From 731a30d73bb3881c842fde020b0dd980d174bd99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 11 Nov 2022 21:15:42 +0800 Subject: [PATCH] Cleanup code --- go.mod | 6 +- go.sum | 12 +- shadowaead_2022/encrypted_stream.go | 167 ---------------------------- shadowaead_2022/protocol.go | 56 +++------- shadowaead_2022/protocol_option.go | 6 - shadowaead_2022/service.go | 21 +--- shadowaead_2022/service_multi.go | 10 +- 7 files changed, 28 insertions(+), 250 deletions(-) delete mode 100644 shadowaead_2022/encrypted_stream.go diff --git a/go.mod b/go.mod index 8a0062e..72a2a38 100644 --- a/go.mod +++ b/go.mod @@ -3,12 +3,12 @@ module github.com/sagernet/sing-shadowsocks go 1.18 require ( - github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f - golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d + github.com/sagernet/sing v0.0.0-20221008120626-60a9910eefe4 + golang.org/x/crypto v0.2.0 lukechampine.com/blake3 v1.1.7 ) require ( github.com/klauspost/cpuid/v2 v2.0.12 // indirect - golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect + golang.org/x/sys v0.2.0 // indirect ) diff --git a/go.sum b/go.sum index e8a5e14..901d588 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,11 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE= github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= -github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f h1:ekLjKIYjtkZNRN1c1IoNcpAsVZNKtO+Qe5cuHOwX0EI= -github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80= -golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +github.com/sagernet/sing v0.0.0-20221008120626-60a9910eefe4 h1:LO7xMvMGhYmjQg2vjhTzsODyzs9/WLYu5Per+/8jIeo= +github.com/sagernet/sing v0.0.0-20221008120626-60a9910eefe4/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4= +golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE= +golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0= lukechampine.com/blake3 v1.1.7/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA= diff --git a/shadowaead_2022/encrypted_stream.go b/shadowaead_2022/encrypted_stream.go deleted file mode 100644 index 96dfafc..0000000 --- a/shadowaead_2022/encrypted_stream.go +++ /dev/null @@ -1,167 +0,0 @@ -package shadowaead_2022 - -import ( - "encoding/binary" - "io" - - "github.com/sagernet/sing-shadowsocks/shadowaead" - "github.com/sagernet/sing/common" - "github.com/sagernet/sing/common/buf" -) - -const ( - recordTypeHandshake = 22 - recordTypeApplicationData = 23 - - tlsVersion10 = 0x0301 - tlsVersion12 = 0x0303 - - tlsEncryptedLengthChunkLength = 5 + shadowaead.Overhead -) - -func isTLSHandshake(payload []byte) bool { - if len(payload) < 5 { - return false - } - if payload[0] != recordTypeHandshake { - return false - } - tlsVersion := binary.BigEndian.Uint16(payload[1:]) - if tlsVersion != tlsVersion10 && tlsVersion != tlsVersion12 { - return false - } - return readTLSChunkEnd(payload) > 0 -} - -func readTLSChunkEnd(payload []byte) int { - pLen := len(payload) - index := 0 - for index < pLen { - if pLen-index < 5 { - break - } - dataLen := binary.BigEndian.Uint16(payload[index+3 : index+5]) - nextIndex := index + 5 + int(dataLen) - if nextIndex > pLen { - return index - } - index = nextIndex - } - return index -} - -type TLSEncryptedStreamReader struct { - upstream *shadowaead.Reader - raw io.Reader - buffer *buf.Buffer -} - -func NewTLSEncryptedStreamReader(upstream *shadowaead.Reader) *TLSEncryptedStreamReader { - var reader TLSEncryptedStreamReader - reader.upstream = upstream - reader.raw = upstream.Upstream().(io.Reader) - reader.buffer = upstream.Buffer() - return &reader -} - -func (r *TLSEncryptedStreamReader) Read(p []byte) (n int, err error) { - if !r.buffer.IsEmpty() { - return r.buffer.Read(p) - } - data := r.buffer.Slice() - _, err = io.ReadFull(r.raw, data[:tlsEncryptedLengthChunkLength]) - if err != nil { - return - } - r.buffer.FullReset() - err = r.upstream.ReadChunk(r.buffer, data[:tlsEncryptedLengthChunkLength]) - if err != nil { - return - } - recordType := data[0] - recordLen := int(binary.BigEndian.Uint16(data[3:5])) - if recordType == recordTypeApplicationData { - _, err = r.buffer.ReadFullFrom(r.raw, recordLen) - if err != nil { - return - } - } else { - _, err = io.ReadFull(r.raw, data[5:5+recordLen+shadowaead.Overhead]) - if err != nil { - return - } - err = r.upstream.ReadChunk(r.buffer, data[5:5+recordLen+shadowaead.Overhead]) - if err != nil { - return - } - } - return r.buffer.Read(p) -} - -type TLSEncryptedStreamWriter struct { - upstream *shadowaead.Writer - raw io.Writer - buffer *buf.Buffer - pipeIn *io.PipeReader - pipeOut *io.PipeWriter -} - -func NewTLSEncryptedStreamWriter(upstream *shadowaead.Writer) *TLSEncryptedStreamWriter { - var writer TLSEncryptedStreamWriter - writer.upstream = upstream - writer.raw = upstream.Upstream().(io.Writer) - writer.buffer = upstream.Buffer() - writer.pipeIn, writer.pipeOut = io.Pipe() - go writer.loopOut() - return &writer -} - -func (w *TLSEncryptedStreamWriter) Write(p []byte) (n int, err error) { - return w.pipeOut.Write(p) -} - -func (w *TLSEncryptedStreamWriter) loopOut() { - data := w.buffer.Slice() - var err error - for { - _, err = io.ReadFull(w.pipeIn, data[:5]) - if err != nil { - break - } - recordType := data[0] - recordLen := int(binary.BigEndian.Uint16(data[3:5])) - - w.buffer.FullReset() - w.upstream.WriteChunk(w.buffer, data[:5]) - - if recordType != recordTypeApplicationData { - _, err = io.ReadFull(w.pipeIn, data[tlsEncryptedLengthChunkLength:tlsEncryptedLengthChunkLength+recordLen]) - if err != nil { - return - } - w.upstream.WriteChunk(w.buffer, data[tlsEncryptedLengthChunkLength:tlsEncryptedLengthChunkLength+recordLen]) - } else { - _, err = w.buffer.ReadFullFrom(w.pipeIn, recordLen) - if err != nil { - break - } - } - - _, err = w.raw.Write(w.buffer.Bytes()) - if err != nil { - break - } - } - w.pipeIn.CloseWithError(err) -} - -func (w *TLSEncryptedStreamWriter) Close() error { - return common.Close( - w.upstream, - w.pipeOut, - ) -} - -func (w *TLSEncryptedStreamWriter) Upstream() any { - return w.upstream -} diff --git a/shadowaead_2022/protocol.go b/shadowaead_2022/protocol.go index c3d1168..d8e7e4e 100644 --- a/shadowaead_2022/protocol.go +++ b/shadowaead_2022/protocol.go @@ -40,9 +40,6 @@ const ( MaxPacketSize = 65535 RequestHeaderFixedChunkLength = 1 + 8 + 2 PacketMinimalHeaderSize = 30 - - // HeaderTypeClientEncrypted = 10 - // HeaderTypeServerEncrypted = 11 ) var ( @@ -180,16 +177,15 @@ func aeadCipher(block func(key []byte) (cipher.Block, error), aead func(block ci } type Method struct { - name string - keySaltLength int - constructor func(key []byte) (cipher.AEAD, error) - blockConstructor func(key []byte) (cipher.Block, error) - udpCipher cipher.AEAD - udpBlockEncryptCipher cipher.Block - udpBlockDecryptCipher cipher.Block - pskList [][]byte - pskHash []byte - encryptedProtocolExtension bool + name string + keySaltLength int + constructor func(key []byte) (cipher.AEAD, error) + blockConstructor func(key []byte) (cipher.Block, error) + udpCipher cipher.AEAD + udpBlockEncryptCipher cipher.Block + udpBlockDecryptCipher cipher.Block + pskList [][]byte + pskHash []byte } func (m *Method) Name() string { @@ -258,13 +254,6 @@ func (m *Method) writeExtendedIdentityHeaders(request *buf.Buffer, salt []byte) } func (c *clientConn) writeRequest(payload []byte) error { - var headerType byte - //if c.encryptedProtocolExtension && isTLSHandshake(payload) { - // headerType = HeaderTypeClientEncrypted - //} else { - headerType = HeaderTypeClient - //} - salt := make([]byte, c.keySaltLength) common.Must1(io.ReadFull(rand.Reader, salt)) @@ -290,20 +279,14 @@ func (c *clientConn) writeRequest(payload []byte) error { var _fixedLengthBuffer [RequestHeaderFixedChunkLength]byte fixedLengthBuffer := buf.With(common.Dup(_fixedLengthBuffer[:])) - common.Must(fixedLengthBuffer.WriteByte(headerType)) + common.Must(fixedLengthBuffer.WriteByte(HeaderTypeClient)) common.Must(binary.Write(fixedLengthBuffer, binary.BigEndian, uint64(time.Now().Unix()))) var paddingLen int if len(payload) < MaxPaddingLength { paddingLen = mRand.Intn(MaxPaddingLength) + 1 } variableLengthHeaderLen := M.SocksaddrSerializer.AddrPortLen(c.destination) + 2 + paddingLen - var payloadLen int - switch headerType { - case HeaderTypeClient: - payloadLen = len(payload) - // case HeaderTypeClientEncrypted: - // payloadLen = readTLSChunkEnd(payload) - } + payloadLen := len(payload) variableLengthHeaderLen += payloadLen common.Must(binary.Write(fixedLengthBuffer, binary.BigEndian, uint16(variableLengthHeaderLen))) writer.WriteChunk(header, fixedLengthBuffer.Slice()) @@ -329,18 +312,7 @@ func (c *clientConn) writeRequest(payload []byte) error { } c.requestSalt = salt - if headerType == HeaderTypeClient { - c.writer = writer - } /* else if headerType == HeaderTypeClientEncrypted { - encryptedWriter := NewTLSEncryptedStreamWriter(writer) - if payloadLen < len(payload) { - _, err = encryptedWriter.Write(payload[payloadLen:]) - if err != nil { - return err - } - } - c.writer = encryptedWriter - }*/ + c.writer = writer return nil } @@ -425,9 +397,7 @@ func (c *clientConn) readResponse() error { } if headerType == HeaderTypeServer { c.reader = reader - } /*else if headerType == HeaderTypeServerEncrypted { - c.reader = NewTLSEncryptedStreamReader(reader) - }*/ + } return nil } diff --git a/shadowaead_2022/protocol_option.go b/shadowaead_2022/protocol_option.go index 46e8e0b..c1dd77e 100644 --- a/shadowaead_2022/protocol_option.go +++ b/shadowaead_2022/protocol_option.go @@ -1,9 +1,3 @@ package shadowaead_2022 type MethodOption func(*Method) - -func MethodOptionEncryptedProtocolExtension() MethodOption { - return func(method *Method) { - method.encryptedProtocolExtension = true - } -} diff --git a/shadowaead_2022/service.go b/shadowaead_2022/service.go index c0888c8..8f542a2 100644 --- a/shadowaead_2022/service.go +++ b/shadowaead_2022/service.go @@ -163,7 +163,7 @@ func (s *Service) newConnection(ctx context.Context, conn net.Conn, metadata M.M return E.Cause(err, "read header") } - if headerType != HeaderTypeClient /* && headerType != HeaderTypeClientEncrypted */ { + if headerType != HeaderTypeClient { return E.Extend(ErrBadHeaderType, "expected ", HeaderTypeClient, ", got ", headerType) } @@ -221,12 +221,7 @@ func (s *Service) newConnection(ctx context.Context, conn net.Conn, metadata M.M requestSalt: requestSalt, } - switch headerType { - case HeaderTypeClient: - protocolConn.reader = reader - // case HeaderTypeClientEncrypted: - // protocolConn.reader = NewTLSEncryptedStreamReader(reader) - } + protocolConn.reader = reader metadata.Protocol = "shadowsocks" metadata.Destination = destination @@ -269,16 +264,8 @@ func (c *serverConn) writeResponse(payload []byte) (n int, err error) { salt.Release() common.KeepAlive(_salt) - var headerType byte - var payloadLen int - switch c.headerType { - case HeaderTypeClient: - headerType = HeaderTypeServer - payloadLen = len(payload) - // case HeaderTypeClientEncrypted: - // headerType = HeaderTypeServerEncrypted - // payloadLen = readTLSChunkEnd(payload) - } + headerType := byte(HeaderTypeServer) + payloadLen := len(payload) _headerFixedChunk := buf.StackNewSize(1 + 8 + c.keySaltLength + 2) headerFixedChunk := common.Dup(_headerFixedChunk) diff --git a/shadowaead_2022/service_multi.go b/shadowaead_2022/service_multi.go index 14b5591..548be85 100644 --- a/shadowaead_2022/service_multi.go +++ b/shadowaead_2022/service_multi.go @@ -183,7 +183,7 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta return E.Cause(err, "read header") } - if headerType != HeaderTypeClient /*&& headerType != HeaderTypeClientEncrypted*/ { + if headerType != HeaderTypeClient { return E.Extend(ErrBadHeaderType, "expected ", HeaderTypeClient, ", got ", headerType) } @@ -237,13 +237,7 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta requestSalt: requestSalt, } - switch headerType { - case HeaderTypeClient: - protocolConn.reader = reader - // case HeaderTypeClientEncrypted: - // protocolConn.reader = NewTLSEncryptedStreamReader(reader) - } - + protocolConn.reader = reader metadata.Protocol = "shadowsocks" metadata.Destination = destination return s.handler.NewConnection(auth.ContextWithUser(ctx, user), protocolConn, metadata)