v2fly/proxy/shadowsocks/ota.go

package shadowsocks

import (
	"bytes"
	"crypto/hmac"
	"crypto/sha1"
	"io"

	"v2ray.com/core/common/alloc"
	"v2ray.com/core/common/log"
	"v2ray.com/core/common/serial"
	"v2ray.com/core/transport"
)

const (
	AuthSize = 10
)

type KeyGenerator func() []byte

type Authenticator struct {
	key KeyGenerator
}

func NewAuthenticator(keygen KeyGenerator) *Authenticator {
	return &Authenticator{
		key: keygen,
	}
}

func (this *Authenticator) Authenticate(auth []byte, data []byte) []byte {
	hasher := hmac.New(sha1.New, this.key())
	hasher.Write(data)
	res := hasher.Sum(nil)
	return append(auth, res[:AuthSize]...)
}

func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {
	return func() []byte {
		newKey := make([]byte, 0, len(key)+len(iv))
		newKey = append(newKey, iv...)
		newKey = append(newKey, key...)
		return newKey
	}
}

func ChunkKeyGenerator(iv []byte) func() []byte {
	chunkId := 0
	return func() []byte {
		newKey := make([]byte, 0, len(iv)+4)
		newKey = append(newKey, iv...)
		newKey = serial.IntToBytes(chunkId, newKey)
		chunkId++
		return newKey
	}
}

type ChunkReader struct {
	reader io.Reader
	auth   *Authenticator
}

func NewChunkReader(reader io.Reader, auth *Authenticator) *ChunkReader {
	return &ChunkReader{
		reader: reader,
		auth:   auth,
	}
}

func (this *ChunkReader) Release() {
	this.reader = nil
	this.auth = nil
}

func (this *ChunkReader) Read() (*alloc.Buffer, error) {
	buffer := alloc.NewLargeBuffer()
	if _, err := io.ReadFull(this.reader, buffer.Value[:2]); err != nil {
		buffer.Release()
		return nil, err
	}
	// There is a potential buffer overflow here. Large buffer is 64K bytes,
	// while uin16 + 10 will be more than that
	length := serial.BytesToUint16(buffer.Value[:2]) + AuthSize
	if _, err := io.ReadFull(this.reader, buffer.Value[:length]); err != nil {
		buffer.Release()
		return nil, err
	}
	buffer.Slice(0, int(length))

	authBytes := buffer.Value[:AuthSize]
	payload := buffer.Value[AuthSize:]

	actualAuthBytes := this.auth.Authenticate(nil, payload)
	if !bytes.Equal(authBytes, actualAuthBytes) {
		buffer.Release()
		log.Debug("AuthenticationReader: Unexpected auth: ", authBytes)
		return nil, transport.ErrCorruptedPacket
	}
	buffer.SliceFrom(AuthSize)

	return buffer, nil
}

type ChunkWriter struct {
	writer io.Writer
	auth   *Authenticator
}

func NewChunkWriter(writer io.Writer, auth *Authenticator) *ChunkWriter {
	return &ChunkWriter{
		writer: writer,
		auth:   auth,
	}
}

func (this *ChunkWriter) Release() {
	this.writer = nil
	this.auth = nil
}

func (this *ChunkWriter) Write(payload *alloc.Buffer) error {
	totalLength := payload.Len()
	payload.SliceBack(AuthSize)
	this.auth.Authenticate(payload.Value[:0], payload.Value[AuthSize:])
	payload.PrependUint16(uint16(totalLength))
	_, err := this.writer.Write(payload.Bytes())
	return err
}
complete implementation of shadowsocks ota 2016-01-29 15:43:45 +00:00			`package shadowsocks`

			`import (`
Remove serial.Bytes 2016-05-24 20:09:22 +00:00			`"bytes"`
complete implementation of shadowsocks ota 2016-01-29 15:43:45 +00:00			`"crypto/hmac"`
			`"crypto/sha1"`
refactor shadowsocks 2016-01-29 19:54:06 +00:00			`"io"`
complete implementation of shadowsocks ota 2016-01-29 15:43:45 +00:00
unified import path 2016-08-20 18:55:45 +00:00			`"v2ray.com/core/common/alloc"`
			`"v2ray.com/core/common/log"`
			`"v2ray.com/core/common/serial"`
			`"v2ray.com/core/transport"`
complete implementation of shadowsocks ota 2016-01-29 15:43:45 +00:00			`)`

			`const (`
			`AuthSize = 10`
			`)`

			`type KeyGenerator func() []byte`

			`type Authenticator struct {`
			`key KeyGenerator`
			`}`

			`func NewAuthenticator(keygen KeyGenerator) *Authenticator {`
			`return &Authenticator{`
			`key: keygen,`
			`}`
			`}`

			`func (this *Authenticator) Authenticate(auth []byte, data []byte) []byte {`
			`hasher := hmac.New(sha1.New, this.key())`
			`hasher.Write(data)`
			`res := hasher.Sum(nil)`
			`return append(auth, res[:AuthSize]...)`
			`}`

			`func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {`
			`return func() []byte {`
			`newKey := make([]byte, 0, len(key)+len(iv))`
			`newKey = append(newKey, iv...)`
Fix shadowsocks OTA issue 2016-02-28 20:00:53 +00:00			`newKey = append(newKey, key...)`
complete implementation of shadowsocks ota 2016-01-29 15:43:45 +00:00			`return newKey`
			`}`
			`}`

			`func ChunkKeyGenerator(iv []byte) func() []byte {`
			`chunkId := 0`
			`return func() []byte {`
			`newKey := make([]byte, 0, len(iv)+4)`
			`newKey = append(newKey, iv...)`
Fix Shadowsocks OTA 2016-07-04 07:47:14 +00:00			`newKey = serial.IntToBytes(chunkId, newKey)`
complete implementation of shadowsocks ota 2016-01-29 15:43:45 +00:00			`chunkId++`
			`return newKey`
			`}`
			`}`
refactor shadowsocks 2016-01-29 19:54:06 +00:00
			`type ChunkReader struct {`
			`reader io.Reader`
			`auth *Authenticator`
			`}`

			`func NewChunkReader(reader io.Reader, auth Authenticator) ChunkReader {`
			`return &ChunkReader{`
			`reader: reader,`
			`auth: auth,`
			`}`
			`}`

simplify reader/writer interface 2016-04-12 19:43:13 +00:00			`func (this *ChunkReader) Release() {`
			`this.reader = nil`
			`this.auth = nil`
			`}`

refactor shadowsocks 2016-01-29 19:54:06 +00:00			`func (this ChunkReader) Read() (alloc.Buffer, error) {`
			`buffer := alloc.NewLargeBuffer()`
			`if _, err := io.ReadFull(this.reader, buffer.Value[:2]); err != nil {`
chunk stream in vmess 2016-02-01 11:22:29 +00:00			`buffer.Release()`
refactor shadowsocks 2016-01-29 19:54:06 +00:00			`return nil, err`
			`}`
			`// There is a potential buffer overflow here. Large buffer is 64K bytes,`
			`// while uin16 + 10 will be more than that`
Remove serial.Bytes 2016-05-24 20:09:22 +00:00			`length := serial.BytesToUint16(buffer.Value[:2]) + AuthSize`
refactor shadowsocks 2016-01-29 19:54:06 +00:00			`if _, err := io.ReadFull(this.reader, buffer.Value[:length]); err != nil {`
chunk stream in vmess 2016-02-01 11:22:29 +00:00			`buffer.Release()`
refactor shadowsocks 2016-01-29 19:54:06 +00:00			`return nil, err`
			`}`
			`buffer.Slice(0, int(length))`

			`authBytes := buffer.Value[:AuthSize]`
			`payload := buffer.Value[AuthSize:]`

			`actualAuthBytes := this.auth.Authenticate(nil, payload)`
Remove serial.Bytes 2016-05-24 20:09:22 +00:00			`if !bytes.Equal(authBytes, actualAuthBytes) {`
chunk stream in vmess 2016-02-01 11:22:29 +00:00			`buffer.Release()`
refactor shadowsocks 2016-01-29 19:54:06 +00:00			`log.Debug("AuthenticationReader: Unexpected auth: ", authBytes)`
rename Error to Err 2016-06-27 06:53:35 +00:00			`return nil, transport.ErrCorruptedPacket`
refactor shadowsocks 2016-01-29 19:54:06 +00:00			`}`
fix an offset issue in OTA 2016-07-13 09:38:14 +00:00			`buffer.SliceFrom(AuthSize)`
refactor shadowsocks 2016-01-29 19:54:06 +00:00
			`return buffer, nil`
			`}`
chunk writer 2016-10-20 22:33:23 +00:00
			`type ChunkWriter struct {`
			`writer io.Writer`
			`auth *Authenticator`
			`}`

			`func NewChunkWriter(writer io.Writer, auth Authenticator) ChunkWriter {`
			`return &ChunkWriter{`
			`writer: writer,`
			`auth: auth,`
			`}`
			`}`

			`func (this *ChunkWriter) Release() {`
			`this.writer = nil`
			`this.auth = nil`
			`}`

refine shadowsocks server 2016-10-31 14:24:28 +00:00			`func (this ChunkWriter) Write(payload alloc.Buffer) error {`
chunk writer 2016-10-20 22:33:23 +00:00			`totalLength := payload.Len()`
refine shadowsocks server 2016-10-31 14:24:28 +00:00			`payload.SliceBack(AuthSize)`
			`this.auth.Authenticate(payload.Value[:0], payload.Value[AuthSize:])`
chunk writer 2016-10-20 22:33:23 +00:00			`payload.PrependUint16(uint16(totalLength))`
refine shadowsocks server 2016-10-31 14:24:28 +00:00			`_, err := this.writer.Write(payload.Bytes())`
			`return err`
chunk writer 2016-10-20 22:33:23 +00:00			`}`