Xray-core/proxy/shadowsocks/protocol.go

package shadowsocks

import (
	"crypto/cipher"
	"crypto/hmac"
	"crypto/rand"
	"crypto/sha256"
	"hash/crc32"
	"io"
	"io/ioutil"

	"github.com/xtls/xray-core/common"
	"github.com/xtls/xray-core/common/buf"
	"github.com/xtls/xray-core/common/crypto"
	"github.com/xtls/xray-core/common/dice"
	"github.com/xtls/xray-core/common/net"
	"github.com/xtls/xray-core/common/protocol"
)

const (
	Version = 1
)

var addrParser = protocol.NewAddressParser(
	protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4),
	protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
	protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
	protocol.WithAddressTypeParser(func(b byte) byte {
		return b & 0x0F
	}),
)

type FullReader struct {
	reader io.Reader
	buffer []byte
}

func (r *FullReader) Read(p []byte) (n int, err error) {
	if r.buffer != nil {
		n := copy(p, r.buffer)
		if n == len(r.buffer) {
			r.buffer = nil
		} else {
			r.buffer = r.buffer[n:]
		}
		if n == len(p) {
			return n, nil
		} else {
			m, err := r.reader.Read(p[n:])
			return n + m, err
		}
	}
	return r.reader.Read(p)
}

// ReadTCPSession reads a Shadowsocks TCP session from the given reader, returns its header and remaining parts.
func ReadTCPSession(users []*protocol.MemoryUser, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) {
	user := users[0]
	account := user.Account.(*MemoryAccount)

	hashkdf := hmac.New(sha256.New, []byte("SSBSKDF"))
	hashkdf.Write(account.Key)

	behaviorSeed := crc32.ChecksumIEEE(hashkdf.Sum(nil))

	behaviorRand := dice.NewDeterministicDice(int64(behaviorSeed))
	BaseDrainSize := behaviorRand.Roll(3266)
	RandDrainMax := behaviorRand.Roll(64) + 1
	RandDrainRolled := dice.Roll(RandDrainMax)
	DrainSize := BaseDrainSize + 16 + 38 + RandDrainRolled
	readSizeRemain := DrainSize

	var r2 buf.Reader

	if len(users) > 1 {
		buffer := buf.New()
		defer buffer.Release()

		if _, err := buffer.ReadFullFrom(reader, 50); err != nil {
			readSizeRemain -= int(buffer.Len())
			DrainConnN(reader, readSizeRemain)
			return nil, nil, newError("failed to read 50 bytes").Base(err)
		}

		bs := buffer.Bytes()

		var aeadCipher *AEADCipher
		var ivLen int32
		subkey := make([]byte, 32)
		length := make([]byte, 16)
		var aead cipher.AEAD
		var err error
		for _, user = range users {
			account = user.Account.(*MemoryAccount)
			aeadCipher = account.Cipher.(*AEADCipher)
			ivLen = aeadCipher.IVSize()
			subkey = subkey[:aeadCipher.KeyBytes]
			hkdfSHA1(account.Key, bs[:ivLen], subkey)
			aead = aeadCipher.AEADAuthCreator(subkey)
			_, err = aead.Open(length[:0], length[4:16], bs[ivLen:ivLen+18], nil)
			if err == nil {
				reader = &FullReader{reader, bs[ivLen:]}
				auth := &crypto.AEADAuthenticator{
					AEAD:           aead,
					NonceGenerator: crypto.GenerateInitialAEADNonce(),
				}
				r2 = crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
					Auth: auth,
				}, reader, protocol.TransferTypeStream, nil)
				break
			}
		}
		if err != nil {
			readSizeRemain -= int(buffer.Len())
			DrainConnN(reader, readSizeRemain)
			return nil, nil, newError("failed to match an user").Base(err)
		}
	}

	buffer := buf.New()
	defer buffer.Release()

	if r2 == nil {
		ivLen := account.Cipher.IVSize()
		var iv []byte
		if ivLen > 0 {
			if _, err := buffer.ReadFullFrom(reader, ivLen); err != nil {
				readSizeRemain -= int(buffer.Len())
				DrainConnN(reader, readSizeRemain)
				return nil, nil, newError("failed to read IV").Base(err)
			}
			iv = append([]byte(nil), buffer.BytesTo(ivLen)...)
		}

		r, err := account.Cipher.NewDecryptionReader(account.Key, iv, reader)
		if err != nil {
			readSizeRemain -= int(buffer.Len())
			DrainConnN(reader, readSizeRemain)
			return nil, nil, newError("failed to initialize decoding stream").Base(err).AtError()
		}
		r2 = r
	}

	br := &buf.BufferedReader{Reader: r2}

	request := &protocol.RequestHeader{
		Version: Version,
		User:    user,
		Command: protocol.RequestCommandTCP,
	}

	readSizeRemain -= int(buffer.Len())
	buffer.Clear()

	addr, port, err := addrParser.ReadAddressPort(buffer, br)
	if err != nil {
		readSizeRemain -= int(buffer.Len())
		DrainConnN(reader, readSizeRemain)
		return nil, nil, newError("failed to read address").Base(err)
	}

	request.Address = addr
	request.Port = port

	if request.Address == nil {
		readSizeRemain -= int(buffer.Len())
		DrainConnN(reader, readSizeRemain)
		return nil, nil, newError("invalid remote address.")
	}

	return request, br, nil
}

func DrainConnN(reader io.Reader, n int) error {
	_, err := io.CopyN(ioutil.Discard, reader, int64(n))
	return err
}

// WriteTCPRequest writes Shadowsocks request into the given writer, and returns a writer for body.
func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
	user := request.User
	account := user.Account.(*MemoryAccount)

	var iv []byte
	if account.Cipher.IVSize() > 0 {
		iv = make([]byte, account.Cipher.IVSize())
		common.Must2(rand.Read(iv))
		if err := buf.WriteAllBytes(writer, iv); err != nil {
			return nil, newError("failed to write IV")
		}
	}

	w, err := account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
	if err != nil {
		return nil, newError("failed to create encoding stream").Base(err).AtError()
	}

	header := buf.New()

	if err := addrParser.WriteAddressPort(header, request.Address, request.Port); err != nil {
		return nil, newError("failed to write address").Base(err)
	}

	if err := w.WriteMultiBuffer(buf.MultiBuffer{header}); err != nil {
		return nil, newError("failed to write header").Base(err)
	}

	return w, nil
}

func ReadTCPResponse(user *protocol.MemoryUser, reader io.Reader) (buf.Reader, error) {
	account := user.Account.(*MemoryAccount)

	var iv []byte
	if account.Cipher.IVSize() > 0 {
		iv = make([]byte, account.Cipher.IVSize())
		if _, err := io.ReadFull(reader, iv); err != nil {
			return nil, newError("failed to read IV").Base(err)
		}
	}

	return account.Cipher.NewDecryptionReader(account.Key, iv, reader)
}

func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (buf.Writer, error) {
	user := request.User
	account := user.Account.(*MemoryAccount)

	var iv []byte
	if account.Cipher.IVSize() > 0 {
		iv = make([]byte, account.Cipher.IVSize())
		common.Must2(rand.Read(iv))
		if err := buf.WriteAllBytes(writer, iv); err != nil {
			return nil, newError("failed to write IV.").Base(err)
		}
	}

	return account.Cipher.NewEncryptionWriter(account.Key, iv, writer)
}

func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buffer, error) {
	user := request.User
	account := user.Account.(*MemoryAccount)

	buffer := buf.New()
	ivLen := account.Cipher.IVSize()
	if ivLen > 0 {
		common.Must2(buffer.ReadFullFrom(rand.Reader, ivLen))
	}

	if err := addrParser.WriteAddressPort(buffer, request.Address, request.Port); err != nil {
		return nil, newError("failed to write address").Base(err)
	}

	buffer.Write(payload)

	if err := account.Cipher.EncodePacket(account.Key, buffer); err != nil {
		return nil, newError("failed to encrypt UDP payload").Base(err)
	}

	return buffer, nil
}

func DecodeUDPPacket(users []*protocol.MemoryUser, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) {
	var user *protocol.MemoryUser
	var account *MemoryAccount
	var err error

	if len(users) > 1 {
		bs := payload.Bytes()

		var aeadCipher *AEADCipher
		var ivLen int32
		subkey := make([]byte, 32)
		data := make([]byte, 8192)
		var aead cipher.AEAD
		var d []byte
		for _, user = range users {
			account = user.Account.(*MemoryAccount)
			aeadCipher = account.Cipher.(*AEADCipher)
			ivLen = aeadCipher.IVSize()
			subkey = subkey[:aeadCipher.KeyBytes]
			hkdfSHA1(account.Key, bs[:ivLen], subkey)
			aead = aeadCipher.AEADAuthCreator(subkey)
			d, err = aead.Open(data[:0], data[8180:8192], bs[ivLen:], nil)
			if err == nil {
				payload.Clear()
				payload.Write(d)
				break
			}
		}
	} else {
		user = users[0]
		account = user.Account.(*MemoryAccount)

		var iv []byte
		if !account.Cipher.IsAEAD() && account.Cipher.IVSize() > 0 {
			// Keep track of IV as it gets removed from payload in DecodePacket.
			iv = make([]byte, account.Cipher.IVSize())
			copy(iv, payload.BytesTo(account.Cipher.IVSize()))
		}

		err = account.Cipher.DecodePacket(account.Key, payload)
	}

	if err != nil {
		return nil, nil, newError("failed to decrypt UDP payload").Base(err)
	}

	request := &protocol.RequestHeader{
		Version: Version,
		User:    user,
		Command: protocol.RequestCommandUDP,
	}

	payload.SetByte(0, payload.Byte(0)&0x0F)

	addr, port, err := addrParser.ReadAddressPort(nil, payload)
	if err != nil {
		return nil, nil, newError("failed to parse address").Base(err)
	}

	request.Address = addr
	request.Port = port

	return request, payload, nil
}

type UDPReader struct {
	Reader io.Reader
	User   *protocol.MemoryUser
}

func (v *UDPReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
	buffer := buf.New()
	_, err := buffer.ReadFrom(v.Reader)
	if err != nil {
		buffer.Release()
		return nil, err
	}
	u, payload, err := DecodeUDPPacket([]*protocol.MemoryUser{v.User}, buffer)
	if err != nil {
		buffer.Release()
		return nil, err
	}
	dest := u.Destination()
	payload.UDP = &dest
	return buf.MultiBuffer{payload}, nil
}

type UDPWriter struct {
	Writer  io.Writer
	Request *protocol.RequestHeader
}

func (w *UDPWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
	for {
		mb2, b := buf.SplitFirst(mb)
		mb = mb2
		if b == nil {
			break
		}
		request := w.Request
		if b.UDP != nil {
			request = &protocol.RequestHeader{
				User:    w.Request.User,
				Address: b.UDP.Address,
				Port:    b.UDP.Port,
			}
		}
		packet, err := EncodeUDPPacket(request, b.Bytes())
		b.Release()
		if err != nil {
			buf.ReleaseMulti(mb)
			return err
		}
		_, err = w.Writer.Write(packet.Bytes())
		packet.Release()
		if err != nil {
			buf.ReleaseMulti(mb)
			return err
		}
	}
	return nil
}