mirror of https://github.com/v2ray/v2ray-core
general purpose encryption streams
V2Ray
parent
9371b3d080
commit
86944af2ff
|
|
@ -0,0 +1,65 @@
|
||||||
|
package io
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/cipher"
|
||||||
|
"io"
|
||||||
|
)
|
||||||
|
|
||||||
|
// CryptionReader is a general purpose reader that applies
|
||||||
|
// block cipher on top of a regular reader.
|
||||||
|
type CryptionReader struct {
|
||||||
|
mode cipher.BlockMode
|
||||||
|
reader io.Reader
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewCryptionReader(mode cipher.BlockMode, reader io.Reader) *CryptionReader {
|
||||||
|
this := new(CryptionReader)
|
||||||
|
this.mode = mode
|
||||||
|
this.reader = reader
|
||||||
|
return this
|
||||||
|
}
|
||||||
|
|
||||||
|
// Read reads blocks from underlying reader, the length of blocks must be
|
||||||
|
// a multiply of BlockSize()
|
||||||
|
func (reader CryptionReader) Read(blocks []byte) (int, error) {
|
||||||
|
nBytes, err := reader.reader.Read(blocks)
|
||||||
|
if err != nil && err != io.EOF {
|
||||||
|
return nBytes, err
|
||||||
|
}
|
||||||
|
if nBytes < len(blocks) {
|
||||||
|
for i, _ := range blocks[nBytes:] {
|
||||||
|
blocks[i] = 0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
reader.mode.CryptBlocks(blocks, blocks)
|
||||||
|
return nBytes, err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (reader CryptionReader) BlockSize() int {
|
||||||
|
return reader.mode.BlockSize()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cryption writer is a general purpose of byte stream writer that applies
|
||||||
|
// block cipher on top of a regular writer.
|
||||||
|
type CryptionWriter struct {
|
||||||
|
mode cipher.BlockMode
|
||||||
|
writer io.Writer
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewCryptionWriter(mode cipher.BlockMode, writer io.Writer) *CryptionWriter {
|
||||||
|
this := new(CryptionWriter)
|
||||||
|
this.mode = mode
|
||||||
|
this.writer = writer
|
||||||
|
return this
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write writes the give blocks to underlying writer. The length of the blocks
|
||||||
|
// must be a multiply of BlockSize()
|
||||||
|
func (writer CryptionWriter) Write(blocks []byte) (int, error) {
|
||||||
|
writer.mode.CryptBlocks(blocks, blocks)
|
||||||
|
return writer.writer.Write(blocks)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (writer CryptionWriter) BlockSize() int {
|
||||||
|
return writer.mode.BlockSize()
|
||||||
|
}
|
||||||
|
|
@ -6,26 +6,31 @@ import (
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
|
v2io "github.com/v2ray/v2ray-core/io"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
blockSize = 16
|
blockSize = 16 // Decryption block size, inherited from AES
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// DecryptionReader is a byte stream reader to decrypt AES-128 CBC (for now)
|
||||||
|
// encrypted content.
|
||||||
type DecryptionReader struct {
|
type DecryptionReader struct {
|
||||||
cipher cipher.Block
|
reader *v2io.CryptionReader
|
||||||
reader io.Reader
|
|
||||||
buffer *bytes.Buffer
|
buffer *bytes.Buffer
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewDecryptionReader(reader io.Reader, key []byte) (*DecryptionReader, error) {
|
// NewDecryptionReader creates a new DescriptionReader by given byte Reader and
|
||||||
|
// AES key.
|
||||||
|
func NewDecryptionReader(reader io.Reader, key []byte, iv []byte) (*DecryptionReader, error) {
|
||||||
decryptionReader := new(DecryptionReader)
|
decryptionReader := new(DecryptionReader)
|
||||||
cipher, err := aes.NewCipher(key)
|
aesCipher, err := aes.NewCipher(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
decryptionReader.cipher = cipher
|
aesBlockMode := cipher.NewCBCDecrypter(aesCipher, iv)
|
||||||
decryptionReader.reader = reader
|
decryptionReader.reader = v2io.NewCryptionReader(aesBlockMode, reader)
|
||||||
decryptionReader.buffer = bytes.NewBuffer(make([]byte, 0, 2*blockSize))
|
decryptionReader.buffer = bytes.NewBuffer(make([]byte, 0, 2*blockSize))
|
||||||
return decryptionReader, nil
|
return decryptionReader, nil
|
||||||
}
|
}
|
||||||
|
|
@ -33,26 +38,20 @@ func NewDecryptionReader(reader io.Reader, key []byte) (*DecryptionReader, error
|
||||||
func (reader *DecryptionReader) readBlock() error {
|
func (reader *DecryptionReader) readBlock() error {
|
||||||
buffer := make([]byte, blockSize)
|
buffer := make([]byte, blockSize)
|
||||||
nBytes, err := reader.reader.Read(buffer)
|
nBytes, err := reader.reader.Read(buffer)
|
||||||
if err != nil {
|
if err != nil && err != io.EOF {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if nBytes < blockSize {
|
if nBytes < blockSize {
|
||||||
return fmt.Errorf("Expected to read %d bytes, but got %d bytes", blockSize, nBytes)
|
return fmt.Errorf("Expected to read %d bytes, but got %d bytes", blockSize, nBytes)
|
||||||
}
|
}
|
||||||
reader.cipher.Decrypt(buffer, buffer)
|
|
||||||
reader.buffer.Write(buffer)
|
reader.buffer.Write(buffer)
|
||||||
return nil
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Read returns decrypted bytes of given length
|
||||||
func (reader *DecryptionReader) Read(p []byte) (int, error) {
|
func (reader *DecryptionReader) Read(p []byte) (int, error) {
|
||||||
if reader.buffer.Len() == 0 {
|
|
||||||
err := reader.readBlock()
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
nBytes, err := reader.buffer.Read(p)
|
nBytes, err := reader.buffer.Read(p)
|
||||||
if err != nil {
|
if err != nil && err != io.EOF {
|
||||||
return nBytes, err
|
return nBytes, err
|
||||||
}
|
}
|
||||||
if nBytes < len(p) {
|
if nBytes < len(p) {
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ package vmess
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/aes"
|
"crypto/aes"
|
||||||
|
"crypto/cipher"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
mrand "math/rand"
|
mrand "math/rand"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
@ -26,21 +27,22 @@ func TestNormalReading(t *testing.T) {
|
||||||
keySize := 16
|
keySize := 16
|
||||||
key := make([]byte, keySize)
|
key := make([]byte, keySize)
|
||||||
randomBytes(key, t)
|
randomBytes(key, t)
|
||||||
|
iv := make([]byte, keySize)
|
||||||
|
randomBytes(iv, t)
|
||||||
|
|
||||||
cipher, err := aes.NewCipher(key)
|
aesBlock, err := aes.NewCipher(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
aesMode := cipher.NewCBCEncrypter(aesBlock, iv)
|
||||||
|
|
||||||
ciphertext := make([]byte, testSize)
|
ciphertext := make([]byte, testSize)
|
||||||
for encryptSize := 0; encryptSize < testSize; encryptSize += blockSize {
|
aesMode.CryptBlocks(ciphertext, plaintext)
|
||||||
cipher.Encrypt(ciphertext[encryptSize:], plaintext[encryptSize:])
|
|
||||||
}
|
|
||||||
|
|
||||||
ciphertextcopy := make([]byte, testSize)
|
ciphertextcopy := make([]byte, testSize)
|
||||||
copy(ciphertextcopy, ciphertext)
|
copy(ciphertextcopy, ciphertext)
|
||||||
|
|
||||||
reader, err := NewDecryptionReader(bytes.NewReader(ciphertextcopy), key)
|
reader, err := NewDecryptionReader(bytes.NewReader(ciphertextcopy), key, iv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -12,9 +12,9 @@ import (
|
||||||
type VMessInput struct {
|
type VMessInput struct {
|
||||||
version byte
|
version byte
|
||||||
userHash [16]byte
|
userHash [16]byte
|
||||||
randHash [256]byte
|
respKey [16]byte
|
||||||
respKey [32]byte
|
|
||||||
iv [16]byte
|
iv [16]byte
|
||||||
|
respHead [4]byte
|
||||||
command byte
|
command byte
|
||||||
port uint16
|
port uint16
|
||||||
target [256]byte
|
target [256]byte
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue