lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-06-30 19:15:23 +00:00
Code Issues Releases Wiki Activity

implementation for Shadowsocks AEAD

Browse Source
This commit is contained in:
Darien Raymond 2017-11-26 00:51:54 +01:00
parent 41961dbd60
commit 713ebfb203
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
5 changed files with 173 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
common/crypto/auth.go
View File

@ -29,6 +29,26 @@ func (v StaticBytesGenerator) Next() []byte {
return v.Content return v.Content
} }
type IncreasingAEADNonceGenerator struct {
nonce []byte
}
func NewIncreasingAEADNonceGenerator() *IncreasingAEADNonceGenerator {
return &IncreasingAEADNonceGenerator{
nonce: []byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
}
}
func (g *IncreasingAEADNonceGenerator) Next() []byte {
for i := range g.nonce {
g.nonce[i]++
if g.nonce[i] != 0 {
break
}
}
return g.nonce
}
type Authenticator interface { type Authenticator interface {
NonceSize() int NonceSize() int
Overhead() int Overhead() int

23
common/crypto/chunk.go
View File

@ -34,6 +34,29 @@ func (PlainChunkSizeParser) Decode(b []byte) (uint16, error) {
return serial.BytesToUint16(b), nil return serial.BytesToUint16(b), nil
} }
type AEADChunkSizeParser struct {
Auth *AEADAuthenticator
}
func (p *AEADChunkSizeParser) SizeBytes() int {
return 2 + p.Auth.Overhead()
}
func (p *AEADChunkSizeParser) Encode(size uint16, b []byte) []byte {
b = serial.Uint16ToBytes(size, b)
b, err := p.Auth.Seal(b[:0], b)
common.Must(err)
return b
}
func (p *AEADChunkSizeParser) Decode(b []byte) (uint16, error) {
b, err := p.Auth.Open(b[:0], b)
if err != nil {
return 0, err
}
return serial.BytesToUint16(b), nil
}
type ChunkStreamReader struct { type ChunkStreamReader struct {
sizeDecoder ChunkSizeDecoder sizeDecoder ChunkSizeDecoder
reader buf.Reader reader buf.Reader

11
proxy/shadowsocks/client.go
View File

@ -105,10 +105,7 @@ func (v *Client) Process(ctx context.Context, outboundRay ray.OutboundRay, diale
} }
requestDone := signal.ExecuteAsync(func() error { requestDone := signal.ExecuteAsync(func() error {
if err := buf.Copy(outboundRay.OutboundInput(), bodyWriter, buf.UpdateActivity(timer)); err != nil { return buf.Copy(outboundRay.OutboundInput(), bodyWriter, buf.UpdateActivity(timer))
return err
}
return nil
}) })
responseDone := signal.ExecuteAsync(func() error { responseDone := signal.ExecuteAsync(func() error {
@ -119,11 +116,7 @@ func (v *Client) Process(ctx context.Context, outboundRay ray.OutboundRay, diale
return err return err
} }
if err := buf.Copy(responseReader, outboundRay.OutboundOutput(), buf.UpdateActivity(timer)); err != nil { return buf.Copy(responseReader, outboundRay.OutboundOutput(), buf.UpdateActivity(timer))
return err
}
return nil
}) })
if err := signal.ErrorOrFinish2(ctx, requestDone, responseDone); err != nil { if err := signal.ErrorOrFinish2(ctx, requestDone, responseDone); err != nil {

107
proxy/shadowsocks/config.go
View File

@ -2,9 +2,17 @@ package shadowsocks
import ( import (
"bytes" "bytes"
"crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/md5" "crypto/md5"
"crypto/sha1"
"io"
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/hkdf"
"v2ray.com/core/common"
"v2ray.com/core/common/buf"
"v2ray.com/core/common/crypto" "v2ray.com/core/common/crypto"
"v2ray.com/core/common/protocol" "v2ray.com/core/common/protocol"
) )
@ -22,6 +30,20 @@ func (v *ShadowsocksAccount) Equals(another protocol.Account) bool {
return false return false
} }
func createAesGcm(key []byte) cipher.AEAD {
block, err := aes.NewCipher(key)
common.Must(err)
gcm, err := cipher.NewGCM(block)
common.Must(err)
return gcm
}
func createChacha20Poly1305(key []byte) cipher.AEAD {
chacha20, err := chacha20poly1305.New(key)
common.Must(err)
return chacha20
}
func (v *Account) GetCipher() (Cipher, error) { func (v *Account) GetCipher() (Cipher, error) {
switch v.CipherType { switch v.CipherType {
case CipherType_AES_128_CFB: case CipherType_AES_128_CFB:
@ -32,6 +54,24 @@ func (v *Account) GetCipher() (Cipher, error) {
return &ChaCha20{IVBytes: 8}, nil return &ChaCha20{IVBytes: 8}, nil
case CipherType_CHACHA20_IETF: case CipherType_CHACHA20_IETF:
return &ChaCha20{IVBytes: 12}, nil return &ChaCha20{IVBytes: 12}, nil
case CipherType_AES_128_GCM:
return &AEADCipher{
KeyBytes: 16,
IVBytes: 16,
AEADAuthCreator: createAesGcm,
}, nil
case CipherType_AES_256_GCM:
return &AEADCipher{
KeyBytes: 32,
IVBytes: 32,
AEADAuthCreator: createAesGcm,
}, nil
case CipherType_CHACHA20_POLY1305:
return &AEADCipher{
KeyBytes: 32,
IVBytes: 32,
AEADAuthCreator: createChacha20Poly1305,
}, nil
default: default:
return nil, newError("Unsupported cipher.") return nil, newError("Unsupported cipher.")
} }
@ -60,8 +100,8 @@ func (v *Account) GetCipherKey() []byte {
type Cipher interface { type Cipher interface {
KeySize() int KeySize() int
IVSize() int IVSize() int
NewEncodingStream(key []byte, iv []byte) (cipher.Stream, error) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error)
NewDecodingStream(key []byte, iv []byte) (cipher.Stream, error) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error)
} }
type AesCfb struct { type AesCfb struct {
@ -76,14 +116,54 @@ func (v *AesCfb) IVSize() int {
return 16 return 16
} }
func (v *AesCfb) NewEncodingStream(key []byte, iv []byte) (cipher.Stream, error) { func (v *AesCfb) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
stream := crypto.NewAesEncryptionStream(key, iv) stream := crypto.NewAesEncryptionStream(key, iv)
return stream, nil return buf.NewWriter(crypto.NewCryptionWriter(stream, writer)), nil
} }
func (v *AesCfb) NewDecodingStream(key []byte, iv []byte) (cipher.Stream, error) { func (v *AesCfb) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
stream := crypto.NewAesDecryptionStream(key, iv) stream := crypto.NewAesDecryptionStream(key, iv)
return stream, nil return buf.NewReader(crypto.NewCryptionReader(stream, reader)), nil
}
type AEADCipher struct {
KeyBytes int
IVBytes int
AEADAuthCreator func(key []byte) cipher.AEAD
}
func (c *AEADCipher) KeySize() int {
return c.KeyBytes
}
func (c *AEADCipher) IVSize() int {
return c.IVBytes
}
func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
nonce := crypto.NewIncreasingAEADNonceGenerator()
subkey := make([]byte, c.KeyBytes)
hkdfSHA1(key, iv, subkey)
auth := &crypto.AEADAuthenticator{
AEAD: c.AEADAuthCreator(subkey),
NonceGenerator: nonce,
}
return crypto.NewAuthenticationWriter(auth, &crypto.AEADChunkSizeParser{
Auth: auth,
}, writer, protocol.TransferTypeStream), nil
}
func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
nonce := crypto.NewIncreasingAEADNonceGenerator()
subkey := make([]byte, c.KeyBytes)
hkdfSHA1(key, iv, subkey)
auth := &crypto.AEADAuthenticator{
AEAD: c.AEADAuthCreator(subkey),
NonceGenerator: nonce,
}
return crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
Auth: auth,
}, reader, protocol.TransferTypeStream), nil
} }
type ChaCha20 struct { type ChaCha20 struct {
@ -98,12 +178,14 @@ func (v *ChaCha20) IVSize() int {
return v.IVBytes return v.IVBytes
} }
func (v *ChaCha20) NewEncodingStream(key []byte, iv []byte) (cipher.Stream, error) { func (v *ChaCha20) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
return crypto.NewChaCha20Stream(key, iv), nil stream := crypto.NewChaCha20Stream(key, iv)
return buf.NewWriter(crypto.NewCryptionWriter(stream, writer)), nil
} }
func (v *ChaCha20) NewDecodingStream(key []byte, iv []byte) (cipher.Stream, error) { func (v *ChaCha20) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
return crypto.NewChaCha20Stream(key, iv), nil stream := crypto.NewChaCha20Stream(key, iv)
return buf.NewReader(crypto.NewCryptionReader(stream, reader)), nil
} }
func PasswordToCipherKey(password string, keySize int) []byte { func PasswordToCipherKey(password string, keySize int) []byte {
@ -123,3 +205,8 @@ func PasswordToCipherKey(password string, keySize int) []byte {
} }
return key return key
} }
func hkdfSHA1(secret, salt, outkey []byte) {
r := hkdf.New(sha1.New, secret, salt, []byte("ss-subkey"))
common.Must2(io.ReadFull(r, outkey))
}

61
proxy/shadowsocks/protocol.go
View File

@ -8,7 +8,6 @@ import (
"v2ray.com/core/common" "v2ray.com/core/common"
"v2ray.com/core/common/bitmask" "v2ray.com/core/common/bitmask"
"v2ray.com/core/common/buf" "v2ray.com/core/common/buf"
"v2ray.com/core/common/crypto"
"v2ray.com/core/common/net" "v2ray.com/core/common/net"
"v2ray.com/core/common/protocol" "v2ray.com/core/common/protocol"
"v2ray.com/core/common/serial" "v2ray.com/core/common/serial"
@ -40,11 +39,11 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea
iv := append([]byte(nil), buffer.BytesTo(ivLen)...) iv := append([]byte(nil), buffer.BytesTo(ivLen)...)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv) r, err := account.Cipher.NewDecryptionReader(account.Key, iv, reader)
if err != nil { if err != nil {
return nil, nil, newError("failed to initialize decoding stream").Base(err).AtError() return nil, nil, newError("failed to initialize decoding stream").Base(err).AtError()
} }
reader = crypto.NewCryptionReader(stream, reader) reader = r.(io.Reader)
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{ request := &protocol.RequestHeader{
@ -144,12 +143,12 @@ func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Wri
return nil, newError("failed to write IV") return nil, newError("failed to write IV")
} }
stream, err := account.Cipher.NewEncodingStream(account.Key, iv) w, err := account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
if err != nil { if err != nil {
return nil, newError("failed to create encoding stream").Base(err).AtError() return nil, newError("failed to create encoding stream").Base(err).AtError()
} }
writer = crypto.NewCryptionWriter(stream, writer) writer = w.(io.Writer)
header := buf.NewLocal(512) header := buf.NewLocal(512)
@ -208,11 +207,7 @@ func ReadTCPResponse(user *protocol.User, reader io.Reader) (buf.Reader, error)
return nil, newError("failed to read IV").Base(err) return nil, newError("failed to read IV").Base(err)
} }
stream, err := account.Cipher.NewDecodingStream(account.Key, iv) return account.Cipher.NewDecryptionReader(account.Key, iv, reader)
if err != nil {
return nil, newError("failed to initialize decoding stream").Base(err).AtError()
}
return buf.NewReader(crypto.NewCryptionReader(stream, reader)), nil
} }
func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) { func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
@ -230,12 +225,7 @@ func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (buf.Wr
return nil, newError("failed to write IV.").Base(err) return nil, newError("failed to write IV.").Base(err)
} }
stream, err := account.Cipher.NewEncodingStream(account.Key, iv) return account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
if err != nil {
return nil, newError("failed to create encoding stream.").Base(err).AtError()
}
return buf.NewWriter(crypto.NewCryptionWriter(stream, writer)), nil
} }
func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buffer, error) { func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buffer, error) {
@ -251,36 +241,41 @@ func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buff
buffer.AppendSupplier(buf.ReadFullFrom(rand.Reader, ivLen)) buffer.AppendSupplier(buf.ReadFullFrom(rand.Reader, ivLen))
iv := buffer.Bytes() iv := buffer.Bytes()
payloadBuffer := buf.NewLocal(512)
defer payloadBuffer.Release()
switch request.Address.Family() { switch request.Address.Family() {
case net.AddressFamilyIPv4: case net.AddressFamilyIPv4:
buffer.AppendBytes(AddrTypeIPv4) payloadBuffer.AppendBytes(AddrTypeIPv4)
buffer.Append([]byte(request.Address.IP())) payloadBuffer.Append([]byte(request.Address.IP()))
case net.AddressFamilyIPv6: case net.AddressFamilyIPv6:
buffer.AppendBytes(AddrTypeIPv6) payloadBuffer.AppendBytes(AddrTypeIPv6)
buffer.Append([]byte(request.Address.IP())) payloadBuffer.Append([]byte(request.Address.IP()))
case net.AddressFamilyDomain: case net.AddressFamilyDomain:
buffer.AppendBytes(AddrTypeDomain, byte(len(request.Address.Domain()))) payloadBuffer.AppendBytes(AddrTypeDomain, byte(len(request.Address.Domain())))
buffer.Append([]byte(request.Address.Domain())) payloadBuffer.Append([]byte(request.Address.Domain()))
default: default:
return nil, newError("unsupported address type: ", request.Address.Family()).AtError() return nil, newError("unsupported address type: ", request.Address.Family()).AtError()
} }
buffer.AppendSupplier(serial.WriteUint16(uint16(request.Port))) payloadBuffer.AppendSupplier(serial.WriteUint16(uint16(request.Port)))
buffer.Append(payload) payloadBuffer.Append(payload)
if request.Option.Has(RequestOptionOneTimeAuth) { if request.Option.Has(RequestOptionOneTimeAuth) {
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
buffer.SetByte(ivLen, buffer.Byte(ivLen)|0x10) payloadBuffer.SetByte(0, payloadBuffer.Byte(0)|0x10)
buffer.AppendSupplier(authenticator.Authenticate(buffer.BytesFrom(ivLen))) payloadBuffer.AppendSupplier(authenticator.Authenticate(payloadBuffer.Bytes()))
} }
stream, err := account.Cipher.NewEncodingStream(account.Key, iv) w, err := account.Cipher.NewEncryptionWriter(account.Key, iv, buffer)
if err != nil { if err != nil {
return nil, newError("failed to create encoding stream").Base(err).AtError() return nil, newError("failed to create encoding stream").Base(err).AtError()
} }
if err := w.WriteMultiBuffer(buf.NewMultiBufferValue(payloadBuffer)); err != nil {
return nil, newError("failed to encrypt UDP payload").Base(err).AtWarning()
}
stream.XORKeyStream(buffer.BytesFrom(ivLen), buffer.BytesFrom(ivLen))
return buffer, nil return buffer, nil
} }
@ -295,11 +290,17 @@ func DecodeUDPPacket(user *protocol.User, payload *buf.Buffer) (*protocol.Reques
iv := payload.BytesTo(ivLen) iv := payload.BytesTo(ivLen)
payload.SliceFrom(ivLen) payload.SliceFrom(ivLen)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv) r, err := account.Cipher.NewDecryptionReader(account.Key, iv, payload)
if err != nil { if err != nil {
return nil, nil, newError("failed to initialize decoding stream").Base(err).AtError() return nil, nil, newError("failed to initialize decoding stream").Base(err).AtError()
} }
stream.XORKeyStream(payload.Bytes(), payload.Bytes()) mb, err := r.ReadMultiBuffer()
if err != nil {
return nil, nil, newError("failed to decrypt UDP payload").Base(err).AtWarning()
}
payload.Release()
payload = mb.SplitFirst()
mb.Release()
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{ request := &protocol.RequestHeader{