lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-21 09:36:34 -05:00
Code Issues Releases Wiki Activity

mask size bytes

Browse Source
This commit is contained in:
Darien Raymond 2017-02-14 10:11:26 +01:00
parent 9ca520893b
commit d5b1762865
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
4 changed files with 50 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
common/crypto/auth.go
View File

@ -68,9 +68,10 @@ func (v *AEADAuthenticator) Seal(dst, plainText []byte) ([]byte, error) {
}
type AuthenticationReader struct {
auth Authenticator
buffer *buf.Buffer
reader io.Reader
auth Authenticator
buffer *buf.Buffer
reader io.Reader
sizeMask uint16
chunk []byte
}
@ -79,11 +80,12 @@ const (
readerBufferSize = 32 * 1024
)
func NewAuthenticationReader(auth Authenticator, reader io.Reader) *AuthenticationReader {
func NewAuthenticationReader(auth Authenticator, reader io.Reader, sizeMask uint16) *AuthenticationReader {
return &AuthenticationReader{
auth: auth,
buffer: buf.NewLocal(readerBufferSize),
reader: reader,
auth: auth,
buffer: buf.NewLocal(readerBufferSize),
reader: reader,
sizeMask: sizeMask,
}
}
@ -91,7 +93,7 @@ func (v *AuthenticationReader) NextChunk() error {
if v.buffer.Len() < 2 {
return errInsufficientBuffer
}
size := int(serial.BytesToUint16(v.buffer.BytesTo(2)))
size := int(serial.BytesToUint16(v.buffer.BytesTo(2)) ^ v.sizeMask)
if size > v.buffer.Len()-2 {
return errInsufficientBuffer
}
@ -168,16 +170,18 @@ func (v *AuthenticationReader) Read(b []byte) (int, error) {
}
type AuthenticationWriter struct {
auth Authenticator
buffer []byte
writer io.Writer
auth Authenticator
buffer []byte
writer io.Writer
sizeMask uint16
}
func NewAuthenticationWriter(auth Authenticator, writer io.Writer) *AuthenticationWriter {
func NewAuthenticationWriter(auth Authenticator, writer io.Writer, sizeMask uint16) *AuthenticationWriter {
return &AuthenticationWriter{
auth: auth,
buffer: make([]byte, 32*1024),
writer: writer,
auth: auth,
buffer: make([]byte, 32*1024),
writer: writer,
sizeMask: sizeMask,
}
}
@ -187,7 +191,8 @@ func (v *AuthenticationWriter) Write(b []byte) (int, error) {
return 0, err
}
serial.Uint16ToBytes(uint16(len(cipherChunk)), v.buffer[:0])
size := uint16(len(cipherChunk)) ^ v.sizeMask
serial.Uint16ToBytes(size, v.buffer[:0])
_, err = v.writer.Write(v.buffer[:2+len(cipherChunk)])
return len(b), err
}

14
common/crypto/auth_test.go
View File

@ -6,17 +6,19 @@ import (
"crypto/rand"
"io"
"testing"
"time"
"v2ray.com/core/common/buf"
. "v2ray.com/core/common/crypto"
"v2ray.com/core/common/dice"
"v2ray.com/core/testing/assert"
)
func TestAuthenticationReaderWriter(t *testing.T) {
assert := assert.On(t)
sizeMask := uint16(dice.Roll(65536))
key := make([]byte, 16)
rand.Read(key)
block, err := aes.NewCipher(key)
@ -38,7 +40,7 @@ func TestAuthenticationReaderWriter(t *testing.T) {
Content: iv,
},
AdditionalDataGenerator: &NoOpBytesGenerator{},
}, cache)
}, cache, sizeMask)
nBytes, err := writer.Write(payload)
assert.Error(err).IsNil()
@ -53,7 +55,7 @@ func TestAuthenticationReaderWriter(t *testing.T) {
Content: iv,
},
AdditionalDataGenerator: &NoOpBytesGenerator{},
}, cache)
}, cache, sizeMask)
actualPayload := make([]byte, 16*1024)
nBytes, err = reader.Read(actualPayload)
@ -68,6 +70,8 @@ func TestAuthenticationReaderWriter(t *testing.T) {
func TestAuthenticationReaderWriterPartial(t *testing.T) {
assert := assert.On(t)
sizeMask := uint16(dice.Roll(65536))
key := make([]byte, 16)
rand.Read(key)
block, err := aes.NewCipher(key)
@ -89,7 +93,7 @@ func TestAuthenticationReaderWriterPartial(t *testing.T) {
Content: iv,
},
AdditionalDataGenerator: &NoOpBytesGenerator{},
}, cache)
}, cache, sizeMask)
writer.Write([]byte{'a', 'b', 'c', 'd'})
@ -119,7 +123,7 @@ func TestAuthenticationReaderWriterPartial(t *testing.T) {
Content: iv,
},
AdditionalDataGenerator: &NoOpBytesGenerator{},
}, pr)
}, pr, sizeMask)
actualPayload := make([]byte, 7*1024)
nBytes, err = reader.Read(actualPayload)

18
proxy/vmess/encoding/client.go
View File

@ -119,6 +119,7 @@ func (v *ClientSession) EncodeRequestHeader(header *protocol.RequestHeader, writ
func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
var authWriter io.Writer
sizeMask := serial.BytesToUint16(v.requestBodyKey[:2])
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
auth := &crypto.AEADAuthenticator{
@ -126,7 +127,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, writer)
authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
} else {
authWriter = writer
}
@ -139,7 +140,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, cryptionWriter)
authWriter = crypto.NewAuthenticationWriter(auth, cryptionWriter, sizeMask)
} else {
authWriter = cryptionWriter
}
@ -155,7 +156,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, writer)
authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
@ -167,7 +168,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, writer)
authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
}
return buf.NewWriter(authWriter)
@ -214,6 +215,7 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
var authReader io.Reader
sizeMask := serial.BytesToUint16(v.responseBodyKey[:2])
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
auth := &crypto.AEADAuthenticator{
@ -221,7 +223,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, reader)
authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
} else {
authReader = reader
}
@ -232,7 +234,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, v.responseReader)
authReader = crypto.NewAuthenticationReader(auth, v.responseReader, sizeMask)
} else {
authReader = v.responseReader
}
@ -248,7 +250,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, reader)
authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
@ -260,7 +262,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, reader)
authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
}
return buf.NewReader(authReader)

18
proxy/vmess/encoding/server.go
View File

@ -220,6 +220,7 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
var authReader io.Reader
sizeMask := serial.BytesToUint16(v.requestBodyKey[:2])
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
auth := &crypto.AEADAuthenticator{
@ -227,7 +228,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, reader)
authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
} else {
authReader = reader
}
@ -240,7 +241,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, cryptionReader)
authReader = crypto.NewAuthenticationReader(auth, cryptionReader, sizeMask)
} else {
authReader = cryptionReader
}
@ -256,7 +257,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, reader)
authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
@ -268,7 +269,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authReader = crypto.NewAuthenticationReader(auth, reader)
authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
}
return buf.NewReader(authReader)
@ -293,6 +294,7 @@ func (v *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
var authWriter io.Writer
sizeMask := serial.BytesToUint16(v.responseBodyKey[:2])
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
auth := &crypto.AEADAuthenticator{
@ -300,7 +302,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, writer)
authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
} else {
authWriter = writer
}
@ -311,7 +313,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, v.responseWriter)
authWriter = crypto.NewAuthenticationWriter(auth, v.responseWriter, sizeMask)
} else {
authWriter = v.responseWriter
}
@ -327,7 +329,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, writer)
authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
@ -339,7 +341,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
authWriter = crypto.NewAuthenticationWriter(auth, writer)
authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
}
return buf.NewWriter(authWriter)