mirror of https://github.com/v2ray/v2ray-core
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
311 lines
8.0 KiB
311 lines
8.0 KiB
package shadowsocks |
|
|
|
import ( |
|
"bytes" |
|
"crypto/aes" |
|
"crypto/cipher" |
|
"crypto/md5" |
|
"crypto/sha1" |
|
"io" |
|
|
|
"golang.org/x/crypto/chacha20poly1305" |
|
"golang.org/x/crypto/hkdf" |
|
|
|
"v2ray.com/core/common" |
|
"v2ray.com/core/common/buf" |
|
"v2ray.com/core/common/crypto" |
|
"v2ray.com/core/common/protocol" |
|
) |
|
|
|
// MemoryAccount is an account type converted from Account. |
|
type MemoryAccount struct { |
|
Cipher Cipher |
|
Key []byte |
|
OneTimeAuth Account_OneTimeAuth |
|
} |
|
|
|
// Equals implements protocol.Account.Equals(). |
|
func (a *MemoryAccount) Equals(another protocol.Account) bool { |
|
if account, ok := another.(*MemoryAccount); ok { |
|
return bytes.Equal(a.Key, account.Key) |
|
} |
|
return false |
|
} |
|
|
|
func createAesGcm(key []byte) cipher.AEAD { |
|
block, err := aes.NewCipher(key) |
|
common.Must(err) |
|
gcm, err := cipher.NewGCM(block) |
|
common.Must(err) |
|
return gcm |
|
} |
|
|
|
func createChacha20Poly1305(key []byte) cipher.AEAD { |
|
chacha20, err := chacha20poly1305.New(key) |
|
common.Must(err) |
|
return chacha20 |
|
} |
|
|
|
func (a *Account) getCipher() (Cipher, error) { |
|
switch a.CipherType { |
|
case CipherType_AES_128_CFB: |
|
return &AesCfb{KeyBytes: 16}, nil |
|
case CipherType_AES_256_CFB: |
|
return &AesCfb{KeyBytes: 32}, nil |
|
case CipherType_CHACHA20: |
|
return &ChaCha20{IVBytes: 8}, nil |
|
case CipherType_CHACHA20_IETF: |
|
return &ChaCha20{IVBytes: 12}, nil |
|
case CipherType_AES_128_GCM: |
|
return &AEADCipher{ |
|
KeyBytes: 16, |
|
IVBytes: 16, |
|
AEADAuthCreator: createAesGcm, |
|
}, nil |
|
case CipherType_AES_256_GCM: |
|
return &AEADCipher{ |
|
KeyBytes: 32, |
|
IVBytes: 32, |
|
AEADAuthCreator: createAesGcm, |
|
}, nil |
|
case CipherType_CHACHA20_POLY1305: |
|
return &AEADCipher{ |
|
KeyBytes: 32, |
|
IVBytes: 32, |
|
AEADAuthCreator: createChacha20Poly1305, |
|
}, nil |
|
case CipherType_NONE: |
|
return NoneCipher{}, nil |
|
default: |
|
return nil, newError("Unsupported cipher.") |
|
} |
|
} |
|
|
|
// AsAccount implements protocol.AsAccount. |
|
func (a *Account) AsAccount() (protocol.Account, error) { |
|
cipher, err := a.getCipher() |
|
if err != nil { |
|
return nil, newError("failed to get cipher").Base(err) |
|
} |
|
return &MemoryAccount{ |
|
Cipher: cipher, |
|
Key: passwordToCipherKey([]byte(a.Password), cipher.KeySize()), |
|
OneTimeAuth: a.Ota, |
|
}, nil |
|
} |
|
|
|
// Cipher is an interface for all Shadowsocks ciphers. |
|
type Cipher interface { |
|
KeySize() int32 |
|
IVSize() int32 |
|
NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) |
|
NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) |
|
IsAEAD() bool |
|
EncodePacket(key []byte, b *buf.Buffer) error |
|
DecodePacket(key []byte, b *buf.Buffer) error |
|
} |
|
|
|
// AesCfb represents all AES-CFB ciphers. |
|
type AesCfb struct { |
|
KeyBytes int32 |
|
} |
|
|
|
func (*AesCfb) IsAEAD() bool { |
|
return false |
|
} |
|
|
|
func (v *AesCfb) KeySize() int32 { |
|
return v.KeyBytes |
|
} |
|
|
|
func (v *AesCfb) IVSize() int32 { |
|
return 16 |
|
} |
|
|
|
func (v *AesCfb) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) { |
|
stream := crypto.NewAesEncryptionStream(key, iv) |
|
return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil |
|
} |
|
|
|
func (v *AesCfb) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) { |
|
stream := crypto.NewAesDecryptionStream(key, iv) |
|
return &buf.SingleReader{ |
|
Reader: crypto.NewCryptionReader(stream, reader), |
|
}, nil |
|
} |
|
|
|
func (v *AesCfb) EncodePacket(key []byte, b *buf.Buffer) error { |
|
iv := b.BytesTo(v.IVSize()) |
|
stream := crypto.NewAesEncryptionStream(key, iv) |
|
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize())) |
|
return nil |
|
} |
|
|
|
func (v *AesCfb) DecodePacket(key []byte, b *buf.Buffer) error { |
|
if b.Len() <= v.IVSize() { |
|
return newError("insufficient data: ", b.Len()) |
|
} |
|
iv := b.BytesTo(v.IVSize()) |
|
stream := crypto.NewAesDecryptionStream(key, iv) |
|
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize())) |
|
b.Advance(v.IVSize()) |
|
return nil |
|
} |
|
|
|
type AEADCipher struct { |
|
KeyBytes int32 |
|
IVBytes int32 |
|
AEADAuthCreator func(key []byte) cipher.AEAD |
|
} |
|
|
|
func (*AEADCipher) IsAEAD() bool { |
|
return true |
|
} |
|
|
|
func (c *AEADCipher) KeySize() int32 { |
|
return c.KeyBytes |
|
} |
|
|
|
func (c *AEADCipher) IVSize() int32 { |
|
return c.IVBytes |
|
} |
|
|
|
func (c *AEADCipher) createAuthenticator(key []byte, iv []byte) *crypto.AEADAuthenticator { |
|
nonce := crypto.GenerateInitialAEADNonce() |
|
subkey := make([]byte, c.KeyBytes) |
|
hkdfSHA1(key, iv, subkey) |
|
return &crypto.AEADAuthenticator{ |
|
AEAD: c.AEADAuthCreator(subkey), |
|
NonceGenerator: nonce, |
|
} |
|
} |
|
|
|
func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) { |
|
auth := c.createAuthenticator(key, iv) |
|
return crypto.NewAuthenticationWriter(auth, &crypto.AEADChunkSizeParser{ |
|
Auth: auth, |
|
}, writer, protocol.TransferTypeStream, nil), nil |
|
} |
|
|
|
func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) { |
|
auth := c.createAuthenticator(key, iv) |
|
return crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{ |
|
Auth: auth, |
|
}, reader, protocol.TransferTypeStream, nil), nil |
|
} |
|
|
|
func (c *AEADCipher) EncodePacket(key []byte, b *buf.Buffer) error { |
|
ivLen := c.IVSize() |
|
payloadLen := b.Len() |
|
auth := c.createAuthenticator(key, b.BytesTo(ivLen)) |
|
|
|
b.Extend(int32(auth.Overhead())) |
|
_, err := auth.Seal(b.BytesTo(ivLen), b.BytesRange(ivLen, payloadLen)) |
|
return err |
|
} |
|
|
|
func (c *AEADCipher) DecodePacket(key []byte, b *buf.Buffer) error { |
|
if b.Len() <= c.IVSize() { |
|
return newError("insufficient data: ", b.Len()) |
|
} |
|
ivLen := c.IVSize() |
|
payloadLen := b.Len() |
|
auth := c.createAuthenticator(key, b.BytesTo(ivLen)) |
|
|
|
bbb, err := auth.Open(b.BytesTo(ivLen), b.BytesRange(ivLen, payloadLen)) |
|
if err != nil { |
|
return err |
|
} |
|
b.Resize(ivLen, int32(len(bbb))) |
|
return nil |
|
} |
|
|
|
type ChaCha20 struct { |
|
IVBytes int32 |
|
} |
|
|
|
func (*ChaCha20) IsAEAD() bool { |
|
return false |
|
} |
|
|
|
func (v *ChaCha20) KeySize() int32 { |
|
return 32 |
|
} |
|
|
|
func (v *ChaCha20) IVSize() int32 { |
|
return v.IVBytes |
|
} |
|
|
|
func (v *ChaCha20) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) { |
|
stream := crypto.NewChaCha20Stream(key, iv) |
|
return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil |
|
} |
|
|
|
func (v *ChaCha20) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) { |
|
stream := crypto.NewChaCha20Stream(key, iv) |
|
return &buf.SingleReader{Reader: crypto.NewCryptionReader(stream, reader)}, nil |
|
} |
|
|
|
func (v *ChaCha20) EncodePacket(key []byte, b *buf.Buffer) error { |
|
iv := b.BytesTo(v.IVSize()) |
|
stream := crypto.NewChaCha20Stream(key, iv) |
|
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize())) |
|
return nil |
|
} |
|
|
|
func (v *ChaCha20) DecodePacket(key []byte, b *buf.Buffer) error { |
|
if b.Len() <= v.IVSize() { |
|
return newError("insufficient data: ", b.Len()) |
|
} |
|
iv := b.BytesTo(v.IVSize()) |
|
stream := crypto.NewChaCha20Stream(key, iv) |
|
stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize())) |
|
b.Advance(v.IVSize()) |
|
return nil |
|
} |
|
|
|
type NoneCipher struct{} |
|
|
|
func (NoneCipher) KeySize() int32 { return 0 } |
|
func (NoneCipher) IVSize() int32 { return 0 } |
|
func (NoneCipher) IsAEAD() bool { |
|
return true // to avoid OTA |
|
} |
|
|
|
func (NoneCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) { |
|
return buf.NewReader(reader), nil |
|
} |
|
|
|
func (NoneCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) { |
|
return buf.NewWriter(writer), nil |
|
} |
|
|
|
func (NoneCipher) EncodePacket(key []byte, b *buf.Buffer) error { |
|
return nil |
|
} |
|
|
|
func (NoneCipher) DecodePacket(key []byte, b *buf.Buffer) error { |
|
return nil |
|
} |
|
|
|
func passwordToCipherKey(password []byte, keySize int32) []byte { |
|
key := make([]byte, 0, keySize) |
|
|
|
md5Sum := md5.Sum(password) |
|
key = append(key, md5Sum[:]...) |
|
|
|
for int32(len(key)) < keySize { |
|
md5Hash := md5.New() |
|
common.Must2(md5Hash.Write(md5Sum[:])) |
|
common.Must2(md5Hash.Write(password)) |
|
md5Hash.Sum(md5Sum[:0]) |
|
|
|
key = append(key, md5Sum[:]...) |
|
} |
|
return key |
|
} |
|
|
|
func hkdfSHA1(secret, salt, outkey []byte) { |
|
r := hkdf.New(sha1.New, secret, salt, []byte("ss-subkey")) |
|
common.Must2(io.ReadFull(r, outkey)) |
|
}
|
|
|