1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-30 05:56:54 -05:00
v2fly/proxy/shadowsocks/protocol.go

316 lines
8.8 KiB
Go
Raw Normal View History

2016-01-28 06:33:58 -05:00
package shadowsocks
import (
"crypto/hmac"
2016-10-31 10:24:28 -04:00
"crypto/rand"
"crypto/sha256"
"hash/crc32"
2016-01-28 06:33:58 -05:00
"io"
mrand "math/rand"
gonet "net"
2016-12-09 06:08:25 -05:00
"github.com/v2fly/v2ray-core/v5/common"
"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/drain"
"github.com/v2fly/v2ray-core/v5/common/net"
"github.com/v2fly/v2ray-core/v5/common/protocol"
2016-01-28 06:33:58 -05:00
)
const (
2020-10-03 18:29:21 -04:00
Version = 1
2018-02-23 17:42:01 -05:00
)
2016-10-31 10:24:28 -04:00
2018-02-23 17:42:01 -05:00
var addrParser = protocol.NewAddressParser(
protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4),
protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
protocol.WithAddressTypeParser(func(b byte) byte {
return b & 0x0F
}),
2016-01-28 06:33:58 -05:00
)
2017-12-14 09:02:36 -05:00
// ReadTCPSession reads a Shadowsocks TCP session from the given reader, returns its header and remaining parts.
2018-08-26 18:11:32 -04:00
func ReadTCPSession(user *protocol.MemoryUser, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) {
account := user.Account.(*MemoryAccount)
2016-05-01 11:18:02 -04:00
hashkdf := hmac.New(sha256.New, []byte("SSBSKDF"))
hashkdf.Write(account.Key)
behaviorSeed := crc32.ChecksumIEEE(hashkdf.Sum(nil))
drainer, err := drain.NewBehaviorSeedLimitedDrainer(int64(behaviorSeed), 16+38, 3266, 64)
if err != nil {
return nil, nil, newError("failed to initialize drainer").Base(err)
}
2018-03-09 05:26:00 -05:00
buffer := buf.New()
2016-01-28 06:33:58 -05:00
defer buffer.Release()
2016-10-31 10:24:28 -04:00
ivLen := account.Cipher.IVSize()
2017-11-29 16:19:04 -05:00
var iv []byte
if ivLen > 0 {
2018-11-02 10:01:33 -04:00
if _, err := buffer.ReadFullFrom(reader, ivLen); err != nil {
drainer.AcknowledgeReceive(int(buffer.Len()))
return nil, nil, drain.WithError(drainer, reader, newError("failed to read IV").Base(err))
2017-11-29 16:19:04 -05:00
}
2016-01-28 06:33:58 -05:00
2017-11-29 16:19:04 -05:00
iv = append([]byte(nil), buffer.BytesTo(ivLen)...)
}
2016-10-31 10:24:28 -04:00
2017-11-25 18:51:54 -05:00
r, err := account.Cipher.NewDecryptionReader(account.Key, iv, reader)
2016-10-31 10:24:28 -04:00
if err != nil {
drainer.AcknowledgeReceive(int(buffer.Len()))
return nil, nil, drain.WithError(drainer, reader, newError("failed to initialize decoding stream").Base(err).AtError())
2016-10-31 10:24:28 -04:00
}
2018-04-20 18:54:53 -04:00
br := &buf.BufferedReader{Reader: r}
2016-10-31 10:24:28 -04:00
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandTCP,
}
drainer.AcknowledgeReceive(int(buffer.Len()))
2018-02-23 17:42:01 -05:00
buffer.Clear()
addr, port, err := addrParser.ReadAddressPort(buffer, br)
if err != nil {
drainer.AcknowledgeReceive(int(buffer.Len()))
return nil, nil, drain.WithError(drainer, reader, newError("failed to read address").Base(err))
2016-10-31 10:24:28 -04:00
}
2016-01-28 06:33:58 -05:00
2018-02-23 17:42:01 -05:00
request.Address = addr
request.Port = port
2016-12-13 03:17:39 -05:00
if request.Address == nil {
drainer.AcknowledgeReceive(int(buffer.Len()))
return nil, nil, drain.WithError(drainer, reader, newError("invalid remote address."))
2016-12-13 03:17:39 -05:00
}
if ivError := account.CheckIV(iv); ivError != nil {
drainer.AcknowledgeReceive(int(buffer.Len()))
return nil, nil, drain.WithError(drainer, reader, newError("failed iv check").Base(ivError))
}
return request, br, nil
2016-10-31 10:24:28 -04:00
}
2017-12-14 09:02:36 -05:00
// WriteTCPRequest writes Shadowsocks request into the given writer, and returns a writer for body.
2016-12-09 07:17:34 -05:00
func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
2016-10-31 10:24:28 -04:00
user := request.User
2018-08-26 18:11:32 -04:00
account := user.Account.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-11-29 16:19:04 -05:00
var iv []byte
if account.Cipher.IVSize() > 0 {
iv = make([]byte, account.Cipher.IVSize())
common.Must2(rand.Read(iv))
if account.ReducedIVEntropy {
remapToPrintable(iv[:6])
}
if ivError := account.CheckIV(iv); ivError != nil {
return nil, newError("failed to mark outgoing iv").Base(ivError)
}
2018-07-28 09:03:40 -04:00
if err := buf.WriteAllBytes(writer, iv); err != nil {
2017-11-29 16:19:04 -05:00
return nil, newError("failed to write IV")
}
2016-10-31 10:24:28 -04:00
}
2017-11-25 18:51:54 -05:00
w, err := account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
2016-10-31 10:24:28 -04:00
if err != nil {
2017-04-26 18:09:01 -04:00
return nil, newError("failed to create encoding stream").Base(err).AtError()
2016-10-31 10:24:28 -04:00
}
2018-03-09 05:26:00 -05:00
header := buf.New()
2016-10-31 10:24:28 -04:00
2018-02-23 17:42:01 -05:00
if err := addrParser.WriteAddressPort(header, request.Address, request.Port); err != nil {
2017-12-03 18:55:34 -05:00
return nil, newError("failed to write address").Base(err)
2016-10-31 10:24:28 -04:00
}
2018-11-16 05:08:12 -05:00
if err := w.WriteMultiBuffer(buf.MultiBuffer{header}); err != nil {
2017-04-09 07:30:46 -04:00
return nil, newError("failed to write header").Base(err)
2016-10-31 10:24:28 -04:00
}
return w, nil
2016-10-31 10:24:28 -04:00
}
2018-08-26 18:11:32 -04:00
func ReadTCPResponse(user *protocol.MemoryUser, reader io.Reader) (buf.Reader, error) {
account := user.Account.(*MemoryAccount)
hashkdf := hmac.New(sha256.New, []byte("SSBSKDF"))
hashkdf.Write(account.Key)
behaviorSeed := crc32.ChecksumIEEE(hashkdf.Sum(nil))
drainer, err := drain.NewBehaviorSeedLimitedDrainer(int64(behaviorSeed), 16+38, 3266, 64)
if err != nil {
return nil, newError("failed to initialize drainer").Base(err)
}
2017-11-29 16:19:04 -05:00
var iv []byte
if account.Cipher.IVSize() > 0 {
iv = make([]byte, account.Cipher.IVSize())
if n, err := io.ReadFull(reader, iv); err != nil {
2017-11-29 16:19:04 -05:00
return nil, newError("failed to read IV").Base(err)
} else { // nolint: revive
drainer.AcknowledgeReceive(n)
2017-11-29 16:19:04 -05:00
}
2016-10-31 10:24:28 -04:00
}
if ivError := account.CheckIV(iv); ivError != nil {
return nil, drain.WithError(drainer, reader, newError("failed iv check").Base(ivError))
}
2017-11-25 18:51:54 -05:00
return account.Cipher.NewDecryptionReader(account.Key, iv, reader)
2016-10-31 10:24:28 -04:00
}
2016-12-09 07:17:34 -05:00
func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
2016-10-31 10:24:28 -04:00
user := request.User
2018-08-26 18:11:32 -04:00
account := user.Account.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-11-29 16:19:04 -05:00
var iv []byte
if account.Cipher.IVSize() > 0 {
iv = make([]byte, account.Cipher.IVSize())
common.Must2(rand.Read(iv))
if ivError := account.CheckIV(iv); ivError != nil {
return nil, newError("failed to mark outgoing iv").Base(ivError)
}
2018-07-28 09:03:40 -04:00
if err := buf.WriteAllBytes(writer, iv); err != nil {
2017-11-29 16:19:04 -05:00
return nil, newError("failed to write IV.").Base(err)
}
2016-10-31 10:24:28 -04:00
}
2017-11-25 18:51:54 -05:00
return account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
2016-10-31 10:24:28 -04:00
}
2017-04-21 08:51:09 -04:00
func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buffer, error) {
2016-10-31 10:24:28 -04:00
user := request.User
2018-08-26 18:11:32 -04:00
account := user.Account.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-04-15 15:19:21 -04:00
buffer := buf.New()
2016-10-31 10:24:28 -04:00
ivLen := account.Cipher.IVSize()
2017-11-29 16:19:04 -05:00
if ivLen > 0 {
2018-11-02 10:01:33 -04:00
common.Must2(buffer.ReadFullFrom(rand.Reader, ivLen))
2017-11-29 16:19:04 -05:00
}
2016-10-31 10:24:28 -04:00
2018-02-23 17:42:01 -05:00
if err := addrParser.WriteAddressPort(buffer, request.Address, request.Port); err != nil {
2017-12-03 18:55:34 -05:00
return nil, newError("failed to write address").Base(err)
2016-10-31 10:24:28 -04:00
}
2018-04-19 16:56:55 -04:00
buffer.Write(payload)
2016-10-31 10:24:28 -04:00
2017-11-26 15:51:30 -05:00
if err := account.Cipher.EncodePacket(account.Key, buffer); err != nil {
return nil, newError("failed to encrypt UDP payload").Base(err)
2017-11-25 18:51:54 -05:00
}
2016-10-31 10:24:28 -04:00
return buffer, nil
}
2018-08-26 18:11:32 -04:00
func DecodeUDPPacket(user *protocol.MemoryUser, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) {
account := user.Account.(*MemoryAccount)
2016-10-31 10:24:28 -04:00
2017-11-27 04:42:51 -05:00
var iv []byte
2017-11-29 16:19:04 -05:00
if !account.Cipher.IsAEAD() && account.Cipher.IVSize() > 0 {
2017-11-27 04:42:51 -05:00
// Keep track of IV as it gets removed from payload in DecodePacket.
iv = make([]byte, account.Cipher.IVSize())
copy(iv, payload.BytesTo(account.Cipher.IVSize()))
2016-10-31 10:24:28 -04:00
}
2017-11-26 15:51:30 -05:00
if err := account.Cipher.DecodePacket(account.Key, payload); err != nil {
return nil, nil, newError("failed to decrypt UDP payload").Base(err)
2017-11-25 18:51:54 -05:00
}
2016-10-31 10:24:28 -04:00
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandUDP,
}
2018-02-23 17:42:01 -05:00
payload.SetByte(0, payload.Byte(0)&0x0F)
2018-02-23 17:42:01 -05:00
addr, port, err := addrParser.ReadAddressPort(nil, payload)
if err != nil {
return nil, nil, newError("failed to parse address").Base(err)
}
2018-02-23 17:42:01 -05:00
request.Address = addr
request.Port = port
2016-10-31 10:24:28 -04:00
return request, payload, nil
2016-01-28 06:33:58 -05:00
}
2016-10-31 11:35:18 -04:00
type UDPReader struct {
Reader io.Reader
2018-08-26 18:11:32 -04:00
User *protocol.MemoryUser
2016-10-31 11:35:18 -04:00
}
2017-11-09 16:33:15 -05:00
func (v *UDPReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
2017-04-15 15:19:21 -04:00
buffer := buf.New()
2018-11-02 10:01:33 -04:00
_, err := buffer.ReadFrom(v.Reader)
2016-10-31 11:35:18 -04:00
if err != nil {
buffer.Release()
return nil, err
}
2016-11-27 15:39:09 -05:00
_, payload, err := DecodeUDPPacket(v.User, buffer)
2016-10-31 11:35:18 -04:00
if err != nil {
buffer.Release()
return nil, err
}
2018-11-16 05:08:12 -05:00
return buf.MultiBuffer{payload}, nil
2016-10-31 11:35:18 -04:00
}
func (v *UDPReader) ReadFrom(p []byte) (n int, addr gonet.Addr, err error) {
buffer := buf.New()
_, err = buffer.ReadFrom(v.Reader)
if err != nil {
buffer.Release()
return 0, nil, err
}
vaddr, payload, err := DecodeUDPPacket(v.User, buffer)
if err != nil {
buffer.Release()
return 0, nil, err
}
n = copy(p, payload.Bytes())
payload.Release()
return n, &gonet.UDPAddr{IP: vaddr.Address.IP(), Port: int(vaddr.Port)}, nil
}
2016-10-31 11:35:18 -04:00
type UDPWriter struct {
Writer io.Writer
Request *protocol.RequestHeader
}
2017-04-21 09:36:05 -04:00
// Write implements io.Writer.
2017-04-21 08:51:09 -04:00
func (w *UDPWriter) Write(payload []byte) (int, error) {
packet, err := EncodeUDPPacket(w.Request, payload)
2016-10-31 11:35:18 -04:00
if err != nil {
2017-04-21 08:51:09 -04:00
return 0, err
2016-10-31 11:35:18 -04:00
}
2017-04-21 08:51:09 -04:00
_, err = w.Writer.Write(packet.Bytes())
packet.Release()
return len(payload), err
2016-10-31 11:35:18 -04:00
}
func (w *UDPWriter) WriteTo(payload []byte, addr gonet.Addr) (n int, err error) {
request := *w.Request
udpAddr := addr.(*gonet.UDPAddr)
request.Command = protocol.RequestCommandUDP
request.Address = net.IPAddress(udpAddr.IP)
request.Port = net.Port(udpAddr.Port)
packet, err := EncodeUDPPacket(&request, payload)
if err != nil {
return 0, err
}
_, err = w.Writer.Write(packet.Bytes())
packet.Release()
return len(payload), err
}
func remapToPrintable(input []byte) {
const charSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!#$%&()*+,./:;<=>?@[]^_`{|}~\\\""
seed := mrand.New(mrand.NewSource(int64(crc32.ChecksumIEEE(input))))
for i := range input {
input[i] = charSet[seed.Intn(len(charSet))]
}
}