diff --git a/shadowsocks/obfsplugin/auth.py b/shadowsocks/obfsplugin/auth.py index 4495040..54ca924 100644 --- a/shadowsocks/obfsplugin/auth.py +++ b/shadowsocks/obfsplugin/auth.py @@ -59,7 +59,9 @@ def create_auth_aes128_sha1(method): obfs_map = { 'auth_sha1': (create_auth_sha1,), + 'auth_sha1_compatible': (create_auth_sha1,), 'auth_sha1_v2': (create_auth_sha1_v2,), + 'auth_sha1_v2_compatible': (create_auth_sha1_v2,), 'auth_sha1_v3': (create_auth_sha1_v3,), 'auth_sha1_v4': (create_auth_sha1_v4,), 'auth_aes128': (create_auth_aes128,), @@ -81,6 +83,7 @@ class auth_base(plain.plain): def __init__(self, method): super(auth_base, self).__init__(method) self.method = method + self.no_compatible_method = '' def init_data(self): return '' @@ -102,7 +105,9 @@ class auth_base(plain.plain): def not_match_return(self, buf): self.raw_trans = True - return (b'E'*2048, False) + if self.method == self.no_compatible_method: + return (b'E'*2048, False) + return (buf, False) class client_queue(object): def __init__(self, begin_id): @@ -211,6 +216,7 @@ class auth_sha1(auth_base): self.client_id = 0 self.connection_id = 0 self.max_time_dif = 60 * 60 # time dif (second) setting + self.no_compatible_method = 'auth_sha1' def init_data(self): return obfs_auth_data() @@ -432,6 +438,7 @@ class auth_sha1_v2(auth_base): self.client_id = 0 self.connection_id = 0 self.salt = b"auth_sha1_v2" + self.no_compatible_method = 'auth_sha1_v2' def init_data(self): return obfs_auth_v2_data() @@ -620,214 +627,6 @@ class auth_sha1_v2(auth_base): self.decrypt_packet_num += 1 return (out_buf, sendback) -class auth_sha1_v3(auth_base): - def __init__(self, method): - super(auth_sha1_v3, self).__init__(method) - self.recv_buf = b'' - self.unit_len = 8100 - self.decrypt_packet_num = 0 - self.raw_trans = False - self.has_sent_header = False - self.has_recv_header = False - self.client_id = 0 - self.connection_id = 0 - self.max_time_dif = 60 * 60 * 24 # time dif (second) setting - self.salt = b"auth_sha1_v3" - - def init_data(self): - return obfs_auth_v2_data() - - def set_server_info(self, server_info): - self.server_info = server_info - try: - max_client = int(server_info.protocol_param) - except: - max_client = 64 - self.server_info.data.set_max_client(max_client) - - def rnd_data(self, buf_size): - if buf_size > 1200: - return b'\x01' - - if buf_size > 400: - rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 256) - else: - rnd_data = os.urandom(struct.unpack('>H', os.urandom(2))[0] % 512) - - if len(rnd_data) < 128: - return common.chr(len(rnd_data) + 1) + rnd_data - else: - return common.chr(255) + struct.pack('>H', len(rnd_data) + 3) + rnd_data - - def pack_data(self, buf): - data = self.rnd_data(len(buf)) + buf - data = struct.pack('>H', len(data) + 6) + data - adler32 = zlib.adler32(data) & 0xFFFFFFFF - data += struct.pack('H', data_len)) & 0xFFFFFFFF - data = struct.pack('H', data_len) + data - data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10] - return data - - def auth_data(self): - utc_time = int(time.time()) & 0xFFFFFFFF - if self.server_info.data.connection_id > 0xFF000000: - self.server_info.data.local_client_id = b'' - if not self.server_info.data.local_client_id: - self.server_info.data.local_client_id = os.urandom(4) - logging.debug("local_client_id %s" % (binascii.hexlify(self.server_info.data.local_client_id),)) - self.server_info.data.connection_id = struct.unpack(' self.unit_len: - ret += self.pack_data(buf[:self.unit_len]) - buf = buf[self.unit_len:] - ret += self.pack_data(buf) - return ret - - def client_post_decrypt(self, buf): - if self.raw_trans: - return buf - self.recv_buf += buf - out_buf = b'' - while len(self.recv_buf) > 2: - length = struct.unpack('>H', self.recv_buf[:2])[0] - if length >= 8192 or length < 7: - self.raw_trans = True - self.recv_buf = b'' - raise Exception('client_post_decrypt data error') - if length > len(self.recv_buf): - break - - if struct.pack('H', self.recv_buf[3:5])[0] + 2 - out_buf += self.recv_buf[pos:length - 4] - self.recv_buf = self.recv_buf[length:] - - if out_buf: - self.decrypt_packet_num += 1 - return out_buf - - def server_pre_encrypt(self, buf): - if self.raw_trans: - return buf - ret = b'' - while len(buf) > self.unit_len: - ret += self.pack_data(buf[:self.unit_len]) - buf = buf[self.unit_len:] - ret += self.pack_data(buf) - return ret - - def server_post_decrypt(self, buf): - if self.raw_trans: - return (buf, False) - self.recv_buf += buf - out_buf = b'' - if not self.has_recv_header: - if len(self.recv_buf) < 6: - return (b'', False) - crc = struct.pack('H', self.recv_buf[:2])[0] - if length > len(self.recv_buf): - return (b'', False) - sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] - if sha1data != self.recv_buf[length - 10:length]: - logging.error('auth_sha1_v3 data uncorrect auth HMAC-SHA1') - return self.not_match_return(self.recv_buf) - pos = common.ord(self.recv_buf[6]) - if pos < 255: - pos += 6 - else: - pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6 - out_buf = self.recv_buf[pos:length - 10] - if len(out_buf) < 12: - logging.info('auth_sha1_v3: too short, data %s' % (binascii.hexlify(self.recv_buf),)) - return self.not_match_return(self.recv_buf) - utc_time = struct.unpack(' self.max_time_dif: - logging.info('auth_sha1_v3: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),)) - return self.not_match_return(self.recv_buf) - elif self.server_info.data.insert(client_id, connection_id): - self.has_recv_header = True - out_buf = out_buf[12:] - self.client_id = client_id - self.connection_id = connection_id - else: - logging.info('auth_sha1_v3: auth fail, data %s' % (binascii.hexlify(out_buf),)) - return self.not_match_return(self.recv_buf) - self.recv_buf = self.recv_buf[length:] - self.has_recv_header = True - - sendback = False - while len(self.recv_buf) > 2: - length = struct.unpack('>H', self.recv_buf[:2])[0] - if length >= 8192 or length < 7: - self.raw_trans = True - self.recv_buf = b'' - if self.decrypt_packet_num == 0: - logging.info('auth_sha1_v3: over size') - return (b'E'*2048, False) - else: - raise Exception('server_post_decrype data error') - if length > len(self.recv_buf): - break - - if struct.pack('H', self.recv_buf[3:5])[0] + 2 - out_buf += self.recv_buf[pos:length - 4] - self.recv_buf = self.recv_buf[length:] - if pos == length - 4: - sendback = True - - if out_buf: - self.server_info.data.update(self.client_id, self.connection_id) - self.decrypt_packet_num += 1 - return (out_buf, sendback) - class auth_sha1_v4(auth_base): def __init__(self, method): super(auth_sha1_v4, self).__init__(method) @@ -841,6 +640,7 @@ class auth_sha1_v4(auth_base): self.connection_id = 0 self.max_time_dif = 60 * 60 * 24 # time dif (second) setting self.salt = b"auth_sha1_v4" + self.no_compatible_method = 'auth_sha1_v4' def init_data(self): return obfs_auth_v2_data() @@ -1065,6 +865,7 @@ class auth_aes128(auth_base): self.connection_id = 0 self.max_time_dif = 60 * 60 * 24 # time dif (second) setting self.salt = b"auth_aes128" + self.no_compatible_method = 'auth_aes128' self.extra_wait_size = struct.unpack('>H', os.urandom(2))[0] % 1024 self.pack_id = 0 self.recv_id = 0 @@ -1583,3 +1384,4 @@ class auth_aes128_sha1(auth_base): if hmac.new(user_key, buf[:-4], self.hashfunc).digest()[:4] != buf[-4:]: return b'' return buf[:-8] +