1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-09-28 14:56:33 -04:00

complete implementation of shadowsocks ota

This commit is contained in:
Darien Raymond 2016-01-29 15:43:45 +00:00
parent 7f5184e943
commit 57ff7ba923
6 changed files with 134 additions and 24 deletions

View File

@ -87,9 +87,9 @@ type AuthenticationReader struct {
authBeforePayload bool authBeforePayload bool
} }
func NewAuthenticationReader(reader io.Reader, auth crypto.Authenticator, authBeforePayload bool) *AuthenticationReader { func NewAuthenticationReader(reader Reader, auth crypto.Authenticator, authBeforePayload bool) *AuthenticationReader {
return &AuthenticationReader{ return &AuthenticationReader{
reader: NewChunkReader(reader), reader: reader,
authenticator: auth, authenticator: auth,
authBeforePayload: authBeforePayload, authBeforePayload: authBeforePayload,
} }

View File

@ -36,6 +36,16 @@ func (this IntLiteral) Value() int {
return int(this) return int(this)
} }
func (this IntLiteral) Bytes() []byte {
value := this.Value()
return []byte{
byte(value >> 24),
byte(value >> 16),
byte(value >> 8),
byte(value),
}
}
type Int64Literal int64 type Int64Literal int64
func (this Int64Literal) String() string { func (this Int64Literal) String() string {

55
proxy/shadowsocks/ota.go Normal file
View File

@ -0,0 +1,55 @@
package shadowsocks
import (
"crypto/hmac"
"crypto/sha1"
"github.com/v2ray/v2ray-core/common/serial"
)
const (
AuthSize = 10
)
type KeyGenerator func() []byte
type Authenticator struct {
key KeyGenerator
}
func NewAuthenticator(keygen KeyGenerator) *Authenticator {
return &Authenticator{
key: keygen,
}
}
func (this *Authenticator) AuthSize() int {
return AuthSize
}
func (this *Authenticator) Authenticate(auth []byte, data []byte) []byte {
hasher := hmac.New(sha1.New, this.key())
hasher.Write(data)
res := hasher.Sum(nil)
return append(auth, res[:AuthSize]...)
}
func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {
return func() []byte {
newKey := make([]byte, 0, len(key)+len(iv))
newKey = append(newKey, key...)
newKey = append(newKey, iv...)
return newKey
}
}
func ChunkKeyGenerator(iv []byte) func() []byte {
chunkId := 0
return func() []byte {
newKey := make([]byte, 0, len(iv)+4)
newKey = append(newKey, iv...)
newKey = append(newKey, serial.IntLiteral(chunkId).Bytes()...)
chunkId++
return newKey
}
}

View File

@ -6,6 +6,7 @@ import (
"github.com/v2ray/v2ray-core/common/alloc" "github.com/v2ray/v2ray-core/common/alloc"
"github.com/v2ray/v2ray-core/common/log" "github.com/v2ray/v2ray-core/common/log"
v2net "github.com/v2ray/v2ray-core/common/net" v2net "github.com/v2ray/v2ray-core/common/net"
"github.com/v2ray/v2ray-core/common/serial"
"github.com/v2ray/v2ray-core/transport" "github.com/v2ray/v2ray-core/transport"
) )
@ -21,7 +22,7 @@ type Request struct {
OTA bool OTA bool
} }
func ReadRequest(reader io.Reader) (*Request, error) { func ReadRequest(reader io.Reader, auth *Authenticator) (*Request, error) {
buffer := alloc.NewSmallBuffer() buffer := alloc.NewSmallBuffer()
defer buffer.Release() defer buffer.Release()
@ -30,6 +31,7 @@ func ReadRequest(reader io.Reader) (*Request, error) {
log.Error("Shadowsocks: Failed to read address type: ", err) log.Error("Shadowsocks: Failed to read address type: ", err)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
lenBuffer := 1
request := new(Request) request := new(Request)
@ -39,43 +41,64 @@ func ReadRequest(reader io.Reader) (*Request, error) {
} }
switch addrType { switch addrType {
case AddrTypeIPv4: case AddrTypeIPv4:
_, err := io.ReadFull(reader, buffer.Value[:4]) _, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+4])
if err != nil { if err != nil {
log.Error("Shadowsocks: Failed to read IPv4 address: ", err) log.Error("Shadowsocks: Failed to read IPv4 address: ", err)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
request.Address = v2net.IPAddress(buffer.Value[:4]) request.Address = v2net.IPAddress(buffer.Value[lenBuffer : lenBuffer+4])
lenBuffer += 4
case AddrTypeIPv6: case AddrTypeIPv6:
_, err := io.ReadFull(reader, buffer.Value[:16]) _, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+16])
if err != nil { if err != nil {
log.Error("Shadowsocks: Failed to read IPv6 address: ", err) log.Error("Shadowsocks: Failed to read IPv6 address: ", err)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
request.Address = v2net.IPAddress(buffer.Value[:16]) request.Address = v2net.IPAddress(buffer.Value[lenBuffer : lenBuffer+16])
lenBuffer += 16
case AddrTypeDomain: case AddrTypeDomain:
_, err := io.ReadFull(reader, buffer.Value[:1]) _, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+1])
if err != nil { if err != nil {
log.Error("Shadowsocks: Failed to read domain lenth: ", err) log.Error("Shadowsocks: Failed to read domain lenth: ", err)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
domainLength := int(buffer.Value[0]) domainLength := int(buffer.Value[lenBuffer])
_, err = io.ReadFull(reader, buffer.Value[:domainLength]) lenBuffer++
_, err = io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+domainLength])
if err != nil { if err != nil {
log.Error("Shadowsocks: Failed to read domain: ", err) log.Error("Shadowsocks: Failed to read domain: ", err)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
request.Address = v2net.DomainAddress(string(buffer.Value[:domainLength])) request.Address = v2net.DomainAddress(string(buffer.Value[lenBuffer : lenBuffer+domainLength]))
lenBuffer += domainLength
default: default:
log.Error("Shadowsocks: Unknown address type: ", addrType) log.Error("Shadowsocks: Unknown address type: ", addrType)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
_, err = io.ReadFull(reader, buffer.Value[:2]) _, err = io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+2])
if err != nil { if err != nil {
log.Error("Shadowsocks: Failed to read port: ", err) log.Error("Shadowsocks: Failed to read port: ", err)
return nil, transport.CorruptedPacket return nil, transport.CorruptedPacket
} }
request.Port = v2net.PortFromBytes(buffer.Value[:2]) request.Port = v2net.PortFromBytes(buffer.Value[lenBuffer : lenBuffer+2])
lenBuffer += 2
if request.OTA {
authBytes := buffer.Value[lenBuffer : lenBuffer+auth.AuthSize()]
_, err = io.ReadFull(reader, authBytes)
if err != nil {
log.Error("Shadowsocks: Failed to read OTA: ", err)
return nil, transport.CorruptedPacket
}
actualAuth := auth.Authenticate(nil, buffer.Value[0:lenBuffer])
if !serial.BytesLiteral(actualAuth).Equals(serial.BytesLiteral(authBytes)) {
log.Error("Shadowsocks: Invalid OTA: ", actualAuth)
return nil, transport.CorruptedPacket
}
}
return request, nil return request, nil
} }

View File

@ -17,7 +17,7 @@ func TestNormalRequestParsing(t *testing.T) {
buffer := alloc.NewSmallBuffer().Clear() buffer := alloc.NewSmallBuffer().Clear()
buffer.AppendBytes(1, 127, 0, 0, 1, 0, 80) buffer.AppendBytes(1, 127, 0, 0, 1, 0, 80)
request, err := ReadRequest(buffer) request, err := ReadRequest(buffer, nil)
assert.Error(err).IsNil() assert.Error(err).IsNil()
netassert.Address(request.Address).Equals(v2net.IPAddress([]byte{127, 0, 0, 1})) netassert.Address(request.Address).Equals(v2net.IPAddress([]byte{127, 0, 0, 1}))
netassert.Port(request.Port).Equals(v2net.Port(80)) netassert.Port(request.Port).Equals(v2net.Port(80))
@ -28,9 +28,12 @@ func TestOTARequest(t *testing.T) {
v2testing.Current(t) v2testing.Current(t)
buffer := alloc.NewSmallBuffer().Clear() buffer := alloc.NewSmallBuffer().Clear()
buffer.AppendBytes(0x13, 13, 119, 119, 119, 46, 118, 50, 114, 97, 121, 46, 99, 111, 109, 0, 0) buffer.AppendBytes(0x13, 13, 119, 119, 119, 46, 118, 50, 114, 97, 121, 46, 99, 111, 109, 0, 0, 239, 115, 52, 212, 178, 172, 26, 6, 168, 0)
request, err := ReadRequest(buffer) auth := NewAuthenticator(HeaderKeyGenerator(
[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5},
[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5}))
request, err := ReadRequest(buffer, auth)
assert.Error(err).IsNil() assert.Error(err).IsNil()
netassert.Address(request.Address).Equals(v2net.DomainAddress("www.v2ray.com")) netassert.Address(request.Address).Equals(v2net.DomainAddress("www.v2ray.com"))
assert.Bool(request.OTA).IsTrue() assert.Bool(request.OTA).IsTrue()

View File

@ -32,11 +32,16 @@ func (this *Shadowsocks) Port() v2net.Port {
func (this *Shadowsocks) Close() { func (this *Shadowsocks) Close() {
this.accepting = false this.accepting = false
this.tcpHub.Close() if this.tcpHub != nil {
this.tcpHub = nil this.tcpHub.Close()
this.tcpHub = nil
}
if this.udpHub != nil {
this.udpHub.Close()
this.udpHub = nil
}
this.udpHub.Close()
this.udpHub = nil
} }
func (this *Shadowsocks) Listen(port v2net.Port) error { func (this *Shadowsocks) Listen(port v2net.Port) error {
@ -80,7 +85,7 @@ func (this *Shadowsocks) handlerUDPPayload(payload *alloc.Buffer, dest v2net.Des
return return
} }
request, err := ReadRequest(reader) request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)))
if err != nil { if err != nil {
return return
} }
@ -95,8 +100,9 @@ func (this *Shadowsocks) handlerUDPPayload(payload *alloc.Buffer, dest v2net.Des
response := alloc.NewBuffer().Slice(0, this.config.Cipher.IVSize()) response := alloc.NewBuffer().Slice(0, this.config.Cipher.IVSize())
rand.Read(response.Value) rand.Read(response.Value)
respIv := response.Value
writer, err := this.config.Cipher.NewEncodingStream(key, response.Value, response) writer, err := this.config.Cipher.NewEncodingStream(key, respIv, response)
if err != nil { if err != nil {
log.Error("Shadowsocks: Failed to create encoding stream: ", err) log.Error("Shadowsocks: Failed to create encoding stream: ", err)
return return
@ -118,6 +124,11 @@ func (this *Shadowsocks) handlerUDPPayload(payload *alloc.Buffer, dest v2net.Des
writer.Write(respChunk.Value) writer.Write(respChunk.Value)
respChunk.Release() respChunk.Release()
if request.OTA {
respAuth := NewAuthenticator(HeaderKeyGenerator(key, respIv))
respAuth.Authenticate(buffer.Value, buffer.Value[this.config.Cipher.IVSize():])
}
this.udpHub.WriteTo(response.Value, dest) this.udpHub.WriteTo(response.Value, dest)
response.Release() response.Release()
} }
@ -144,7 +155,7 @@ func (this *Shadowsocks) handleConnection(conn *hub.TCPConn) {
return return
} }
request, err := ReadRequest(reader) request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)))
if err != nil { if err != nil {
return return
} }
@ -174,7 +185,15 @@ func (this *Shadowsocks) handleConnection(conn *hub.TCPConn) {
writeFinish.Unlock() writeFinish.Unlock()
}() }()
v2io.RawReaderToChan(ray.InboundInput(), reader) var payloadReader v2io.Reader
if request.OTA {
payloadAuth := NewAuthenticator(ChunkKeyGenerator(iv))
payloadReader = v2io.NewAuthenticationReader(v2io.NewChunkReader(reader), payloadAuth, true)
} else {
payloadReader = v2io.NewAdaptiveReader(reader)
}
v2io.ReaderToChan(ray.InboundInput(), payloadReader)
close(ray.InboundInput()) close(ray.InboundInput())
writeFinish.Lock() writeFinish.Lock()