
|
2016-01-28 06:33:58 -05:00
|
|
|
md5Hash := md5.New()
|
2017-11-29 16:57:18 -05:00
|
|
|
common.Must2(md5Hash.Write(md5Sum[:]))
|
|
|
|
common.Must2(md5Hash.Write(password))
|
2016-01-28 06:33:58 -05:00
|
|
|
md5Hash.Sum(md5Sum[:0])
|
|
|
|
|
|
|
|
key = append(key, md5Sum[:]...)
|
|
|
|
}
|
|
|
|
return key
|
2016-01-27 06:46:40 -05:00
|
|
|
}
|
2017-11-25 18:51:54 -05:00
|
|
|
|
2020-12-31 21:18:00 -05:00
|
|
|
func hkdfSHA1(secret, salt, outKey []byte) {
|
2017-11-25 18:51:54 -05:00
|
|
|
r := hkdf.New(sha1.New, secret, salt, []byte("ss-subkey"))
|
2020-12-31 21:18:00 -05:00
|
|
|
common.Must2(io.ReadFull(r, outKey))
|
2017-11-25 18:51:54 -05:00
|
|
|
}
|