v2ray-core/proxy/shadowsocks/config.go

312 lines
8.0 KiB
Go
Raw Normal View History

2016-01-27 11:46:40 +00:00
package shadowsocks
import (
2016-10-31 14:24:28 +00:00
"bytes"
2017-11-25 23:51:54 +00:00
"crypto/aes"
2016-02-23 17:16:13 +00:00
"crypto/cipher"
2016-01-28 11:33:58 +00:00
"crypto/md5"
2017-11-25 23:51:54 +00:00
"crypto/sha1"
"io"
2016-12-16 16:31:13 +00:00
2017-11-25 23:51:54 +00:00
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/hkdf"
"v2ray.com/core/common"
"v2ray.com/core/common/buf"
2016-08-20 18:55:45 +00:00
"v2ray.com/core/common/crypto"
"v2ray.com/core/common/protocol"
2016-01-27 11:46:40 +00:00
)
2017-11-29 21:57:18 +00:00
// MemoryAccount is an account type converted from Account.
type MemoryAccount struct {
2016-10-31 15:35:18 +00:00
Cipher Cipher
Key []byte
2016-11-02 15:17:57 +00:00
OneTimeAuth Account_OneTimeAuth
2016-10-31 14:24:28 +00:00
}
2017-11-29 21:57:18 +00:00
// Equals implements protocol.Account.Equals().
func (a *MemoryAccount) Equals(another protocol.Account) bool {
if account, ok := another.(*MemoryAccount); ok {
return bytes.Equal(a.Key, account.Key)
2016-10-31 14:24:28 +00:00
}
return false
}
2017-11-25 23:51:54 +00:00
func createAesGcm(key []byte) cipher.AEAD {
block, err := aes.NewCipher(key)
common.Must(err)
gcm, err := cipher.NewGCM(block)
common.Must(err)
return gcm
}
func createChacha20Poly1305(key []byte) cipher.AEAD {
chacha20, err := chacha20poly1305.New(key)
common.Must(err)
return chacha20
}
2017-11-29 21:57:18 +00:00
func (a *Account) getCipher() (Cipher, error) {
2017-11-29 21:19:04 +00:00
switch a.CipherType {
2016-09-25 20:07:32 +00:00
case CipherType_AES_128_CFB:
2016-09-25 20:19:49 +00:00
return &AesCfb{KeyBytes: 16}, nil
2016-09-25 20:07:32 +00:00
case CipherType_AES_256_CFB:
2016-09-25 20:19:49 +00:00
return &AesCfb{KeyBytes: 32}, nil
2016-09-25 20:07:32 +00:00
case CipherType_CHACHA20:
2016-09-25 20:19:49 +00:00
return &ChaCha20{IVBytes: 8}, nil
2017-01-03 00:37:27 +00:00
case CipherType_CHACHA20_IETF:
2016-09-25 20:19:49 +00:00
return &ChaCha20{IVBytes: 12}, nil
2017-11-25 23:51:54 +00:00
case CipherType_AES_128_GCM:
return &AEADCipher{
KeyBytes: 16,
IVBytes: 16,
AEADAuthCreator: createAesGcm,
}, nil
case CipherType_AES_256_GCM:
return &AEADCipher{
KeyBytes: 32,
IVBytes: 32,
AEADAuthCreator: createAesGcm,
}, nil
case CipherType_CHACHA20_POLY1305:
return &AEADCipher{
KeyBytes: 32,
IVBytes: 32,
AEADAuthCreator: createChacha20Poly1305,
}, nil
2017-11-29 21:19:04 +00:00
case CipherType_NONE:
return NoneCipher{}, nil
2016-09-25 20:19:49 +00:00
default:
2017-04-08 23:43:25 +00:00
return nil, newError("Unsupported cipher.")
2016-09-17 22:41:21 +00:00
}
}
2017-11-29 21:57:18 +00:00
// AsAccount implements protocol.AsAccount.
2017-11-29 21:19:04 +00:00
func (a *Account) AsAccount() (protocol.Account, error) {
2017-11-29 21:57:18 +00:00
cipher, err := a.getCipher()
2016-10-31 14:24:28 +00:00
if err != nil {
2017-04-08 23:43:25 +00:00
return nil, newError("failed to get cipher").Base(err)
2016-10-31 14:24:28 +00:00
}
2017-11-29 21:57:18 +00:00
return &MemoryAccount{
2016-10-31 15:35:18 +00:00
Cipher: cipher,
2017-11-29 21:57:18 +00:00
Key: passwordToCipherKey([]byte(a.Password), cipher.KeySize()),
2017-11-29 21:19:04 +00:00
OneTimeAuth: a.Ota,
2016-10-31 14:24:28 +00:00
}, nil
2016-09-17 22:41:21 +00:00
}
2017-11-29 21:57:18 +00:00
// Cipher is an interface for all Shadowsocks ciphers.
2016-01-27 11:46:40 +00:00
type Cipher interface {
2018-04-02 18:00:50 +00:00
KeySize() int32
IVSize() int32
2017-11-25 23:51:54 +00:00
NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error)
NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error)
2017-11-25 23:58:57 +00:00
IsAEAD() bool
2017-11-26 20:51:30 +00:00
EncodePacket(key []byte, b *buf.Buffer) error
DecodePacket(key []byte, b *buf.Buffer) error
2016-01-27 11:46:40 +00:00
}
2017-11-29 21:57:18 +00:00
// AesCfb represents all AES-CFB ciphers.
2016-01-27 11:46:40 +00:00
type AesCfb struct {
2018-04-02 18:00:50 +00:00
KeyBytes int32
2016-01-27 11:46:40 +00:00
}
2017-11-25 23:58:57 +00:00
func (*AesCfb) IsAEAD() bool {
return false
}
2018-04-02 18:00:50 +00:00
func (v *AesCfb) KeySize() int32 {
2016-11-27 20:39:09 +00:00
return v.KeyBytes
2016-01-27 11:46:40 +00:00
}
2018-04-02 18:00:50 +00:00
func (v *AesCfb) IVSize() int32 {
2016-12-16 22:02:00 +00:00
return 16
2016-01-27 11:46:40 +00:00
}
2017-11-25 23:51:54 +00:00
func (v *AesCfb) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
2016-02-25 20:50:10 +00:00
stream := crypto.NewAesEncryptionStream(key, iv)
return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil
2016-01-27 11:46:40 +00:00
}
2017-11-25 23:51:54 +00:00
func (v *AesCfb) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
2016-02-25 20:50:10 +00:00
stream := crypto.NewAesDecryptionStream(key, iv)
return &buf.SingleReader{
Reader: crypto.NewCryptionReader(stream, reader),
}, nil
2017-11-25 23:51:54 +00:00
}
2017-11-26 20:51:30 +00:00
func (v *AesCfb) EncodePacket(key []byte, b *buf.Buffer) error {
iv := b.BytesTo(v.IVSize())
stream := crypto.NewAesEncryptionStream(key, iv)
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
return nil
}
func (v *AesCfb) DecodePacket(key []byte, b *buf.Buffer) error {
2018-01-19 10:08:34 +00:00
if b.Len() <= v.IVSize() {
return newError("insufficient data: ", b.Len())
}
2017-11-26 20:51:30 +00:00
iv := b.BytesTo(v.IVSize())
2017-11-27 09:42:34 +00:00
stream := crypto.NewAesDecryptionStream(key, iv)
2017-11-26 20:51:30 +00:00
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
b.Advance(v.IVSize())
2017-11-26 20:51:30 +00:00
return nil
}
2017-11-25 23:51:54 +00:00
type AEADCipher struct {
2018-04-02 18:00:50 +00:00
KeyBytes int32
IVBytes int32
2017-11-25 23:51:54 +00:00
AEADAuthCreator func(key []byte) cipher.AEAD
}
2017-11-25 23:58:57 +00:00
func (*AEADCipher) IsAEAD() bool {
return true
}
2018-04-02 18:00:50 +00:00
func (c *AEADCipher) KeySize() int32 {
2017-11-25 23:51:54 +00:00
return c.KeyBytes
}
2018-04-02 18:00:50 +00:00
func (c *AEADCipher) IVSize() int32 {
2017-11-25 23:51:54 +00:00
return c.IVBytes
}
2017-11-26 20:51:30 +00:00
func (c *AEADCipher) createAuthenticator(key []byte, iv []byte) *crypto.AEADAuthenticator {
2018-04-14 11:10:12 +00:00
nonce := crypto.GenerateInitialAEADNonce()
2017-11-25 23:51:54 +00:00
subkey := make([]byte, c.KeyBytes)
hkdfSHA1(key, iv, subkey)
2017-11-26 20:51:30 +00:00
return &crypto.AEADAuthenticator{
2017-11-25 23:51:54 +00:00
AEAD: c.AEADAuthCreator(subkey),
NonceGenerator: nonce,
}
2017-11-26 20:51:30 +00:00
}
func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
auth := c.createAuthenticator(key, iv)
2017-11-25 23:51:54 +00:00
return crypto.NewAuthenticationWriter(auth, &crypto.AEADChunkSizeParser{
Auth: auth,
2018-07-07 13:42:24 +00:00
}, writer, protocol.TransferTypeStream, nil), nil
2017-11-25 23:51:54 +00:00
}
func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
2017-11-26 20:51:30 +00:00
auth := c.createAuthenticator(key, iv)
2017-11-25 23:51:54 +00:00
return crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
Auth: auth,
2018-07-07 13:42:24 +00:00
}, reader, protocol.TransferTypeStream, nil), nil
2016-02-23 17:16:13 +00:00
}
2017-11-26 20:51:30 +00:00
func (c *AEADCipher) EncodePacket(key []byte, b *buf.Buffer) error {
ivLen := c.IVSize()
payloadLen := b.Len()
auth := c.createAuthenticator(key, b.BytesTo(ivLen))
2018-11-02 20:34:04 +00:00
b.Extend(int32(auth.Overhead()))
_, err := auth.Seal(b.BytesTo(ivLen), b.BytesRange(ivLen, payloadLen))
return err
2017-11-26 20:51:30 +00:00
}
func (c *AEADCipher) DecodePacket(key []byte, b *buf.Buffer) error {
2018-01-19 13:08:45 +00:00
if b.Len() <= c.IVSize() {
2018-01-19 10:08:34 +00:00
return newError("insufficient data: ", b.Len())
}
2017-11-26 20:51:30 +00:00
ivLen := c.IVSize()
payloadLen := b.Len()
auth := c.createAuthenticator(key, b.BytesTo(ivLen))
2018-11-02 20:34:04 +00:00
bbb, err := auth.Open(b.BytesTo(ivLen), b.BytesRange(ivLen, payloadLen))
if err != nil {
2017-11-26 20:51:30 +00:00
return err
}
2018-11-02 21:04:52 +00:00
b.Resize(ivLen, int32(len(bbb)))
2017-11-26 20:51:30 +00:00
return nil
}
2016-02-23 17:16:13 +00:00
type ChaCha20 struct {
2018-04-02 18:00:50 +00:00
IVBytes int32
2016-02-23 17:16:13 +00:00
}
2017-11-25 23:58:57 +00:00
func (*ChaCha20) IsAEAD() bool {
return false
}
2018-04-02 18:00:50 +00:00
func (v *ChaCha20) KeySize() int32 {
2016-02-23 17:16:13 +00:00
return 32
}
2018-04-02 18:00:50 +00:00
func (v *ChaCha20) IVSize() int32 {
2016-11-27 20:39:09 +00:00
return v.IVBytes
2016-02-23 17:16:13 +00:00
}
2017-11-25 23:51:54 +00:00
func (v *ChaCha20) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
stream := crypto.NewChaCha20Stream(key, iv)
return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil
2016-02-23 17:16:13 +00:00
}
2017-11-25 23:51:54 +00:00
func (v *ChaCha20) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
stream := crypto.NewChaCha20Stream(key, iv)
return &buf.SingleReader{Reader: crypto.NewCryptionReader(stream, reader)}, nil
2016-01-27 11:46:40 +00:00
}
2017-11-26 20:51:30 +00:00
func (v *ChaCha20) EncodePacket(key []byte, b *buf.Buffer) error {
iv := b.BytesTo(v.IVSize())
stream := crypto.NewChaCha20Stream(key, iv)
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
return nil
}
func (v *ChaCha20) DecodePacket(key []byte, b *buf.Buffer) error {
2018-01-19 10:08:34 +00:00
if b.Len() <= v.IVSize() {
return newError("insufficient data: ", b.Len())
}
2017-11-26 20:51:30 +00:00
iv := b.BytesTo(v.IVSize())
stream := crypto.NewChaCha20Stream(key, iv)
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
b.Advance(v.IVSize())
2017-11-26 20:51:30 +00:00
return nil
}
2017-11-29 21:19:04 +00:00
type NoneCipher struct{}
2018-04-02 18:00:50 +00:00
func (NoneCipher) KeySize() int32 { return 0 }
func (NoneCipher) IVSize() int32 { return 0 }
2017-11-29 21:19:04 +00:00
func (NoneCipher) IsAEAD() bool {
return true // to avoid OTA
}
func (NoneCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
return buf.NewReader(reader), nil
}
func (NoneCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
return buf.NewWriter(writer), nil
}
func (NoneCipher) EncodePacket(key []byte, b *buf.Buffer) error {
return nil
}
func (NoneCipher) DecodePacket(key []byte, b *buf.Buffer) error {
return nil
}
2018-04-02 18:00:50 +00:00
func passwordToCipherKey(password []byte, keySize int32) []byte {
2016-01-28 11:33:58 +00:00
key := make([]byte, 0, keySize)
2017-11-29 21:19:04 +00:00
md5Sum := md5.Sum(password)
2016-01-28 11:33:58 +00:00
key = append(key, md5Sum[:]...)
2018-04-02 18:00:50 +00:00
for int32(len(key)) < keySize {
2016-01-28 11:33:58 +00:00
md5Hash := md5.New()
2017-11-29 21:57:18 +00:00
common.Must2(md5Hash.Write(md5Sum[:]))
common.Must2(md5Hash.Write(password))
2016-01-28 11:33:58 +00:00
md5Hash.Sum(md5Sum[:0])
key = append(key, md5Sum[:]...)
}
return key
2016-01-27 11:46:40 +00:00
}
2017-11-25 23:51:54 +00:00
func hkdfSHA1(secret, salt, outkey []byte) {
r := hkdf.New(sha1.New, secret, salt, []byte("ss-subkey"))
common.Must2(io.ReadFull(r, outkey))
}