mirror of
https://github.com/SagerNet/sing-shadowsocks.git
synced 2025-04-03 20:07:40 +03:00
Cleanup code
This commit is contained in:
世界
parent
7461bb09a8
commit
731a30d73b
7 changed files with 28 additions and 250 deletions
6
go.mod
6
go.mod
|
|
@ -3,12 +3,12 @@ module github.com/sagernet/sing-shadowsocks
|
|||
go 1.18
|
||||
|
||||
require (
|
||||
github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f
|
||||
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
|
||||
github.com/sagernet/sing v0.0.0-20221008120626-60a9910eefe4
|
||||
golang.org/x/crypto v0.2.0
|
||||
lukechampine.com/blake3 v1.1.7
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/klauspost/cpuid/v2 v2.0.12 // indirect
|
||||
golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
|
||||
golang.org/x/sys v0.2.0 // indirect
|
||||
)
|
||||
|
|
|
|||
12
go.sum
12
go.sum
|
|
@ -1,11 +1,11 @@
|
|||
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
|
||||
github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
|
||||
github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
|
||||
github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f h1:ekLjKIYjtkZNRN1c1IoNcpAsVZNKtO+Qe5cuHOwX0EI=
|
||||
github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
|
||||
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
|
||||
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80=
|
||||
golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
github.com/sagernet/sing v0.0.0-20221008120626-60a9910eefe4 h1:LO7xMvMGhYmjQg2vjhTzsODyzs9/WLYu5Per+/8jIeo=
|
||||
github.com/sagernet/sing v0.0.0-20221008120626-60a9910eefe4/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4=
|
||||
golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
|
||||
golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
|
||||
golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
|
||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0=
|
||||
lukechampine.com/blake3 v1.1.7/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA=
|
||||
|
|
|
|||
|
|
@ -1,167 +0,0 @@
|
|||
package shadowaead_2022
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"io"
|
||||
|
||||
"github.com/sagernet/sing-shadowsocks/shadowaead"
|
||||
"github.com/sagernet/sing/common"
|
||||
"github.com/sagernet/sing/common/buf"
|
||||
)
|
||||
|
||||
const (
|
||||
recordTypeHandshake = 22
|
||||
recordTypeApplicationData = 23
|
||||
|
||||
tlsVersion10 = 0x0301
|
||||
tlsVersion12 = 0x0303
|
||||
|
||||
tlsEncryptedLengthChunkLength = 5 + shadowaead.Overhead
|
||||
)
|
||||
|
||||
func isTLSHandshake(payload []byte) bool {
|
||||
if len(payload) < 5 {
|
||||
return false
|
||||
}
|
||||
if payload[0] != recordTypeHandshake {
|
||||
return false
|
||||
}
|
||||
tlsVersion := binary.BigEndian.Uint16(payload[1:])
|
||||
if tlsVersion != tlsVersion10 && tlsVersion != tlsVersion12 {
|
||||
return false
|
||||
}
|
||||
return readTLSChunkEnd(payload) > 0
|
||||
}
|
||||
|
||||
func readTLSChunkEnd(payload []byte) int {
|
||||
pLen := len(payload)
|
||||
index := 0
|
||||
for index < pLen {
|
||||
if pLen-index < 5 {
|
||||
break
|
||||
}
|
||||
dataLen := binary.BigEndian.Uint16(payload[index+3 : index+5])
|
||||
nextIndex := index + 5 + int(dataLen)
|
||||
if nextIndex > pLen {
|
||||
return index
|
||||
}
|
||||
index = nextIndex
|
||||
}
|
||||
return index
|
||||
}
|
||||
|
||||
type TLSEncryptedStreamReader struct {
|
||||
upstream *shadowaead.Reader
|
||||
raw io.Reader
|
||||
buffer *buf.Buffer
|
||||
}
|
||||
|
||||
func NewTLSEncryptedStreamReader(upstream *shadowaead.Reader) *TLSEncryptedStreamReader {
|
||||
var reader TLSEncryptedStreamReader
|
||||
reader.upstream = upstream
|
||||
reader.raw = upstream.Upstream().(io.Reader)
|
||||
reader.buffer = upstream.Buffer()
|
||||
return &reader
|
||||
}
|
||||
|
||||
func (r *TLSEncryptedStreamReader) Read(p []byte) (n int, err error) {
|
||||
if !r.buffer.IsEmpty() {
|
||||
return r.buffer.Read(p)
|
||||
}
|
||||
data := r.buffer.Slice()
|
||||
_, err = io.ReadFull(r.raw, data[:tlsEncryptedLengthChunkLength])
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
r.buffer.FullReset()
|
||||
err = r.upstream.ReadChunk(r.buffer, data[:tlsEncryptedLengthChunkLength])
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
recordType := data[0]
|
||||
recordLen := int(binary.BigEndian.Uint16(data[3:5]))
|
||||
if recordType == recordTypeApplicationData {
|
||||
_, err = r.buffer.ReadFullFrom(r.raw, recordLen)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
_, err = io.ReadFull(r.raw, data[5:5+recordLen+shadowaead.Overhead])
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
err = r.upstream.ReadChunk(r.buffer, data[5:5+recordLen+shadowaead.Overhead])
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
return r.buffer.Read(p)
|
||||
}
|
||||
|
||||
type TLSEncryptedStreamWriter struct {
|
||||
upstream *shadowaead.Writer
|
||||
raw io.Writer
|
||||
buffer *buf.Buffer
|
||||
pipeIn *io.PipeReader
|
||||
pipeOut *io.PipeWriter
|
||||
}
|
||||
|
||||
func NewTLSEncryptedStreamWriter(upstream *shadowaead.Writer) *TLSEncryptedStreamWriter {
|
||||
var writer TLSEncryptedStreamWriter
|
||||
writer.upstream = upstream
|
||||
writer.raw = upstream.Upstream().(io.Writer)
|
||||
writer.buffer = upstream.Buffer()
|
||||
writer.pipeIn, writer.pipeOut = io.Pipe()
|
||||
go writer.loopOut()
|
||||
return &writer
|
||||
}
|
||||
|
||||
func (w *TLSEncryptedStreamWriter) Write(p []byte) (n int, err error) {
|
||||
return w.pipeOut.Write(p)
|
||||
}
|
||||
|
||||
func (w *TLSEncryptedStreamWriter) loopOut() {
|
||||
data := w.buffer.Slice()
|
||||
var err error
|
||||
for {
|
||||
_, err = io.ReadFull(w.pipeIn, data[:5])
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
recordType := data[0]
|
||||
recordLen := int(binary.BigEndian.Uint16(data[3:5]))
|
||||
|
||||
w.buffer.FullReset()
|
||||
w.upstream.WriteChunk(w.buffer, data[:5])
|
||||
|
||||
if recordType != recordTypeApplicationData {
|
||||
_, err = io.ReadFull(w.pipeIn, data[tlsEncryptedLengthChunkLength:tlsEncryptedLengthChunkLength+recordLen])
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
w.upstream.WriteChunk(w.buffer, data[tlsEncryptedLengthChunkLength:tlsEncryptedLengthChunkLength+recordLen])
|
||||
} else {
|
||||
_, err = w.buffer.ReadFullFrom(w.pipeIn, recordLen)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
_, err = w.raw.Write(w.buffer.Bytes())
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
}
|
||||
w.pipeIn.CloseWithError(err)
|
||||
}
|
||||
|
||||
func (w *TLSEncryptedStreamWriter) Close() error {
|
||||
return common.Close(
|
||||
w.upstream,
|
||||
w.pipeOut,
|
||||
)
|
||||
}
|
||||
|
||||
func (w *TLSEncryptedStreamWriter) Upstream() any {
|
||||
return w.upstream
|
||||
}
|
||||
|
|
@ -40,9 +40,6 @@ const (
|
|||
MaxPacketSize = 65535
|
||||
RequestHeaderFixedChunkLength = 1 + 8 + 2
|
||||
PacketMinimalHeaderSize = 30
|
||||
|
||||
// HeaderTypeClientEncrypted = 10
|
||||
// HeaderTypeServerEncrypted = 11
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -180,16 +177,15 @@ func aeadCipher(block func(key []byte) (cipher.Block, error), aead func(block ci
|
|||
}
|
||||
|
||||
type Method struct {
|
||||
name string
|
||||
keySaltLength int
|
||||
constructor func(key []byte) (cipher.AEAD, error)
|
||||
blockConstructor func(key []byte) (cipher.Block, error)
|
||||
udpCipher cipher.AEAD
|
||||
udpBlockEncryptCipher cipher.Block
|
||||
udpBlockDecryptCipher cipher.Block
|
||||
pskList [][]byte
|
||||
pskHash []byte
|
||||
encryptedProtocolExtension bool
|
||||
name string
|
||||
keySaltLength int
|
||||
constructor func(key []byte) (cipher.AEAD, error)
|
||||
blockConstructor func(key []byte) (cipher.Block, error)
|
||||
udpCipher cipher.AEAD
|
||||
udpBlockEncryptCipher cipher.Block
|
||||
udpBlockDecryptCipher cipher.Block
|
||||
pskList [][]byte
|
||||
pskHash []byte
|
||||
}
|
||||
|
||||
func (m *Method) Name() string {
|
||||
|
|
@ -258,13 +254,6 @@ func (m *Method) writeExtendedIdentityHeaders(request *buf.Buffer, salt []byte)
|
|||
}
|
||||
|
||||
func (c *clientConn) writeRequest(payload []byte) error {
|
||||
var headerType byte
|
||||
//if c.encryptedProtocolExtension && isTLSHandshake(payload) {
|
||||
// headerType = HeaderTypeClientEncrypted
|
||||
//} else {
|
||||
headerType = HeaderTypeClient
|
||||
//}
|
||||
|
||||
salt := make([]byte, c.keySaltLength)
|
||||
common.Must1(io.ReadFull(rand.Reader, salt))
|
||||
|
||||
|
|
@ -290,20 +279,14 @@ func (c *clientConn) writeRequest(payload []byte) error {
|
|||
|
||||
var _fixedLengthBuffer [RequestHeaderFixedChunkLength]byte
|
||||
fixedLengthBuffer := buf.With(common.Dup(_fixedLengthBuffer[:]))
|
||||
common.Must(fixedLengthBuffer.WriteByte(headerType))
|
||||
common.Must(fixedLengthBuffer.WriteByte(HeaderTypeClient))
|
||||
common.Must(binary.Write(fixedLengthBuffer, binary.BigEndian, uint64(time.Now().Unix())))
|
||||
var paddingLen int
|
||||
if len(payload) < MaxPaddingLength {
|
||||
paddingLen = mRand.Intn(MaxPaddingLength) + 1
|
||||
}
|
||||
variableLengthHeaderLen := M.SocksaddrSerializer.AddrPortLen(c.destination) + 2 + paddingLen
|
||||
var payloadLen int
|
||||
switch headerType {
|
||||
case HeaderTypeClient:
|
||||
payloadLen = len(payload)
|
||||
// case HeaderTypeClientEncrypted:
|
||||
// payloadLen = readTLSChunkEnd(payload)
|
||||
}
|
||||
payloadLen := len(payload)
|
||||
variableLengthHeaderLen += payloadLen
|
||||
common.Must(binary.Write(fixedLengthBuffer, binary.BigEndian, uint16(variableLengthHeaderLen)))
|
||||
writer.WriteChunk(header, fixedLengthBuffer.Slice())
|
||||
|
|
@ -329,18 +312,7 @@ func (c *clientConn) writeRequest(payload []byte) error {
|
|||
}
|
||||
|
||||
c.requestSalt = salt
|
||||
if headerType == HeaderTypeClient {
|
||||
c.writer = writer
|
||||
} /* else if headerType == HeaderTypeClientEncrypted {
|
||||
encryptedWriter := NewTLSEncryptedStreamWriter(writer)
|
||||
if payloadLen < len(payload) {
|
||||
_, err = encryptedWriter.Write(payload[payloadLen:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
c.writer = encryptedWriter
|
||||
}*/
|
||||
c.writer = writer
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -425,9 +397,7 @@ func (c *clientConn) readResponse() error {
|
|||
}
|
||||
if headerType == HeaderTypeServer {
|
||||
c.reader = reader
|
||||
} /*else if headerType == HeaderTypeServerEncrypted {
|
||||
c.reader = NewTLSEncryptedStreamReader(reader)
|
||||
}*/
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,3 @@
|
|||
package shadowaead_2022
|
||||
|
||||
type MethodOption func(*Method)
|
||||
|
||||
func MethodOptionEncryptedProtocolExtension() MethodOption {
|
||||
return func(method *Method) {
|
||||
method.encryptedProtocolExtension = true
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ func (s *Service) newConnection(ctx context.Context, conn net.Conn, metadata M.M
|
|||
return E.Cause(err, "read header")
|
||||
}
|
||||
|
||||
if headerType != HeaderTypeClient /* && headerType != HeaderTypeClientEncrypted */ {
|
||||
if headerType != HeaderTypeClient {
|
||||
return E.Extend(ErrBadHeaderType, "expected ", HeaderTypeClient, ", got ", headerType)
|
||||
}
|
||||
|
||||
|
|
@ -221,12 +221,7 @@ func (s *Service) newConnection(ctx context.Context, conn net.Conn, metadata M.M
|
|||
requestSalt: requestSalt,
|
||||
}
|
||||
|
||||
switch headerType {
|
||||
case HeaderTypeClient:
|
||||
protocolConn.reader = reader
|
||||
// case HeaderTypeClientEncrypted:
|
||||
// protocolConn.reader = NewTLSEncryptedStreamReader(reader)
|
||||
}
|
||||
protocolConn.reader = reader
|
||||
|
||||
metadata.Protocol = "shadowsocks"
|
||||
metadata.Destination = destination
|
||||
|
|
@ -269,16 +264,8 @@ func (c *serverConn) writeResponse(payload []byte) (n int, err error) {
|
|||
salt.Release()
|
||||
common.KeepAlive(_salt)
|
||||
|
||||
var headerType byte
|
||||
var payloadLen int
|
||||
switch c.headerType {
|
||||
case HeaderTypeClient:
|
||||
headerType = HeaderTypeServer
|
||||
payloadLen = len(payload)
|
||||
// case HeaderTypeClientEncrypted:
|
||||
// headerType = HeaderTypeServerEncrypted
|
||||
// payloadLen = readTLSChunkEnd(payload)
|
||||
}
|
||||
headerType := byte(HeaderTypeServer)
|
||||
payloadLen := len(payload)
|
||||
|
||||
_headerFixedChunk := buf.StackNewSize(1 + 8 + c.keySaltLength + 2)
|
||||
headerFixedChunk := common.Dup(_headerFixedChunk)
|
||||
|
|
|
|||
|
|
@ -183,7 +183,7 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta
|
|||
return E.Cause(err, "read header")
|
||||
}
|
||||
|
||||
if headerType != HeaderTypeClient /*&& headerType != HeaderTypeClientEncrypted*/ {
|
||||
if headerType != HeaderTypeClient {
|
||||
return E.Extend(ErrBadHeaderType, "expected ", HeaderTypeClient, ", got ", headerType)
|
||||
}
|
||||
|
||||
|
|
@ -237,13 +237,7 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta
|
|||
requestSalt: requestSalt,
|
||||
}
|
||||
|
||||
switch headerType {
|
||||
case HeaderTypeClient:
|
||||
protocolConn.reader = reader
|
||||
// case HeaderTypeClientEncrypted:
|
||||
// protocolConn.reader = NewTLSEncryptedStreamReader(reader)
|
||||
}
|
||||
|
||||
protocolConn.reader = reader
|
||||
metadata.Protocol = "shadowsocks"
|
||||
metadata.Destination = destination
|
||||
return s.handler.NewConnection(auth.ContextWithUser(ctx, user), protocolConn, metadata)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue