Browse Source

fix auth_sha1

fix tls1.0_session_auth
dev
BreakWa11 9 years ago
parent
commit
80604a9421
  1. 12
      shadowsocks/obfsplugin/auth.py
  2. 19
      shadowsocks/obfsplugin/obfs_tls.py
  3. 5
      shadowsocks/tcprelay.py

12
shadowsocks/obfsplugin/auth.py

@ -374,7 +374,7 @@ class auth_sha1(verify_base):
rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 128)
data = common.chr(len(rnd_data) + 1) + rnd_data + buf
data = struct.pack('>H', len(data) + 16) + data
crc = binascii.crc32(self.server_info.key)
crc = binascii.crc32(self.server_info.key) & 0xFFFFFFFF
data = struct.pack('<I', crc) + data
data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10]
return data
@ -416,20 +416,14 @@ class auth_sha1(verify_base):
if length >= 8192 or length < 7:
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return None
else:
raise Exception('client_post_decrypt data error')
raise Exception('client_post_decrypt data error')
if length > len(self.recv_buf):
break
if struct.pack('<I', zlib.adler32(self.recv_buf[:length - 4]) & 0xFFFFFFFF) != self.recv_buf[length - 4:length]:
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return None
else:
raise Exception('client_post_decrypt data uncorrect checksum')
raise Exception('client_post_decrypt data uncorrect checksum')
pos = common.ord(self.recv_buf[2]) + 2
out_buf += self.recv_buf[pos:length - 4]

19
shadowsocks/obfsplugin/obfs_tls.py

@ -164,7 +164,7 @@ class tls_auth(plain.plain):
return data
if self.has_recv_header:
data = b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec
data += b"\x16" + self.tls_version + "\x00\x01\x20" + os.urandom(22) #Finished
data += b"\x16" + self.tls_version + "\x00\x20" + os.urandom(22) #Finished
data += hmac.new(self.server_info.key + self.server_info.data.client_id, data, hashlib.sha1).digest()[:10]
ret = data + self.send_buffer
self.send_buffer = b''
@ -175,6 +175,13 @@ class tls_auth(plain.plain):
def client_decode(self, buf):
if self.has_recv_header:
return (buf, False)
if len(buf) < 11 + 32 + 1 + 32:
logging.error('client_decode data error')
return (b'', True)
verify = buf[11:33]
if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]:
logging.error('client_decode data error')
return (b'', True)
self.has_recv_header = True
return (b'', True)
@ -186,7 +193,7 @@ class tls_auth(plain.plain):
data = b"\x02\x00" + struct.pack('>H', len(data)) + data #server hello
data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data
data += b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec
data += b"\x16" + self.tls_version + "\x00\x01\x20" + os.urandom(22) #Finished
data += b"\x16" + self.tls_version + "\x00\x20" + os.urandom(22) #Finished
data += hmac.new(self.server_info.key + self.client_id, data, hashlib.sha1).digest()[:10]
return data
@ -203,8 +210,8 @@ class tls_auth(plain.plain):
if self.has_recv_header:
verify = buf
verify_len = 44 - 10
if len(buf) < 44:
verify_len = 43 - 10
if len(buf) < 43:
logging.error('server_decode data error')
return self.decode_error_return(b'')
if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec
@ -217,10 +224,10 @@ class tls_auth(plain.plain):
if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]:
logging.error('server_decode data error')
return self.decode_error_return(b'')
if len(buf) < 38:
if len(buf) < 37:
logging.error('server_decode data error')
return self.decode_error_return(b'')
buf = buf[38:]
buf = buf[37:]
self.raw_trans_recv = True
return (buf, True, False)

5
shadowsocks/tcprelay.py

@ -333,7 +333,10 @@ class TCPRelayHandler(object):
addr = struct.unpack('>I', address_bytes)[0]
else:
addr = 0
host_post = common.to_str(host_list[((hash_code & 0xffffffff) + addr) % len(host_list)])
if type(host_list) == list:
host_post = common.to_str(host_list[((hash_code & 0xffffffff) + addr) % len(host_list)])
else:
host_post = host_list
items = host_post.rsplit(':', 1)
if len(items) > 1:
try:

Loading…
Cancel
Save