1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-11-08 03:07:47 -05:00
v2fly/proxy/shadowsocks2022/udp_aes.go
Xiaokang Wang (Shelikhoo) b6da3e86a5
Shadowsocks2022 Client Implementation Improvements (#2770)
* Shadowsocks2022 Client Implementation Improvements

1. Added UDP Replay Detection
2. Added UDP Processor State Cache
3. Added More Detailed Output for Time Difference Error
4. Replaced Mutex with RWMutex for reduced lock contention
5. Added per server session tracking of decryption cache and anti-replay window
6. Adjust server session track time
7. Increase per session buffer to 128
8. Fix client crash when EIH is not enabled
9. Fix client log contains non-human-friendly content
10.Remove mark and remove for trackedSessions
11. Fixed packet size uint16 overflow issue
2023-11-24 00:40:07 +00:00

193 lines
5.9 KiB
Go

package shadowsocks2022
import (
"bytes"
"crypto/cipher"
"io"
"github.com/lunixbochs/struc"
"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/net"
)
type AESUDPClientPacketProcessor struct {
requestSeparateHeaderBlockCipher cipher.Block
responseSeparateHeaderBlockCipher cipher.Block
mainPacketAEAD func([]byte) cipher.AEAD
EIHGenerator func([]byte) ExtensibleIdentityHeaders
}
func NewAESUDPClientPacketProcessor(requestSeparateHeaderBlockCipher, responseSeparateHeaderBlockCipher cipher.Block, mainPacketAEAD func([]byte) cipher.AEAD, eih func([]byte) ExtensibleIdentityHeaders) *AESUDPClientPacketProcessor {
return &AESUDPClientPacketProcessor{
requestSeparateHeaderBlockCipher: requestSeparateHeaderBlockCipher,
responseSeparateHeaderBlockCipher: responseSeparateHeaderBlockCipher,
mainPacketAEAD: mainPacketAEAD,
EIHGenerator: eih,
}
}
type separateHeader struct {
SessionID [8]byte
PacketID uint64
}
type header struct {
Type byte
TimeStamp uint64
PaddingLength uint16 `struc:"sizeof=Padding"`
Padding []byte
}
type respHeader struct {
Type byte
TimeStamp uint64
ClientSessionID [8]byte
PaddingLength uint16 `struc:"sizeof=Padding"`
Padding []byte
}
type cachedUDPState struct {
sessionAEAD cipher.AEAD
sessionRecvAEAD cipher.AEAD
}
func (p *AESUDPClientPacketProcessor) EncodeUDPRequest(request *UDPRequest, out *buf.Buffer,
cache UDPClientPacketProcessorCachedStateContainer,
) error {
separateHeaderStruct := separateHeader{PacketID: request.PacketID, SessionID: request.SessionID}
separateHeaderBuffer := buf.New()
defer separateHeaderBuffer.Release()
{
err := struc.Pack(separateHeaderBuffer, &separateHeaderStruct)
if err != nil {
return newError("failed to pack separateHeader").Base(err)
}
}
separateHeaderBufferBytes := separateHeaderBuffer.Bytes()
{
encryptedDest := out.Extend(16)
p.requestSeparateHeaderBlockCipher.Encrypt(encryptedDest, separateHeaderBufferBytes)
}
if p.EIHGenerator != nil {
eih := p.EIHGenerator(separateHeaderBufferBytes[0:16])
eihHeader := struct {
EIH ExtensibleIdentityHeaders
}{
EIH: eih,
}
err := struc.Pack(out, &eihHeader)
if err != nil {
return newError("failed to pack eih").Base(err)
}
}
headerStruct := header{
Type: UDPHeaderTypeClientToServerStream,
TimeStamp: request.TimeStamp,
PaddingLength: 0,
Padding: nil,
}
requestBodyBuffer := buf.New()
{
err := struc.Pack(requestBodyBuffer, &headerStruct)
if err != nil {
return newError("failed to header").Base(err)
}
}
{
err := addrParser.WriteAddressPort(requestBodyBuffer, request.Address, net.Port(request.Port))
if err != nil {
return newError("failed to write address port").Base(err)
}
}
{
_, err := io.Copy(requestBodyBuffer, bytes.NewReader(request.Payload.Bytes()))
if err != nil {
return newError("failed to copy payload").Base(err)
}
}
{
cacheKey := string(separateHeaderBufferBytes[0:8])
receivedCacheInterface := cache.GetCachedState(cacheKey)
cachedState := &cachedUDPState{}
if receivedCacheInterface != nil {
cachedState = receivedCacheInterface.(*cachedUDPState)
}
if cachedState.sessionAEAD == nil {
cachedState.sessionAEAD = p.mainPacketAEAD(separateHeaderBufferBytes[0:8])
cache.PutCachedState(cacheKey, cachedState)
}
mainPacketAEADMaterialized := cachedState.sessionAEAD
encryptedDest := out.Extend(int32(mainPacketAEADMaterialized.Overhead()) + requestBodyBuffer.Len())
mainPacketAEADMaterialized.Seal(encryptedDest[:0], separateHeaderBuffer.Bytes()[4:16], requestBodyBuffer.Bytes(), nil)
}
return nil
}
func (p *AESUDPClientPacketProcessor) DecodeUDPResp(input []byte, resp *UDPResponse,
cache UDPClientPacketProcessorCachedStateContainer,
) error {
separateHeaderBuffer := buf.New()
defer separateHeaderBuffer.Release()
{
encryptedDest := separateHeaderBuffer.Extend(16)
p.responseSeparateHeaderBlockCipher.Decrypt(encryptedDest, input)
}
separateHeaderStruct := separateHeader{}
{
err := struc.Unpack(separateHeaderBuffer, &separateHeaderStruct)
if err != nil {
return newError("failed to unpack separateHeader").Base(err)
}
}
resp.PacketID = separateHeaderStruct.PacketID
resp.SessionID = separateHeaderStruct.SessionID
{
cacheKey := string(separateHeaderBuffer.Bytes()[0:8])
receivedCacheInterface := cache.GetCachedServerState(cacheKey)
cachedState := &cachedUDPState{}
if receivedCacheInterface != nil {
cachedState = receivedCacheInterface.(*cachedUDPState)
}
if cachedState.sessionRecvAEAD == nil {
cachedState.sessionRecvAEAD = p.mainPacketAEAD(separateHeaderBuffer.Bytes()[0:8])
cache.PutCachedServerState(cacheKey, cachedState)
}
mainPacketAEADMaterialized := cachedState.sessionRecvAEAD
decryptedDestBuffer := buf.New()
decryptedDest := decryptedDestBuffer.Extend(int32(len(input)) - 16 - int32(mainPacketAEADMaterialized.Overhead()))
_, err := mainPacketAEADMaterialized.Open(decryptedDest[:0], separateHeaderBuffer.Bytes()[4:16], input[16:], nil)
if err != nil {
return newError("failed to open main packet").Base(err)
}
decryptedDestReader := bytes.NewReader(decryptedDest)
headerStruct := respHeader{}
{
err := struc.Unpack(decryptedDestReader, &headerStruct)
if err != nil {
return newError("failed to unpack header").Base(err)
}
}
resp.TimeStamp = headerStruct.TimeStamp
addressReaderBuf := buf.New()
defer addressReaderBuf.Release()
var port net.Port
resp.Address, port, err = addrParser.ReadAddressPort(addressReaderBuf, decryptedDestReader)
if err != nil {
return newError("failed to read address port").Base(err)
}
resp.Port = int(port)
readedLength := decryptedDestReader.Size() - int64(decryptedDestReader.Len())
decryptedDestBuffer.Advance(int32(readedLength))
resp.Payload = decryptedDestBuffer
resp.ClientSessionID = headerStruct.ClientSessionID
return nil
}
}