pull/525/head
Darien Raymond 2017-07-25 22:21:59 +02:00
parent ef59f67961
commit 21284fbd61
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
3 changed files with 52 additions and 52 deletions

View File

@ -41,23 +41,23 @@ type FnvAuthenticator struct {
} }
// NonceSize implements AEAD.NonceSize(). // NonceSize implements AEAD.NonceSize().
func (v *FnvAuthenticator) NonceSize() int { func (*FnvAuthenticator) NonceSize() int {
return 0 return 0
} }
// Overhead impelements AEAD.Overhead(). // Overhead impelements AEAD.Overhead().
func (v *FnvAuthenticator) Overhead() int { func (*FnvAuthenticator) Overhead() int {
return 4 return 4
} }
// Seal implements AEAD.Seal(). // Seal implements AEAD.Seal().
func (v *FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte { func (*FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
dst = serial.Uint32ToBytes(Authenticate(plaintext), dst) dst = serial.Uint32ToBytes(Authenticate(plaintext), dst)
return append(dst, plaintext...) return append(dst, plaintext...)
} }
// Open implements AEAD.Open(). // Open implements AEAD.Open().
func (v *FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { func (*FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
if serial.BytesToUint32(ciphertext[:4]) != Authenticate(ciphertext[4:]) { if serial.BytesToUint32(ciphertext[:4]) != Authenticate(ciphertext[4:]) {
return dst, newError("invalid authentication") return dst, newError("invalid authentication")
} }
@ -87,7 +87,7 @@ func NewShakeSizeParser(nonce []byte) *ShakeSizeParser {
} }
} }
func (s *ShakeSizeParser) SizeBytes() int { func (*ShakeSizeParser) SizeBytes() int {
return 2 return 2
} }

View File

@ -187,20 +187,20 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
panic("Unknown security type.") panic("Unknown security type.")
} }
func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.ResponseHeader, error) { func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.ResponseHeader, error) {
aesStream := crypto.NewAesDecryptionStream(v.responseBodyKey, v.responseBodyIV) aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey, c.responseBodyIV)
v.responseReader = crypto.NewCryptionReader(aesStream, reader) c.responseReader = crypto.NewCryptionReader(aesStream, reader)
buffer := make([]byte, 256) buffer := make([]byte, 256)
_, err := io.ReadFull(v.responseReader, buffer[:4]) _, err := io.ReadFull(c.responseReader, buffer[:4])
if err != nil { if err != nil {
log.Trace(newError("failed to read response header").Base(err)) log.Trace(newError("failed to read response header").Base(err))
return nil, err return nil, err
} }
if buffer[0] != v.responseHeader { if buffer[0] != c.responseHeader {
return nil, newError("unexpected response header. Expecting ", int(v.responseHeader), " but actually ", int(buffer[0])) return nil, newError("unexpected response header. Expecting ", int(c.responseHeader), " but actually ", int(buffer[0]))
} }
header := &protocol.ResponseHeader{ header := &protocol.ResponseHeader{
@ -210,7 +210,7 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
if buffer[2] != 0 { if buffer[2] != 0 {
cmdID := buffer[2] cmdID := buffer[2]
dataLen := int(buffer[3]) dataLen := int(buffer[3])
_, err := io.ReadFull(v.responseReader, buffer[:dataLen]) _, err := io.ReadFull(c.responseReader, buffer[:dataLen])
if err != nil { if err != nil {
log.Trace(newError("failed to read response command").Base(err)) log.Trace(newError("failed to read response command").Base(err))
return nil, err return nil, err
@ -225,10 +225,10 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
return header, nil return header, nil
} }
func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader { func (c *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
var sizeParser crypto.ChunkSizeDecoder = crypto.PlainChunkSizeParser{} var sizeParser crypto.ChunkSizeDecoder = crypto.PlainChunkSizeParser{}
if request.Option.Has(protocol.RequestOptionChunkMasking) { if request.Option.Has(protocol.RequestOptionChunkMasking) {
sizeParser = NewShakeSizeParser(v.responseBodyIV) sizeParser = NewShakeSizeParser(c.responseBodyIV)
} }
if request.Security.Is(protocol.SecurityType_NONE) { if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) { if request.Option.Has(protocol.RequestOptionChunkStream) {
@ -255,20 +255,20 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
NonceGenerator: crypto.NoOpBytesGenerator{}, NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
} }
return crypto.NewAuthenticationReader(auth, sizeParser, v.responseReader, request.Command.TransferType()) return crypto.NewAuthenticationReader(auth, sizeParser, c.responseReader, request.Command.TransferType())
} }
return buf.NewReader(v.responseReader) return buf.NewReader(c.responseReader)
} }
if request.Security.Is(protocol.SecurityType_AES128_GCM) { if request.Security.Is(protocol.SecurityType_AES128_GCM) {
block, _ := aes.NewCipher(v.responseBodyKey) block, _ := aes.NewCipher(c.responseBodyKey)
aead, _ := cipher.NewGCM(block) aead, _ := cipher.NewGCM(block)
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
AEAD: aead, AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{ NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...), Nonce: append([]byte(nil), c.responseBodyIV...),
Size: aead.NonceSize(), Size: aead.NonceSize(),
}, },
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -277,12 +277,12 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
} }
if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) { if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey)) aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(c.responseBodyKey))
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
AEAD: aead, AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{ NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...), Nonce: append([]byte(nil), c.responseBodyIV...),
Size: aead.NonceSize(), Size: aead.NonceSize(),
}, },
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},

View File

@ -112,7 +112,7 @@ func NewServerSession(validator protocol.UserValidator, sessionHistory *SessionH
} }
} }
func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) { func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
buffer := make([]byte, 512) buffer := make([]byte, 512)
_, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen]) _, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen])
@ -120,7 +120,7 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
return nil, newError("failed to read request header").Base(err) return nil, newError("failed to read request header").Base(err)
} }
user, timestamp, valid := v.userValidator.Get(buffer[:protocol.IDBytesLen]) user, timestamp, valid := s.userValidator.Get(buffer[:protocol.IDBytesLen])
if !valid { if !valid {
return nil, newError("invalid user") return nil, newError("invalid user")
} }
@ -152,18 +152,18 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
return nil, newError("invalid protocol version ", request.Version) return nil, newError("invalid protocol version ", request.Version)
} }
v.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes s.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
v.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes s.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
var sid sessionId var sid sessionId
copy(sid.user[:], vmessAccount.ID.Bytes()) copy(sid.user[:], vmessAccount.ID.Bytes())
copy(sid.key[:], v.requestBodyKey) copy(sid.key[:], s.requestBodyKey)
copy(sid.nonce[:], v.requestBodyIV) copy(sid.nonce[:], s.requestBodyIV)
if v.sessionHistory.has(sid) { if s.sessionHistory.has(sid) {
return nil, newError("duplicated session id, possibly under replay attack") return nil, newError("duplicated session id, possibly under replay attack")
} }
v.sessionHistory.add(sid) s.sessionHistory.add(sid)
v.responseHeader = buffer[33] // 1 byte s.responseHeader = buffer[33] // 1 byte
request.Option = protocol.RequestOption(buffer[34]) // 1 byte request.Option = protocol.RequestOption(buffer[34]) // 1 byte
padingLen := int(buffer[35] >> 4) padingLen := int(buffer[35] >> 4)
request.Security = protocol.NormSecurity(protocol.Security(buffer[35] & 0x0F)) request.Security = protocol.NormSecurity(protocol.Security(buffer[35] & 0x0F))
@ -235,10 +235,10 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
return request, nil return request, nil
} }
func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader { func (s *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
var sizeParser crypto.ChunkSizeDecoder = crypto.PlainChunkSizeParser{} var sizeParser crypto.ChunkSizeDecoder = crypto.PlainChunkSizeParser{}
if request.Option.Has(protocol.RequestOptionChunkMasking) { if request.Option.Has(protocol.RequestOptionChunkMasking) {
sizeParser = NewShakeSizeParser(v.requestBodyIV) sizeParser = NewShakeSizeParser(s.requestBodyIV)
} }
if request.Security.Is(protocol.SecurityType_NONE) { if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) { if request.Option.Has(protocol.RequestOptionChunkStream) {
@ -258,7 +258,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
} }
if request.Security.Is(protocol.SecurityType_LEGACY) { if request.Security.Is(protocol.SecurityType_LEGACY) {
aesStream := crypto.NewAesDecryptionStream(v.requestBodyKey, v.requestBodyIV) aesStream := crypto.NewAesDecryptionStream(s.requestBodyKey, s.requestBodyIV)
cryptionReader := crypto.NewCryptionReader(aesStream, reader) cryptionReader := crypto.NewCryptionReader(aesStream, reader)
if request.Option.Has(protocol.RequestOptionChunkStream) { if request.Option.Has(protocol.RequestOptionChunkStream) {
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
@ -273,13 +273,13 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
} }
if request.Security.Is(protocol.SecurityType_AES128_GCM) { if request.Security.Is(protocol.SecurityType_AES128_GCM) {
block, _ := aes.NewCipher(v.requestBodyKey) block, _ := aes.NewCipher(s.requestBodyKey)
aead, _ := cipher.NewGCM(block) aead, _ := cipher.NewGCM(block)
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
AEAD: aead, AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{ NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.requestBodyIV...), Nonce: append([]byte(nil), s.requestBodyIV...),
Size: aead.NonceSize(), Size: aead.NonceSize(),
}, },
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -288,12 +288,12 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
} }
if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) { if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey)) aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(s.requestBodyKey))
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
AEAD: aead, AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{ NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.requestBodyIV...), Nonce: append([]byte(nil), s.requestBodyIV...),
Size: aead.NonceSize(), Size: aead.NonceSize(),
}, },
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -304,27 +304,27 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
panic("Unknown security type.") panic("Unknown security type.")
} }
func (v *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, writer io.Writer) { func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, writer io.Writer) {
responseBodyKey := md5.Sum(v.requestBodyKey) responseBodyKey := md5.Sum(s.requestBodyKey)
responseBodyIV := md5.Sum(v.requestBodyIV) responseBodyIV := md5.Sum(s.requestBodyIV)
v.responseBodyKey = responseBodyKey[:] s.responseBodyKey = responseBodyKey[:]
v.responseBodyIV = responseBodyIV[:] s.responseBodyIV = responseBodyIV[:]
aesStream := crypto.NewAesEncryptionStream(v.responseBodyKey, v.responseBodyIV) aesStream := crypto.NewAesEncryptionStream(s.responseBodyKey, s.responseBodyIV)
encryptionWriter := crypto.NewCryptionWriter(aesStream, writer) encryptionWriter := crypto.NewCryptionWriter(aesStream, writer)
v.responseWriter = encryptionWriter s.responseWriter = encryptionWriter
encryptionWriter.Write([]byte{v.responseHeader, byte(header.Option)}) encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)})
err := MarshalCommand(header.Command, encryptionWriter) err := MarshalCommand(header.Command, encryptionWriter)
if err != nil { if err != nil {
encryptionWriter.Write([]byte{0x00, 0x00}) encryptionWriter.Write([]byte{0x00, 0x00})
} }
} }
func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer { func (s *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
var sizeParser crypto.ChunkSizeEncoder = crypto.PlainChunkSizeParser{} var sizeParser crypto.ChunkSizeEncoder = crypto.PlainChunkSizeParser{}
if request.Option.Has(protocol.RequestOptionChunkMasking) { if request.Option.Has(protocol.RequestOptionChunkMasking) {
sizeParser = NewShakeSizeParser(v.responseBodyIV) sizeParser = NewShakeSizeParser(s.responseBodyIV)
} }
if request.Security.Is(protocol.SecurityType_NONE) { if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) { if request.Option.Has(protocol.RequestOptionChunkStream) {
@ -350,20 +350,20 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
NonceGenerator: crypto.NoOpBytesGenerator{}, NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
} }
return crypto.NewAuthenticationWriter(auth, sizeParser, v.responseWriter, request.Command.TransferType()) return crypto.NewAuthenticationWriter(auth, sizeParser, s.responseWriter, request.Command.TransferType())
} }
return buf.NewWriter(v.responseWriter) return buf.NewWriter(s.responseWriter)
} }
if request.Security.Is(protocol.SecurityType_AES128_GCM) { if request.Security.Is(protocol.SecurityType_AES128_GCM) {
block, _ := aes.NewCipher(v.responseBodyKey) block, _ := aes.NewCipher(s.responseBodyKey)
aead, _ := cipher.NewGCM(block) aead, _ := cipher.NewGCM(block)
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
AEAD: aead, AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{ NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...), Nonce: append([]byte(nil), s.responseBodyIV...),
Size: aead.NonceSize(), Size: aead.NonceSize(),
}, },
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -372,12 +372,12 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
} }
if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) { if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey)) aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(s.responseBodyKey))
auth := &crypto.AEADAuthenticator{ auth := &crypto.AEADAuthenticator{
AEAD: aead, AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{ NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...), Nonce: append([]byte(nil), s.responseBodyIV...),
Size: aead.NonceSize(), Size: aead.NonceSize(),
}, },
AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{},