Skip to content

Commit

Permalink
fix proxy ss2022 client lints
Browse files Browse the repository at this point in the history
  • Loading branch information
xiaokangwang committed Nov 19, 2023
1 parent 8a1777c commit 39851b3
Show file tree
Hide file tree
Showing 10 changed files with 89 additions and 71 deletions.
19 changes: 9 additions & 10 deletions proxy/shadowsocks2022/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ package shadowsocks2022

import (
"context"
gonet "net"
"sync"
"time"

"github.com/v2fly/v2ray-core/v5/common"
"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/environment"
Expand All @@ -15,9 +19,6 @@ import (
"github.com/v2fly/v2ray-core/v5/transport"
"github.com/v2fly/v2ray-core/v5/transport/internet"
"github.com/v2fly/v2ray-core/v5/transport/internet/udp"
gonet "net"
"sync"
"time"
)

type Client struct {
Expand All @@ -33,17 +34,17 @@ type ClientUDPConnState struct {
}

func (c *ClientUDPConnState) GetOrCreateSession(create func() (*ClientUDPSession, error)) (*ClientUDPSession, error) {
var err error
var errOuter error
c.initOnce.Do(func() {
sessionState, err := create()
if err != nil {
err = newError("failed to create UDP session").Base(err)
errOuter = newError("failed to create UDP session").Base(err)
return
}
c.session = sessionState
})
if err != nil {
return nil, newError("failed to initialize UDP State").Base(err)
if errOuter != nil {
return nil, newError("failed to initialize UDP State").Base(errOuter)
}
return c.session, nil
}
Expand All @@ -60,7 +61,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
destination := outbound.Target
network := destination.Network

var keyDerivation = newBLAKE3KeyDerivation()
keyDerivation := newBLAKE3KeyDerivation()
var method Method
switch c.config.Method {
case "2022-blake3-aes-128-gcm":
Expand Down Expand Up @@ -107,7 +108,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter

return nil
})

if err != nil {
return newError("failed to find an available destination").AtWarning().Base(err)
}
Expand Down Expand Up @@ -222,7 +222,6 @@ func (c *Client) getUDPSession(ctx context.Context, network net.Network, dialer
}

func NewClient(ctx context.Context, config *ClientConfig) (*Client, error) {

storage := envctx.EnvironmentFromContext(ctx).(environment.ProxyEnvironment).TransientStorage()

udpState, err := NewClientUDPConnState()
Expand Down
9 changes: 5 additions & 4 deletions proxy/shadowsocks2022/client_session.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@ package shadowsocks2022
import (
"context"
"crypto/rand"
"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/net"
"github.com/v2fly/v2ray-core/v5/transport/internet"
"io"
gonet "net"
"sync"
"time"

"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/net"
"github.com/v2fly/v2ray-core/v5/transport/internet"
)

func NewClientUDPSession(ctx context.Context, conn io.ReadWriteCloser, packetProcessor UDPClientPacketProcessor) *ClientUDPSession {
Expand Down Expand Up @@ -165,7 +166,7 @@ func (c *ClientUDPSessionConn) ReadFrom(p []byte) (n int, addr net.Addr, err err
case resp := <-c.readChan:
n = copy(p, resp.Payload.Bytes())
resp.Payload.Release()
addr = &net.UDPAddr{IP: resp.Address.IP(), Port: int(resp.Port)}
addr = &net.UDPAddr{IP: resp.Address.IP(), Port: resp.Port}
}
return
}
5 changes: 4 additions & 1 deletion proxy/shadowsocks2022/eih_aes.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@ package shadowsocks2022

import (
"crypto/subtle"
"io"

"github.com/lunixbochs/struc"

"github.com/v2fly/v2ray-core/v5/common/buf"
"io"

"lukechampine.com/blake3"
)

Expand Down
36 changes: 19 additions & 17 deletions proxy/shadowsocks2022/encoding.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"time"

"github.com/lunixbochs/struc"

"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/crypto"
"github.com/v2fly/v2ray-core/v5/common/net"
Expand All @@ -32,7 +33,8 @@ type TCPRequest struct {
}

func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
eih [][]byte, address DestinationAddress, destPort int, initialPayload []byte, Out *buf.Buffer) error {
eih [][]byte, address DestinationAddress, destPort int, initialPayload []byte, out *buf.Buffer,
) error {
requestSalt := newRequestSaltWithLength(t.method.GetSessionSubKeyAndSaltLength())
{
err := requestSalt.FillAllFrom(cryptoRand.Reader)
Expand All @@ -41,7 +43,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
}
}
t.c2sSalt = requestSalt
var sessionKey = make([]byte, t.method.GetSessionSubKeyAndSaltLength())
sessionKey := make([]byte, t.method.GetSessionSubKeyAndSaltLength())
{
err := t.keyDerivation.GetSessionSubKey(effectivePsk, requestSalt.Bytes(), sessionKey)
if err != nil {
Expand All @@ -54,7 +56,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
return newError("failed to get stream AEAD").Base(err)
}
t.c2sAEAD = aead
var paddingLength = TCPMinPaddingLength
paddingLength := TCPMinPaddingLength
if initialPayload == nil {
initialPayload = []byte{}
paddingLength += rand.Intn(TCPMaxPaddingLength) // TODO INSECURE RANDOM USED
Expand Down Expand Up @@ -128,7 +130,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
requestNonce := crypto.GenerateInitialAEADNonce()
t.c2sNonce = requestNonce
{
n, err := Out.Write(preSessionKeyHeaderBuffer.BytesFrom(0))
n, err := out.Write(preSessionKeyHeaderBuffer.BytesFrom(0))
if err != nil {
return newError("failed to write pre session key header").Base(err)
}
Expand All @@ -137,28 +139,28 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
}
}
{
fixedLengthEncrypted := Out.Extend(fixedLengthHeaderBuffer.Len() + int32(aead.Overhead()))
fixedLengthEncrypted := out.Extend(fixedLengthHeaderBuffer.Len() + int32(aead.Overhead()))
aead.Seal(fixedLengthEncrypted[:0], requestNonce(), fixedLengthHeaderBuffer.Bytes(), nil)
}
{
variableLengthEncrypted := Out.Extend(variableLengthHeaderBuffer.Len() + int32(aead.Overhead()))
variableLengthEncrypted := out.Extend(variableLengthHeaderBuffer.Len() + int32(aead.Overhead()))
aead.Seal(variableLengthEncrypted[:0], requestNonce(), variableLengthHeaderBuffer.Bytes(), nil)
}
return nil
}

func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader) error {
func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, in io.Reader) error {
var preSessionKeyHeader TCPResponseHeader1PreSessionKey
preSessionKeyHeader.Salt = newRequestSaltWithLength(t.method.GetSessionSubKeyAndSaltLength())
{
err := struc.Unpack(In, &preSessionKeyHeader)
err := struc.Unpack(in, &preSessionKeyHeader)
if err != nil {
return newError("failed to unpack pre session key header").Base(err)
}
}
var s2cSalt = preSessionKeyHeader.Salt.Bytes()
s2cSalt := preSessionKeyHeader.Salt.Bytes()
t.s2cSalt = preSessionKeyHeader.Salt
var sessionKey = make([]byte, t.method.GetSessionSubKeyAndSaltLength())
sessionKey := make([]byte, t.method.GetSessionSubKeyAndSaltLength())
{
err := t.keyDerivation.GetSessionSubKey(effectivePsk, s2cSalt, sessionKey)
if err != nil {
Expand All @@ -171,17 +173,17 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader)
}
t.s2cAEAD = aead

var fixedLengthHeaderEncryptedBuffer = buf.New()
fixedLengthHeaderEncryptedBuffer := buf.New()
defer fixedLengthHeaderEncryptedBuffer.Release()
{
_, err := fixedLengthHeaderEncryptedBuffer.ReadFullFrom(In, 11+int32(t.method.GetSessionSubKeyAndSaltLength())+int32(aead.Overhead()))
_, err := fixedLengthHeaderEncryptedBuffer.ReadFullFrom(in, 11+int32(t.method.GetSessionSubKeyAndSaltLength())+int32(aead.Overhead()))
if err != nil {
return newError("failed to read fixed length header encrypted").Base(err)
}
}
s2cNonce := crypto.GenerateInitialAEADNonce()
t.s2cNonce = s2cNonce
var fixedLengthHeaderDecryptedBuffer = buf.New()
fixedLengthHeaderDecryptedBuffer := buf.New()
defer fixedLengthHeaderDecryptedBuffer.Release()
{
decryptionBuffer := fixedLengthHeaderDecryptedBuffer.Extend(11 + int32(t.method.GetSessionSubKeyAndSaltLength()))
Expand Down Expand Up @@ -213,13 +215,13 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader)
}

func (t *TCPRequest) CheckC2SConnectionConstraint() error {
if bytes.Compare(t.c2sSalt.Bytes(), t.s2cSaltAssert.Bytes()) != 0 {
if !bytes.Equal(t.c2sSalt.Bytes(), t.s2cSaltAssert.Bytes()) {
return newError("c2s salt not equal to s2c salt assert")
}
return nil
}

func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buffer) (buf.Reader, error) {
func (t *TCPRequest) CreateClientS2CReader(in io.Reader, initialPayload *buf.Buffer) (buf.Reader, error) {
AEADAuthenticator := &crypto.AEADAuthenticator{
AEAD: t.s2cAEAD,
NonceGenerator: t.s2cNonce,
Expand All @@ -228,7 +230,7 @@ func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buf
initialPayloadEncrypted := buf.NewWithSize(65535)
defer initialPayloadEncrypted.Release()
initialPayloadEncryptedBytes := initialPayloadEncrypted.Extend(int32(t.s2cAEAD.Overhead()) + int32(t.s2cInitialPayloadSize))
_, err := io.ReadFull(In, initialPayloadEncryptedBytes)
_, err := io.ReadFull(in, initialPayloadEncryptedBytes)
if err != nil {
return nil, newError("failed to read initial payload").Base(err)
}
Expand All @@ -239,7 +241,7 @@ func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buf
}
return crypto.NewAuthenticationReader(AEADAuthenticator, &crypto.AEADChunkSizeParser{
Auth: AEADAuthenticator,
}, In, protocol.TransferTypeStream, nil), nil
}, in, protocol.TransferTypeStream, nil), nil
}

func (t *TCPRequest) CreateClientC2SWriter(writer io.Writer) buf.Writer {
Expand Down
18 changes: 9 additions & 9 deletions proxy/shadowsocks2022/kdf_blake3.go
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
package shadowsocks2022

import (
"github.com/v2fly/v2ray-core/v5/common/buf"
"lukechampine.com/blake3"

"github.com/v2fly/v2ray-core/v5/common/buf"
)

func newBLAKE3KeyDerivation() *BLAKE3KeyDerivation {
return &BLAKE3KeyDerivation{}
}

type BLAKE3KeyDerivation struct {
}
type BLAKE3KeyDerivation struct{}

func (B BLAKE3KeyDerivation) GetSessionSubKey(effectivePsk, Salt []byte, OutKey []byte) error {
func (b BLAKE3KeyDerivation) GetSessionSubKey(effectivePsk, salt []byte, outKey []byte) error {
keyingMaterialBuffer := buf.New()
keyingMaterialBuffer.Write(effectivePsk)
keyingMaterialBuffer.Write(Salt)
blake3.DeriveKey(OutKey, "shadowsocks 2022 session subkey", keyingMaterialBuffer.Bytes())
keyingMaterialBuffer.Write(salt)
blake3.DeriveKey(outKey, "shadowsocks 2022 session subkey", keyingMaterialBuffer.Bytes())
keyingMaterialBuffer.Release()
return nil
}

func (B BLAKE3KeyDerivation) GetIdentitySubKey(effectivePsk, Salt []byte, OutKey []byte) error {
func (b BLAKE3KeyDerivation) GetIdentitySubKey(effectivePsk, salt []byte, outKey []byte) error {
keyingMaterialBuffer := buf.New()
keyingMaterialBuffer.Write(effectivePsk)
keyingMaterialBuffer.Write(Salt)
blake3.DeriveKey(OutKey, "shadowsocks 2022 identity subkey", keyingMaterialBuffer.Bytes())
keyingMaterialBuffer.Write(salt)
blake3.DeriveKey(outKey, "shadowsocks 2022 identity subkey", keyingMaterialBuffer.Bytes())
keyingMaterialBuffer.Release()
return nil
}
22 changes: 12 additions & 10 deletions proxy/shadowsocks2022/method_aes128gcm.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,14 @@ func newAES128GCMMethod() *AES128GCMMethod {
return &AES128GCMMethod{}
}

type AES128GCMMethod struct {
}
type AES128GCMMethod struct{}

func (A AES128GCMMethod) GetSessionSubKeyAndSaltLength() int {
func (a AES128GCMMethod) GetSessionSubKeyAndSaltLength() int {
return 16
}

func (A AES128GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error) {
aesCipher, err := aes.NewCipher(SessionSubKey)
func (a AES128GCMMethod) GetStreamAEAD(sessionSubKey []byte) (cipher.AEAD, error) {
aesCipher, err := aes.NewCipher(sessionSubKey)
if err != nil {
return nil, newError("failed to create AES cipher").Base(err)
}
Expand All @@ -28,16 +27,16 @@ func (A AES128GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error
return aead, nil
}

func (A AES128GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
aesCipher, err := aes.NewCipher(CurrentIdentitySubKey)
func (a AES128GCMMethod) GenerateEIH(currentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
aesCipher, err := aes.NewCipher(currentIdentitySubKey)
if err != nil {
return newError("failed to create AES cipher").Base(err)
}
aesCipher.Encrypt(out, nextPskHash)
return nil
}

func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
func (a AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
reqSeparateHeaderPsk := psk
if ipsk != nil {
reqSeparateHeaderPsk = ipsk[0]
Expand All @@ -51,9 +50,12 @@ func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva
return nil, newError("failed to create AES cipher").Base(err)
}
getPacketAEAD := func(sessionID []byte) cipher.AEAD {
sessionKey := make([]byte, A.GetSessionSubKeyAndSaltLength())
sessionKey := make([]byte, a.GetSessionSubKeyAndSaltLength())
derivation.GetSessionSubKey(psk, sessionID, sessionKey)
block, err := aes.NewCipher(sessionKey)
if err != nil {
panic(err)
}
aead, err := cipher.NewGCM(block)
if err != nil {
panic(err)
Expand All @@ -62,7 +64,7 @@ func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva
}
eihGenerator := newAESEIHGeneratorContainer(len(ipsk), psk, ipsk)
getEIH := func(mask []byte) ExtensibleIdentityHeaders {
eih, err := eihGenerator.GenerateEIHUDP(derivation, A, mask)
eih, err := eihGenerator.GenerateEIHUDP(derivation, a, mask)
if err != nil {
newError("failed to generate EIH").Base(err).WriteToLog()
}
Expand Down
Loading

0 comments on commit 39851b3

Please sign in to comment.