mirror of https://github.com/v2ray/v2ray-core
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
268 lines
6.2 KiB
268 lines
6.2 KiB
// Package vmess contains protocol definition, io lib for VMess.
|
|
package vmess
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"encoding/binary"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
mrand "math/rand"
|
|
|
|
"github.com/v2ray/v2ray-core"
|
|
v2io "github.com/v2ray/v2ray-core/io"
|
|
"github.com/v2ray/v2ray-core/log"
|
|
v2net "github.com/v2ray/v2ray-core/net"
|
|
)
|
|
|
|
const (
|
|
addrTypeIPv4 = byte(0x01)
|
|
addrTypeIPv6 = byte(0x03)
|
|
addrTypeDomain = byte(0x02)
|
|
|
|
Version = byte(0x01)
|
|
|
|
blockSize = 16
|
|
)
|
|
|
|
var (
|
|
ErrorInvalidUser = errors.New("Invalid User")
|
|
ErrorInvalidVerion = errors.New("Invalid Version")
|
|
)
|
|
|
|
// VMessRequest implements the request message of VMess protocol. It only contains
|
|
// the header of a request message. The data part will be handled by conection
|
|
// handler directly, in favor of data streaming.
|
|
|
|
type VMessRequest struct {
|
|
Version byte
|
|
UserId core.ID
|
|
RequestIV [16]byte
|
|
RequestKey [16]byte
|
|
ResponseHeader [4]byte
|
|
Command byte
|
|
Address v2net.Address
|
|
}
|
|
|
|
type VMessRequestReader struct {
|
|
vUserSet core.UserSet
|
|
}
|
|
|
|
func NewVMessRequestReader(vUserSet core.UserSet) *VMessRequestReader {
|
|
reader := new(VMessRequestReader)
|
|
reader.vUserSet = vUserSet
|
|
return reader
|
|
}
|
|
|
|
func (r *VMessRequestReader) Read(reader io.Reader) (*VMessRequest, error) {
|
|
request := new(VMessRequest)
|
|
|
|
buffer := make([]byte, 256)
|
|
|
|
nBytes, err := reader.Read(buffer[:core.IDBytesLen])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
log.Debug("Read user hash: %v", buffer[:nBytes])
|
|
|
|
userId, timeSec, valid := r.vUserSet.GetUser(buffer[:nBytes])
|
|
if !valid {
|
|
return nil, ErrorInvalidUser
|
|
}
|
|
request.UserId = *userId
|
|
|
|
aesCipher, err := aes.NewCipher(userId.CmdKey())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
aesStream := cipher.NewCFBDecrypter(aesCipher, core.TimestampHash(timeSec))
|
|
decryptor := v2io.NewCryptionReader(aesStream, reader)
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nBytes, err = decryptor.Read(buffer[0:1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
randomLength := buffer[0]
|
|
if randomLength <= 0 || randomLength > 32 {
|
|
return nil, fmt.Errorf("Unexpected random length %d", randomLength)
|
|
}
|
|
_, err = decryptor.Read(buffer[:randomLength])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nBytes, err = decryptor.Read(buffer[0:1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
request.Version = buffer[0]
|
|
if request.Version != Version {
|
|
log.Error("Unknown VMess version %d", request.Version)
|
|
return nil, ErrorInvalidVerion
|
|
}
|
|
|
|
// TODO: check number of bytes returned
|
|
_, err = decryptor.Read(request.RequestIV[:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
_, err = decryptor.Read(request.RequestKey[:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
_, err = decryptor.Read(request.ResponseHeader[:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
_, err = decryptor.Read(buffer[0:1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
request.Command = buffer[0]
|
|
|
|
_, err = decryptor.Read(buffer[0:2])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
port := binary.BigEndian.Uint16(buffer[0:2])
|
|
|
|
_, err = decryptor.Read(buffer[0:1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
switch buffer[0] {
|
|
case addrTypeIPv4:
|
|
_, err = decryptor.Read(buffer[1:5])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
request.Address = v2net.IPAddress(buffer[1:5], port)
|
|
case addrTypeIPv6:
|
|
_, err = decryptor.Read(buffer[1:17])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
request.Address = v2net.IPAddress(buffer[1:17], port)
|
|
case addrTypeDomain:
|
|
_, err = decryptor.Read(buffer[1:2])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
domainLength := buffer[1]
|
|
_, err = decryptor.Read(buffer[2 : 2+domainLength])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
request.Address = v2net.DomainAddress(string(buffer[2:2+domainLength]), port)
|
|
}
|
|
_, err = decryptor.Read(buffer[0:1])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
randomLength = buffer[0]
|
|
_, err = decryptor.Read(buffer[:randomLength])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return request, nil
|
|
}
|
|
|
|
type VMessRequestWriter struct {
|
|
}
|
|
|
|
func NewVMessRequestWriter() *VMessRequestWriter {
|
|
writer := new(VMessRequestWriter)
|
|
return writer
|
|
}
|
|
|
|
func (w *VMessRequestWriter) Write(writer io.Writer, request *VMessRequest) error {
|
|
buffer := make([]byte, 0, 300)
|
|
userHash, timeSec := request.UserId.TimeRangeHash(30)
|
|
|
|
log.Debug("Writing userhash: %v", userHash)
|
|
buffer = append(buffer, userHash...)
|
|
|
|
encryptionBegin := len(buffer)
|
|
|
|
randomLength := mrand.Intn(32) + 1
|
|
randomContent := make([]byte, randomLength)
|
|
_, err := rand.Read(randomContent)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
buffer = append(buffer, byte(randomLength))
|
|
buffer = append(buffer, randomContent...)
|
|
|
|
buffer = append(buffer, request.Version)
|
|
buffer = append(buffer, request.RequestIV[:]...)
|
|
buffer = append(buffer, request.RequestKey[:]...)
|
|
buffer = append(buffer, request.ResponseHeader[:]...)
|
|
buffer = append(buffer, request.Command)
|
|
|
|
portBytes := make([]byte, 2)
|
|
binary.BigEndian.PutUint16(portBytes, request.Address.Port)
|
|
buffer = append(buffer, portBytes...)
|
|
|
|
switch {
|
|
case request.Address.IsIPv4():
|
|
buffer = append(buffer, addrTypeIPv4)
|
|
buffer = append(buffer, request.Address.IP...)
|
|
case request.Address.IsIPv6():
|
|
buffer = append(buffer, addrTypeIPv6)
|
|
buffer = append(buffer, request.Address.IP...)
|
|
case request.Address.IsDomain():
|
|
buffer = append(buffer, addrTypeDomain)
|
|
buffer = append(buffer, byte(len(request.Address.Domain)))
|
|
buffer = append(buffer, []byte(request.Address.Domain)...)
|
|
}
|
|
|
|
paddingLength := blockSize - 1 - (len(buffer)-encryptionBegin)%blockSize
|
|
if paddingLength == 0 {
|
|
paddingLength = blockSize
|
|
}
|
|
paddingBuffer := make([]byte, paddingLength)
|
|
_, err = rand.Read(paddingBuffer)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
buffer = append(buffer, byte(paddingLength))
|
|
buffer = append(buffer, paddingBuffer...)
|
|
encryptionEnd := len(buffer)
|
|
|
|
aesCipher, err := aes.NewCipher(request.UserId.CmdKey())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
aesStream := cipher.NewCFBEncrypter(aesCipher, core.TimestampHash(timeSec))
|
|
cWriter := v2io.NewCryptionWriter(aesStream, writer)
|
|
|
|
_, err = writer.Write(buffer[0:encryptionBegin])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = cWriter.Write(buffer[encryptionBegin:encryptionEnd])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
type VMessResponse [4]byte
|
|
|
|
func NewVMessResponse(request *VMessRequest) *VMessResponse {
|
|
response := new(VMessResponse)
|
|
copy(response[:], request.ResponseHeader[:])
|
|
return response
|
|
}
|