2016-01-29 10:43:45 -05:00
|
|
|
package shadowsocks
|
|
|
|
|
|
|
|
import (
|
2016-05-24 16:09:22 -04:00
|
|
|
"bytes"
|
2016-01-29 10:43:45 -05:00
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/sha1"
|
2018-11-02 10:47:58 -04:00
|
|
|
"encoding/binary"
|
2016-01-29 14:54:06 -05:00
|
|
|
"io"
|
2016-12-08 05:21:24 -05:00
|
|
|
|
2017-11-29 16:57:18 -05:00
|
|
|
"v2ray.com/core/common"
|
2016-12-09 05:35:27 -05:00
|
|
|
"v2ray.com/core/common/buf"
|
2018-08-16 06:05:33 -04:00
|
|
|
"v2ray.com/core/common/bytespool"
|
2018-11-03 08:03:02 -04:00
|
|
|
"v2ray.com/core/common/serial"
|
2016-01-29 10:43:45 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-12-21 17:07:35 -05:00
|
|
|
// AuthSize is the number of extra bytes for Shadowsocks OTA.
|
2016-01-29 10:43:45 -05:00
|
|
|
AuthSize = 10
|
|
|
|
)
|
|
|
|
|
|
|
|
type KeyGenerator func() []byte
|
|
|
|
|
|
|
|
type Authenticator struct {
|
|
|
|
key KeyGenerator
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewAuthenticator(keygen KeyGenerator) *Authenticator {
|
|
|
|
return &Authenticator{
|
|
|
|
key: keygen,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-02 16:34:04 -04:00
|
|
|
func (v *Authenticator) Authenticate(data []byte, dest []byte) {
|
2016-11-27 15:39:09 -05:00
|
|
|
hasher := hmac.New(sha1.New, v.key())
|
2017-11-29 16:57:18 -05:00
|
|
|
common.Must2(hasher.Write(data))
|
2016-01-29 10:43:45 -05:00
|
|
|
res := hasher.Sum(nil)
|
2018-11-02 16:34:04 -04:00
|
|
|
copy(dest, res[:AuthSize])
|
2016-01-29 10:43:45 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {
|
|
|
|
return func() []byte {
|
|
|
|
newKey := make([]byte, 0, len(key)+len(iv))
|
|
|
|
newKey = append(newKey, iv...)
|
2016-02-28 15:00:53 -05:00
|
|
|
newKey = append(newKey, key...)
|
2016-01-29 10:43:45 -05:00
|
|
|
return newKey
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func ChunkKeyGenerator(iv []byte) func() []byte {
|
2018-11-02 10:47:58 -04:00
|
|
|
chunkID := uint32(0)
|
2016-01-29 10:43:45 -05:00
|
|
|
return func() []byte {
|
2018-11-02 10:47:58 -04:00
|
|
|
newKey := make([]byte, len(iv)+4)
|
|
|
|
copy(newKey, iv)
|
2018-11-02 13:20:02 -04:00
|
|
|
binary.BigEndian.PutUint32(newKey[len(iv):], chunkID)
|
2016-12-21 17:07:35 -05:00
|
|
|
chunkID++
|
2016-01-29 10:43:45 -05:00
|
|
|
return newKey
|
|
|
|
}
|
|
|
|
}
|
2016-01-29 14:54:06 -05:00
|
|
|
|
|
|
|
type ChunkReader struct {
|
|
|
|
reader io.Reader
|
|
|
|
auth *Authenticator
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewChunkReader(reader io.Reader, auth *Authenticator) *ChunkReader {
|
|
|
|
return &ChunkReader{
|
|
|
|
reader: reader,
|
|
|
|
auth: auth,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-09 16:33:15 -05:00
|
|
|
func (v *ChunkReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
|
2018-11-03 08:03:02 -04:00
|
|
|
size, err := serial.ReadUint16(v.reader)
|
2018-03-12 17:10:13 -04:00
|
|
|
if err != nil {
|
2018-11-14 13:17:11 -05:00
|
|
|
return nil, newError("failed to read size").Base(err)
|
2016-11-19 04:57:00 -05:00
|
|
|
}
|
2018-03-12 17:10:13 -04:00
|
|
|
size += AuthSize
|
2016-12-05 11:05:47 -05:00
|
|
|
|
2018-08-16 06:05:33 -04:00
|
|
|
buffer := bytespool.Alloc(int32(size))
|
|
|
|
defer bytespool.Free(buffer)
|
|
|
|
|
|
|
|
if _, err := io.ReadFull(v.reader, buffer[:size]); err != nil {
|
2016-01-29 14:54:06 -05:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-08-16 06:05:33 -04:00
|
|
|
authBytes := buffer[:AuthSize]
|
|
|
|
payload := buffer[AuthSize:size]
|
2016-01-29 14:54:06 -05:00
|
|
|
|
2016-12-06 05:03:42 -05:00
|
|
|
actualAuthBytes := make([]byte, AuthSize)
|
2018-11-02 16:34:04 -04:00
|
|
|
v.auth.Authenticate(payload, actualAuthBytes)
|
2016-05-24 16:09:22 -04:00
|
|
|
if !bytes.Equal(authBytes, actualAuthBytes) {
|
2017-04-08 19:43:25 -04:00
|
|
|
return nil, newError("invalid auth")
|
2016-01-29 14:54:06 -05:00
|
|
|
}
|
|
|
|
|
2018-08-16 06:05:33 -04:00
|
|
|
var mb buf.MultiBuffer
|
|
|
|
common.Must2(mb.Write(payload))
|
|
|
|
|
|
|
|
return mb, nil
|
2016-01-29 14:54:06 -05:00
|
|
|
}
|
2016-10-20 18:33:23 -04:00
|
|
|
|
|
|
|
type ChunkWriter struct {
|
|
|
|
writer io.Writer
|
|
|
|
auth *Authenticator
|
2016-12-08 05:21:24 -05:00
|
|
|
buffer []byte
|
2016-10-20 18:33:23 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewChunkWriter(writer io.Writer, auth *Authenticator) *ChunkWriter {
|
|
|
|
return &ChunkWriter{
|
|
|
|
writer: writer,
|
|
|
|
auth: auth,
|
2016-12-08 05:21:24 -05:00
|
|
|
buffer: make([]byte, 32*1024),
|
2016-10-20 18:33:23 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-09 16:33:15 -05:00
|
|
|
// WriteMultiBuffer implements buf.Writer.
|
|
|
|
func (w *ChunkWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
|
2017-04-15 15:07:23 -04:00
|
|
|
defer mb.Release()
|
|
|
|
|
2017-04-15 15:49:18 -04:00
|
|
|
for {
|
2017-04-19 15:27:21 -04:00
|
|
|
payloadLen, _ := mb.Read(w.buffer[2+AuthSize:])
|
2018-11-02 13:20:02 -04:00
|
|
|
binary.BigEndian.PutUint16(w.buffer, uint16(payloadLen))
|
2018-11-02 16:34:04 -04:00
|
|
|
w.auth.Authenticate(w.buffer[2+AuthSize:2+AuthSize+payloadLen], w.buffer[2:])
|
2018-07-28 09:03:40 -04:00
|
|
|
if err := buf.WriteAllBytes(w.writer, w.buffer[:2+AuthSize+payloadLen]); err != nil {
|
2017-04-15 15:49:18 -04:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
if mb.IsEmpty() {
|
|
|
|
break
|
|
|
|
}
|
2017-04-15 15:07:23 -04:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|