pull/525/head
Darien Raymond 2017-07-25 22:21:59 +02:00
parent ef59f67961
commit 21284fbd61
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
3 changed files with 52 additions and 52 deletions

View File

@ -41,23 +41,23 @@ type FnvAuthenticator struct {
}
// NonceSize implements AEAD.NonceSize().
func (v *FnvAuthenticator) NonceSize() int {
func (*FnvAuthenticator) NonceSize() int {
return 0
}
// Overhead impelements AEAD.Overhead().
func (v *FnvAuthenticator) Overhead() int {
func (*FnvAuthenticator) Overhead() int {
return 4
}
// Seal implements AEAD.Seal().
func (v *FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
func (*FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
dst = serial.Uint32ToBytes(Authenticate(plaintext), dst)
return append(dst, plaintext...)
}
// Open implements AEAD.Open().
func (v *FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
func (*FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
if serial.BytesToUint32(ciphertext[:4]) != Authenticate(ciphertext[4:]) {
return dst, newError("invalid authentication")
}
@ -87,7 +87,7 @@ func NewShakeSizeParser(nonce []byte) *ShakeSizeParser {
}
}
func (s *ShakeSizeParser) SizeBytes() int {
func (*ShakeSizeParser) SizeBytes() int {
return 2
}

View File

@ -187,20 +187,20 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
panic("Unknown security type.")
}
func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.ResponseHeader, error) {
aesStream := crypto.NewAesDecryptionStream(v.responseBodyKey, v.responseBodyIV)
v.responseReader = crypto.NewCryptionReader(aesStream, reader)
func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.ResponseHeader, error) {
aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey, c.responseBodyIV)
c.responseReader = crypto.NewCryptionReader(aesStream, reader)
buffer := make([]byte, 256)
_, err := io.ReadFull(v.responseReader, buffer[:4])
_, err := io.ReadFull(c.responseReader, buffer[:4])
if err != nil {
log.Trace(newError("failed to read response header").Base(err))
return nil, err
}
if buffer[0] != v.responseHeader {
return nil, newError("unexpected response header. Expecting ", int(v.responseHeader), " but actually ", int(buffer[0]))
if buffer[0] != c.responseHeader {
return nil, newError("unexpected response header. Expecting ", int(c.responseHeader), " but actually ", int(buffer[0]))
}
header := &protocol.ResponseHeader{
@ -210,7 +210,7 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
if buffer[2] != 0 {
cmdID := buffer[2]
dataLen := int(buffer[3])
_, err := io.ReadFull(v.responseReader, buffer[:dataLen])
_, err := io.ReadFull(c.responseReader, buffer[:dataLen])
if err != nil {
log.Trace(newError("failed to read response command").Base(err))
return nil, err
@ -225,10 +225,10 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
return header, nil
}
func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
func (c *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
var sizeParser crypto.ChunkSizeDecoder = crypto.PlainChunkSizeParser{}
if request.Option.Has(protocol.RequestOptionChunkMasking) {
sizeParser = NewShakeSizeParser(v.responseBodyIV)
sizeParser = NewShakeSizeParser(c.responseBodyIV)
}
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
@ -255,20 +255,20 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
return crypto.NewAuthenticationReader(auth, sizeParser, v.responseReader, request.Command.TransferType())
return crypto.NewAuthenticationReader(auth, sizeParser, c.responseReader, request.Command.TransferType())
}
return buf.NewReader(v.responseReader)
return buf.NewReader(c.responseReader)
}
if request.Security.Is(protocol.SecurityType_AES128_GCM) {
block, _ := aes.NewCipher(v.responseBodyKey)
block, _ := aes.NewCipher(c.responseBodyKey)
aead, _ := cipher.NewGCM(block)
auth := &crypto.AEADAuthenticator{
AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...),
Nonce: append([]byte(nil), c.responseBodyIV...),
Size: aead.NonceSize(),
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -277,12 +277,12 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
}
if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(c.responseBodyKey))
auth := &crypto.AEADAuthenticator{
AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...),
Nonce: append([]byte(nil), c.responseBodyIV...),
Size: aead.NonceSize(),
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},

View File

@ -112,7 +112,7 @@ func NewServerSession(validator protocol.UserValidator, sessionHistory *SessionH
}
}
func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
buffer := make([]byte, 512)
_, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen])
@ -120,7 +120,7 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
return nil, newError("failed to read request header").Base(err)
}
user, timestamp, valid := v.userValidator.Get(buffer[:protocol.IDBytesLen])
user, timestamp, valid := s.userValidator.Get(buffer[:protocol.IDBytesLen])
if !valid {
return nil, newError("invalid user")
}
@ -152,18 +152,18 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
return nil, newError("invalid protocol version ", request.Version)
}
v.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
v.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
s.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
s.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
var sid sessionId
copy(sid.user[:], vmessAccount.ID.Bytes())
copy(sid.key[:], v.requestBodyKey)
copy(sid.nonce[:], v.requestBodyIV)
if v.sessionHistory.has(sid) {
copy(sid.key[:], s.requestBodyKey)
copy(sid.nonce[:], s.requestBodyIV)
if s.sessionHistory.has(sid) {
return nil, newError("duplicated session id, possibly under replay attack")
}
v.sessionHistory.add(sid)
s.sessionHistory.add(sid)
v.responseHeader = buffer[33] // 1 byte
s.responseHeader = buffer[33] // 1 byte
request.Option = protocol.RequestOption(buffer[34]) // 1 byte
padingLen := int(buffer[35] >> 4)
request.Security = protocol.NormSecurity(protocol.Security(buffer[35] & 0x0F))
@ -235,10 +235,10 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
return request, nil
}
func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
func (s *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
var sizeParser crypto.ChunkSizeDecoder = crypto.PlainChunkSizeParser{}
if request.Option.Has(protocol.RequestOptionChunkMasking) {
sizeParser = NewShakeSizeParser(v.requestBodyIV)
sizeParser = NewShakeSizeParser(s.requestBodyIV)
}
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
@ -258,7 +258,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
}
if request.Security.Is(protocol.SecurityType_LEGACY) {
aesStream := crypto.NewAesDecryptionStream(v.requestBodyKey, v.requestBodyIV)
aesStream := crypto.NewAesDecryptionStream(s.requestBodyKey, s.requestBodyIV)
cryptionReader := crypto.NewCryptionReader(aesStream, reader)
if request.Option.Has(protocol.RequestOptionChunkStream) {
auth := &crypto.AEADAuthenticator{
@ -273,13 +273,13 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
}
if request.Security.Is(protocol.SecurityType_AES128_GCM) {
block, _ := aes.NewCipher(v.requestBodyKey)
block, _ := aes.NewCipher(s.requestBodyKey)
aead, _ := cipher.NewGCM(block)
auth := &crypto.AEADAuthenticator{
AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.requestBodyIV...),
Nonce: append([]byte(nil), s.requestBodyIV...),
Size: aead.NonceSize(),
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -288,12 +288,12 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
}
if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(s.requestBodyKey))
auth := &crypto.AEADAuthenticator{
AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.requestBodyIV...),
Nonce: append([]byte(nil), s.requestBodyIV...),
Size: aead.NonceSize(),
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -304,27 +304,27 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
panic("Unknown security type.")
}
func (v *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, writer io.Writer) {
responseBodyKey := md5.Sum(v.requestBodyKey)
responseBodyIV := md5.Sum(v.requestBodyIV)
v.responseBodyKey = responseBodyKey[:]
v.responseBodyIV = responseBodyIV[:]
func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, writer io.Writer) {
responseBodyKey := md5.Sum(s.requestBodyKey)
responseBodyIV := md5.Sum(s.requestBodyIV)
s.responseBodyKey = responseBodyKey[:]
s.responseBodyIV = responseBodyIV[:]
aesStream := crypto.NewAesEncryptionStream(v.responseBodyKey, v.responseBodyIV)
aesStream := crypto.NewAesEncryptionStream(s.responseBodyKey, s.responseBodyIV)
encryptionWriter := crypto.NewCryptionWriter(aesStream, writer)
v.responseWriter = encryptionWriter
s.responseWriter = encryptionWriter
encryptionWriter.Write([]byte{v.responseHeader, byte(header.Option)})
encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)})
err := MarshalCommand(header.Command, encryptionWriter)
if err != nil {
encryptionWriter.Write([]byte{0x00, 0x00})
}
}
func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
func (s *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
var sizeParser crypto.ChunkSizeEncoder = crypto.PlainChunkSizeParser{}
if request.Option.Has(protocol.RequestOptionChunkMasking) {
sizeParser = NewShakeSizeParser(v.responseBodyIV)
sizeParser = NewShakeSizeParser(s.responseBodyIV)
}
if request.Security.Is(protocol.SecurityType_NONE) {
if request.Option.Has(protocol.RequestOptionChunkStream) {
@ -350,20 +350,20 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
NonceGenerator: crypto.NoOpBytesGenerator{},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
}
return crypto.NewAuthenticationWriter(auth, sizeParser, v.responseWriter, request.Command.TransferType())
return crypto.NewAuthenticationWriter(auth, sizeParser, s.responseWriter, request.Command.TransferType())
}
return buf.NewWriter(v.responseWriter)
return buf.NewWriter(s.responseWriter)
}
if request.Security.Is(protocol.SecurityType_AES128_GCM) {
block, _ := aes.NewCipher(v.responseBodyKey)
block, _ := aes.NewCipher(s.responseBodyKey)
aead, _ := cipher.NewGCM(block)
auth := &crypto.AEADAuthenticator{
AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...),
Nonce: append([]byte(nil), s.responseBodyIV...),
Size: aead.NonceSize(),
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@ -372,12 +372,12 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
}
if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(s.responseBodyKey))
auth := &crypto.AEADAuthenticator{
AEAD: aead,
NonceGenerator: &ChunkNonceGenerator{
Nonce: append([]byte(nil), v.responseBodyIV...),
Nonce: append([]byte(nil), s.responseBodyIV...),
Size: aead.NonceSize(),
},
AdditionalDataGenerator: crypto.NoOpBytesGenerator{},