From 80604a9421606e2de36f25644748a6ba29f643c4 Mon Sep 17 00:00:00 2001 From: BreakWa11 Date: Mon, 21 Dec 2015 18:03:52 +0800 Subject: [PATCH] fix auth_sha1 fix tls1.0_session_auth --- shadowsocks/obfsplugin/auth.py | 12 +++--------- shadowsocks/obfsplugin/obfs_tls.py | 19 +++++++++++++------ shadowsocks/tcprelay.py | 5 ++++- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/shadowsocks/obfsplugin/auth.py b/shadowsocks/obfsplugin/auth.py index 16ee20a..14cff5d 100644 --- a/shadowsocks/obfsplugin/auth.py +++ b/shadowsocks/obfsplugin/auth.py @@ -374,7 +374,7 @@ class auth_sha1(verify_base): rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 128) data = common.chr(len(rnd_data) + 1) + rnd_data + buf data = struct.pack('>H', len(data) + 16) + data - crc = binascii.crc32(self.server_info.key) + crc = binascii.crc32(self.server_info.key) & 0xFFFFFFFF data = struct.pack('= 8192 or length < 7: self.raw_trans = True self.recv_buf = b'' - if self.decrypt_packet_num == 0: - return None - else: - raise Exception('client_post_decrypt data error') + raise Exception('client_post_decrypt data error') if length > len(self.recv_buf): break if struct.pack('H', len(data)) + data #server hello data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data data += b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec - data += b"\x16" + self.tls_version + "\x00\x01\x20" + os.urandom(22) #Finished + data += b"\x16" + self.tls_version + "\x00\x20" + os.urandom(22) #Finished data += hmac.new(self.server_info.key + self.client_id, data, hashlib.sha1).digest()[:10] return data @@ -203,8 +210,8 @@ class tls_auth(plain.plain): if self.has_recv_header: verify = buf - verify_len = 44 - 10 - if len(buf) < 44: + verify_len = 43 - 10 + if len(buf) < 43: logging.error('server_decode data error') return self.decode_error_return(b'') if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec @@ -217,10 +224,10 @@ class tls_auth(plain.plain): if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]: logging.error('server_decode data error') return self.decode_error_return(b'') - if len(buf) < 38: + if len(buf) < 37: logging.error('server_decode data error') return self.decode_error_return(b'') - buf = buf[38:] + buf = buf[37:] self.raw_trans_recv = True return (buf, True, False) diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py index ac9e8fb..976f8b9 100644 --- a/shadowsocks/tcprelay.py +++ b/shadowsocks/tcprelay.py @@ -333,7 +333,10 @@ class TCPRelayHandler(object): addr = struct.unpack('>I', address_bytes)[0] else: addr = 0 - host_post = common.to_str(host_list[((hash_code & 0xffffffff) + addr) % len(host_list)]) + if type(host_list) == list: + host_post = common.to_str(host_list[((hash_code & 0xffffffff) + addr) % len(host_list)]) + else: + host_post = host_list items = host_post.rsplit(':', 1) if len(items) > 1: try: