1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-11-07 10:47:48 -05:00
v2fly/external/github.com/lucas-clemente/quic-go/internal/handshake/cookie_generator.go

110 lines
2.9 KiB
Go
Raw Normal View History

2018-11-20 17:51:25 -05:00
package handshake
import (
"encoding/asn1"
"fmt"
"net"
"time"
2018-11-23 11:04:53 -05:00
2019-01-17 09:33:18 -05:00
"v2ray.com/core/external/github.com/lucas-clemente/quic-go/internal/protocol"
2018-11-20 17:51:25 -05:00
)
const (
cookiePrefixIP byte = iota
cookiePrefixString
)
// A Cookie is derived from the client address and can be used to verify the ownership of this address.
type Cookie struct {
2018-11-23 11:04:53 -05:00
RemoteAddr string
OriginalDestConnectionID protocol.ConnectionID
// The time that the Cookie was issued (resolution 1 second)
2018-11-20 17:51:25 -05:00
SentTime time.Time
}
// token is the struct that is used for ASN1 serialization and deserialization
type token struct {
2018-11-23 11:04:53 -05:00
RemoteAddr []byte
OriginalDestConnectionID []byte
2018-11-20 17:51:25 -05:00
Timestamp int64
}
// A CookieGenerator generates Cookies
type CookieGenerator struct {
cookieProtector cookieProtector
}
// NewCookieGenerator initializes a new CookieGenerator
func NewCookieGenerator() (*CookieGenerator, error) {
cookieProtector, err := newCookieProtector()
if err != nil {
return nil, err
}
return &CookieGenerator{
cookieProtector: cookieProtector,
}, nil
}
// NewToken generates a new Cookie for a given source address
2018-11-23 11:04:53 -05:00
func (g *CookieGenerator) NewToken(raddr net.Addr, origConnID protocol.ConnectionID) ([]byte, error) {
2018-11-20 17:51:25 -05:00
data, err := asn1.Marshal(token{
2018-11-23 11:04:53 -05:00
RemoteAddr: encodeRemoteAddr(raddr),
OriginalDestConnectionID: origConnID,
Timestamp: time.Now().Unix(),
2018-11-20 17:51:25 -05:00
})
if err != nil {
return nil, err
}
return g.cookieProtector.NewToken(data)
}
// DecodeToken decodes a Cookie
func (g *CookieGenerator) DecodeToken(encrypted []byte) (*Cookie, error) {
// if the client didn't send any Cookie, DecodeToken will be called with a nil-slice
if len(encrypted) == 0 {
return nil, nil
}
data, err := g.cookieProtector.DecodeToken(encrypted)
if err != nil {
return nil, err
}
t := &token{}
rest, err := asn1.Unmarshal(data, t)
if err != nil {
return nil, err
}
if len(rest) != 0 {
return nil, fmt.Errorf("rest when unpacking token: %d", len(rest))
}
2018-11-23 11:04:53 -05:00
cookie := &Cookie{
RemoteAddr: decodeRemoteAddr(t.RemoteAddr),
2018-11-20 17:51:25 -05:00
SentTime: time.Unix(t.Timestamp, 0),
2018-11-23 11:04:53 -05:00
}
if len(t.OriginalDestConnectionID) > 0 {
cookie.OriginalDestConnectionID = protocol.ConnectionID(t.OriginalDestConnectionID)
}
return cookie, nil
2018-11-20 17:51:25 -05:00
}
// encodeRemoteAddr encodes a remote address such that it can be saved in the Cookie
func encodeRemoteAddr(remoteAddr net.Addr) []byte {
if udpAddr, ok := remoteAddr.(*net.UDPAddr); ok {
return append([]byte{cookiePrefixIP}, udpAddr.IP...)
}
return append([]byte{cookiePrefixString}, []byte(remoteAddr.String())...)
}
// decodeRemoteAddr decodes the remote address saved in the Cookie
func decodeRemoteAddr(data []byte) string {
// data will never be empty for a Cookie that we generated. Check it to be on the safe side
if len(data) == 0 {
return ""
}
if data[0] == cookiePrefixIP {
return net.IP(data[1:]).String()
}
return string(data[1:])
}