|
@ -35,9 +35,6 @@ from shadowsocks.obfsplugin import plain |
|
|
from shadowsocks.common import to_bytes, to_str, ord |
|
|
from shadowsocks.common import to_bytes, to_str, ord |
|
|
from shadowsocks import lru_cache |
|
|
from shadowsocks import lru_cache |
|
|
|
|
|
|
|
|
def create_tls_obfs(method): |
|
|
|
|
|
return tls_simple(method) |
|
|
|
|
|
|
|
|
|
|
|
def create_tls_auth_obfs(method): |
|
|
def create_tls_auth_obfs(method): |
|
|
return tls_auth(method) |
|
|
return tls_auth(method) |
|
|
|
|
|
|
|
@ -45,8 +42,6 @@ def create_tls_ticket_auth_obfs(method): |
|
|
return tls_ticket_auth(method) |
|
|
return tls_ticket_auth(method) |
|
|
|
|
|
|
|
|
obfs_map = { |
|
|
obfs_map = { |
|
|
'tls_simple': (create_tls_obfs,), |
|
|
|
|
|
'tls_simple_compatible': (create_tls_obfs,), |
|
|
|
|
|
'tls1.0_session_auth': (create_tls_auth_obfs,), |
|
|
'tls1.0_session_auth': (create_tls_auth_obfs,), |
|
|
'tls1.0_session_auth_compatible': (create_tls_auth_obfs,), |
|
|
'tls1.0_session_auth_compatible': (create_tls_auth_obfs,), |
|
|
'tls1.2_ticket_auth': (create_tls_ticket_auth_obfs,), |
|
|
'tls1.2_ticket_auth': (create_tls_ticket_auth_obfs,), |
|
@ -59,73 +54,6 @@ def match_begin(str1, str2): |
|
|
return True |
|
|
return True |
|
|
return False |
|
|
return False |
|
|
|
|
|
|
|
|
class tls_simple(plain.plain): |
|
|
|
|
|
def __init__(self, method): |
|
|
|
|
|
self.method = method |
|
|
|
|
|
self.has_sent_header = False |
|
|
|
|
|
self.has_recv_header = False |
|
|
|
|
|
self.raw_trans_sent = False |
|
|
|
|
|
self.send_buffer = b'' |
|
|
|
|
|
self.tls_version = b'\x03\x01' |
|
|
|
|
|
|
|
|
|
|
|
def client_encode(self, buf): |
|
|
|
|
|
if self.raw_trans_sent: |
|
|
|
|
|
return buf |
|
|
|
|
|
self.send_buffer += buf |
|
|
|
|
|
if not self.has_sent_header: |
|
|
|
|
|
self.has_sent_header = True |
|
|
|
|
|
data = self.tls_version + os.urandom(32) + binascii.unhexlify(b"000016c02bc02fc00ac009c013c01400330039002f0035000a0100006fff01000100000a00080006001700180019000b0002010000230000337400000010002900270568322d31360568322d31350568322d313402683208737064792f332e3108687474702f312e31000500050100000000000d001600140401050106010201040305030603020304020202") |
|
|
|
|
|
data = b"\x01\x00" + struct.pack('>H', len(data)) + data |
|
|
|
|
|
data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data |
|
|
|
|
|
return data |
|
|
|
|
|
if self.has_recv_header: |
|
|
|
|
|
ret = self.send_buffer |
|
|
|
|
|
self.send_buffer = b'' |
|
|
|
|
|
self.raw_trans_sent = True |
|
|
|
|
|
return ret |
|
|
|
|
|
return b'' |
|
|
|
|
|
|
|
|
|
|
|
def client_decode(self, buf): |
|
|
|
|
|
if self.has_recv_header: |
|
|
|
|
|
return (buf, False) |
|
|
|
|
|
self.has_recv_header = True |
|
|
|
|
|
return (b'', True) |
|
|
|
|
|
|
|
|
|
|
|
def server_encode(self, buf): |
|
|
|
|
|
if self.has_sent_header: |
|
|
|
|
|
return buf |
|
|
|
|
|
self.has_sent_header = True |
|
|
|
|
|
# TODO |
|
|
|
|
|
data = self.tls_version + os.urandom(32) |
|
|
|
|
|
data = b"\x02\x00" + struct.pack('>H', len(data)) + data |
|
|
|
|
|
data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data |
|
|
|
|
|
return data |
|
|
|
|
|
|
|
|
|
|
|
def decode_error_return(self, buf): |
|
|
|
|
|
self.has_sent_header = True |
|
|
|
|
|
if self.method == 'tls_simple': |
|
|
|
|
|
return (b'E'*64, False, False) |
|
|
|
|
|
return (buf, True, False) |
|
|
|
|
|
|
|
|
|
|
|
def server_decode(self, buf): |
|
|
|
|
|
if self.has_recv_header: |
|
|
|
|
|
return (buf, True, False) |
|
|
|
|
|
|
|
|
|
|
|
self.has_recv_header = True |
|
|
|
|
|
if not match_begin(buf, b'\x16' + self.tls_version): |
|
|
|
|
|
return self.decode_error_return(buf) |
|
|
|
|
|
buf = buf[3:] |
|
|
|
|
|
if struct.unpack('>H', buf[:2])[0] != len(buf) - 2: |
|
|
|
|
|
return self.decode_error_return(buf) |
|
|
|
|
|
buf = buf[2:] |
|
|
|
|
|
if not match_begin(buf, b'\x01\x00'): #client hello |
|
|
|
|
|
return self.decode_error_return(buf) |
|
|
|
|
|
buf = buf[2:] |
|
|
|
|
|
if struct.unpack('>H', buf[:2])[0] != len(buf) - 2: |
|
|
|
|
|
return self.decode_error_return(buf) |
|
|
|
|
|
# (buffer_to_recv, is_need_decrypt, is_need_to_encode_and_send_back) |
|
|
|
|
|
return (b'', False, True) |
|
|
|
|
|
|
|
|
|
|
|
class obfs_client_data(object): |
|
|
class obfs_client_data(object): |
|
|
def __init__(self, cid): |
|
|
def __init__(self, cid): |
|
|
self.client_id = cid |
|
|
self.client_id = cid |
|
@ -385,7 +313,7 @@ class tls_ticket_auth(plain.plain): |
|
|
|
|
|
|
|
|
def decode_error_return(self, buf): |
|
|
def decode_error_return(self, buf): |
|
|
self.handshake_status = -1 |
|
|
self.handshake_status = -1 |
|
|
if self.method == 'tls1.2_session_auth': |
|
|
if self.method == 'tls1.2_ticket_auth': |
|
|
return (b'E'*64, False, False) |
|
|
return (b'E'*64, False, False) |
|
|
return (buf, True, False) |
|
|
return (buf, True, False) |
|
|
|
|
|
|
|
|