mirror of
https://github.com/v2fly/v2ray-core.git
synced 2024-12-21 17:46:58 -05:00
security options in vmess
This commit is contained in:
Darien Raymond
parent
85163d4b47
commit
a6e25b3f67
@ -10,6 +10,7 @@ import (
|
|||||||
type InternalAccount struct {
|
type InternalAccount struct {
|
||||||
ID *protocol.ID
|
ID *protocol.ID
|
||||||
AlterIDs []*protocol.ID
|
AlterIDs []*protocol.ID
|
||||||
|
Security protocol.Security
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v *InternalAccount) AnyValidID() *protocol.ID {
|
func (v *InternalAccount) AnyValidID() *protocol.ID {
|
||||||
@ -38,5 +39,6 @@ func (v *Account) AsAccount() (protocol.Account, error) {
|
|||||||
return &InternalAccount{
|
return &InternalAccount{
|
||||||
ID: protoId,
|
ID: protoId,
|
||||||
AlterIDs: protocol.NewAlterIDs(protoId, uint16(v.AlterId)),
|
AlterIDs: protocol.NewAlterIDs(protoId, uint16(v.AlterId)),
|
||||||
|
Security: protocol.Security(v.Security),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -16,6 +16,7 @@ package vmess
|
|||||||
import proto "github.com/golang/protobuf/proto"
|
import proto "github.com/golang/protobuf/proto"
|
||||||
import fmt "fmt"
|
import fmt "fmt"
|
||||||
import math "math"
|
import math "math"
|
||||||
|
import v2ray_core_common_protocol "v2ray.com/core/common/protocol"
|
||||||
|
|
||||||
// Reference imports to suppress errors if they are not otherwise used.
|
// Reference imports to suppress errors if they are not otherwise used.
|
||||||
var _ = proto.Marshal
|
var _ = proto.Marshal
|
||||||
@ -29,8 +30,9 @@ var _ = math.Inf
|
|||||||
const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
|
const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
|
||||||
|
|
||||||
type Account struct {
|
type Account struct {
|
||||||
Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
|
Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
|
||||||
AlterId uint32 `protobuf:"varint,2,opt,name=alter_id,json=alterId" json:"alter_id,omitempty"`
|
AlterId uint32 `protobuf:"varint,2,opt,name=alter_id,json=alterId" json:"alter_id,omitempty"`
|
||||||
|
Security v2ray_core_common_protocol.SecurityType `protobuf:"varint,3,opt,name=security,enum=v2ray.core.common.protocol.SecurityType" json:"security,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Account) Reset() { *m = Account{} }
|
func (m *Account) Reset() { *m = Account{} }
|
||||||
@ -45,15 +47,19 @@ func init() {
|
|||||||
func init() { proto.RegisterFile("v2ray.com/core/proxy/vmess/account.proto", fileDescriptor0) }
|
func init() { proto.RegisterFile("v2ray.com/core/proxy/vmess/account.proto", fileDescriptor0) }
|
||||||
|
|
||||||
var fileDescriptor0 = []byte{
|
var fileDescriptor0 = []byte{
|
||||||
// 152 bytes of a gzipped FileDescriptorProto
|
// 217 bytes of a gzipped FileDescriptorProto
|
||||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xd2, 0x28, 0x33, 0x2a, 0x4a,
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x6c, 0x8f, 0x41, 0x4b, 0x03, 0x31,
|
||||||
0xac, 0xd4, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xce, 0x2f, 0x4a, 0xd5, 0x2f, 0x28, 0xca, 0xaf, 0xa8,
|
0x10, 0x85, 0xd9, 0x15, 0x6d, 0x0d, 0xda, 0xc3, 0x1e, 0x64, 0xed, 0x69, 0xf1, 0x94, 0x83, 0x4c,
|
||||||
0xd4, 0x2f, 0xcb, 0x4d, 0x2d, 0x2e, 0xd6, 0x4f, 0x4c, 0x4e, 0xce, 0x2f, 0xcd, 0x2b, 0xd1, 0x2b,
|
0xb0, 0xfe, 0x02, 0x8b, 0x17, 0x6f, 0xb2, 0x7a, 0xf2, 0x22, 0x71, 0x32, 0x60, 0xa0, 0xe9, 0x2c,
|
||||||
0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x83, 0xa9, 0x2c, 0x4a, 0xd5, 0x03, 0xab, 0xd2, 0x03, 0xab,
|
0x93, 0xb4, 0x18, 0x7f, 0xbd, 0x98, 0xed, 0x8a, 0x88, 0xc7, 0x84, 0xef, 0x7d, 0xef, 0x8d, 0xd2,
|
||||||
0x52, 0x32, 0xe1, 0x62, 0x77, 0x84, 0x28, 0x14, 0xe2, 0xe3, 0x62, 0xca, 0x4c, 0x91, 0x60, 0x54,
|
0xfb, 0x95, 0xd8, 0x0c, 0xc8, 0xc1, 0x20, 0x0b, 0x99, 0x41, 0xf8, 0x23, 0x9b, 0x7d, 0xa0, 0x18,
|
||||||
0x60, 0xd4, 0xe0, 0x0c, 0x62, 0xca, 0x4c, 0x11, 0x92, 0xe4, 0xe2, 0x48, 0xcc, 0x29, 0x49, 0x2d,
|
0x8d, 0x45, 0xe4, 0xdd, 0x36, 0xc1, 0x20, 0x9c, 0xb8, 0xb9, 0x98, 0x48, 0x21, 0x28, 0x14, 0x14,
|
||||||
0x8a, 0xcf, 0x4c, 0x91, 0x60, 0x52, 0x60, 0xd4, 0xe0, 0x0d, 0x62, 0x07, 0xf3, 0x3d, 0x53, 0x9c,
|
0x6a, 0x79, 0xfd, 0xc7, 0x80, 0x1c, 0x02, 0x6f, 0x4d, 0x09, 0x21, 0x6f, 0xcc, 0x3b, 0x59, 0x47,
|
||||||
0x0c, 0xb9, 0xa4, 0x92, 0xf3, 0x73, 0xf5, 0xb0, 0x9b, 0xe9, 0xc4, 0x03, 0x35, 0x31, 0x00, 0x64,
|
0x12, 0x47, 0xcb, 0xd5, 0xa7, 0x9a, 0xdd, 0x8d, 0xda, 0x66, 0xa1, 0x6a, 0xef, 0xda, 0xaa, 0xab,
|
||||||
0x73, 0x14, 0x2b, 0x58, 0x30, 0x89, 0x0d, 0xec, 0x0e, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff,
|
0xf4, 0x69, 0x5f, 0x7b, 0xd7, 0x5c, 0xaa, 0xb9, 0xdd, 0x24, 0x92, 0x57, 0xef, 0xda, 0xba, 0xab,
|
||||||
0x4b, 0xb5, 0x6b, 0xdd, 0xb3, 0x00, 0x00, 0x00,
|
0xf4, 0x79, 0x3f, 0x2b, 0xef, 0x07, 0xd7, 0xdc, 0xab, 0x79, 0x24, 0xdc, 0x89, 0x4f, 0xb9, 0x3d,
|
||||||
|
0xea, 0x2a, 0xbd, 0x58, 0x69, 0xf8, 0x35, 0x67, 0xac, 0x84, 0xa9, 0x12, 0x9e, 0x0e, 0xec, 0x73,
|
||||||
|
0x1e, 0xa8, 0xff, 0x49, 0xae, 0x6f, 0xd4, 0x12, 0x39, 0xc0, 0xff, 0x77, 0xac, 0xcf, 0x0e, 0xbb,
|
||||||
|
0x1e, 0xbf, 0x2d, 0x2f, 0xc7, 0xe5, 0xf3, 0xed, 0xa4, 0x38, 0x6f, 0xbf, 0x02, 0x00, 0x00, 0xff,
|
||||||
|
0xff, 0x9c, 0x9c, 0x82, 0x1b, 0x27, 0x01, 0x00, 0x00,
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,7 +6,10 @@ option go_package = "vmess";
|
|||||||
option java_package = "com.v2ray.core.proxy.vmess";
|
option java_package = "com.v2ray.core.proxy.vmess";
|
||||||
option java_outer_classname = "AccountProto";
|
option java_outer_classname = "AccountProto";
|
||||||
|
|
||||||
|
import "v2ray.com/core/common/protocol/headers.proto";
|
||||||
|
|
||||||
message Account {
|
message Account {
|
||||||
string id = 1;
|
string id = 1;
|
||||||
uint32 alter_id = 2;
|
uint32 alter_id = 2;
|
||||||
|
v2ray.core.common.protocol.SecurityType security = 3;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package encoding
|
|||||||
import (
|
import (
|
||||||
"hash/fnv"
|
"hash/fnv"
|
||||||
|
|
||||||
|
"crypto/md5"
|
||||||
"v2ray.com/core/common/crypto"
|
"v2ray.com/core/common/crypto"
|
||||||
"v2ray.com/core/common/serial"
|
"v2ray.com/core/common/serial"
|
||||||
)
|
)
|
||||||
@ -35,3 +36,12 @@ func (v *FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) (
|
|||||||
}
|
}
|
||||||
return append(dst[:0], ciphertext[4:]...), nil
|
return append(dst[:0], ciphertext[4:]...), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func GenerateChacha20Poly1305Key(b []byte) []byte {
|
||||||
|
key := make([]byte, 32)
|
||||||
|
t := md5.Sum(b)
|
||||||
|
copy(key, t[:])
|
||||||
|
t = md5.Sum(key[:16])
|
||||||
|
copy(key[16:], t[:])
|
||||||
|
return key
|
||||||
|
}
|
||||||
|
|||||||
@ -149,7 +149,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
|
|||||||
}
|
}
|
||||||
authWriter = crypto.NewAuthenticationWriter(auth, writer)
|
authWriter = crypto.NewAuthenticationWriter(auth, writer)
|
||||||
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
||||||
aead, _ := chacha20poly1305.New(v.responseBodyKey)
|
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
|
||||||
|
|
||||||
auth := &crypto.AEADAuthenticator{
|
auth := &crypto.AEADAuthenticator{
|
||||||
AEAD: aead,
|
AEAD: aead,
|
||||||
@ -243,7 +243,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
|
|||||||
}
|
}
|
||||||
authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
|
authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
|
||||||
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
||||||
aead, _ := chacha20poly1305.New(v.responseBodyKey)
|
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
|
||||||
|
|
||||||
auth := &crypto.AEADAuthenticator{
|
auth := &crypto.AEADAuthenticator{
|
||||||
AEAD: aead,
|
AEAD: aead,
|
||||||
|
|||||||
@ -196,7 +196,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
|
|||||||
}
|
}
|
||||||
authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
|
authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
|
||||||
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
||||||
aead, _ := chacha20poly1305.New(v.responseBodyKey)
|
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
|
||||||
|
|
||||||
auth := &crypto.AEADAuthenticator{
|
auth := &crypto.AEADAuthenticator{
|
||||||
AEAD: aead,
|
AEAD: aead,
|
||||||
@ -267,7 +267,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
|
|||||||
}
|
}
|
||||||
authWriter = crypto.NewAuthenticationWriter(auth, writer)
|
authWriter = crypto.NewAuthenticationWriter(auth, writer)
|
||||||
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
|
||||||
aead, _ := chacha20poly1305.New(v.responseBodyKey)
|
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
|
||||||
|
|
||||||
auth := &crypto.AEADAuthenticator{
|
auth := &crypto.AEADAuthenticator{
|
||||||
AEAD: aead,
|
AEAD: aead,
|
||||||
|
|||||||
@ -13,6 +13,7 @@ import (
|
|||||||
"v2ray.com/core/common/retry"
|
"v2ray.com/core/common/retry"
|
||||||
"v2ray.com/core/proxy"
|
"v2ray.com/core/proxy"
|
||||||
"v2ray.com/core/proxy/registry"
|
"v2ray.com/core/proxy/registry"
|
||||||
|
"v2ray.com/core/proxy/vmess"
|
||||||
"v2ray.com/core/proxy/vmess/encoding"
|
"v2ray.com/core/proxy/vmess/encoding"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/ray"
|
"v2ray.com/core/transport/ray"
|
||||||
@ -60,6 +61,13 @@ func (v *VMessOutboundHandler) Dispatch(target v2net.Destination, payload *alloc
|
|||||||
Option: protocol.RequestOptionChunkStream,
|
Option: protocol.RequestOptionChunkStream,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rawAccount, err := request.User.GetTypedAccount()
|
||||||
|
if err != nil {
|
||||||
|
log.Warning("VMess|Outbound: Failed to get user account: ", err)
|
||||||
|
}
|
||||||
|
account := rawAccount.(*vmess.InternalAccount)
|
||||||
|
request.Security = account.Security
|
||||||
|
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
|
|
||||||
conn.SetReusable(true)
|
conn.SetReusable(true)
|
||||||
|
|||||||
@ -2,6 +2,8 @@ package conf
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"v2ray.com/core/common/errors"
|
"v2ray.com/core/common/errors"
|
||||||
"v2ray.com/core/common/loader"
|
"v2ray.com/core/common/loader"
|
||||||
v2net "v2ray.com/core/common/net"
|
v2net "v2ray.com/core/common/net"
|
||||||
@ -15,12 +17,25 @@ import (
|
|||||||
type VMessAccount struct {
|
type VMessAccount struct {
|
||||||
ID string `json:"id"`
|
ID string `json:"id"`
|
||||||
AlterIds uint16 `json:"alterId"`
|
AlterIds uint16 `json:"alterId"`
|
||||||
|
Security string `json:"security"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v *VMessAccount) Build() *vmess.Account {
|
func (v *VMessAccount) Build() *vmess.Account {
|
||||||
|
var st protocol.SecurityType
|
||||||
|
switch strings.ToLower(v.Security) {
|
||||||
|
case "aes-128-gcm":
|
||||||
|
st = protocol.SecurityType_AES128_GCM
|
||||||
|
case "chacha20-poly1305":
|
||||||
|
st = protocol.SecurityType_CHACHA20_POLY1305
|
||||||
|
case "none":
|
||||||
|
st = protocol.SecurityType_NONE
|
||||||
|
default:
|
||||||
|
st = protocol.SecurityType_LEGACY
|
||||||
|
}
|
||||||
return &vmess.Account{
|
return &vmess.Account{
|
||||||
Id: v.ID,
|
Id: v.ID,
|
||||||
AlterId: uint32(v.AlterIds),
|
AlterId: uint32(v.AlterIds),
|
||||||
|
Security: st,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user