SagerNet/sing
1
0
Fork 0
mirror of https://github.com/SagerNet/sing.git synced 2025-04-04 04:17:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
世界 2022-01-29 03:25:38 +08:00
commit 5cc189a169
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
32 changed files with 2565 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/.idea/

24
common/buf/buffer.go Normal file
View file

@ -0,0 +1,24 @@
package buf
var Empty []byte
func init() {
Empty = make([]byte, 128)
}
func ForeachN(b []byte, size int) [][]byte {
total := len(b)
var index int
var retArr [][]byte
for {
nextIndex := index + size
if nextIndex < total {
retArr = append(retArr, b[index:nextIndex])
index = nextIndex
} else {
retArr = append(retArr, b[index:])
break
}
}
return retArr
}

30
common/buf/pool.go Normal file
View file

@ -0,0 +1,30 @@
package buf
import (
"bytes"
"sync"
)
const BufferSize = 20 * 1024
var bufferPool = sync.Pool{
New: func() any {
var data [BufferSize]byte
return bytes.NewBuffer(data[:0])
},
}
func New() *bytes.Buffer {
return bufferPool.Get().(*bytes.Buffer)
}
func Extend(buffer *bytes.Buffer, size int) []byte {
l := buffer.Len()
buffer.Grow(size)
return buffer.Bytes()[l : l+size]
}
func Release(buffer *bytes.Buffer) {
buffer.Reset()
bufferPool.Put(buffer)
}

94
common/cond.go Normal file
View file

@ -0,0 +1,94 @@
package common
import (
"context"
"io"
"log"
"strings"
)
func Any[T any](array []T, block func(it T) bool) bool {
for _, it := range array {
if block(it) {
return true
}
}
return true
}
func Contains[T comparable](arr []T, target T) bool {
for i := range arr {
if target == arr[i] {
return true
}
}
return false
}
func Map[T any, N any](arr []T, block func(it T) N) []N {
var retArr []N
for index := range arr {
retArr = append(retArr, block(arr[index]))
}
return retArr
}
func Filter[T any](arr []T, block func(it T) bool) []T {
var retArr []T
for _, it := range arr {
if block(it) {
retArr = append(retArr, it)
}
}
return retArr
}
func Done(ctx context.Context) bool {
select {
case <-ctx.Done():
return true
default:
return false
}
}
func IsEmpty[T any](array []T) bool {
return len(array) == 0
}
func IsNotEmpty[T any](array []T) bool {
return len(array) >= 0
}
func IsBlank(str string) bool {
return strings.TrimSpace(str) == EmptyString
}
func IsNotBlank(str string) bool {
return strings.TrimSpace(str) != EmptyString
}
func Error(_ any, err error) error {
return err
}
func Must(err error) {
if err != nil {
log.Fatalln(err)
}
}
func Must1(_ any, err error) {
if err != nil {
log.Fatalln(err)
}
}
func Close(closers ...io.Closer) {
for _, closer := range closers {
if closer == nil {
continue
}
closer.Close()
}
}

3
common/const.go Normal file
View file

@ -0,0 +1,3 @@
package common
const EmptyString = ""

6
common/crypto/padding.go Normal file
View file

@ -0,0 +1,6 @@
package crypto
type PaddingLengthGenerator interface {
MaxPaddingLen() uint16
NextPaddingLen() uint16
}

13
common/crypto/rand.go Normal file
View file

@ -0,0 +1,13 @@
package crypto
import (
"crypto/rand"
"sing/common"
)
func RandomBytes(size int) []byte {
b := make([]byte, size)
common.Must1(rand.Read(b))
return b
}

48
common/crypto/salsa20.go Normal file
View file

@ -0,0 +1,48 @@
package crypto
import (
"crypto/cipher"
"encoding/binary"
"errors"
"golang.org/x/crypto/salsa20/salsa"
"sing/common"
)
type Salsa20Cipher struct {
nonce []byte
key [32]byte
counter uint64
}
func (s *Salsa20Cipher) XORKeyStream(dst, src []byte) {
if len(dst) < len(src) {
common.Must(errors.New("dst is smaller than src"))
}
padLen := int(s.counter % 64)
buf := make([]byte, len(src)+padLen)
var subNonce [16]byte
copy(subNonce[:], s.nonce)
binary.LittleEndian.PutUint64(subNonce[8:], s.counter/64)
// It's difficult to avoid data copy here. src or dst maybe slice from
// Conn.Read/Write, which can't have padding.
copy(buf[padLen:], src)
salsa.XORKeyStream(buf, buf, &subNonce, &s.key)
copy(dst, buf[padLen:])
s.counter += uint64(len(src))
}
func NewSalsa20(key []byte, nonce []byte) (cipher.Stream, error) {
var fixedSizedKey [32]byte
if len(key) != 32 {
return nil, errors.New("key size must be 32")
}
copy(fixedSizedKey[:], key)
return &Salsa20Cipher{
key: fixedSizedKey,
nonce: nonce,
}, nil
}

35
common/exceptions/error.go Normal file
View file

@ -0,0 +1,35 @@
package exceptions
import (
"errors"
"fmt"
)
type Exception interface {
error
Cause() error
}
type exception struct {
message string
cause error
}
func (e exception) Error() string {
if e.cause == nil {
return e.message
}
return e.message + ":" + e.cause.Error()
}
func (e exception) Cause() error {
return e.cause
}
func New(message ...any) error {
return errors.New(fmt.Sprint(message...))
}
func Cause(cause error, message ...any) Exception {
return &exception{fmt.Sprint(message...), cause}
}

39
common/rw/read.go Normal file
View file

@ -0,0 +1,39 @@
package rw
import (
"io"
"sing/common"
)
func Skip(reader io.Reader) error {
return SkipN(reader, 1)
}
func SkipN(reader io.Reader, size int) error {
return common.Error(ReadBytes(reader, size))
}
func ReadByte(reader io.Reader) (byte, error) {
var b [1]byte
if err := common.Error(io.ReadFull(reader, b[:])); err != nil {
return 0, err
}
return b[0], nil
}
func ReadBytes(reader io.Reader, size int) ([]byte, error) {
b := make([]byte, size)
if err := common.Error(io.ReadFull(reader, b[:])); err != nil {
return nil, err
}
return b, nil
}
func ReadString(reader io.Reader, size int) (string, error) {
b, err := ReadBytes(reader, size)
if err != nil {
return common.EmptyString, err
}
return string(b), nil
}

43
common/rw/write.go Normal file
View file

@ -0,0 +1,43 @@
package rw
import (
"io"
"sing/common"
)
var ZeroBytes = make([]byte, 1024)
func WriteByte(writer io.Writer, b byte) error {
return common.Error(writer.Write([]byte{b}))
}
func WriteBytes(writer io.Writer, b []byte) error {
return common.Error(writer.Write(b))
}
func WriteZero(writer io.Writer) error {
return WriteByte(writer, 0)
}
func WriteZeroN(writer io.Writer, size int) error {
var index int
for index < size {
next := index + 1024
if next < size {
_, err := writer.Write(ZeroBytes)
if err != nil {
return err
}
index = next
} else {
_, err := writer.Write(ZeroBytes[:size-index])
return err
}
}
return nil
}
func WriteString(writer io.Writer, str string) error {
return WriteBytes(writer, []byte(str))
}

68
common/socksaddr/addr.go Normal file
View file

@ -0,0 +1,68 @@
package socksaddr
import (
"net"
"net/netip"
)
type Addr interface {
Family() Family
Addr() netip.Addr
Fqdn() string
}
func AddrFromIP(ip net.IP) Addr {
addr, _ := netip.AddrFromSlice(ip)
if addr.Is4() {
return Addr4(addr.As4())
} else {
return Addr16(addr.As16())
}
}
func AddrFromFqdn(fqdn string) Addr {
return AddrFqdn(fqdn)
}
type Addr4 [4]byte
func (a Addr4) Family() Family {
return AddressFamilyIPv4
}
func (a Addr4) Addr() netip.Addr {
return netip.AddrFrom4(a)
}
func (a Addr4) Fqdn() string {
return ""
}
type Addr16 [16]byte
func (a Addr16) Family() Family {
return AddressFamilyIPv6
}
func (a Addr16) Addr() netip.Addr {
return netip.AddrFrom16(a)
}
func (a Addr16) Fqdn() string {
return ""
}
type AddrFqdn string
func (f AddrFqdn) Family() Family {
return AddressFamilyFqdn
}
func (f AddrFqdn) Addr() netip.Addr {
return netip.Addr{}
}
func (f AddrFqdn) Fqdn() string {
return string(f)
}

12
common/socksaddr/exception.go Normal file
View file

@ -0,0 +1,12 @@
package socksaddr
import "fmt"
type StringTooLongException struct {
Op string
Len int
}
func (e StringTooLongException) Error() string {
return fmt.Sprint(e.Op, " too long: length ", e.Len, ", max 255")
}

27
common/socksaddr/family.go Normal file
View file

@ -0,0 +1,27 @@
package socksaddr
type Family byte
const (
AddressFamilyIPv4 Family = iota
AddressFamilyIPv6
AddressFamilyFqdn
)
func (af Family) IsIPv4() bool {
return af == AddressFamilyIPv4
}
func (af Family) IsIPv6() bool {
return af == AddressFamilyIPv6
}
func (af Family) IsIP() bool {
return af != AddressFamilyFqdn
}
func (af Family) IsFqdn() bool {
return af == AddressFamilyFqdn
}
type FamilyParser func(byte) byte

168
common/socksaddr/serializer.go Normal file
View file

@ -0,0 +1,168 @@
package socksaddr
import (
"encoding/binary"
"io"
"sing/common"
"sing/common/exceptions"
"sing/common/rw"
)
type SerializerOption func(*Serializer)
func AddressFamilyByte(b byte, f Family) SerializerOption {
return func(s *Serializer) {
s.familyMap[b] = f
s.familyByteMap[f] = b
}
}
func PortThenAddress() SerializerOption {
return func(s *Serializer) {
s.portFirst = true
}
}
func WithFamilyParser(fp FamilyParser) SerializerOption {
return func(s *Serializer) {
s.familyParser = fp
}
}
type Serializer struct {
familyMap map[byte]Family
familyByteMap map[Family]byte
familyParser FamilyParser
portFirst bool
}
func NewSerializer(options ...SerializerOption) *Serializer {
s := &Serializer{
familyMap: make(map[byte]Family),
familyByteMap: make(map[Family]byte),
}
for _, option := range options {
option(s)
}
return s
}
func (s *Serializer) WriteAddress(writer io.Writer, addr Addr) error {
err := rw.WriteByte(writer, s.familyByteMap[addr.Family()])
if err != nil {
return err
}
if addr.Family().IsIP() {
err = rw.WriteBytes(writer, addr.Addr().AsSlice())
} else {
domain := addr.Fqdn()
err = WriteString(writer, "fqdn", domain)
}
return err
}
func (s *Serializer) WritePort(writer io.Writer, port uint16) error {
return binary.Write(writer, binary.BigEndian, port)
}
func (s *Serializer) WriteAddressAndPort(writer io.Writer, addr Addr, port uint16) error {
var err error
if !s.portFirst {
err = s.WriteAddress(writer, addr)
} else {
err = s.WritePort(writer, port)
}
if err != nil {
return err
}
if s.portFirst {
err = s.WriteAddress(writer, addr)
} else {
err = s.WritePort(writer, port)
}
return err
}
func (s *Serializer) ReadAddress(reader io.Reader) (Addr, error) {
af, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if s.familyParser != nil {
af = s.familyParser(af)
}
family := s.familyMap[af]
switch family {
case AddressFamilyFqdn:
fqdn, err := ReadString(reader)
if err != nil {
return nil, exceptions.Cause(err, "read fqdn")
}
return AddrFqdn(fqdn), nil
default:
switch family {
case AddressFamilyIPv4:
var addr [4]byte
err = common.Error(reader.Read(addr[:]))
if err != nil {
return nil, exceptions.Cause(err, "read ipv4 address")
}
return Addr4(addr), nil
case AddressFamilyIPv6:
var addr [16]byte
err = common.Error(reader.Read(addr[:]))
if err != nil {
return nil, exceptions.Cause(err, "read ipv6 address")
}
return Addr16(addr), nil
default:
return nil, exceptions.New("unknown address family: ", af)
}
}
}
func (s *Serializer) ReadPort(reader io.Reader) (uint16, error) {
port, err := rw.ReadBytes(reader, 2)
if err != nil {
return 0, exceptions.Cause(err, "read port")
}
return binary.BigEndian.Uint16(port), nil
}
func (s *Serializer) ReadAddressAndPort(reader io.Reader) (addr Addr, port uint16, err error) {
if !s.portFirst {
addr, err = s.ReadAddress(reader)
} else {
port, err = s.ReadPort(reader)
}
if err != nil {
return
}
if s.portFirst {
addr, err = s.ReadAddress(reader)
} else {
port, err = s.ReadPort(reader)
}
return
}
func ReadString(reader io.Reader) (string, error) {
strLen, err := rw.ReadByte(reader)
if err != nil {
return common.EmptyString, err
}
return rw.ReadString(reader, int(strLen))
}
func WriteString(writer io.Writer, op string, str string) error {
strLen := len(str)
if strLen > 255 {
return &StringTooLongException{op, strLen}
}
err := rw.WriteByte(writer, byte(strLen))
if err != nil {
return err
}
return rw.WriteString(writer, str)
}

11
common/unsafe.go Normal file
View file

@ -0,0 +1,11 @@
package common
import "unsafe"
func PointerOf(reference any) uintptr {
return (uintptr)(unsafe.Pointer(reference.(*interface{})))
}
func PointerEquals(reference any, other any) bool {
return PointerOf(reference) == PointerOf(other)
}

36
go.mod Normal file
View file

@ -0,0 +1,36 @@
module sing
go 1.18
require (
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152
github.com/geeksbaek/seed v0.0.0-20180909040025-2a7f5fb92e22
github.com/kierdavis/cfb8 v0.0.0-20180105024805-3a17c36ee2f8
golang.org/x/crypto v0.0.0-20220126234351-aa10faf2a1f8
)
// for testing only
require github.com/v2fly/v2ray-core/v5 v5.0.3
//replace github.com/v2fly/v2ray-core/v5 => ../v2ray-core
replace github.com/v2fly/v2ray-core/v5 => github.com/sagernet/v2ray-core/v5 v5.0.7-0.20220128184540-38f59e02f567
// https://github.com/google/gvisor/releases/tag/release-20211129.0
//replace gvisor.dev/gvisor => ../gvisor
replace gvisor.dev/gvisor => github.com/sagernet/gvisor v0.0.0-20220109124627-f8f67dadd776
require (
github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/pires/go-proxyproto v0.6.1 // indirect
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c // indirect
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e // indirect
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
google.golang.org/protobuf v1.27.1 // indirect
)

95
go.sum Normal file
View file

@ -0,0 +1,95 @@
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d h1:CPqTNIigGweVPT4CYb+OO2E6XyRKFOmvTHwWRLgCAlE=
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d/go.mod h1:QX5ZVULjAfZJux/W62Y91HvCh9hyW6enAwcrrv/sLj0=
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb h1:zXpN5126w/mhECTkqazBkrOJIMatbPP71aSIDR5UuW4=
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb/go.mod h1:F7WkpqJj9t98ePxB/WJGQTIDeOVPuSJ3qdn6JUjg170=
github.com/dgryski/go-metro v0.0.0-20200812162917-85c65e2d0165/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 h1:y7y0Oa6UawqTFPCDw9JG6pdKt4F9pAhHv0B7FMGaGD0=
github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152 h1:ED31mPIxDJnrLt9W9dH5xgd/6KjzEACKHBVGQ33czc0=
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152/go.mod h1:I9fhc/EvSg88cDxmfQ47v35Ssz9rlFunL/KY0A1JAYI=
github.com/ebfe/bcrypt_pbkdf v0.0.0-20140212075826-3c8d2dcb253a h1:YtdtTUN1iH97s+6PUjLnaiKSQj4oG1/EZ3N9bx6g4kU=
github.com/ebfe/rc2 v0.0.0-20131011165748-24b9757f5521 h1:fBHFH+Y/GPGFGo7LIrErQc3p2MeAhoIQNgaxPWYsSxk=
github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
github.com/geeksbaek/seed v0.0.0-20180909040025-2a7f5fb92e22 h1:CdVtqYWYGIEuYCbtyx6BVMKOcO0N6lKm99cR1DZubAs=
github.com/geeksbaek/seed v0.0.0-20180909040025-2a7f5fb92e22/go.mod h1:YS1s0XuwU13tHT0WeYeUXUwGk1m8WZvSbK9cx/kY1SE=
github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
github.com/jhump/protoreflect v1.10.1 h1:iH+UZfsbRE6vpyZH7asAjTPWJf7RJbpZ9j/N3lDlKs0=
github.com/kierdavis/cfb8 v0.0.0-20180105024805-3a17c36ee2f8 h1:QxgFSDEqLP8ZsmVm/Qke0HP6JLV7EB93vtWK7noU1Sw=
github.com/kierdavis/cfb8 v0.0.0-20180105024805-3a17c36ee2f8/go.mod h1:uL2TcUivilrs0kPsqUwIf8XHAcmkSjsfrzSgAJwS0TI=
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
github.com/lucas-clemente/quic-go v0.25.0 h1:K+X9Gvd7JXsOHtU0N2icZ2Nw3rx82uBej3mP4CLgibc=
github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 h1:EnfXoSqDfSNJv0VBNqY/88RNnhSGYkrHaO0mmFGbVsc=
github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=
github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk=
github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1 h1:EnzzN9fPUkUck/1CuY1FlzBaIYMoiBsdwTNmNGkwUUM=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw=
github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
github.com/sagernet/gvisor v0.0.0-20220109124627-f8f67dadd776 h1:NBeFhu3oWPjBCAifVeTDyIuxK5SfHUeHG1b0OA3/EZI=
github.com/sagernet/v2ray-core/v5 v5.0.7-0.20220128184540-38f59e02f567 h1:ZqzVNuyPKHQJKdz2BMTQagFeAHjWprlvtOHDLQ3F1uQ=
github.com/sagernet/v2ray-core/v5 v5.0.7-0.20220128184540-38f59e02f567/go.mod h1:4FMkEwBDneahJymFQGpJtQ0OlC33hpmCoyUneaOQDno=
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c h1:pqy40B3MQWYrza7YZXOXgl0Nf0QGFqrOC0BKae1UNAA=
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/v2fly/BrowserBridge v0.0.0-20210430233438-0570fc1d7d08 h1:4Yh46CVE3k/lPq6hUbEdbB1u1anRBXLewm3k+L0iOMc=
github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848 h1:p1UzXK6VAutXFFQMnre66h7g1BjRKUnLv0HfmmRoz7w=
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI=
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU=
github.com/xtaci/smux v1.5.16 h1:FBPYOkW8ZTjLKUM4LI4xnnuuDC8CQ/dB04HD519WoEk=
go.starlark.net v0.0.0-20211203141949-70c0e40ae128 h1:bxH+EXOo87zEOwKDdZ8Tevgi6irRbqheRm/fr293c58=
go4.org/intern v0.0.0-20211027215823-ae77deb06f29 h1:UXLjNohABv4S58tHmeuIZDO6e3mHpW2Dx33gaNt03LE=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37 h1:Tx9kY6yUkLge/pFG7IEMwDZy6CS2ajFc9TvQdPCW0uA=
golang.org/x/crypto v0.0.0-20220126234351-aa10faf2a1f8 h1:kACShD3qhmr/3rLmg1yXyt+N4HcwutKyPRB93s54TIU=
golang.org/x/crypto v0.0.0-20220126234351-aa10faf2a1f8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
golang.org/x/tools v0.1.9 h1:j9KsMiaP1c3B0OTQGth0/k+miLGTgLsAFUCrF2vLcF8=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d h1:9+v0G0naRhLPOJEeJOL6NuXTtAHHwmkyZlgQJ0XcQ8I=
golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 h1:Ug9qvr1myri/zFN6xL17LSCBGFDnphBBhzmILHsM5TY=
golang.zx2c4.com/wireguard v0.0.0-20220117163742-e0b8f11489c5 h1:fREdS2tvy7LARzKUA868aAABc35XOo4CMHydwv+alR4=
google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350 h1:YxHp5zqIcAShDEvRr5/0rVESVS+njYF68PSdazrNLJo=
google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 h1:acCzuUSQ79tGsM/O50VRFySfMm19IoMKL+sZztZkCxw=

37
protocol/shadowsocks/cipher.go Normal file
View file

@ -0,0 +1,37 @@
package shadowsocks
import (
"bytes"
"io"
"sing/common/exceptions"
)
type Cipher interface {
KeySize() int
IVSize() int
NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, error)
NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (io.Reader, error)
EncodePacket(key []byte, buffer *bytes.Buffer) error
DecodePacket(key []byte, buffer *bytes.Buffer) error
}
type CipherCreator func() Cipher
var cipherList map[string]CipherCreator
func init() {
cipherList = make(map[string]CipherCreator)
}
func RegisterCipher(method string, creator CipherCreator) {
cipherList[method] = creator
}
func CreateCipher(method string) (Cipher, error) {
creator := cipherList[method]
if creator != nil {
return creator(), nil
}
return nil, exceptions.New("unsupported method: ", method)
}

249
protocol/shadowsocks/cipher_aead.go Normal file
View file

@ -0,0 +1,249 @@
package shadowsocks
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"encoding/binary"
"io"
"golang.org/x/crypto/chacha20poly1305"
"sing/common"
"sing/common/buf"
"sing/common/exceptions"
"sing/common/rw"
)
func init() {
RegisterCipher("aes-128-gcm", func() Cipher {
return &AEADCipher{
KeyLength: 16,
IVLength: 16,
Constructor: aesGcm,
}
})
RegisterCipher("aes-192-gcm", func() Cipher {
return &AEADCipher{
KeyLength: 24,
IVLength: 24,
Constructor: aesGcm,
}
})
RegisterCipher("aes-256-gcm", func() Cipher {
return &AEADCipher{
KeyLength: 32,
IVLength: 32,
Constructor: aesGcm,
}
})
RegisterCipher("chacha20-ietf-poly1305", func() Cipher {
return &AEADCipher{
KeyLength: 32,
IVLength: 32,
Constructor: chacha20Poly1305,
}
})
RegisterCipher("xchacha20-ietf-poly1305", func() Cipher {
return &AEADCipher{
KeyLength: 32,
IVLength: 32,
Constructor: xchacha20Poly1305,
}
})
}
func aesGcm(key []byte) cipher.AEAD {
block, err := aes.NewCipher(key)
common.Must(err)
aead, err := cipher.NewGCM(block)
common.Must(err)
return aead
}
func chacha20Poly1305(key []byte) cipher.AEAD {
aead, err := chacha20poly1305.New(key)
common.Must(err)
return aead
}
func xchacha20Poly1305(key []byte) cipher.AEAD {
aead, err := chacha20poly1305.NewX(key)
common.Must(err)
return aead
}
type AEADCipher struct {
KeyLength int
IVLength int
Constructor func(key []byte) cipher.AEAD
}
func (c *AEADCipher) KeySize() int {
return c.KeyLength
}
func (c *AEADCipher) IVSize() int {
return c.IVLength
}
func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, error) {
return NewAEADWriter(writer, c.Constructor(Kdf(key, iv, c.KeyLength))), nil
}
func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (io.Reader, error) {
return NewAEADReader(reader, c.Constructor(Kdf(key, iv, c.KeyLength))), nil
}
func (c *AEADCipher) EncodePacket(key []byte, buffer *bytes.Buffer) error {
aead := c.Constructor(Kdf(key, buffer.Bytes()[:c.IVLength], c.KeyLength))
end := buffer.Len()
buffer.Grow(aead.Overhead())
aead.Seal(buffer.Bytes()[:c.IVLength], rw.ZeroBytes[:aead.NonceSize()], buffer.Bytes()[c.IVLength:end], nil)
return nil
}
func (c *AEADCipher) DecodePacket(key []byte, buffer *bytes.Buffer) error {
if buffer.Len() < c.IVLength {
return exceptions.New("bad packet")
}
aead := c.Constructor(Kdf(key, buffer.Bytes()[:c.IVLength], c.KeyLength))
_, err := aead.Open(buffer.Bytes()[:c.IVLength], rw.ZeroBytes[:aead.NonceSize()], buffer.Bytes()[c.IVLength:], nil)
if err != nil {
return err
}
buffer.Truncate(aead.Overhead())
return nil
}
type AEADReader struct {
upstream io.Reader
cipher cipher.AEAD
buffer *bytes.Buffer
data []byte
nonce []byte
index int
cached int
}
func NewAEADReader(upstream io.Reader, cipher cipher.AEAD) *AEADReader {
buffer := buf.New()
buffer.Grow(MaxPacketSize)
return &AEADReader{
upstream: upstream,
cipher: cipher,
buffer: buffer,
data: buffer.Bytes(),
nonce: make([]byte, cipher.NonceSize()),
}
}
func (r *AEADReader) Read(b []byte) (n int, err error) {
if r.cached > 0 {
n = copy(b, r.data[r.index:r.index+r.cached])
r.cached -= n
r.index += n
return
}
start := PacketLengthBufferSize + r.cipher.Overhead()
_, err = io.ReadFull(r.upstream, r.data[:start])
if err != nil {
return 0, err
}
_, err = r.cipher.Open(r.data[:0], r.nonce, r.data[:start], nil)
if err != nil {
return 0, err
}
increaseNonce(r.nonce)
length := int(binary.BigEndian.Uint16(r.data[:PacketLengthBufferSize]))
end := length + r.cipher.Overhead()
if len(b) >= end {
data := b[:end]
_, err = io.ReadFull(r.upstream, data)
if err != nil {
return 0, err
}
_, err = r.cipher.Open(b[:0], r.nonce, data, nil)
if err != nil {
return 0, err
}
increaseNonce(r.nonce)
return length, nil
} else {
_, err = io.ReadFull(r.upstream, r.data[:end])
if err != nil {
return 0, err
}
_, err = r.cipher.Open(r.data[:0], r.nonce, r.data[:end], nil)
if err != nil {
return 0, err
}
increaseNonce(r.nonce)
n = copy(b, r.data[:length])
r.cached = length - n
r.index = n
return
}
}
func (r *AEADReader) Close() error {
buf.Release(r.buffer)
return nil
}
type AEADWriter struct {
upstream io.Writer
cipher cipher.AEAD
buffer *bytes.Buffer
data []byte
nonce []byte
}
func NewAEADWriter(upstream io.Writer, cipher cipher.AEAD) *AEADWriter {
buffer := buf.New()
buffer.Grow(MaxPacketSize)
return &AEADWriter{
upstream: upstream,
cipher: cipher,
buffer: buffer,
data: buffer.Bytes(),
nonce: make([]byte, cipher.NonceSize()),
}
}
func (w *AEADWriter) Write(p []byte) (n int, err error) {
maxDataSize := MaxPacketSize - PacketLengthBufferSize - w.cipher.Overhead()*2
for _, data := range buf.ForeachN(p, maxDataSize) {
binary.BigEndian.PutUint16(w.data[:PacketLengthBufferSize], uint16(len(data)))
w.cipher.Seal(w.data[:0], w.nonce, w.data[:PacketLengthBufferSize], nil)
increaseNonce(w.nonce)
start := w.cipher.Overhead() + PacketLengthBufferSize
packet := w.cipher.Seal(w.data[:start], w.nonce, data, nil)
increaseNonce(w.nonce)
pn, err := w.upstream.Write(packet)
if err != nil {
return 0, err
}
n += pn
}
return
}
func (w *AEADWriter) Close() error {
buf.Release(w.buffer)
return nil
}
func increaseNonce(nonce []byte) {
for i := range nonce {
nonce[i]++
if nonce[i] != 0 {
return
}
}
}

38
protocol/shadowsocks/cipher_none.go Normal file
View file

@ -0,0 +1,38 @@
package shadowsocks
import (
"bytes"
"io"
)
func init() {
RegisterCipher("none", func() Cipher {
return (*NoneCipher)(nil)
})
}
type NoneCipher struct{}
func (c *NoneCipher) KeySize() int {
return 16
}
func (c *NoneCipher) IVSize() int {
return 0
}
func (c *NoneCipher) NewEncryptionWriter(_ []byte, _ []byte, writer io.Writer) (io.Writer, error) {
return writer, nil
}
func (c *NoneCipher) NewDecryptionReader(_ []byte, _ []byte, reader io.Reader) (io.Reader, error) {
return reader, nil
}
func (c *NoneCipher) EncodePacket([]byte, *bytes.Buffer) error {
return nil
}
func (c *NoneCipher) DecodePacket([]byte, *bytes.Buffer) error {
return nil
}

374
protocol/shadowsocks/cipher_stream.go Normal file
View file

@ -0,0 +1,374 @@
//go:build !no_shadowsocks_stream
package shadowsocks
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/des"
"crypto/md5"
"crypto/rc4"
"io"
"sync"
"github.com/aead/chacha20"
"github.com/aead/chacha20/chacha"
"github.com/dgryski/go-camellia"
"github.com/dgryski/go-idea"
"github.com/dgryski/go-rc2"
"github.com/geeksbaek/seed"
"github.com/kierdavis/cfb8"
"golang.org/x/crypto/blowfish"
"golang.org/x/crypto/cast5"
"sing/common/crypto"
"sing/common/exceptions"
)
func init() {
RegisterCipher("aes-128-ctr", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
}
})
RegisterCipher("aes-192-ctr", func() Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
}
})
RegisterCipher("aes-256-ctr", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
}
})
RegisterCipher("aes-128-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBDecrypter),
}
})
RegisterCipher("aes-192-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBDecrypter),
}
})
RegisterCipher("aes-256-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBDecrypter),
}
})
RegisterCipher("aes-128-cfb8", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cfb8.NewEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cfb8.NewDecrypter),
}
})
RegisterCipher("aes-192-cfb8", func() Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cfb8.NewEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cfb8.NewDecrypter),
}
})
RegisterCipher("aes-256-cfb8", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cfb8.NewEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cfb8.NewDecrypter),
}
})
RegisterCipher("aes-128-ofb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
}
})
RegisterCipher("aes-192-ofb", func() Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
}
})
RegisterCipher("aes-256-ofb", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
}
})
RegisterCipher("rc4", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: 16,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return rc4.NewCipher(key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return rc4.NewCipher(key)
},
}
})
RegisterCipher("rc4-md5", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: 16,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
h := md5.New()
h.Write(key)
h.Write(iv)
return rc4.NewCipher(h.Sum(nil))
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
h := md5.New()
h.Write(key)
h.Write(iv)
return rc4.NewCipher(h.Sum(nil))
},
}
})
RegisterCipher("bf-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: blowfish.BlockSize,
EncryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return blowfish.NewCipher(key) }, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return blowfish.NewCipher(key) }, cipher.NewCFBDecrypter),
}
})
RegisterCipher("cast5-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: cast5.BlockSize,
EncryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return cast5.NewCipher(key) }, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return cast5.NewCipher(key) }, cipher.NewCFBDecrypter),
}
})
RegisterCipher("des-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 8,
IVLength: des.BlockSize,
EncryptConstructor: blockStream(des.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(des.NewCipher, cipher.NewCFBDecrypter),
}
})
RegisterCipher("idea-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: 8,
EncryptConstructor: blockStream(idea.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(idea.NewCipher, cipher.NewCFBDecrypter),
}
})
RegisterCipher("rc2-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: rc2.BlockSize,
EncryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return rc2.New(key, 16) }, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return rc2.New(key, 16) }, cipher.NewCFBDecrypter),
}
})
RegisterCipher("seed-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: seed.BlockSize,
EncryptConstructor: blockStream(seed.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(seed.NewCipher, cipher.NewCFBDecrypter),
}
})
RegisterCipher("camellia-128-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(camellia.New, cipher.NewCFBDecrypter),
}
})
RegisterCipher("camellia-192-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(camellia.New, cipher.NewCFBDecrypter),
}
})
RegisterCipher("camellia-256-cfb", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(camellia.New, cipher.NewCFBDecrypter),
}
})
RegisterCipher("camellia-128-cfb8", func() Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cfb8.NewEncrypter),
DecryptConstructor: blockStream(camellia.New, cfb8.NewDecrypter),
}
})
RegisterCipher("camellia-192-cfb8", func() Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cfb8.NewEncrypter),
DecryptConstructor: blockStream(camellia.New, cfb8.NewDecrypter),
}
})
RegisterCipher("camellia-256-cfb8", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cfb8.NewEncrypter),
DecryptConstructor: blockStream(camellia.New, cfb8.NewDecrypter),
}
})
RegisterCipher("salsa20", func() Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: 8,
EncryptConstructor: crypto.NewSalsa20,
DecryptConstructor: crypto.NewSalsa20,
}
})
RegisterCipher("chacha20-ietf", func() Cipher {
return &StreamCipher{
KeyLength: chacha.KeySize,
IVLength: chacha.INonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
}
})
}
func blockStream(blockCreator func(key []byte) (cipher.Block, error), streamCreator func(block cipher.Block, iv []byte) cipher.Stream) func([]byte, []byte) (cipher.Stream, error) {
return func(key []byte, iv []byte) (cipher.Stream, error) {
block, err := blockCreator(key)
if err != nil {
return nil, err
}
return streamCreator(block, iv), err
}
}
type StreamCipher struct {
KeyLength int
IVLength int
EncryptConstructor func(key []byte, iv []byte) (cipher.Stream, error)
DecryptConstructor func(key []byte, iv []byte) (cipher.Stream, error)
sync.Mutex
}
func (s *StreamCipher) KeySize() int {
return s.KeyLength
}
func (s *StreamCipher) IVSize() int {
return s.IVLength
}
func (s *StreamCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, error) {
streamCipher, err := s.EncryptConstructor(key, iv)
if err != nil {
return nil, err
}
return &StreamWriter{writer, streamCipher}, nil
}
func (s *StreamCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (io.Reader, error) {
streamCipher, err := s.DecryptConstructor(key, iv)
if err != nil {
return nil, err
}
return &StreamReader{reader, streamCipher}, nil
}
func (s *StreamCipher) EncodePacket(key []byte, buffer *bytes.Buffer) error {
iv := buffer.Bytes()[:s.IVLength]
streamCipher, err := s.EncryptConstructor(key, iv)
if err != nil {
return err
}
data := buffer.Bytes()[s.IVLength:]
streamCipher.XORKeyStream(data, data)
return nil
}
func (s *StreamCipher) DecodePacket(key []byte, buffer *bytes.Buffer) error {
if buffer.Len() <= s.IVLength {
return exceptions.New("insufficient data: ", buffer.Len())
}
iv := buffer.Bytes()[:s.IVLength]
streamCipher, err := s.DecryptConstructor(key, iv)
if err != nil {
return err
}
end := buffer.Len() - s.IVLength
streamCipher.XORKeyStream(buffer.Bytes()[:end], buffer.Bytes()[s.IVLength:])
buffer.Truncate(end)
return nil
}
type StreamReader struct {
upstream io.Reader
cipher cipher.Stream
}
func (r *StreamReader) Read(p []byte) (n int, err error) {
n, err = r.upstream.Read(p)
if err != nil {
return 0, err
}
if n > 0 {
r.cipher.XORKeyStream(p[:n], p[:n])
}
return
}
type StreamWriter struct {
upstream io.Writer
cipher cipher.Stream
}
func (w *StreamWriter) Write(p []byte) (n int, err error) {
w.cipher.XORKeyStream(p, p)
return w.upstream.Write(p)
}

37
protocol/shadowsocks/cipher_stream_chacha20_non_std.go Normal file
View file

@ -0,0 +1,37 @@
//go:build !no_shadowsocks_stream && !(arm64 || ppc64le || s390x)
package shadowsocks
import (
"crypto/cipher"
"github.com/aead/chacha20"
"github.com/aead/chacha20/chacha"
)
func init() {
RegisterCipher("chacha20", func() Cipher {
return &StreamCipher{
KeyLength: chacha.KeySize,
IVLength: chacha.NonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
}
})
RegisterCipher("xchacha20", func() Cipher {
return &StreamCipher{
KeyLength: chacha.KeySize,
IVLength: chacha.XNonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
}
})
}

36
protocol/shadowsocks/cipher_stream_chacha20_std.go Normal file
View file

@ -0,0 +1,36 @@
//go:build !no_shadowsocks_stream && (arm64 || ppc64le || s390x)
package shadowsocks
import (
"crypto/cipher"
"golang.org/x/crypto/chacha20"
)
func init() {
RegisterCipher("chacha20", func() Cipher {
return &StreamCipher{
KeyLength: chacha20.KeySize,
IVLength: chacha20.NonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
}
})
RegisterCipher("xchacha20", func() Cipher {
return &StreamCipher{
KeyLength: chacha20.KeySize,
IVLength: chacha20.NonceSizeX,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
}
})
}

288
protocol/shadowsocks/cipher_test.go Normal file
View file

@ -0,0 +1,288 @@
package shadowsocks_test
import (
"bufio"
"bytes"
"io"
"net"
"strings"
"sync"
"testing"
vb "github.com/v2fly/v2ray-core/v5/common/buf"
vn "github.com/v2fly/v2ray-core/v5/common/net"
vp "github.com/v2fly/v2ray-core/v5/common/protocol"
vs "github.com/v2fly/v2ray-core/v5/proxy/shadowsocks"
"sing/common"
"sing/common/buf"
"sing/common/crypto"
"sing/common/socksaddr"
"sing/protocol/shadowsocks"
)
func TestShadowsocksTCP(t *testing.T) {
for index := 1; index <= int(vs.CipherType_XCHACHA20); index++ {
if index == 0 {
continue
}
cipherType := vs.CipherType(index)
cipher := strings.ReplaceAll(strings.ToLower(cipherType.String()), "_", "-")
t.Log("Test", cipher, "server")
testShadowsocksServerTCPWithCipher(t, cipherType, cipher)
t.Log("Test", cipher, "client")
testShadowsocksClientTCPWithCipher(t, cipherType, cipher)
}
}
func testShadowsocksServerTCPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
password := "fuck me till the daylight"
cipher, err := shadowsocks.CreateCipher(cipherName)
if err != nil {
t.Log("Skip unsupported method: ", cipherName)
return
}
key := shadowsocks.Key([]byte(password), cipher.KeySize())
address := socksaddr.AddrFromFqdn("internal.sagernet.org")
data := crypto.RandomBytes(1024)
protoAccount := &vs.Account{
Password: password,
CipherType: cipherType,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
memoryUser := &vp.MemoryUser{
Account: memoryAccount,
}
account := memoryAccount.(*vs.MemoryAccount)
client, server := net.Pipe()
defer common.Close(client, server)
wg := new(sync.WaitGroup)
wg.Add(1)
go func() {
defer wg.Done()
req := &vp.RequestHeader{
Version: vs.Version,
Command: vp.RequestCommandTCP,
Address: vn.DomainAddress(address.Fqdn()),
Port: 443,
User: memoryUser,
}
writeIv := crypto.RandomBytes(int(account.Cipher.IVSize()))
writer, err := vs.WriteTCPRequest(req, client, writeIv, nil)
if err != nil {
t.Error(err)
return
}
reader, err := vs.ReadTCPResponse(memoryUser, client, nil)
if err != nil {
t.Error(err)
return
}
conn := vb.NewConnection(vb.ConnectionOutputMulti(reader), vb.ConnectionInputMulti(writer))
buffer := vb.New()
defer buffer.Release()
buffer.Write(data)
_, err = conn.Write(buffer.Bytes())
if err != nil {
t.Error(err)
return
}
clientRead := make([]byte, 1024)
_, err = io.ReadFull(conn, clientRead)
if err != nil {
t.Error(err)
return
}
if bytes.Compare(clientRead, data) > 0 {
t.Error("bad response data")
return
}
client.Close()
}()
var readIv []byte
if cipher.IVSize() > 0 {
readIv = make([]byte, cipher.IVSize())
_, err = io.ReadFull(server, readIv)
if err != nil {
t.Fatal(err)
}
}
reader, err := cipher.NewDecryptionReader(key, readIv, server)
if err != nil {
t.Fatal(err)
}
addr, port, err := shadowsocks.AddressSerializer.ReadAddressAndPort(reader)
if err != nil {
t.Fatal(err)
}
if addr != address {
t.Fatal("bad address")
}
if port != 443 {
t.Fatal("bad port")
}
var writeIv []byte
if cipher.IVSize() > 0 {
writeIv = crypto.RandomBytes(cipher.IVSize())
_, err = server.Write(writeIv)
if err != nil {
t.Fatal(err)
}
}
serverRead := make([]byte, 1024)
_, err = io.ReadFull(reader, serverRead)
if err != nil {
t.Fatal(err)
}
if bytes.Compare(serverRead, data) > 0 {
t.Fatal("bad request data")
}
writer, err := cipher.NewEncryptionWriter(key, writeIv, server)
if err != nil {
t.Fatal(err)
}
buffer := buf.New()
defer buf.Release(buffer)
buffer.Write(data)
_, err = writer.Write(buffer.Bytes())
if err != nil {
t.Fatal(err)
}
wg.Wait()
}
func testShadowsocksClientTCPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
password := "fuck me till the daylight"
cipher, err := shadowsocks.CreateCipher(cipherName)
if err != nil {
t.Log("Skip unsupported method: ", cipherName)
return
}
key := shadowsocks.Key([]byte(password), cipher.KeySize())
address := socksaddr.AddrFromFqdn("internal.sagernet.org")
data := crypto.RandomBytes(1024)
protoAccount := &vs.Account{
Password: password,
CipherType: cipherType,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
memoryUser := &vp.MemoryUser{
Account: memoryAccount,
}
account := memoryAccount.(*vs.MemoryAccount)
wg := new(sync.WaitGroup)
wg.Add(1)
client, server := net.Pipe()
defer common.Close(client, server)
go func() {
defer wg.Done()
session, reader, err := vs.ReadTCPSession(memoryUser, server, nil)
if err != nil {
t.Error(err)
return
}
if !session.Address.Family().IsDomain() || session.Address.Domain() != address.Fqdn() {
t.Error("bad request address")
return
}
if session.Port != 443 {
t.Error("bad request port")
return
}
writeIv := crypto.RandomBytes(int(account.Cipher.IVSize()))
writer, err := vs.WriteTCPResponse(session, server, writeIv, nil)
if err != nil {
t.Error(err)
return
}
conn := vb.NewConnection(vb.ConnectionOutputMulti(reader), vb.ConnectionInputMulti(writer))
buffer := vb.New()
defer buffer.Release()
buffer.Write(data)
_, err = conn.Write(buffer.Bytes())
if err != nil {
t.Error(err)
return
}
serverRead := make([]byte, 1024)
_, err = io.ReadFull(conn, serverRead)
if err != nil {
t.Error(err)
return
}
if bytes.Compare(serverRead, data) > 0 {
t.Error("bad request data")
return
}
server.Close()
}()
writeIv := crypto.RandomBytes(cipher.IVSize())
w := bufio.NewWriter(client)
_, err = w.Write(writeIv)
if err != nil {
t.Fatal(err)
}
ew, err := cipher.NewEncryptionWriter(key, writeIv, w)
if err != nil {
t.Fatal(err)
}
bw := bufio.NewWriter(ew)
err = shadowsocks.AddressSerializer.WriteAddressAndPort(bw, address, 443)
if err != nil {
t.Fatal(err)
}
buffer := buf.New()
defer buf.Release(buffer)
buffer.Write(data)
_, err = bw.Write(buffer.Bytes())
if err != nil {
t.Fatal(err)
}
err = bw.Flush()
if err != nil {
t.Fatal(err)
}
err = w.Flush()
if err != nil {
t.Fatal(err)
}
readIv := make([]byte, cipher.IVSize())
_, err = io.ReadFull(client, readIv)
if err != nil {
t.Fatal(err)
}
input, err := cipher.NewDecryptionReader(key, readIv, client)
if err != nil {
t.Fatal(err)
}
clientRead := make([]byte, 1024)
_, err = io.ReadFull(input, clientRead)
if err != nil {
t.Fatal(err)
}
if bytes.Compare(clientRead, data) > 0 {
t.Fatal("bad response data")
}
client.Close()
wg.Wait()
}

54
protocol/shadowsocks/protocol.go Normal file
View file

@ -0,0 +1,54 @@
package shadowsocks
import (
"crypto/md5"
"crypto/sha1"
"io"
"golang.org/x/crypto/hkdf"
"sing/common"
"sing/common/socksaddr"
)
const (
MaxPacketSize = 16*1024 - 1
PacketLengthBufferSize = 2
)
func Kdf(key, iv []byte, keyLength int) []byte {
subKey := make([]byte, keyLength)
kdf := hkdf.New(sha1.New, key, iv, []byte("ss-subkey"))
common.Must1(io.ReadFull(kdf, subKey))
return subKey
}
func Key(password []byte, keySize int) []byte {
const md5Len = 16
cnt := (keySize-1)/md5Len + 1
m := make([]byte, cnt*md5Len)
sum := md5.Sum(password)
copy(m, sum[:])
// Repeatedly call md5 until bytes generated is enough.
// Each call to md5 uses data: prev md5 sum + password.
d := make([]byte, md5Len+len(password))
start := 0
for i := 1; i < cnt; i++ {
start += md5Len
copy(d, m[start-md5Len:start])
copy(d[md5Len:], password)
sum = md5.Sum(d)
copy(m[start:], sum[:])
}
return m[:keySize]
}
var AddressSerializer = socksaddr.NewSerializer(
socksaddr.AddressFamilyByte(0x01, socksaddr.AddressFamilyIPv4),
socksaddr.AddressFamilyByte(0x04, socksaddr.AddressFamilyIPv6),
socksaddr.AddressFamilyByte(0x03, socksaddr.AddressFamilyFqdn),
socksaddr.WithFamilyParser(func(b byte) byte {
return b & 0x0F
}),
)

25
protocol/shadowsocks/protocol_test.go Normal file
View file

@ -0,0 +1,25 @@
package shadowsocks_test
import (
"bytes"
"testing"
vs "github.com/v2fly/v2ray-core/v5/proxy/shadowsocks"
"sing/common"
"sing/protocol/shadowsocks"
)
func TestGenerateKey(t *testing.T) {
password := "fuck me till the daylight"
protoAccount := &vs.Account{
Password: password,
CipherType: vs.CipherType_AES_128_GCM,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
account := memoryAccount.(*vs.MemoryAccount)
if bytes.Compare(account.Key, shadowsocks.Key([]byte(password), int(account.Cipher.KeySize()))) > 0 {
t.Fatal("bad key")
}
}

75
protocol/socks/constant.go Normal file
View file

@ -0,0 +1,75 @@
package socks
import (
"strconv"
"sing/common/socksaddr"
)
const (
Version4 byte = 0x04
Version5 byte = 0x05
)
const (
AuthTypeNotRequired byte = 0x00
AuthTypeUsernamePassword byte = 0x02
AuthTypeNoAcceptedMethods byte = 0xFF
)
const (
UsernamePasswordVersion1 byte = 0x01
UsernamePasswordStatusSuccess byte = 0x00
UsernamePasswordStatusFailure byte = 0x01
)
const (
CommandConnect byte = 0x01
CommandBind byte = 0x02
CommandUDPAssociate byte = 0x03
)
type ReplyCode byte
const (
ReplyCodeSuccess ReplyCode = iota
ReplyCodeFailure
ReplyCodeNotAllowed
ReplyCodeNetworkUnreachable
ReplyCodeHostUnreachable
ReplyCodeConnectionRefused
ReplyCodeTTLExpired
ReplyCodeUnsupported
ReplyCodeAddressTypeUnsupported
)
func (code ReplyCode) String() string {
switch code {
case ReplyCodeSuccess:
return "succeeded"
case ReplyCodeFailure:
return "general SOCKS server failure"
case ReplyCodeNotAllowed:
return "connection not allowed by ruleset"
case ReplyCodeNetworkUnreachable:
return "network unreachable"
case ReplyCodeHostUnreachable:
return "host unreachable"
case ReplyCodeConnectionRefused:
return "connection refused"
case ReplyCodeTTLExpired:
return "TTL expired"
case ReplyCodeUnsupported:
return "command not supported"
case ReplyCodeAddressTypeUnsupported:
return "address type not supported"
default:
return "unassigned code: " + strconv.Itoa(int(code))
}
}
var AddressSerializer = socksaddr.NewSerializer(
socksaddr.AddressFamilyByte(0x01, socksaddr.AddressFamilyIPv4),
socksaddr.AddressFamilyByte(0x04, socksaddr.AddressFamilyIPv6),
socksaddr.AddressFamilyByte(0x03, socksaddr.AddressFamilyFqdn),
)

33
protocol/socks/exceptions.go Normal file
View file

@ -0,0 +1,33 @@
package socks
import "fmt"
type UnsupportedVersionException struct {
Version byte
}
func (e UnsupportedVersionException) Error() string {
return fmt.Sprint("unsupported version: ", e.Version)
}
type UnsupportedAuthTypeException struct {
Method byte
}
func (e UnsupportedAuthTypeException) Error() string {
return fmt.Sprint("unsupported auth type: ", e.Method)
}
type UnsupportedCommandException struct {
Command byte
}
func (e UnsupportedCommandException) Error() string {
return fmt.Sprint("unsupported command: ", e.Command)
}
type UsernamePasswordAuthFailureException struct{}
func (e UsernamePasswordAuthFailureException) Error() string {
return "username/password auth failed"
}

106
protocol/socks/handshake.go Normal file
View file

@ -0,0 +1,106 @@
package socks
import (
"io"
"sing/common"
"sing/common/exceptions"
"sing/common/socksaddr"
)
func ClientHandshake(conn io.ReadWriter, version byte, command byte, addr socksaddr.Addr, port uint16, username string, password string) (*Response, error) {
var method byte
if common.IsBlank(username) {
method = AuthTypeNotRequired
} else {
method = AuthTypeUsernamePassword
}
err := WriteAuthRequest(conn, &AuthRequest{
Version: version,
Methods: []byte{method},
})
if err != nil {
return nil, err
}
authResponse, err := ReadAuthResponse(conn)
if err != nil {
return nil, err
}
if authResponse.Method != method {
return nil, exceptions.New("not requested method, request ", method, ", return ", method)
}
if method == AuthTypeUsernamePassword {
err = WriteUsernamePasswordAuthRequest(conn, &UsernamePasswordAuthRequest{
Username: username,
Password: password,
})
if err != nil {
return nil, err
}
usernamePasswordResponse, err := ReadUsernamePasswordAuthResponse(conn)
if err != nil {
return nil, err
}
if usernamePasswordResponse.Status == UsernamePasswordStatusFailure {
return nil, &UsernamePasswordAuthFailureException{}
}
}
err = WriteRequest(conn, &Request{
Version: version,
Command: command,
Addr: addr,
Port: port,
})
if err != nil {
return nil, err
}
return ReadResponse(conn)
}
func ClientFastHandshake(writer io.Writer, version byte, command byte, addr socksaddr.Addr, port uint16, username string, password string) error {
var method byte
if common.IsBlank(username) {
method = AuthTypeNotRequired
} else {
method = AuthTypeUsernamePassword
}
err := WriteAuthRequest(writer, &AuthRequest{
Version: version,
Methods: []byte{method},
})
if err != nil {
return err
}
if method == AuthTypeUsernamePassword {
err = WriteUsernamePasswordAuthRequest(writer, &UsernamePasswordAuthRequest{
Username: username,
Password: password,
})
if err != nil {
return err
}
}
return WriteRequest(writer, &Request{
Version: version,
Command: command,
Addr: addr,
Port: port,
})
}
func ClientFastHandshakeFinish(reader io.Reader) (*Response, error) {
response, err := ReadAuthResponse(reader)
if err != nil {
return nil, err
}
if response.Method == AuthTypeUsernamePassword {
usernamePasswordResponse, err := ReadUsernamePasswordAuthResponse(reader)
if err != nil {
return nil, err
}
if usernamePasswordResponse.Status == UsernamePasswordStatusFailure {
return nil, &UsernamePasswordAuthFailureException{}
}
}
return ReadResponse(reader)
}

384
protocol/socks/protocol.go Normal file
View file

@ -0,0 +1,384 @@
package socks
import (
"bytes"
"io"
"sing/common"
"sing/common/exceptions"
"sing/common/rw"
"sing/common/socksaddr"
)
//+----+----------+----------+
//|VER | NMETHODS | METHODS |
//+----+----------+----------+
//| 1 | 1 | 1 to 255 |
//+----+----------+----------+
type AuthRequest struct {
Version byte
Methods []byte
}
func WriteAuthRequest(writer io.Writer, request *AuthRequest) error {
err := rw.WriteByte(writer, request.Version)
if err != nil {
return err
}
err = rw.WriteByte(writer, byte(len(request.Methods)))
if err != nil {
return err
}
return rw.WriteBytes(writer, request.Methods)
}
func ReadAuthRequest(reader io.Reader) (*AuthRequest, error) {
version, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if version != Version5 {
return nil, &UnsupportedVersionException{version}
}
methodLen, err := rw.ReadByte(reader)
if err != nil {
return nil, exceptions.Cause(err, "read socks auth methods length")
}
methods, err := rw.ReadBytes(reader, int(methodLen))
if err != nil {
return nil, exceptions.Cause(err, "read socks auth methods, length ", methodLen)
}
for _, method := range methods {
if !(method == AuthTypeNotRequired || method == AuthTypeUsernamePassword) {
return nil, &UnsupportedAuthTypeException{method}
}
}
request := &AuthRequest{
version,
methods,
}
return request, nil
}
//+----+--------+
//|VER | METHOD |
//+----+--------+
//| 1 | 1 |
//+----+--------+
type AuthResponse struct {
Version byte
Method byte
}
func WriteAuthResponse(writer io.Writer, response *AuthResponse) error {
err := rw.WriteByte(writer, response.Version)
if err != nil {
return err
}
return rw.WriteByte(writer, response.Method)
}
func ReadAuthResponse(reader io.Reader) (*AuthResponse, error) {
version, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if version != Version5 {
return nil, &UnsupportedVersionException{version}
}
method, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if !(method == AuthTypeNotRequired || method == AuthTypeUsernamePassword || method == AuthTypeNoAcceptedMethods) {
return nil, &UnsupportedAuthTypeException{method}
}
response := &AuthResponse{
Version: version,
Method: method,
}
return response, nil
}
//+----+------+----------+------+----------+
//|VER | ULEN | UNAME | PLEN | PASSWD |
//+----+------+----------+------+----------+
//| 1 | 1 | 1 to 255 | 1 | 1 to 255 |
//+----+------+----------+------+----------+
type UsernamePasswordAuthRequest struct {
Username string
Password string
}
func WriteUsernamePasswordAuthRequest(writer io.Writer, request *UsernamePasswordAuthRequest) error {
err := rw.WriteByte(writer, UsernamePasswordVersion1)
if err != nil {
return err
}
err = socksaddr.WriteString(writer, "username", request.Username)
if err != nil {
return err
}
return socksaddr.WriteString(writer, "password", request.Password)
}
func ReadUsernamePasswordAuthRequest(reader io.Reader) (*UsernamePasswordAuthRequest, error) {
version, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if version != UsernamePasswordVersion1 {
return nil, &UnsupportedVersionException{version}
}
username, err := socksaddr.ReadString(reader)
if err != nil {
return nil, err
}
password, err := socksaddr.ReadString(reader)
if err != nil {
return nil, err
}
request := &UsernamePasswordAuthRequest{
Username: username,
Password: password,
}
return request, nil
}
//+----+--------+
//|VER | STATUS |
//+----+--------+
//| 1 | 1 |
//+----+--------+
type UsernamePasswordAuthResponse struct {
Status byte
}
func WriteUsernamePasswordAuthResponse(writer io.Writer, response *UsernamePasswordAuthResponse) error {
err := rw.WriteByte(writer, UsernamePasswordVersion1)
if err != nil {
return err
}
return rw.WriteByte(writer, response.Status)
}
func ReadUsernamePasswordAuthResponse(reader io.Reader) (*UsernamePasswordAuthResponse, error) {
version, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if version != UsernamePasswordVersion1 {
return nil, &UnsupportedVersionException{version}
}
status, err := rw.ReadByte(reader)
if status != UsernamePasswordStatusSuccess {
status = UsernamePasswordStatusFailure
}
response := &UsernamePasswordAuthResponse{
Status: status,
}
return response, nil
}
//+----+-----+-------+------+----------+----------+
//|VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
//+----+-----+-------+------+----------+----------+
//| 1 | 1 | X'00' | 1 | Variable | 2 |
//+----+-----+-------+------+----------+----------+
type Request struct {
Version byte
Command byte
Addr socksaddr.Addr
Port uint16
}
func WriteRequest(writer io.Writer, request *Request) error {
err := rw.WriteByte(writer, request.Version)
if err != nil {
return err
}
err = rw.WriteByte(writer, request.Command)
if err != nil {
return err
}
err = rw.WriteZero(writer)
if err != nil {
return err
}
return AddressSerializer.WriteAddressAndPort(writer, request.Addr, request.Port)
}
func ReadRequest(reader io.Reader) (*Request, error) {
version, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if !(version == Version4 || version == Version5) {
return nil, &UnsupportedVersionException{version}
}
command, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if command != CommandConnect && command != CommandUDPAssociate {
return nil, &UnsupportedCommandException{command}
}
err = rw.Skip(reader)
if err != nil {
return nil, err
}
addr, port, err := AddressSerializer.ReadAddressAndPort(reader)
if err != nil {
return nil, err
}
request := &Request{
Version: version,
Command: command,
Addr: addr,
Port: port,
}
return request, nil
}
//+----+-----+-------+------+----------+----------+
//|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
//+----+-----+-------+------+----------+----------+
//| 1 | 1 | X'00' | 1 | Variable | 2 |
//+----+-----+-------+------+----------+----------+
type Response struct {
Version byte
ReplyCode ReplyCode
BindAddr socksaddr.Addr
BindPort uint16
}
func WriteResponse(writer io.Writer, response *Response) error {
err := rw.WriteByte(writer, response.Version)
if err != nil {
return err
}
err = rw.WriteByte(writer, byte(response.ReplyCode))
if err != nil {
return err
}
err = rw.WriteZero(writer)
if err != nil {
return err
}
return AddressSerializer.WriteAddressAndPort(writer, response.BindAddr, response.BindPort)
}
func ReadResponse(reader io.Reader) (*Response, error) {
version, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
if !(version == Version4 || version == Version5) {
return nil, &UnsupportedVersionException{version}
}
replyCode, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
err = rw.Skip(reader)
if err != nil {
return nil, err
}
addr, port, err := AddressSerializer.ReadAddressAndPort(reader)
if err != nil {
return nil, err
}
response := &Response{
Version: version,
ReplyCode: ReplyCode(replyCode),
BindAddr: addr,
BindPort: port,
}
return response, nil
}
//+----+------+------+----------+----------+----------+
//|RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
//+----+------+------+----------+----------+----------+
//| 2 | 1 | 1 | Variable | 2 | Variable |
//+----+------+------+----------+----------+----------+
type AssociatePacket struct {
Fragment byte
Addr socksaddr.Addr
Port uint16
Data []byte
}
func WriteAssociatePacket(writer io.Writer, packet *AssociatePacket) error {
err := rw.WriteZeroN(writer, 2)
if err != nil {
return err
}
err = rw.WriteByte(writer, packet.Fragment)
if err != nil {
return err
}
err = AddressSerializer.WriteAddressAndPort(writer, packet.Addr, packet.Port)
if err != nil {
return err
}
return rw.WriteBytes(writer, packet.Data)
}
func DecodeAssociatePacket(buffer []byte) (*AssociatePacket, error) {
if len(buffer) < 5 {
return nil, exceptions.New("insufficient length")
}
fragment := buffer[2]
reader := bytes.NewReader(buffer)
err := common.Error(reader.Seek(3, io.SeekStart))
if err != nil {
return nil, err
}
addr, port, err := AddressSerializer.ReadAddressAndPort(reader)
if err != nil {
return nil, err
}
index := len(buffer) - reader.Len()
data := buffer[index:]
packet := &AssociatePacket{
Fragment: fragment,
Addr: addr,
Port: port,
Data: data,
}
return packet, nil
}
func ReadAssociatePacket(reader io.Reader) (*AssociatePacket, error) {
err := rw.SkipN(reader, 2)
if err != nil {
return nil, err
}
fragment, err := rw.ReadByte(reader)
if err != nil {
return nil, err
}
addr, port, err := AddressSerializer.ReadAddressAndPort(reader)
if err != nil {
return nil, err
}
data, err := io.ReadAll(reader)
if err != nil {
return nil, err
}
packet := &AssociatePacket{
Fragment: fragment,
Addr: addr,
Port: port,
Data: data,
}
return packet, nil
}

76
protocol/socks/protocol_test.go Normal file
View file

@ -0,0 +1,76 @@
package socks_test
import (
"net"
"sync"
"testing"
"sing/common/socksaddr"
"sing/protocol/socks"
)
func TestHandshake(t *testing.T) {
server, client := net.Pipe()
defer server.Close()
defer client.Close()
wg := new(sync.WaitGroup)
wg.Add(1)
method := socks.AuthTypeUsernamePassword
go func() {
response, err := socks.ClientHandshake(client, socks.Version5, socks.CommandConnect, socksaddr.AddrFromFqdn("test"), 80, "user", "pswd")
if err != nil {
t.Fatal(err)
}
if response.ReplyCode != socks.ReplyCodeSuccess {
t.Fatal(response)
}
wg.Done()
}()
authRequest, err := socks.ReadAuthRequest(server)
if err != nil {
t.Fatal(err)
}
if len(authRequest.Methods) != 1 || authRequest.Methods[0] != method {
t.Fatal("bad methods: ", authRequest.Methods)
}
err = socks.WriteAuthResponse(server, &socks.AuthResponse{
Version: socks.Version5,
Method: method,
})
if err != nil {
t.Fatal(err)
}
usernamePasswordAuthRequest, err := socks.ReadUsernamePasswordAuthRequest(server)
if err != nil {
t.Fatal(err)
}
if usernamePasswordAuthRequest.Username != "user" || usernamePasswordAuthRequest.Password != "pswd" {
t.Fatal(authRequest)
}
err = socks.WriteUsernamePasswordAuthResponse(server, &socks.UsernamePasswordAuthResponse{
Status: socks.UsernamePasswordStatusSuccess,
})
if err != nil {
t.Fatal(err)
}
request, err := socks.ReadRequest(server)
if err != nil {
t.Fatal(err)
}
if request.Version != socks.Version5 || request.Command != socks.CommandConnect || request.Addr.Fqdn() != "test" || request.Port != 80 {
t.Fatal(request)
}
err = socks.WriteResponse(server, &socks.Response{
Version: socks.Version5,
ReplyCode: socks.ReplyCodeSuccess,
BindAddr: socksaddr.AddrFromIP(net.IPv4zero),
BindPort: 0,
})
if err != nil {
t.Fatal(err)
}
wg.Wait()
}