2020-11-25 11:01:53 +00:00
|
|
|
package encoding
|
|
|
|
|
2020-12-04 01:36:16 +00:00
|
|
|
//go:generate go run github.com/xtls/xray-core/common/errors/errorgen
|
2020-11-25 11:01:53 +00:00
|
|
|
|
|
|
|
import (
|
2022-10-29 04:51:59 +00:00
|
|
|
"bytes"
|
2020-12-04 01:36:16 +00:00
|
|
|
"context"
|
2022-10-29 04:51:59 +00:00
|
|
|
"crypto/rand"
|
2020-11-25 11:01:53 +00:00
|
|
|
"io"
|
2022-10-29 04:51:59 +00:00
|
|
|
"math/big"
|
2022-11-13 17:18:23 +00:00
|
|
|
"strconv"
|
2022-10-29 04:51:59 +00:00
|
|
|
"time"
|
2020-12-04 01:36:16 +00:00
|
|
|
|
|
|
|
"github.com/xtls/xray-core/common/buf"
|
|
|
|
"github.com/xtls/xray-core/common/errors"
|
|
|
|
"github.com/xtls/xray-core/common/net"
|
|
|
|
"github.com/xtls/xray-core/common/protocol"
|
|
|
|
"github.com/xtls/xray-core/common/session"
|
|
|
|
"github.com/xtls/xray-core/common/signal"
|
|
|
|
"github.com/xtls/xray-core/features/stats"
|
2023-05-04 02:21:45 +00:00
|
|
|
"github.com/xtls/xray-core/proxy"
|
2020-12-04 01:36:16 +00:00
|
|
|
"github.com/xtls/xray-core/proxy/vless"
|
2020-11-25 11:01:53 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
Version = byte(0)
|
|
|
|
)
|
|
|
|
|
2022-12-26 00:37:35 +00:00
|
|
|
var (
|
|
|
|
tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04}
|
|
|
|
tlsClientHandShakeStart = []byte{0x16, 0x03}
|
|
|
|
tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03}
|
|
|
|
tlsApplicationDataStart = []byte{0x17, 0x03, 0x03}
|
2023-02-28 03:14:37 +00:00
|
|
|
|
|
|
|
Tls13CipherSuiteDic = map[uint16]string{
|
|
|
|
0x1301: "TLS_AES_128_GCM_SHA256",
|
|
|
|
0x1302: "TLS_AES_256_GCM_SHA384",
|
|
|
|
0x1303: "TLS_CHACHA20_POLY1305_SHA256",
|
|
|
|
0x1304: "TLS_AES_128_CCM_SHA256",
|
|
|
|
0x1305: "TLS_AES_128_CCM_8_SHA256",
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
tlsHandshakeTypeClientHello byte = 0x01
|
|
|
|
tlsHandshakeTypeServerHello byte = 0x02
|
|
|
|
|
|
|
|
CommandPaddingContinue byte = 0x00
|
|
|
|
CommandPaddingEnd byte = 0x01
|
|
|
|
CommandPaddingDirect byte = 0x02
|
2022-12-26 00:37:35 +00:00
|
|
|
)
|
2022-10-29 04:51:59 +00:00
|
|
|
|
2020-11-25 11:01:53 +00:00
|
|
|
var addrParser = protocol.NewAddressParser(
|
|
|
|
protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv4), net.AddressFamilyIPv4),
|
|
|
|
protocol.AddressFamilyByte(byte(protocol.AddressTypeDomain), net.AddressFamilyDomain),
|
|
|
|
protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv6), net.AddressFamilyIPv6),
|
|
|
|
protocol.PortThenAddress(),
|
|
|
|
)
|
|
|
|
|
|
|
|
// EncodeRequestHeader writes encoded request header into the given writer.
|
|
|
|
func EncodeRequestHeader(writer io.Writer, request *protocol.RequestHeader, requestAddons *Addons) error {
|
|
|
|
buffer := buf.StackNew()
|
|
|
|
defer buffer.Release()
|
|
|
|
|
|
|
|
if err := buffer.WriteByte(request.Version); err != nil {
|
|
|
|
return newError("failed to write request version").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := buffer.Write(request.User.Account.(*vless.MemoryAccount).ID.Bytes()); err != nil {
|
|
|
|
return newError("failed to write request user id").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := EncodeHeaderAddons(&buffer, requestAddons); err != nil {
|
|
|
|
return newError("failed to encode request header addons").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := buffer.WriteByte(byte(request.Command)); err != nil {
|
|
|
|
return newError("failed to write request command").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if request.Command != protocol.RequestCommandMux {
|
|
|
|
if err := addrParser.WriteAddressPort(&buffer, request.Address, request.Port); err != nil {
|
|
|
|
return newError("failed to write request address and port").Base(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := writer.Write(buffer.Bytes()); err != nil {
|
|
|
|
return newError("failed to write request header").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecodeRequestHeader decodes and returns (if successful) a RequestHeader from an input stream.
|
|
|
|
func DecodeRequestHeader(isfb bool, first *buf.Buffer, reader io.Reader, validator *vless.Validator) (*protocol.RequestHeader, *Addons, bool, error) {
|
|
|
|
buffer := buf.StackNew()
|
|
|
|
defer buffer.Release()
|
|
|
|
|
|
|
|
request := new(protocol.RequestHeader)
|
|
|
|
|
|
|
|
if isfb {
|
|
|
|
request.Version = first.Byte(0)
|
|
|
|
} else {
|
|
|
|
if _, err := buffer.ReadFullFrom(reader, 1); err != nil {
|
|
|
|
return nil, nil, false, newError("failed to read request version").Base(err)
|
|
|
|
}
|
|
|
|
request.Version = buffer.Byte(0)
|
|
|
|
}
|
|
|
|
|
|
|
|
switch request.Version {
|
|
|
|
case 0:
|
|
|
|
|
|
|
|
var id [16]byte
|
|
|
|
|
|
|
|
if isfb {
|
|
|
|
copy(id[:], first.BytesRange(1, 17))
|
|
|
|
} else {
|
|
|
|
buffer.Clear()
|
|
|
|
if _, err := buffer.ReadFullFrom(reader, 16); err != nil {
|
|
|
|
return nil, nil, false, newError("failed to read request user id").Base(err)
|
|
|
|
}
|
|
|
|
copy(id[:], buffer.Bytes())
|
|
|
|
}
|
|
|
|
|
|
|
|
if request.User = validator.Get(id); request.User == nil {
|
|
|
|
return nil, nil, isfb, newError("invalid request user id")
|
|
|
|
}
|
|
|
|
|
|
|
|
if isfb {
|
|
|
|
first.Advance(17)
|
|
|
|
}
|
|
|
|
|
|
|
|
requestAddons, err := DecodeHeaderAddons(&buffer, reader)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, false, newError("failed to decode request header addons").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
buffer.Clear()
|
|
|
|
if _, err := buffer.ReadFullFrom(reader, 1); err != nil {
|
|
|
|
return nil, nil, false, newError("failed to read request command").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
request.Command = protocol.RequestCommand(buffer.Byte(0))
|
|
|
|
switch request.Command {
|
|
|
|
case protocol.RequestCommandMux:
|
|
|
|
request.Address = net.DomainAddress("v1.mux.cool")
|
|
|
|
request.Port = 0
|
|
|
|
case protocol.RequestCommandTCP, protocol.RequestCommandUDP:
|
|
|
|
if addr, port, err := addrParser.ReadAddressPort(&buffer, reader); err == nil {
|
|
|
|
request.Address = addr
|
|
|
|
request.Port = port
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if request.Address == nil {
|
|
|
|
return nil, nil, false, newError("invalid request address")
|
|
|
|
}
|
|
|
|
return request, requestAddons, false, nil
|
|
|
|
default:
|
|
|
|
return nil, nil, isfb, newError("invalid request version")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// EncodeResponseHeader writes encoded response header into the given writer.
|
|
|
|
func EncodeResponseHeader(writer io.Writer, request *protocol.RequestHeader, responseAddons *Addons) error {
|
|
|
|
buffer := buf.StackNew()
|
|
|
|
defer buffer.Release()
|
|
|
|
|
|
|
|
if err := buffer.WriteByte(request.Version); err != nil {
|
|
|
|
return newError("failed to write response version").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := EncodeHeaderAddons(&buffer, responseAddons); err != nil {
|
|
|
|
return newError("failed to encode response header addons").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := writer.Write(buffer.Bytes()); err != nil {
|
|
|
|
return newError("failed to write response header").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecodeResponseHeader decodes and returns (if successful) a ResponseHeader from an input stream.
|
|
|
|
func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*Addons, error) {
|
|
|
|
buffer := buf.StackNew()
|
|
|
|
defer buffer.Release()
|
|
|
|
|
|
|
|
if _, err := buffer.ReadFullFrom(reader, 1); err != nil {
|
|
|
|
return nil, newError("failed to read response version").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if buffer.Byte(0) != request.Version {
|
|
|
|
return nil, newError("unexpected response version. Expecting ", int(request.Version), " but actually ", int(buffer.Byte(0)))
|
|
|
|
}
|
|
|
|
|
|
|
|
responseAddons, err := DecodeHeaderAddons(&buffer, reader)
|
|
|
|
if err != nil {
|
|
|
|
return nil, newError("failed to decode response header addons").Base(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return responseAddons, nil
|
|
|
|
}
|
|
|
|
|
2022-10-29 04:51:59 +00:00
|
|
|
// XtlsRead filter and read xtls protocol
|
2023-05-04 02:21:45 +00:00
|
|
|
func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, input *bytes.Reader, rawInput *bytes.Buffer,
|
|
|
|
ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool,
|
2022-12-26 00:37:35 +00:00
|
|
|
isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32,
|
|
|
|
) error {
|
2022-10-29 04:51:59 +00:00
|
|
|
err := func() error {
|
2023-02-28 03:14:37 +00:00
|
|
|
withinPaddingBuffers := true
|
2022-10-29 04:51:59 +00:00
|
|
|
shouldSwitchToDirectCopy := false
|
|
|
|
var remainingContent int32 = -1
|
|
|
|
var remainingPadding int32 = -1
|
|
|
|
currentCommand := 0
|
|
|
|
for {
|
|
|
|
if shouldSwitchToDirectCopy {
|
2023-05-04 02:21:45 +00:00
|
|
|
var writerConn net.Conn
|
|
|
|
if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil {
|
|
|
|
writerConn = inbound.Conn
|
|
|
|
if inbound.CanSpliceCopy == 2 {
|
|
|
|
inbound.CanSpliceCopy = 1 // force the value to 1, don't use setter
|
2020-12-04 01:36:16 +00:00
|
|
|
}
|
|
|
|
}
|
2023-05-04 02:21:45 +00:00
|
|
|
return proxy.CopyRawConnIfExist(ctx, conn, writerConn, writer, timer)
|
2020-11-25 11:01:53 +00:00
|
|
|
}
|
|
|
|
buffer, err := reader.ReadMultiBuffer()
|
|
|
|
if !buffer.IsEmpty() {
|
2023-02-28 03:14:37 +00:00
|
|
|
if withinPaddingBuffers || *numberOfPacketToFilter > 0 {
|
2022-10-29 04:51:59 +00:00
|
|
|
buffer = XtlsUnpadding(ctx, buffer, userUUID, &remainingContent, &remainingPadding, ¤tCommand)
|
|
|
|
if remainingContent == 0 && remainingPadding == 0 {
|
|
|
|
if currentCommand == 1 {
|
2023-02-28 03:14:37 +00:00
|
|
|
withinPaddingBuffers = false
|
|
|
|
remainingContent = -1
|
|
|
|
remainingPadding = -1 // set to initial state to parse the next padding
|
2022-10-29 04:51:59 +00:00
|
|
|
} else if currentCommand == 2 {
|
2023-02-28 03:14:37 +00:00
|
|
|
withinPaddingBuffers = false
|
2022-10-29 04:51:59 +00:00
|
|
|
shouldSwitchToDirectCopy = true
|
2023-01-06 05:37:16 +00:00
|
|
|
// XTLS Vision processes struct TLS Conn's input and rawInput
|
|
|
|
if inputBuffer, err := buf.ReadFrom(input); err == nil {
|
|
|
|
if !inputBuffer.IsEmpty() {
|
|
|
|
buffer, _ = buf.MergeMulti(buffer, inputBuffer)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if rawInputBuffer, err := buf.ReadFrom(rawInput); err == nil {
|
|
|
|
if !rawInputBuffer.IsEmpty() {
|
|
|
|
buffer, _ = buf.MergeMulti(buffer, rawInputBuffer)
|
|
|
|
}
|
|
|
|
}
|
2023-02-28 03:14:37 +00:00
|
|
|
} else if currentCommand == 0 {
|
|
|
|
withinPaddingBuffers = true
|
|
|
|
} else {
|
2022-10-29 04:51:59 +00:00
|
|
|
newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
|
|
|
|
}
|
2023-02-28 03:14:37 +00:00
|
|
|
} else if remainingContent > 0 || remainingPadding > 0 {
|
|
|
|
withinPaddingBuffers = true
|
|
|
|
} else {
|
|
|
|
withinPaddingBuffers = false
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if *numberOfPacketToFilter > 0 {
|
2022-11-22 03:37:22 +00:00
|
|
|
XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx)
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
2020-11-25 11:01:53 +00:00
|
|
|
timer.Update()
|
|
|
|
if werr := writer.WriteMultiBuffer(buffer); werr != nil {
|
|
|
|
return werr
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
if err != nil && errors.Cause(err) != io.EOF {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2022-10-29 04:51:59 +00:00
|
|
|
|
|
|
|
// XtlsWrite filter and write xtls protocol
|
2023-05-04 02:21:45 +00:00
|
|
|
func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn,
|
2023-02-28 03:14:37 +00:00
|
|
|
ctx context.Context, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool,
|
2022-12-26 00:37:35 +00:00
|
|
|
cipher *uint16, remainingServerHello *int32,
|
|
|
|
) error {
|
2022-10-29 04:51:59 +00:00
|
|
|
err := func() error {
|
|
|
|
var ct stats.Counter
|
2023-02-28 03:14:37 +00:00
|
|
|
isPadding := true
|
2022-10-29 04:51:59 +00:00
|
|
|
shouldSwitchToDirectCopy := false
|
|
|
|
for {
|
|
|
|
buffer, err := reader.ReadMultiBuffer()
|
|
|
|
if !buffer.IsEmpty() {
|
|
|
|
if *numberOfPacketToFilter > 0 {
|
2022-11-22 03:37:22 +00:00
|
|
|
XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx)
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
2023-02-28 03:14:37 +00:00
|
|
|
if isPadding {
|
2022-11-13 17:18:23 +00:00
|
|
|
buffer = ReshapeMultiBuffer(ctx, buffer)
|
2022-10-29 04:51:59 +00:00
|
|
|
var xtlsSpecIndex int
|
|
|
|
for i, b := range buffer {
|
2023-02-28 03:14:37 +00:00
|
|
|
if *isTLS && b.Len() >= 6 && bytes.Equal(tlsApplicationDataStart, b.BytesTo(3)) {
|
|
|
|
var command byte = CommandPaddingEnd
|
2022-11-13 17:18:23 +00:00
|
|
|
if *enableXtls {
|
2022-10-29 04:51:59 +00:00
|
|
|
shouldSwitchToDirectCopy = true
|
|
|
|
xtlsSpecIndex = i
|
2023-02-28 03:14:37 +00:00
|
|
|
command = CommandPaddingDirect
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
2023-02-28 03:14:37 +00:00
|
|
|
isPadding = false
|
|
|
|
buffer[i] = XtlsPadding(b, command, nil, *isTLS, ctx)
|
2022-10-29 04:51:59 +00:00
|
|
|
break
|
2023-02-28 03:14:37 +00:00
|
|
|
} else if !*isTLS12orAbove && *numberOfPacketToFilter <= 1 { // For compatibility with earlier vision receiver, we finish padding 1 packet early
|
|
|
|
isPadding = false
|
|
|
|
buffer[i] = XtlsPadding(b, CommandPaddingEnd, nil, *isTLS, ctx)
|
2022-10-29 04:51:59 +00:00
|
|
|
break
|
|
|
|
}
|
2023-02-28 03:14:37 +00:00
|
|
|
buffer[i] = XtlsPadding(b, CommandPaddingContinue, nil, *isTLS, ctx)
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
|
|
|
if shouldSwitchToDirectCopy {
|
|
|
|
encryptBuffer, directBuffer := buf.SplitMulti(buffer, xtlsSpecIndex+1)
|
|
|
|
if !encryptBuffer.IsEmpty() {
|
|
|
|
timer.Update()
|
|
|
|
if werr := writer.WriteMultiBuffer(encryptBuffer); werr != nil {
|
|
|
|
return werr
|
|
|
|
}
|
|
|
|
}
|
|
|
|
time.Sleep(5 * time.Millisecond) // for some device, the first xtls direct packet fails without this delay
|
2023-05-04 02:21:45 +00:00
|
|
|
|
|
|
|
if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.CanSpliceCopy == 2 {
|
|
|
|
inbound.CanSpliceCopy = 1 // force the value to 1, don't use setter
|
|
|
|
}
|
|
|
|
buffer = directBuffer
|
|
|
|
rawConn, _, writerCounter := proxy.UnwrapRawConn(conn)
|
|
|
|
writer = buf.NewWriter(rawConn)
|
|
|
|
ct = writerCounter
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if !buffer.IsEmpty() {
|
|
|
|
if ct != nil {
|
|
|
|
ct.Add(int64(buffer.Len()))
|
|
|
|
}
|
|
|
|
timer.Update()
|
|
|
|
if werr := writer.WriteMultiBuffer(buffer); werr != nil {
|
|
|
|
return werr
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
if err != nil && errors.Cause(err) != io.EOF {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-11-13 17:18:23 +00:00
|
|
|
// XtlsFilterTls filter and recognize tls 1.3 and other info
|
2022-12-26 00:37:35 +00:00
|
|
|
func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool,
|
|
|
|
cipher *uint16, remainingServerHello *int32, ctx context.Context,
|
|
|
|
) {
|
2022-10-29 04:51:59 +00:00
|
|
|
for _, b := range buffer {
|
|
|
|
*numberOfPacketToFilter--
|
|
|
|
if b.Len() >= 6 {
|
|
|
|
startsBytes := b.BytesTo(6)
|
2023-02-28 03:14:37 +00:00
|
|
|
if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == tlsHandshakeTypeServerHello {
|
2022-11-22 03:37:22 +00:00
|
|
|
*remainingServerHello = (int32(startsBytes[3])<<8 | int32(startsBytes[4])) + 5
|
|
|
|
*isTLS12orAbove = true
|
|
|
|
*isTLS = true
|
|
|
|
if b.Len() >= 79 && *remainingServerHello >= 79 {
|
|
|
|
sessionIdLen := int32(b.Byte(43))
|
2022-12-26 00:37:35 +00:00
|
|
|
cipherSuite := b.BytesRange(43+sessionIdLen+1, 43+sessionIdLen+3)
|
|
|
|
*cipher = uint16(cipherSuite[0])<<8 | uint16(cipherSuite[1])
|
2022-11-20 23:54:07 +00:00
|
|
|
} else {
|
2022-11-22 03:37:22 +00:00
|
|
|
newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx))
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
2023-02-28 03:14:37 +00:00
|
|
|
} else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == tlsHandshakeTypeClientHello {
|
2022-10-29 04:51:59 +00:00
|
|
|
*isTLS = true
|
2022-11-20 23:54:07 +00:00
|
|
|
newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
|
|
|
}
|
2022-11-22 03:37:22 +00:00
|
|
|
if *remainingServerHello > 0 {
|
|
|
|
end := *remainingServerHello
|
|
|
|
if end > b.Len() {
|
|
|
|
end = b.Len()
|
|
|
|
}
|
|
|
|
*remainingServerHello -= b.Len()
|
|
|
|
if bytes.Contains(b.BytesTo(end), tls13SupportedVersions) {
|
|
|
|
v, ok := Tls13CipherSuiteDic[*cipher]
|
|
|
|
if !ok {
|
|
|
|
v = "Old cipher: " + strconv.FormatUint(uint64(*cipher), 16)
|
2022-12-26 00:37:35 +00:00
|
|
|
} else if v != "TLS_AES_128_CCM_8_SHA256" {
|
2022-11-22 03:37:22 +00:00
|
|
|
*enableXtls = true
|
|
|
|
}
|
|
|
|
newError("XtlsFilterTls found tls 1.3! ", b.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx))
|
|
|
|
*numberOfPacketToFilter = 0
|
|
|
|
return
|
|
|
|
} else if *remainingServerHello <= 0 {
|
|
|
|
newError("XtlsFilterTls found tls 1.2! ", b.Len()).WriteToLog(session.ExportIDToError(ctx))
|
|
|
|
*numberOfPacketToFilter = 0
|
|
|
|
return
|
|
|
|
}
|
2022-12-11 04:11:35 +00:00
|
|
|
newError("XtlsFilterTls inconclusive server hello ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx))
|
2022-11-22 03:37:22 +00:00
|
|
|
}
|
2022-10-29 04:51:59 +00:00
|
|
|
if *numberOfPacketToFilter <= 0 {
|
2022-11-20 23:54:07 +00:00
|
|
|
newError("XtlsFilterTls stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-13 17:18:23 +00:00
|
|
|
// ReshapeMultiBuffer prepare multi buffer for padding stucture (max 21 bytes)
|
|
|
|
func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBuffer {
|
2023-02-24 16:42:02 +00:00
|
|
|
needReshape := 0
|
2022-11-13 17:18:23 +00:00
|
|
|
for _, b := range buffer {
|
2022-11-13 17:18:23 +00:00
|
|
|
if b.Len() >= buf.Size-21 {
|
2023-02-24 16:42:02 +00:00
|
|
|
needReshape += 1
|
2022-11-13 17:18:23 +00:00
|
|
|
}
|
|
|
|
}
|
2023-02-24 16:42:02 +00:00
|
|
|
if needReshape == 0 {
|
2022-11-13 17:18:23 +00:00
|
|
|
return buffer
|
2022-11-13 17:18:23 +00:00
|
|
|
}
|
2023-02-24 16:42:02 +00:00
|
|
|
mb2 := make(buf.MultiBuffer, 0, len(buffer)+needReshape)
|
|
|
|
toPrint := ""
|
|
|
|
for i, buffer1 := range buffer {
|
|
|
|
if buffer1.Len() >= buf.Size-21 {
|
|
|
|
index := int32(bytes.LastIndex(buffer1.Bytes(), tlsApplicationDataStart))
|
2023-02-28 03:14:37 +00:00
|
|
|
if index <= 0 || index > buf.Size-21 {
|
2022-11-13 17:18:23 +00:00
|
|
|
index = buf.Size / 2
|
|
|
|
}
|
|
|
|
buffer2 := buf.New()
|
2023-02-24 16:42:02 +00:00
|
|
|
buffer2.Write(buffer1.BytesFrom(index))
|
|
|
|
buffer1.Resize(0, index)
|
2022-11-13 17:18:23 +00:00
|
|
|
mb2 = append(mb2, buffer1, buffer2)
|
2023-02-24 16:42:02 +00:00
|
|
|
toPrint += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len()))
|
2022-11-13 17:18:23 +00:00
|
|
|
} else {
|
2023-02-24 16:42:02 +00:00
|
|
|
mb2 = append(mb2, buffer1)
|
|
|
|
toPrint += " " + strconv.Itoa(int(buffer1.Len()))
|
2022-11-13 17:18:23 +00:00
|
|
|
}
|
2023-02-24 16:42:02 +00:00
|
|
|
buffer[i] = nil
|
2022-11-13 17:18:23 +00:00
|
|
|
}
|
2023-02-24 16:42:02 +00:00
|
|
|
buffer = buffer[:0]
|
|
|
|
newError("ReshapeMultiBuffer ", toPrint).WriteToLog(session.ExportIDToError(ctx))
|
2022-11-13 17:18:23 +00:00
|
|
|
return mb2
|
|
|
|
}
|
|
|
|
|
2022-10-29 04:51:59 +00:00
|
|
|
// XtlsPadding add padding to eliminate length siganature during tls handshake
|
2023-02-28 03:14:37 +00:00
|
|
|
func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer {
|
2023-03-03 02:42:48 +00:00
|
|
|
var contentLen int32 = 0
|
2023-02-06 06:45:09 +00:00
|
|
|
var paddingLen int32 = 0
|
|
|
|
if b != nil {
|
2023-03-03 02:42:48 +00:00
|
|
|
contentLen = b.Len()
|
2023-02-06 06:45:09 +00:00
|
|
|
}
|
2023-03-03 02:42:48 +00:00
|
|
|
if contentLen < 900 && longPadding {
|
2022-10-29 04:51:59 +00:00
|
|
|
l, err := rand.Int(rand.Reader, big.NewInt(500))
|
|
|
|
if err != nil {
|
|
|
|
newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx))
|
|
|
|
}
|
2023-03-03 02:42:48 +00:00
|
|
|
paddingLen = int32(l.Int64()) + 900 - contentLen
|
2023-02-28 03:14:37 +00:00
|
|
|
} else {
|
|
|
|
l, err := rand.Int(rand.Reader, big.NewInt(256))
|
|
|
|
if err != nil {
|
|
|
|
newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx))
|
|
|
|
}
|
|
|
|
paddingLen = int32(l.Int64())
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
2023-03-17 05:17:01 +00:00
|
|
|
if paddingLen > buf.Size-21-contentLen {
|
2023-03-03 02:42:48 +00:00
|
|
|
paddingLen = buf.Size - 21 - contentLen
|
|
|
|
}
|
2022-10-29 04:51:59 +00:00
|
|
|
newbuffer := buf.New()
|
|
|
|
if userUUID != nil {
|
|
|
|
newbuffer.Write(*userUUID)
|
2023-03-03 14:45:10 +00:00
|
|
|
*userUUID = nil
|
2022-10-29 04:51:59 +00:00
|
|
|
}
|
2023-03-03 02:42:48 +00:00
|
|
|
newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)})
|
2023-02-24 16:42:02 +00:00
|
|
|
if b != nil {
|
2023-02-06 06:45:09 +00:00
|
|
|
newbuffer.Write(b.Bytes())
|
|
|
|
b.Release()
|
|
|
|
b = nil
|
|
|
|
}
|
|
|
|
newbuffer.Extend(paddingLen)
|
2023-03-03 02:42:48 +00:00
|
|
|
newError("XtlsPadding ", contentLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx))
|
2022-10-29 04:51:59 +00:00
|
|
|
return newbuffer
|
|
|
|
}
|
|
|
|
|
|
|
|
// XtlsUnpadding remove padding and parse command
|
|
|
|
func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, remainingContent *int32, remainingPadding *int32, currentCommand *int) buf.MultiBuffer {
|
|
|
|
posindex := 0
|
|
|
|
var posByte int32 = 0
|
|
|
|
if *remainingContent == -1 && *remainingPadding == -1 {
|
|
|
|
for i, b := range buffer {
|
|
|
|
if b.Len() >= 21 && bytes.Equal(userUUID, b.BytesTo(16)) {
|
|
|
|
posindex = i
|
|
|
|
posByte = 16
|
|
|
|
*remainingContent = 0
|
|
|
|
*remainingPadding = 0
|
2023-02-28 03:14:37 +00:00
|
|
|
*currentCommand = 0
|
2022-10-29 04:51:59 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if *remainingContent == -1 && *remainingPadding == -1 {
|
|
|
|
return buffer
|
|
|
|
}
|
|
|
|
mb2 := make(buf.MultiBuffer, 0, len(buffer))
|
|
|
|
for i := 0; i < posindex; i++ {
|
|
|
|
newbuffer := buf.New()
|
|
|
|
newbuffer.Write(buffer[i].Bytes())
|
|
|
|
mb2 = append(mb2, newbuffer)
|
|
|
|
}
|
|
|
|
for i := posindex; i < len(buffer); i++ {
|
|
|
|
b := buffer[i]
|
|
|
|
for posByte < b.Len() {
|
|
|
|
if *remainingContent <= 0 && *remainingPadding <= 0 {
|
2022-11-13 17:18:23 +00:00
|
|
|
if *currentCommand == 1 { // possible buffer after padding, no need to worry about xtls (command 2)
|
2022-10-29 04:51:59 +00:00
|
|
|
len := b.Len() - posByte
|
|
|
|
newbuffer := buf.New()
|
|
|
|
newbuffer.Write(b.BytesRange(posByte, posByte+len))
|
|
|
|
mb2 = append(mb2, newbuffer)
|
|
|
|
posByte += len
|
|
|
|
} else {
|
|
|
|
paddingInfo := b.BytesRange(posByte, posByte+5)
|
|
|
|
*currentCommand = int(paddingInfo[0])
|
|
|
|
*remainingContent = int32(paddingInfo[1])<<8 | int32(paddingInfo[2])
|
|
|
|
*remainingPadding = int32(paddingInfo[3])<<8 | int32(paddingInfo[4])
|
|
|
|
newError("Xtls Unpadding new block", i, " ", posByte, " content ", *remainingContent, " padding ", *remainingPadding, " ", paddingInfo[0]).WriteToLog(session.ExportIDToError(ctx))
|
|
|
|
posByte += 5
|
|
|
|
}
|
|
|
|
} else if *remainingContent > 0 {
|
|
|
|
len := *remainingContent
|
|
|
|
if b.Len() < posByte+*remainingContent {
|
|
|
|
len = b.Len() - posByte
|
|
|
|
}
|
|
|
|
newbuffer := buf.New()
|
|
|
|
newbuffer.Write(b.BytesRange(posByte, posByte+len))
|
|
|
|
mb2 = append(mb2, newbuffer)
|
|
|
|
*remainingContent -= len
|
|
|
|
posByte += len
|
|
|
|
} else { // remainingPadding > 0
|
|
|
|
len := *remainingPadding
|
|
|
|
if b.Len() < posByte+*remainingPadding {
|
|
|
|
len = b.Len() - posByte
|
|
|
|
}
|
|
|
|
*remainingPadding -= len
|
|
|
|
posByte += len
|
|
|
|
}
|
|
|
|
if posByte == b.Len() {
|
|
|
|
posByte = 0
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
buf.ReleaseMulti(buffer)
|
|
|
|
return mb2
|
|
|
|
}
|