dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

auth_sha1 & auth_sha1_v2 keep compatible, remove auth_sha1_v3

dev
破娃酱 8 years ago
parent
486c007928
commit
e63d1eafad
1 changed files with 11 additions and 209 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 218
      shadowsocks/obfsplugin/auth.py

218
shadowsocks/obfsplugin/auth.py
View File

@ -59,7 +59,9 @@ def create_auth_aes128_sha1(method):
obfs_map = {
'auth_sha1': (create_auth_sha1,),
'auth_sha1_compatible': (create_auth_sha1,),
'auth_sha1_v2': (create_auth_sha1_v2,),
'auth_sha1_v2_compatible': (create_auth_sha1_v2,),
'auth_sha1_v3': (create_auth_sha1_v3,),
'auth_sha1_v4': (create_auth_sha1_v4,),
'auth_aes128': (create_auth_aes128,),
@ -81,6 +83,7 @@ class auth_base(plain.plain):
def __init__(self, method):
super(auth_base, self).__init__(method)
self.method = method
self.no_compatible_method = ''
def init_data(self):
return ''
@ -102,7 +105,9 @@ class auth_base(plain.plain):
def not_match_return(self, buf):
self.raw_trans = True
if self.method == self.no_compatible_method:
return (b'E'*2048, False)
return (buf, False)
class client_queue(object):
def __init__(self, begin_id):
@ -211,6 +216,7 @@ class auth_sha1(auth_base):
self.client_id = 0
self.connection_id = 0
self.max_time_dif = 60 * 60 # time dif (second) setting
self.no_compatible_method = 'auth_sha1'
def init_data(self):
return obfs_auth_data()
@ -432,6 +438,7 @@ class auth_sha1_v2(auth_base):
self.client_id = 0
self.connection_id = 0
self.salt = b"auth_sha1_v2"
self.no_compatible_method = 'auth_sha1_v2'
def init_data(self):
return obfs_auth_v2_data()
@ -620,214 +627,6 @@ class auth_sha1_v2(auth_base):
self.decrypt_packet_num += 1
return (out_buf, sendback)
class auth_sha1_v3(auth_base):
def __init__(self, method):
super(auth_sha1_v3, self).__init__(method)
self.recv_buf = b''
self.unit_len = 8100
self.decrypt_packet_num = 0
self.raw_trans = False
self.has_sent_header = False
self.has_recv_header = False
self.client_id = 0
self.connection_id = 0
self.max_time_dif = 60 * 60 * 24 # time dif (second) setting
self.salt = b"auth_sha1_v3"
def init_data(self):
return obfs_auth_v2_data()
def set_server_info(self, server_info):
self.server_info = server_info
try:
max_client = int(server_info.protocol_param)
except:
max_client = 64
self.server_info.data.set_max_client(max_client)
def rnd_data(self, buf_size):
if buf_size > 1200:
return b'\x01'
if buf_size > 400:
rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 256)
else:
rnd_data = os.urandom(struct.unpack('>H', os.urandom(2))[0] % 512)
if len(rnd_data) < 128:
return common.chr(len(rnd_data) + 1) + rnd_data
else:
return common.chr(255) + struct.pack('>H', len(rnd_data) + 3) + rnd_data
def pack_data(self, buf):
data = self.rnd_data(len(buf)) + buf
data = struct.pack('>H', len(data) + 6) + data
adler32 = zlib.adler32(data) & 0xFFFFFFFF
data += struct.pack('<I', adler32)
return data
def pack_auth_data(self, buf):
if len(buf) == 0:
return b''
data = self.rnd_data(len(buf)) + buf
data_len = len(data) + 16
crc = binascii.crc32(self.salt + self.server_info.key + struct.pack('>H', data_len)) & 0xFFFFFFFF
data = struct.pack('<I', crc) + data
data = struct.pack('>H', data_len) + data
data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10]
return data
def auth_data(self):
utc_time = int(time.time()) & 0xFFFFFFFF
if self.server_info.data.connection_id > 0xFF000000:
self.server_info.data.local_client_id = b''
if not self.server_info.data.local_client_id:
self.server_info.data.local_client_id = os.urandom(4)
logging.debug("local_client_id %s" % (binascii.hexlify(self.server_info.data.local_client_id),))
self.server_info.data.connection_id = struct.unpack('<I', os.urandom(4))[0] & 0xFFFFFF
self.server_info.data.connection_id += 1
return b''.join([struct.pack('<I', utc_time),
self.server_info.data.local_client_id,
struct.pack('<I', self.server_info.data.connection_id)])
def client_pre_encrypt(self, buf):
ret = b''
if not self.has_sent_header:
head_size = self.get_head_size(buf, 30)
datalen = min(len(buf), random.randint(0, 31) + head_size)
ret += self.pack_auth_data(self.auth_data() + buf[:datalen])
buf = buf[datalen:]
self.has_sent_header = True
while len(buf) > self.unit_len:
ret += self.pack_data(buf[:self.unit_len])
buf = buf[self.unit_len:]
ret += self.pack_data(buf)
return ret
def client_post_decrypt(self, buf):
if self.raw_trans:
return buf
self.recv_buf += buf
out_buf = b''
while len(self.recv_buf) > 2:
length = struct.unpack('>H', self.recv_buf[:2])[0]
if length >= 8192 or length < 7:
self.raw_trans = True
self.recv_buf = b''
raise Exception('client_post_decrypt data error')
if length > len(self.recv_buf):
break
if struct.pack('<I', zlib.adler32(self.recv_buf[:length - 4]) & 0xFFFFFFFF) != self.recv_buf[length - 4:length]:
self.raw_trans = True
self.recv_buf = b''
raise Exception('client_post_decrypt data uncorrect checksum')
pos = common.ord(self.recv_buf[2])
if pos < 255:
pos += 2
else:
pos = struct.unpack('>H', self.recv_buf[3:5])[0] + 2
out_buf += self.recv_buf[pos:length - 4]
self.recv_buf = self.recv_buf[length:]
if out_buf:
self.decrypt_packet_num += 1
return out_buf
def server_pre_encrypt(self, buf):
if self.raw_trans:
return buf
ret = b''
while len(buf) > self.unit_len:
ret += self.pack_data(buf[:self.unit_len])
buf = buf[self.unit_len:]
ret += self.pack_data(buf)
return ret
def server_post_decrypt(self, buf):
if self.raw_trans:
return (buf, False)
self.recv_buf += buf
out_buf = b''
if not self.has_recv_header:
if len(self.recv_buf) < 6:
return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key + self.recv_buf[:2]) & 0xFFFFFFFF)
if crc != self.recv_buf[2:6]:
return self.not_match_return(self.recv_buf)
length = struct.unpack('>H', self.recv_buf[:2])[0]
if length > len(self.recv_buf):
return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1_v3 data uncorrect auth HMAC-SHA1')
return self.not_match_return(self.recv_buf)
pos = common.ord(self.recv_buf[6])
if pos < 255:
pos += 6
else:
pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6
out_buf = self.recv_buf[pos:length - 10]
if len(out_buf) < 12:
logging.info('auth_sha1_v3: too short, data %s' % (binascii.hexlify(self.recv_buf),))
return self.not_match_return(self.recv_buf)
utc_time = struct.unpack('<I', out_buf[:4])[0]
client_id = struct.unpack('<I', out_buf[4:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0]
time_dif = common.int32(utc_time - (int(time.time()) & 0xffffffff))
if time_dif < -self.max_time_dif or time_dif > self.max_time_dif:
logging.info('auth_sha1_v3: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),))
return self.not_match_return(self.recv_buf)
elif self.server_info.data.insert(client_id, connection_id):
self.has_recv_header = True
out_buf = out_buf[12:]
self.client_id = client_id
self.connection_id = connection_id
else:
logging.info('auth_sha1_v3: auth fail, data %s' % (binascii.hexlify(out_buf),))
return self.not_match_return(self.recv_buf)
self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True
sendback = False
while len(self.recv_buf) > 2:
length = struct.unpack('>H', self.recv_buf[:2])[0]
if length >= 8192 or length < 7:
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
logging.info('auth_sha1_v3: over size')
return (b'E'*2048, False)
else:
raise Exception('server_post_decrype data error')
if length > len(self.recv_buf):
break
if struct.pack('<I', zlib.adler32(self.recv_buf[:length - 4]) & 0xFFFFFFFF) != self.recv_buf[length - 4:length]:
logging.info('auth_sha1_v3: checksum error, data %s' % (binascii.hexlify(self.recv_buf[:length]),))
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return (b'E'*2048, False)
else:
raise Exception('server_post_decrype data uncorrect checksum')
pos = common.ord(self.recv_buf[2])
if pos < 255:
pos += 2
else:
pos = struct.unpack('>H', self.recv_buf[3:5])[0] + 2
out_buf += self.recv_buf[pos:length - 4]
self.recv_buf = self.recv_buf[length:]
if pos == length - 4:
sendback = True
if out_buf:
self.server_info.data.update(self.client_id, self.connection_id)
self.decrypt_packet_num += 1
return (out_buf, sendback)
class auth_sha1_v4(auth_base):
def __init__(self, method):
super(auth_sha1_v4, self).__init__(method)
@ -841,6 +640,7 @@ class auth_sha1_v4(auth_base):
self.connection_id = 0
self.max_time_dif = 60 * 60 * 24 # time dif (second) setting
self.salt = b"auth_sha1_v4"
self.no_compatible_method = 'auth_sha1_v4'
def init_data(self):
return obfs_auth_v2_data()
@ -1065,6 +865,7 @@ class auth_aes128(auth_base):
self.connection_id = 0
self.max_time_dif = 60 * 60 * 24 # time dif (second) setting
self.salt = b"auth_aes128"
self.no_compatible_method = 'auth_aes128'
self.extra_wait_size = struct.unpack('>H', os.urandom(2))[0] % 1024
self.pack_id = 0
self.recv_id = 0
@ -1583,3 +1384,4 @@ class auth_aes128_sha1(auth_base):
if hmac.new(user_key, buf[:-4], self.hashfunc).digest()[:4] != buf[-4:]:
return b''
return buf[:-8]

Write Preview
Loading…
Cancel
Save