diff --git a/shadowsocks/common.py b/shadowsocks/common.py index 857bde6..9dd5f7c 100644 --- a/shadowsocks/common.py +++ b/shadowsocks/common.py @@ -21,8 +21,25 @@ from __future__ import absolute_import, division, print_function, \ import socket import struct import logging +import hashlib +import hmac +ONETIMEAUTH_BYTES = 10 +ONETIMEAUTH_CHUNK_BYTES = 12 +ONETIMEAUTH_CHUNK_DATA_LEN = 2 + + +def sha1_hmac(secret, data): + return hmac.new(secret, data, hashlib.sha1).digest() + + +def onetimeauth_verify(_hash, data, key): + return _hash == sha1_hmac(key, data)[:ONETIMEAUTH_BYTES] + +def onetimeauth_gen(data, key): + return sha1_hmac(key, data)[:ONETIMEAUTH_BYTES] + def compat_ord(s): if type(s) == int: return s @@ -118,9 +135,11 @@ def patch_socket(): patch_socket() -ADDRTYPE_IPV4 = 1 -ADDRTYPE_IPV6 = 4 -ADDRTYPE_HOST = 3 +ADDRTYPE_IPV4 = 0x01 +ADDRTYPE_IPV6 = 0x04 +ADDRTYPE_HOST = 0x03 +ADDRTYPE_AUTH = 0x10 +ADDRTYPE_MASK = 0xF def pack_addr(address): @@ -144,14 +163,14 @@ def parse_header(data): dest_addr = None dest_port = None header_length = 0 - if addrtype == ADDRTYPE_IPV4: + if addrtype & ADDRTYPE_MASK == ADDRTYPE_IPV4: if len(data) >= 7: dest_addr = socket.inet_ntoa(data[1:5]) dest_port = struct.unpack('>H', data[5:7])[0] header_length = 7 else: logging.warn('header is too short') - elif addrtype == ADDRTYPE_HOST: + elif addrtype & ADDRTYPE_MASK == ADDRTYPE_HOST: if len(data) > 2: addrlen = ord(data[1]) if len(data) >= 4 + addrlen: @@ -163,7 +182,7 @@ def parse_header(data): logging.warn('header is too short') else: logging.warn('header is too short') - elif addrtype == ADDRTYPE_IPV6: + elif addrtype & ADDRTYPE_MASK == ADDRTYPE_IPV6: if len(data) >= 19: dest_addr = socket.inet_ntop(socket.AF_INET6, data[1:17]) dest_port = struct.unpack('>H', data[17:19])[0] diff --git a/shadowsocks/encrypt.py b/shadowsocks/encrypt.py index 4e87f41..54dbb42 100644 --- a/shadowsocks/encrypt.py +++ b/shadowsocks/encrypt.py @@ -69,17 +69,18 @@ def EVP_BytesToKey(password, key_len, iv_len): class Encryptor(object): - def __init__(self, key, method): - self.key = key + def __init__(self, password, method): + self.password = password + self.key = None self.method = method - self.iv = None self.iv_sent = False self.cipher_iv = b'' self.decipher = None + self.decipher_iv = None method = method.lower() self._method_info = self.get_method_info(method) if self._method_info: - self.cipher = self.get_cipher(key, method, 1, + self.cipher = self.get_cipher(password, method, 1, random_string(self._method_info[1])) else: logging.error('method %s not supported' % method) @@ -101,7 +102,7 @@ class Encryptor(object): else: # key_length == 0 indicates we should use the key directly key, iv = password, b'' - + self.key = key iv = iv[:m[1]] if op == 1: # this iv is for cipher not decipher @@ -123,7 +124,8 @@ class Encryptor(object): if self.decipher is None: decipher_iv_len = self._method_info[1] decipher_iv = buf[:decipher_iv_len] - self.decipher = self.get_cipher(self.key, self.method, 0, + self.decipher_iv = decipher_iv + self.decipher = self.get_cipher(self.password, self.method, 0, iv=decipher_iv) buf = buf[decipher_iv_len:] if len(buf) == 0: @@ -135,6 +137,7 @@ def encrypt_all(password, method, op, data): result = [] method = method.lower() (key_len, iv_len, m) = method_supported[method] + key = None if key_len > 0: key, _ = EVP_BytesToKey(password, key_len, iv_len) else: diff --git a/shadowsocks/shell.py b/shadowsocks/shell.py index a78e18f..eb1dc04 100644 --- a/shadowsocks/shell.py +++ b/shadowsocks/shell.py @@ -131,11 +131,11 @@ def get_config(is_local): logging.basicConfig(level=logging.INFO, format='%(levelname)-s: %(message)s') if is_local: - shortopts = 'hd:s:b:p:k:l:m:c:t:vq' + shortopts = 'hd:s:b:p:k:l:m:c:t:vqa' longopts = ['help', 'fast-open', 'pid-file=', 'log-file=', 'user=', 'version'] else: - shortopts = 'hd:s:p:k:m:c:t:vq' + shortopts = 'hd:s:p:k:m:c:t:vqa' longopts = ['help', 'fast-open', 'pid-file=', 'log-file=', 'workers=', 'forbidden-ip=', 'user=', 'manager-address=', 'version'] try: @@ -175,6 +175,8 @@ def get_config(is_local): v_count += 1 # '-vv' turns on more verbose mode config['verbose'] = v_count + elif key == '-a': + config['one_time_auth'] = True elif key == '-t': config['timeout'] = int(value) elif key == '--fast-open': @@ -316,6 +318,7 @@ Proxy options: -k PASSWORD password -m METHOD encryption method, default: aes-256-cfb -t TIMEOUT timeout in seconds, default: 300 + -a ONE_TIME_AUTH one time auth --fast-open use TCP_FASTOPEN, requires Linux 3.7+ --workers WORKERS number of workers, available on Unix/Linux --forbidden-ip IPLIST comma seperated IP list forbidden to connect diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py index d11af31..c61f8c0 100644 --- a/shadowsocks/tcprelay.py +++ b/shadowsocks/tcprelay.py @@ -27,7 +27,8 @@ import traceback import random from shadowsocks import encrypt, eventloop, shell, common -from shadowsocks.common import parse_header +from shadowsocks.common import parse_header, onetimeauth_verify, onetimeauth_gen, \ + ONETIMEAUTH_BYTES, ONETIMEAUTH_CHUNK_BYTES, ONETIMEAUTH_CHUNK_DATA_LEN, ADDRTYPE_AUTH # we clear at most TIMEOUTS_CLEAN_SIZE timeouts each time TIMEOUTS_CLEAN_SIZE = 512 @@ -107,6 +108,14 @@ class TCPRelayHandler(object): self._stage = STAGE_INIT self._encryptor = encrypt.Encryptor(config['password'], config['method']) + if 'one_time_auth' in config and config['one_time_auth']: + self._one_time_auth_enable = True + else: + self._one_time_auth_enable = False + self._one_time_auth_buff_head = '' + self._one_time_auth_buff_data = '' + self._one_time_auth_len = 0 + self._one_time_auth_chunk_idx = 0 self._fastopen_connected = False self._data_to_write_to_local = [] self._data_to_write_to_remote = [] @@ -224,8 +233,14 @@ class TCPRelayHandler(object): def _handle_stage_connecting(self, data): if self._is_local: + if self._one_time_auth_enable: + data = self._one_time_auth_chunk_data_gen(data) data = self._encryptor.encrypt(data) - self._data_to_write_to_remote.append(data) + self._data_to_write_to_remote.append(data) + else: + if self._one_time_auth_enable: + self._one_time_auth_chunk_data(data, + self._data_to_write_to_remote.append) if self._is_local and not self._fastopen_connected and \ self._config['fast_open']: # for sslocal and fastopen, we basically wait for data and use @@ -293,6 +308,18 @@ class TCPRelayHandler(object): logging.info('connecting %s:%d from %s:%d' % (common.to_str(remote_addr), remote_port, self._client_address[0], self._client_address[1])) + if self._is_local is False: + # spec https://shadowsocks.org/en/spec/one-time-auth.html + if self._one_time_auth_enable or addrtype & ADDRTYPE_AUTH: + if len(data) < header_length + ONETIMEAUTH_BYTES: + logging.warn('one time auth header is too short') + return None + if onetimeauth_verify(data[header_length: header_length+ONETIMEAUTH_BYTES], + data[:header_length], + self._encryptor.decipher_iv + self._encryptor.key) is False: + logging.warn('one time auth fail') + self.destroy() + header_length += ONETIMEAUTH_BYTES self._remote_address = (common.to_str(remote_addr), remote_port) # pause reading self._update_stream(STREAM_UP, WAIT_STATUS_WRITING) @@ -302,13 +329,22 @@ class TCPRelayHandler(object): self._write_to_sock((b'\x05\x00\x00\x01' b'\x00\x00\x00\x00\x10\x10'), self._local_sock) + # spec https://shadowsocks.org/en/spec/one-time-auth.html + # ATYP & 0x10 == 1, then OTA is enabled. + if self._one_time_auth_enable: + data = chr(ord(data[0]) | ADDRTYPE_AUTH) + data[1:] + data += onetimeauth_gen(data, self._encryptor.cipher_iv + self._encryptor.key) data_to_send = self._encryptor.encrypt(data) self._data_to_write_to_remote.append(data_to_send) # notice here may go into _handle_dns_resolved directly self._dns_resolver.resolve(self._chosen_server[0], self._handle_dns_resolved) else: - if len(data) > header_length: + if self._one_time_auth_enable: + data = data[header_length:] + self._one_time_auth_chunk_data(data, + self._data_to_write_to_remote.append) + elif len(data) > header_length: self._data_to_write_to_remote.append(data[header_length:]) # notice here may go into _handle_dns_resolved directly self._dns_resolver.resolve(remote_addr, @@ -344,7 +380,6 @@ class TCPRelayHandler(object): if result: ip = result[1] if ip: - try: self._stage = STAGE_CONNECTING remote_addr = ip @@ -384,6 +419,57 @@ class TCPRelayHandler(object): traceback.print_exc() self.destroy() + def _write_to_sock_remote(self, data): + self._write_to_sock(data, self._remote_sock) + + def _one_time_auth_chunk_data(self, data, data_cb): + # spec https://shadowsocks.org/en/spec/one-time-auth.html + while len(data) > 0: + if self._one_time_auth_len == 0: + # get DATA.LEN + HMAC-SHA1 + length = ONETIMEAUTH_CHUNK_BYTES - len(self._one_time_auth_buff_head) + self._one_time_auth_buff_head += data[:length] + data = data[length:] + if len(self._one_time_auth_buff_head) < ONETIMEAUTH_CHUNK_BYTES: + # wait more data + return + self._one_time_auth_len = struct.unpack('>H', + self._one_time_auth_buff_head[:ONETIMEAUTH_CHUNK_DATA_LEN])[0] + length = min(self._one_time_auth_len, len(data)) + self._one_time_auth_buff_data += data[:length] + data = data[length:] + if len(self._one_time_auth_buff_data) == self._one_time_auth_len: + # get a chunk data + if onetimeauth_verify(self._one_time_auth_buff_head[ONETIMEAUTH_CHUNK_DATA_LEN:], + self._one_time_auth_buff_data, + self._encryptor.decipher_iv + struct.pack('>I', self._one_time_auth_chunk_idx)) \ + is False: + logging.warn('one time auth fail, drop chunk !') + else: + data_cb(self._one_time_auth_buff_data) + self._one_time_auth_chunk_idx += 1 + self._one_time_auth_buff_head = '' + self._one_time_auth_buff_data = '' + self._one_time_auth_len = 0 + return + + def _one_time_auth_chunk_data_gen(self, data): + data_len = struct.pack(">H", len(data)) + sha110 = onetimeauth_gen(data, self._encryptor.cipher_iv + struct.pack('>I', self._one_time_auth_chunk_idx)) + self._one_time_auth_chunk_idx += 1 + return data_len + sha110 + data + + def _handle_stage_stream(self, data): + if self._is_local: + if self._one_time_auth_enable: + data = self._one_time_auth_chunk_data_gen(data) + data = self._encryptor.encrypt(data) + self._write_to_sock(data, self._remote_sock) + else: + if self._one_time_auth_enable: + self._one_time_auth_chunk_data(data, self._write_to_sock_remote) + return + def _on_local_read(self): # handle all local read events and dispatch them to methods for # each stage @@ -406,9 +492,7 @@ class TCPRelayHandler(object): if not data: return if self._stage == STAGE_STREAM: - if self._is_local: - data = self._encryptor.encrypt(data) - self._write_to_sock(data, self._remote_sock) + self._handle_stage_stream(data) return elif is_local and self._stage == STAGE_INIT: # TODO check auth method diff --git a/shadowsocks/udprelay.py b/shadowsocks/udprelay.py index ab12c54..d4b922f 100644 --- a/shadowsocks/udprelay.py +++ b/shadowsocks/udprelay.py @@ -69,7 +69,8 @@ import errno import random from shadowsocks import encrypt, eventloop, lru_cache, common, shell -from shadowsocks.common import parse_header, pack_addr +from shadowsocks.common import parse_header, pack_addr, onetimeauth_verify, onetimeauth_gen, \ + ONETIMEAUTH_BYTES, ONETIMEAUTH_CHUNK_BYTES, ONETIMEAUTH_CHUNK_DATA_LEN, ADDRTYPE_AUTH BUF_SIZE = 65536 @@ -97,6 +98,10 @@ class UDPRelay(object): self._password = common.to_bytes(config['password']) self._method = config['method'] self._timeout = config['timeout'] + if 'one_time_auth' in config and config['one_time_auth']: + self._one_time_auth_enable = True + else: + self._one_time_auth_enable = False self._is_local = is_local self._cache = lru_cache.LRUCache(timeout=config['timeout'], close_callback=self._close_client) @@ -114,7 +119,7 @@ class UDPRelay(object): addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0, socket.SOCK_DGRAM, socket.SOL_UDP) if len(addrs) == 0: - raise Exception("can't get addrinfo for %s:%d" % + raise Exception("UDP can't get addrinfo for %s:%d" % (self._listen_addr, self._listen_port)) af, socktype, proto, canonname, sa = addrs[0] server_socket = socket.socket(af, socktype, proto) @@ -152,7 +157,7 @@ class UDPRelay(object): if self._is_local: frag = common.ord(data[2]) if frag != 0: - logging.warn('drop a message since frag is not 0') + logging.warn('UDP drop a message since frag is not 0') return else: data = data[3:] @@ -171,7 +176,18 @@ class UDPRelay(object): server_addr, server_port = self._get_a_server() else: server_addr, server_port = dest_addr, dest_port - + # spec https://shadowsocks.org/en/spec/one-time-auth.html + if self._one_time_auth_enable or addrtype & ADDRTYPE_AUTH: + if len(data) < header_length + ONETIMEAUTH_BYTES: + logging.warn('UDP one time auth header is too short') + return + if onetimeauth_verify(data[-ONETIMEAUTH_BYTES:], + data[header_length: -ONETIMEAUTH_BYTES], + self._encryptor.decipher_iv + self._encryptor.key) is False: + logging.warn('UDP one time auth fail') + return + self._one_time_authed = True + header_length += ONETIMEAUTH_BYTES addrs = self._dns_cache.get(server_addr, None) if addrs is None: addrs = socket.getaddrinfo(server_addr, server_port, 0, @@ -202,6 +218,9 @@ class UDPRelay(object): self._eventloop.add(client, eventloop.POLL_IN, self) if self._is_local: + # spec https://shadowsocks.org/en/spec/one-time-auth.html + if self._one_time_auth_enable: + data = _one_time_auth_chunk_data_gen(data) data = encrypt.encrypt_all(self._password, self._method, 1, data) if not data: return @@ -243,7 +262,7 @@ class UDPRelay(object): header_result = parse_header(data) if header_result is None: return - # addrtype, dest_addr, dest_port, header_length = header_result + addrtype, dest_addr, dest_port, header_length = header_result response = b'\x00\x00\x00' + data client_addr = self._client_fd_to_server_addr.get(sock.fileno()) if client_addr: @@ -253,6 +272,10 @@ class UDPRelay(object): # simply drop that packet pass + def _one_time_auth_chunk_data_gen(self, data): + data = chr(ord(data[0]) | ADDRTYPE_AUTH) + data[1:] + return data + onetimeauth_gen(data, self._encryptor.cipher_iv + self._encryptor.key) + def add_to_loop(self, loop): if self._eventloop: raise Exception('already add to loop')