ホーム エクスプローラ ヘルプ
サインイン
yosoyhendrix
/
psiphon-tunnel-core
同期ミラー https://github.com/Psiphon-Labs/psiphon-tunnel-core
1
0
フォーク 0
ファイル 課題 0 Wiki
ソースを参照

Fix: server entry SSH key uses padded base64 encoding

- Also, move server config GetSSHServerVersion selection above validation,
  making SSHServerVersion optional when ObfuscatedSSHKey is specified.
Rod Hynes 8 ヶ月 前
5ef8b1b706
コミット
9491ea04ab
2 ファイル変更21 行追加15 行削除
分割表示 差分情報を表示
  1. 1 1
      psiphon/common/protocol/packed.go
  2. 20 14
      psiphon/server/config.go

+ 1 - 1
psiphon/common/protocol/packed.go
ファイルの表示 

@@ -873,7 +873,7 @@ func init() {
 
 		{6, "sshPort", nil},
 
 		{7, "sshUsername", nil},
 
 		{8, "sshPassword", lowerHexConverter},
 
-		{9, "sshHostKey", unpaddedBase64Converter},
 
+		{9, "sshHostKey", base64Converter},
 
 		{10, "sshObfuscatedPort", nil},
 
 		{11, "sshObfuscatedQUICPort", nil},
 
 		{12, "limitQUICVersions", nil},

+ 20 - 14
psiphon/server/config.go
ファイルの表示 

@@ -669,6 +669,25 @@ func LoadConfig(configJSON []byte) (*Config, error) {
 
 		}
 
 	}
 
 
+	if config.ObfuscatedSSHKey != "" {
 
+
 
+		// Any SSHServerVersion selected here will take precedence over a
 
+		// value specified in the JSON config. Furthermore, the JSON config
 
+		// may omit SSHServerVersion as long as ObfuscatedSSHKey is specified
 
+		// and a value is selected.
 
+
 
+		seed, err := protocol.DeriveSSHServerVersionPRNGSeed(config.ObfuscatedSSHKey)
 
+		if err != nil {
 
+			return nil, errors.Tracef(
 
+				"DeriveSSHServerVersionPRNGSeed failed: %s", err)
 
+		}
 
+
 
+		serverVersion := values.GetSSHServerVersion(seed)
 
+		if serverVersion != "" {
 
+			config.SSHServerVersion = serverVersion
 
+		}
 
+	}
 
+
 
 	config.runningProtocols = []string{}
 
 	config.runningOnlyInproxyBroker = config.MeekServerRunInproxyBroker
 
 
@@ -766,19 +785,6 @@ func LoadConfig(configJSON []byte) (*Config, error) {
 
 		config.sshHandshakeTimeout = time.Duration(*config.SSHHandshakeTimeoutMilliseconds) * time.Millisecond
 
 	}
 
 
-	if config.ObfuscatedSSHKey != "" {
 
-		seed, err := protocol.DeriveSSHServerVersionPRNGSeed(config.ObfuscatedSSHKey)
 
-		if err != nil {
 
-			return nil, errors.Tracef(
 
-				"DeriveSSHServerVersionPRNGSeed failed: %s", err)
 
-		}
 
-
 
-		serverVersion := values.GetSSHServerVersion(seed)
 
-		if serverVersion != "" {
 
-			config.SSHServerVersion = serverVersion
 
-		}
 
-	}
 
-
 
 	if config.UDPInterceptUdpgwServerAddress != "" {
 
 		if err := validateNetworkAddress(config.UDPInterceptUdpgwServerAddress, true); err != nil {
 
 			return nil, errors.Tracef("UDPInterceptUdpgwServerAddress is invalid: %s", err)
 
@@ -1298,7 +1304,7 @@ func GenerateConfig(params *GenerateConfigParams) ([]byte, []byte, []byte, []byt
 
 		SshPort:                             sshPort,
 
 		SshUsername:                         sshUserName,
 
 		SshPassword:                         sshPassword,
 
-		SshHostKey:                          base64.RawStdEncoding.EncodeToString(sshPublicKey.Marshal()),
 
+		SshHostKey:                          base64.StdEncoding.EncodeToString(sshPublicKey.Marshal()),
 
 		SshObfuscatedPort:                   obfuscatedSSHPort,
 
 		SshObfuscatedQUICPort:               obfuscatedSSHQUICPort,
 
 		SshShadowsocksKey:                   shadowsocksKey,