SagerNet/sing-shadowtls
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-shadowtls.git synced 2025-04-04 04:37:37 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add multiple server names and multi-user

Browse source
This commit is contained in:
世界 2023-02-21 15:45:14 +08:00
parent e986e9cd9e
commit 9cb3e9e0ed
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
2 changed files with 115 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

42
v3_server.go
View file

@ -2,8 +2,10 @@ package shadowtls
import (
"bytes"
"context"
"crypto/hmac"
"crypto/sha1"
"crypto/tls"
"encoding/binary"
"hash"
"io"
@ -32,26 +34,42 @@ func extractFrame(conn net.Conn) (*buf.Buffer, error) {
return buffer, err
}
func verifyClientHello(frame []byte, password string) error {
func extractServerName(frame []byte) (string, error) {
var hello *tls.ClientHelloInfo
err := tls.Server(bufio.NewReadOnlyConn(bytes.NewReader(frame)), &tls.Config{
GetConfigForClient: func(argHello *tls.ClientHelloInfo) (*tls.Config, error) {
hello = argHello
return nil, nil
},
}).HandshakeContext(context.Background())
if hello != nil {
return hello.ServerName, nil
}
return "", err
}
func verifyClientHello(frame []byte, users []User) (*User, error) {
const minLen = tlsHeaderSize + 1 + 3 + 2 + tlsRandomSize + 1 + tlsSessionIDSize
const hmacIndex = sessionIDLengthIndex + 1 + tlsSessionIDSize - hmacSize
if len(frame) < minLen {
return io.ErrUnexpectedEOF
return nil, io.ErrUnexpectedEOF
} else if frame[0] != handshake {
return E.New("unexpected record type")
return nil, E.New("unexpected record type")
} else if frame[5] != clientHello {
return E.New("unexpected handshake type")
return nil, E.New("unexpected handshake type")
} else if frame[sessionIDLengthIndex] != tlsSessionIDSize {
return E.New("unexpected session id length")
return nil, E.New("unexpected session id length")
}
hmacSHA1Hash := hmac.New(sha1.New, []byte(password))
hmacSHA1Hash.Write(frame[tlsHeaderSize:hmacIndex])
hmacSHA1Hash.Write(rw.ZeroBytes[:4])
hmacSHA1Hash.Write(frame[hmacIndex+hmacSize:])
if !hmac.Equal(frame[hmacIndex:hmacIndex+hmacSize], hmacSHA1Hash.Sum(nil)[:hmacSize]) {
return E.New("hmac mismatch")
for _, user := range users {
hmacSHA1Hash := hmac.New(sha1.New, []byte(user.Password))
hmacSHA1Hash.Write(frame[tlsHeaderSize:hmacIndex])
hmacSHA1Hash.Write(rw.ZeroBytes[:4])
hmacSHA1Hash.Write(frame[hmacIndex+hmacSize:])
if hmac.Equal(frame[hmacIndex:hmacIndex+hmacSize], hmacSHA1Hash.Sum(nil)[:hmacSize]) {
return &user, nil
}
}
return nil
return nil, E.New("hmac mismatch")
}
func extractServerRandom(frame []byte) []byte {