dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix bugs in auth_aes128 when run as a client 

add auth_aes128_sha1
dev
破娃酱 8 years ago
parent
ada4eab628
commit
574a10a743
1 changed files with 282 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 293
      shadowsocks/obfsplugin/auth.py

293
shadowsocks/obfsplugin/auth.py
View File

@ -51,6 +51,9 @@ def create_auth_sha1_v4(method):
def create_auth_aes128(method): def create_auth_aes128(method):
return auth_aes128(method) return auth_aes128(method)
def create_auth_aes128_sha1(method):
return auth_aes128_sha1(method)
obfs_map = { obfs_map = {
'auth_sha1': (create_auth_sha1,), 'auth_sha1': (create_auth_sha1,),
'auth_sha1_compatible': (create_auth_sha1,), 'auth_sha1_compatible': (create_auth_sha1,),
@ -61,6 +64,8 @@ obfs_map = {
'auth_sha1_v4': (create_auth_sha1_v4,), 'auth_sha1_v4': (create_auth_sha1_v4,),
'auth_sha1_v4_compatible': (create_auth_sha1_v4,), 'auth_sha1_v4_compatible': (create_auth_sha1_v4,),
'auth_aes128': (create_auth_aes128,), 'auth_aes128': (create_auth_aes128,),
'auth_aes128_sha1': (create_auth_aes128_sha1,),
'auth_aes128_sha1_compatible': (create_auth_aes128_sha1,),
} }
def match_begin(str1, str2): def match_begin(str1, str2):
@ -73,9 +78,9 @@ class obfs_verify_data(object):
def __init__(self): def __init__(self):
pass pass
class verify_base(plain.plain): class auth_base(plain.plain):
def __init__(self, method): def __init__(self, method):
super(verify_base, self).__init__(method) super(auth_base, self).__init__(method)
self.method = method self.method = method
self.no_compatible_method = '' self.no_compatible_method = ''
@ -198,7 +203,7 @@ class obfs_auth_data(object):
else: else:
return self.client_id[client_id].insert(connection_id) return self.client_id[client_id].insert(connection_id)
class auth_sha1(verify_base): class auth_sha1(auth_base):
def __init__(self, method): def __init__(self, method):
super(auth_sha1, self).__init__(method) super(auth_sha1, self).__init__(method)
self.recv_buf = b'' self.recv_buf = b''
@ -420,7 +425,7 @@ class obfs_auth_v2_data(object):
else: else:
return self.client_id[client_id].insert(connection_id) return self.client_id[client_id].insert(connection_id)
class auth_sha1_v2(verify_base): class auth_sha1_v2(auth_base):
def __init__(self, method): def __init__(self, method):
super(auth_sha1_v2, self).__init__(method) super(auth_sha1_v2, self).__init__(method)
self.recv_buf = b'' self.recv_buf = b''
@ -621,7 +626,7 @@ class auth_sha1_v2(verify_base):
self.decrypt_packet_num += 1 self.decrypt_packet_num += 1
return (out_buf, sendback) return (out_buf, sendback)
class auth_sha1_v3(verify_base): class auth_sha1_v3(auth_base):
def __init__(self, method): def __init__(self, method):
super(auth_sha1_v3, self).__init__(method) super(auth_sha1_v3, self).__init__(method)
self.recv_buf = b'' self.recv_buf = b''
@ -830,7 +835,7 @@ class auth_sha1_v3(verify_base):
self.decrypt_packet_num += 1 self.decrypt_packet_num += 1
return (out_buf, sendback) return (out_buf, sendback)
class auth_sha1_v4(verify_base): class auth_sha1_v4(auth_base):
def __init__(self, method): def __init__(self, method):
super(auth_sha1_v4, self).__init__(method) super(auth_sha1_v4, self).__init__(method)
self.recv_buf = b'' self.recv_buf = b''
@ -1056,7 +1061,7 @@ class auth_sha1_v4(verify_base):
self.decrypt_packet_num += 1 self.decrypt_packet_num += 1
return (out_buf, sendback) return (out_buf, sendback)
class auth_aes128(verify_base): class auth_aes128(auth_base):
def __init__(self, method): def __init__(self, method):
super(auth_aes128, self).__init__(method) super(auth_aes128, self).__init__(method)
self.recv_buf = b'' self.recv_buf = b''
@ -1119,15 +1124,14 @@ class auth_aes128(verify_base):
else: else:
rnd_len = struct.unpack('<H', os.urandom(2))[0] % 1024 rnd_len = struct.unpack('<H', os.urandom(2))[0] % 1024
data = auth_data data = auth_data
data_len = len(buf) + rnd_len + 16 + 10 + 4 data_len = 4 + 16 + 10 + len(buf) + rnd_len + 4
data = data + struct.pack('<H', data_len) + struct.pack('<H', rnd_len) data = data + struct.pack('<H', data_len) + struct.pack('<H', rnd_len)
uid = '\x00' * 4 uid = os.urandom(4)
encryptor = encrypt.Encryptor(to_bytes(base64.b64encode(uid + self.server_info.key)) + self.salt, 'aes-128-cbc', b'\x00' * 16) encryptor = encrypt.Encryptor(to_bytes(base64.b64encode(uid + self.server_info.key)) + self.salt, 'aes-128-cbc', b'\x00' * 16)
data = uid + encryptor.encrypt(data)[16:] data = uid + encryptor.encrypt(data)[16:]
data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10] data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10]
data += os.urandom(rnd_len) + buf data += os.urandom(rnd_len) + buf
crc = binascii.crc32(struct.pack('<H', data_len)) & 0xFFFF data += struct.pack('<I', (zlib.adler32(data) & 0xFFFFFFFF))
data = struct.pack('<H', crc) + data
return data return data
def auth_data(self): def auth_data(self):
@ -1312,3 +1316,270 @@ class auth_aes128(verify_base):
if struct.pack('<I', zlib.adler32(data) & 0xFFFFFFFF) != buf[length - 4:]: if struct.pack('<I', zlib.adler32(data) & 0xFFFFFFFF) != buf[length - 4:]:
return b'' return b''
return data return data
class auth_aes128_sha1(auth_base):
def __init__(self, method):
super(auth_aes128_sha1, self).__init__(method)
self.recv_buf = b''
self.unit_len = 8100
self.raw_trans = False
self.has_sent_header = False
self.has_recv_header = False
self.client_id = 0
self.connection_id = 0
self.max_time_dif = 60 * 60 * 24 # time dif (second) setting
self.salt = b"auth_aes128_sha1"
self.no_compatible_method = 'auth_aes128_sha1'
self.extra_wait_size = struct.unpack('>H', os.urandom(2))[0] % 1024
self.pack_id = 0
self.recv_id = 0
def init_data(self):
return obfs_auth_v2_data()
def set_server_info(self, server_info):
self.server_info = server_info
try:
max_client = int(server_info.protocol_param)
except:
max_client = 64
self.server_info.data.set_max_client(max_client)
def rnd_data(self, buf_size):
if buf_size > 1200:
return b'\x01'
if self.pack_id > 4:
rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 32)
elif buf_size > 400:
rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 128)
else:
rnd_data = os.urandom(struct.unpack('>H', os.urandom(2))[0] % 512)
if len(rnd_data) < 128:
return common.chr(len(rnd_data) + 1) + rnd_data
else:
return common.chr(255) + struct.pack('<H', len(rnd_data) + 3) + rnd_data
def pack_data(self, buf):
data = self.rnd_data(len(buf)) + buf
data_len = len(data) + 8
mac_key = self.server_info.key + struct.pack('<I', self.pack_id)
mac = hmac.new(mac_key, struct.pack('<H', data_len), hashlib.sha1).digest()[:2]
data = struct.pack('<H', data_len) + mac + data
data += hmac.new(mac_key, data, hashlib.sha1).digest()[:4]
self.pack_id = (self.pack_id + 1) & 0xFFFFFFFF
return data
def pack_auth_data(self, auth_data, buf):
if len(buf) == 0:
return b''
if len(buf) > 400:
rnd_len = struct.unpack('<H', os.urandom(2))[0] % 512
else:
rnd_len = struct.unpack('<H', os.urandom(2))[0] % 1024
data = auth_data
data_len = 7 + 4 + 16 + 4 + len(buf) + rnd_len + 4
data = data + struct.pack('<H', data_len) + struct.pack('<H', rnd_len)
mac_key = self.server_info.iv + self.server_info.key
uid = os.urandom(4)
encryptor = encrypt.Encryptor(to_bytes(base64.b64encode(uid + self.server_info.key)) + self.salt, 'aes-128-cbc', b'\x00' * 16)
data = uid + encryptor.encrypt(data)[16:]
data += hmac.new(mac_key, data, hashlib.sha1).digest()[:4]
check_head = os.urandom(3)
check_head += hmac.new(mac_key, check_head, hashlib.sha1).digest()[:4]
data = check_head + data + os.urandom(rnd_len) + buf
data += hmac.new(mac_key, data, hashlib.sha1).digest()[:4]
return data
def auth_data(self):
utc_time = int(time.time()) & 0xFFFFFFFF
if self.server_info.data.connection_id > 0xFF000000:
self.server_info.data.local_client_id = b''
if not self.server_info.data.local_client_id:
self.server_info.data.local_client_id = os.urandom(4)
logging.debug("local_client_id %s" % (binascii.hexlify(self.server_info.data.local_client_id),))
self.server_info.data.connection_id = struct.unpack('<I', os.urandom(4))[0] & 0xFFFFFF
self.server_info.data.connection_id += 1
return b''.join([struct.pack('<I', utc_time),
self.server_info.data.local_client_id,
struct.pack('<I', self.server_info.data.connection_id)])
def client_pre_encrypt(self, buf):
ret = b''
if not self.has_sent_header:
head_size = self.get_head_size(buf, 30)
datalen = min(len(buf), random.randint(0, 31) + head_size)
ret += self.pack_auth_data(self.auth_data(), buf[:datalen])
buf = buf[datalen:]
self.has_sent_header = True
while len(buf) > self.unit_len:
ret += self.pack_data(buf[:self.unit_len])
buf = buf[self.unit_len:]
ret += self.pack_data(buf)
return ret
def client_post_decrypt(self, buf):
if self.raw_trans:
return buf
self.recv_buf += buf
out_buf = b''
while len(self.recv_buf) > 4:
mac_key = self.server_info.key + struct.pack('<I', self.recv_id)
mac = hmac.new(mac_key, self.recv_buf[:2], hashlib.sha1).digest()[:2]
if mac != self.recv_buf[2:4]:
raise Exception('client_post_decrypt data uncorrect mac')
length = struct.unpack('<H', self.recv_buf[:2])[0]
if length >= 8192 or length < 7:
self.raw_trans = True
self.recv_buf = b''
raise Exception('client_post_decrypt data error')
if length > len(self.recv_buf):
break
if hmac.new(mac_key, self.recv_buf[:length - 4], hashlib.sha1).digest()[:4] != self.recv_buf[length - 4:length]:
self.raw_trans = True
self.recv_buf = b''
raise Exception('client_post_decrypt data uncorrect checksum')
self.recv_id = (self.recv_id + 1) & 0xFFFFFFFF
pos = common.ord(self.recv_buf[4])
if pos < 255:
pos += 4
else:
pos = struct.unpack('<H', self.recv_buf[5:7])[0] + 4
out_buf += self.recv_buf[pos:length - 4]
self.recv_buf = self.recv_buf[length:]
return out_buf
def server_pre_encrypt(self, buf):
if self.raw_trans:
return buf
ret = b''
while len(buf) > self.unit_len:
ret += self.pack_data(buf[:self.unit_len])
buf = buf[self.unit_len:]
ret += self.pack_data(buf)
return ret
def server_post_decrypt(self, buf):
if self.raw_trans:
return (buf, False)
self.recv_buf += buf
out_buf = b''
sendback = False
if not self.has_recv_header:
if len(self.recv_buf) < 7:
return (b'', False)
mac_key = self.server_info.recv_iv + self.server_info.key
sha1data = hmac.new(mac_key, self.recv_buf[:3], hashlib.sha1).digest()[:4]
if sha1data != self.recv_buf[3:7]:
return self.not_match_return(self.recv_buf)
if len(self.recv_buf) < 31:
return (b'', False)
sha1data = hmac.new(mac_key, self.recv_buf[7:27], hashlib.sha1).digest()[:4]
if sha1data != self.recv_buf[27:31]:
logging.error('auth_aes128_sha1 data uncorrect auth HMAC-SHA1 from %s:%d, data %s' % (self.server_info.client, self.server_info.client_port, binascii.hexlify(self.recv_buf)))
if len(self.recv_buf) < 31 + self.extra_wait_size:
return (b'', False)
return self.not_match_return(self.recv_buf)
user_key = self.recv_buf[7:11]
encryptor = encrypt.Encryptor(to_bytes(base64.b64encode(user_key + self.server_info.key)) + self.salt, 'aes-128-cbc')
head = encryptor.decrypt(b'\x00' * 16 + self.recv_buf[11:27] + b'\x00') # need an extra byte or recv empty
length = struct.unpack('<H', head[12:14])[0]
if len(self.recv_buf) < length:
return (b'', False)
utc_time = struct.unpack('<I', head[:4])[0]
client_id = struct.unpack('<I', head[4:8])[0]
connection_id = struct.unpack('<I', head[8:12])[0]
rnd_len = struct.unpack('<H', head[14:16])[0]
if hmac.new(mac_key, self.recv_buf[:length - 4], hashlib.sha1).digest()[:4] != self.recv_buf[length - 4:length]:
logging.info('auth_aes128_sha1: checksum error, data %s' % (binascii.hexlify(self.recv_buf[:length]),))
return self.not_match_return(self.recv_buf)
time_dif = common.int32(utc_time - (int(time.time()) & 0xffffffff))
if time_dif < -self.max_time_dif or time_dif > self.max_time_dif:
logging.info('auth_aes128_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(head),))
return self.not_match_return(self.recv_buf)
elif self.server_info.data.insert(client_id, connection_id):
self.has_recv_header = True
out_buf = self.recv_buf[31 + rnd_len:length - 4]
self.client_id = client_id
self.connection_id = connection_id
else:
logging.info('auth_aes128_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),))
return self.not_match_return(self.recv_buf)
self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True
sendback = True
while len(self.recv_buf) > 4:
mac_key = self.server_info.key + struct.pack('<I', self.recv_id)
mac = hmac.new(mac_key, self.recv_buf[:2], hashlib.sha1).digest()[:2]
if mac != self.recv_buf[2:4]:
self.raw_trans = True
logging.info('auth_aes128_sha1: wrong crc')
if self.recv_id == 0:
logging.info('auth_aes128_sha1: wrong crc')
return (b'E', False)
else:
raise Exception('server_post_decrype data error')
length = struct.unpack('<H', self.recv_buf[:2])[0]
if length >= 8192 or length < 7:
self.raw_trans = True
self.recv_buf = b''
if self.recv_id == 0:
logging.info('auth_aes128_sha1: over size')
return (b'E', False)
else:
raise Exception('server_post_decrype data error')
if length > len(self.recv_buf):
break
if hmac.new(mac_key, self.recv_buf[:length - 4], hashlib.sha1).digest()[:4] != self.recv_buf[length - 4:length]:
logging.info('auth_aes128_sha1: checksum error, data %s' % (binascii.hexlify(self.recv_buf[:length]),))
self.raw_trans = True
self.recv_buf = b''
if self.recv_id == 0:
return (b'E', False)
else:
raise Exception('server_post_decrype data uncorrect checksum')
self.recv_id = (self.recv_id + 1) & 0xFFFFFFFF
pos = common.ord(self.recv_buf[4])
if pos < 255:
pos += 4
else:
pos = struct.unpack('<H', self.recv_buf[5:7])[0] + 4
out_buf += self.recv_buf[pos:length - 4]
self.recv_buf = self.recv_buf[length:]
if pos == length - 4:
sendback = True
if out_buf:
self.server_info.data.update(self.client_id, self.connection_id)
return (out_buf, sendback)
def client_udp_pre_encrypt(self, buf):
return buf + hmac.new(self.server_info.key, buf, hashlib.sha1).digest()[:4]
def client_udp_post_decrypt(self, buf):
length = len(buf)
data = buf[:-4]
if hmac.new(self.server_info.key, data, hashlib.sha1).digest()[:4] != buf[length - 4:]:
return b''
return data
def server_udp_pre_encrypt(self, buf):
return buf + hmac.new(self.server_info.key, buf, hashlib.sha1).digest()[:4]
def server_udp_post_decrypt(self, buf):
length = len(buf)
data = buf[:-4]
if hmac.new(self.server_info.key, data, hashlib.sha1).digest()[:4] != buf[length - 4:]:
return b''
return data

Write Preview
Loading…
Cancel
Save