dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix auth_sha1 

fix tls1.0_session_auth
dev
BreakWa11 9 years ago
parent
68a77ddc70
commit
80604a9421
3 changed files with 20 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      shadowsocks/obfsplugin/auth.py
  2. 19
      shadowsocks/obfsplugin/obfs_tls.py
  3. 3
      shadowsocks/tcprelay.py

8
shadowsocks/obfsplugin/auth.py
View File

@ -374,7 +374,7 @@ class auth_sha1(verify_base):
rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 128) rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 128)
data = common.chr(len(rnd_data) + 1) + rnd_data + buf data = common.chr(len(rnd_data) + 1) + rnd_data + buf
data = struct.pack('>H', len(data) + 16) + data data = struct.pack('>H', len(data) + 16) + data
crc = binascii.crc32(self.server_info.key) crc = binascii.crc32(self.server_info.key) & 0xFFFFFFFF
data = struct.pack('<I', crc) + data data = struct.pack('<I', crc) + data
data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10] data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10]
return data return data
@ -416,9 +416,6 @@ class auth_sha1(verify_base):
if length >= 8192 or length < 7: if length >= 8192 or length < 7:
self.raw_trans = True self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
if self.decrypt_packet_num == 0:
return None
else:
raise Exception('client_post_decrypt data error') raise Exception('client_post_decrypt data error')
if length > len(self.recv_buf): if length > len(self.recv_buf):
break break
@ -426,9 +423,6 @@ class auth_sha1(verify_base):
if struct.pack('<I', zlib.adler32(self.recv_buf[:length - 4]) & 0xFFFFFFFF) != self.recv_buf[length - 4:length]: if struct.pack('<I', zlib.adler32(self.recv_buf[:length - 4]) & 0xFFFFFFFF) != self.recv_buf[length - 4:length]:
self.raw_trans = True self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
if self.decrypt_packet_num == 0:
return None
else:
raise Exception('client_post_decrypt data uncorrect checksum') raise Exception('client_post_decrypt data uncorrect checksum')
pos = common.ord(self.recv_buf[2]) + 2 pos = common.ord(self.recv_buf[2]) + 2

19
shadowsocks/obfsplugin/obfs_tls.py
View File

@ -164,7 +164,7 @@ class tls_auth(plain.plain):
return data return data
if self.has_recv_header: if self.has_recv_header:
data = b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec data = b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec
data += b"\x16" + self.tls_version + "\x00\x01\x20" + os.urandom(22) #Finished data += b"\x16" + self.tls_version + "\x00\x20" + os.urandom(22) #Finished
data += hmac.new(self.server_info.key + self.server_info.data.client_id, data, hashlib.sha1).digest()[:10] data += hmac.new(self.server_info.key + self.server_info.data.client_id, data, hashlib.sha1).digest()[:10]
ret = data + self.send_buffer ret = data + self.send_buffer
self.send_buffer = b'' self.send_buffer = b''
@ -175,6 +175,13 @@ class tls_auth(plain.plain):
def client_decode(self, buf): def client_decode(self, buf):
if self.has_recv_header: if self.has_recv_header:
return (buf, False) return (buf, False)
if len(buf) < 11 + 32 + 1 + 32:
logging.error('client_decode data error')
return (b'', True)
verify = buf[11:33]
if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]:
logging.error('client_decode data error')
return (b'', True)
self.has_recv_header = True self.has_recv_header = True
return (b'', True) return (b'', True)
@ -186,7 +193,7 @@ class tls_auth(plain.plain):
data = b"\x02\x00" + struct.pack('>H', len(data)) + data #server hello data = b"\x02\x00" + struct.pack('>H', len(data)) + data #server hello
data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data
data += b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec data += b"\x14" + self.tls_version + "\x00\x01\x01" #ChangeCipherSpec
data += b"\x16" + self.tls_version + "\x00\x01\x20" + os.urandom(22) #Finished data += b"\x16" + self.tls_version + "\x00\x20" + os.urandom(22) #Finished
data += hmac.new(self.server_info.key + self.client_id, data, hashlib.sha1).digest()[:10] data += hmac.new(self.server_info.key + self.client_id, data, hashlib.sha1).digest()[:10]
return data return data
@ -203,8 +210,8 @@ class tls_auth(plain.plain):
if self.has_recv_header: if self.has_recv_header:
verify = buf verify = buf
verify_len = 44 - 10 verify_len = 43 - 10
if len(buf) < 44: if len(buf) < 43:
logging.error('server_decode data error') logging.error('server_decode data error')
return self.decode_error_return(b'') return self.decode_error_return(b'')
if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec if not match_begin(buf, b"\x14" + self.tls_version + "\x00\x01\x01"): #ChangeCipherSpec
@ -217,10 +224,10 @@ class tls_auth(plain.plain):
if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]: if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]:
logging.error('server_decode data error') logging.error('server_decode data error')
return self.decode_error_return(b'') return self.decode_error_return(b'')
if len(buf) < 38: if len(buf) < 37:
logging.error('server_decode data error') logging.error('server_decode data error')
return self.decode_error_return(b'') return self.decode_error_return(b'')
buf = buf[38:] buf = buf[37:]
self.raw_trans_recv = True self.raw_trans_recv = True
return (buf, True, False) return (buf, True, False)

3
shadowsocks/tcprelay.py
View File

@ -333,7 +333,10 @@ class TCPRelayHandler(object):
addr = struct.unpack('>I', address_bytes)[0] addr = struct.unpack('>I', address_bytes)[0]
else: else:
addr = 0 addr = 0
if type(host_list) == list:
host_post = common.to_str(host_list[((hash_code & 0xffffffff) + addr) % len(host_list)]) host_post = common.to_str(host_list[((hash_code & 0xffffffff) + addr) % len(host_list)])
else:
host_post = host_list
items = host_post.rsplit(':', 1) items = host_post.rsplit(':', 1)
if len(items) > 1: if len(items) > 1:
try: try:

Write Preview
Loading…
Cancel
Save