Browse Source

remove tls_simple, fix tls1.2_ticket_auth

dev
破娃酱 8 years ago
parent
commit
816d2f6298
  1. 74
      shadowsocks/obfsplugin/obfs_tls.py

74
shadowsocks/obfsplugin/obfs_tls.py

@ -35,9 +35,6 @@ from shadowsocks.obfsplugin import plain
from shadowsocks.common import to_bytes, to_str, ord from shadowsocks.common import to_bytes, to_str, ord
from shadowsocks import lru_cache from shadowsocks import lru_cache
def create_tls_obfs(method):
return tls_simple(method)
def create_tls_auth_obfs(method): def create_tls_auth_obfs(method):
return tls_auth(method) return tls_auth(method)
@ -45,8 +42,6 @@ def create_tls_ticket_auth_obfs(method):
return tls_ticket_auth(method) return tls_ticket_auth(method)
obfs_map = { obfs_map = {
'tls_simple': (create_tls_obfs,),
'tls_simple_compatible': (create_tls_obfs,),
'tls1.0_session_auth': (create_tls_auth_obfs,), 'tls1.0_session_auth': (create_tls_auth_obfs,),
'tls1.0_session_auth_compatible': (create_tls_auth_obfs,), 'tls1.0_session_auth_compatible': (create_tls_auth_obfs,),
'tls1.2_ticket_auth': (create_tls_ticket_auth_obfs,), 'tls1.2_ticket_auth': (create_tls_ticket_auth_obfs,),
@ -59,73 +54,6 @@ def match_begin(str1, str2):
return True return True
return False return False
class tls_simple(plain.plain):
def __init__(self, method):
self.method = method
self.has_sent_header = False
self.has_recv_header = False
self.raw_trans_sent = False
self.send_buffer = b''
self.tls_version = b'\x03\x01'
def client_encode(self, buf):
if self.raw_trans_sent:
return buf
self.send_buffer += buf
if not self.has_sent_header:
self.has_sent_header = True
data = self.tls_version + os.urandom(32) + binascii.unhexlify(b"000016c02bc02fc00ac009c013c01400330039002f0035000a0100006fff01000100000a00080006001700180019000b0002010000230000337400000010002900270568322d31360568322d31350568322d313402683208737064792f332e3108687474702f312e31000500050100000000000d001600140401050106010201040305030603020304020202")
data = b"\x01\x00" + struct.pack('>H', len(data)) + data
data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data
return data
if self.has_recv_header:
ret = self.send_buffer
self.send_buffer = b''
self.raw_trans_sent = True
return ret
return b''
def client_decode(self, buf):
if self.has_recv_header:
return (buf, False)
self.has_recv_header = True
return (b'', True)
def server_encode(self, buf):
if self.has_sent_header:
return buf
self.has_sent_header = True
# TODO
data = self.tls_version + os.urandom(32)
data = b"\x02\x00" + struct.pack('>H', len(data)) + data
data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data
return data
def decode_error_return(self, buf):
self.has_sent_header = True
if self.method == 'tls_simple':
return (b'E'*64, False, False)
return (buf, True, False)
def server_decode(self, buf):
if self.has_recv_header:
return (buf, True, False)
self.has_recv_header = True
if not match_begin(buf, b'\x16' + self.tls_version):
return self.decode_error_return(buf)
buf = buf[3:]
if struct.unpack('>H', buf[:2])[0] != len(buf) - 2:
return self.decode_error_return(buf)
buf = buf[2:]
if not match_begin(buf, b'\x01\x00'): #client hello
return self.decode_error_return(buf)
buf = buf[2:]
if struct.unpack('>H', buf[:2])[0] != len(buf) - 2:
return self.decode_error_return(buf)
# (buffer_to_recv, is_need_decrypt, is_need_to_encode_and_send_back)
return (b'', False, True)
class obfs_client_data(object): class obfs_client_data(object):
def __init__(self, cid): def __init__(self, cid):
self.client_id = cid self.client_id = cid
@ -385,7 +313,7 @@ class tls_ticket_auth(plain.plain):
def decode_error_return(self, buf): def decode_error_return(self, buf):
self.handshake_status = -1 self.handshake_status = -1
if self.method == 'tls1.2_session_auth': if self.method == 'tls1.2_ticket_auth':
return (b'E'*64, False, False) return (b'E'*64, False, False)
return (buf, True, False) return (buf, True, False)

Loading…
Cancel
Save