func TestRequestSerialization(t *testing.T) {
assert := assert.On(t)
user := &protocol.User{
Level: 0,
Email: "*****@*****.**",
}
account := &vmess.Account{
Id: uuid.New().String(),
AlterId: 0,
}
user.Account = loader.NewTypedSettings(account)
expectedRequest := &protocol.RequestHeader{
Version: 1,
User: user,
Command: protocol.RequestCommandTCP,
Option: protocol.RequestOption(0),
Address: v2net.DomainAddress("www.v2ray.com"),
Port: v2net.Port(443),
}
buffer := alloc.NewBuffer().Clear()
client := NewClientSession(protocol.DefaultIDHash)
client.EncodeRequestHeader(expectedRequest, buffer)
userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash)
userValidator.Add(user)
server := NewServerSession(userValidator)
actualRequest, err := server.DecodeRequestHeader(buffer)
assert.Error(err).IsNil()
assert.Byte(expectedRequest.Version).Equals(actualRequest.Version)
assert.Byte(byte(expectedRequest.Command)).Equals(byte(actualRequest.Command))
assert.Byte(byte(expectedRequest.Option)).Equals(byte(actualRequest.Option))
assert.Address(expectedRequest.Address).Equals(actualRequest.Address)
assert.Port(expectedRequest.Port).Equals(actualRequest.Port)
}
import (
"bytes"
"crypto/rand"
"io"
"v2ray.com/core/common/buf"
"v2ray.com/core/common/crypto"
"v2ray.com/core/common/errors"
v2net "v2ray.com/core/common/net"
"v2ray.com/core/common/protocol"
"v2ray.com/core/common/serial"
)
const (
Version = 1
RequestOptionOneTimeAuth = protocol.RequestOption(101)
AddrTypeIPv4 = 1
AddrTypeIPv6 = 4
AddrTypeDomain = 3
)
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
buffer := buf.NewLocal(512)
defer buffer.Release()
func (this *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
buffer := make([]byte, 512)
_, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen])
if err != nil {
log.Info("Raw: Failed to read request header: ", err)
return nil, io.EOF
}
user, timestamp, valid := this.userValidator.Get(buffer[:protocol.IDBytesLen])
if !valid {
return nil, protocol.ErrInvalidUser
}
timestampHash := md5.New()
timestampHash.Write(hashTimestamp(timestamp))
iv := timestampHash.Sum(nil)
account := user.Account.(*vmess.Account)
aesStream := crypto.NewAesDecryptionStream(account.ID.CmdKey(), iv)
decryptor := crypto.NewCryptionReader(aesStream, reader)
nBytes, err := io.ReadFull(decryptor, buffer[:41])
if err != nil {
log.Debug("Raw: Failed to read request header (", nBytes, " bytes): ", err)
return nil, err
}
bufferLen := nBytes
request := &protocol.RequestHeader{
User: user,
Version: buffer[0],
}
if request.Version != Version {
log.Info("Raw: Invalid protocol version ", request.Version)
return nil, protocol.ErrInvalidVersion
}
this.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
this.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
this.responseHeader = buffer[33] // 1 byte
request.Option = protocol.RequestOption(buffer[34]) // 1 byte + 2 bytes reserved
request.Command = protocol.RequestCommand(buffer[37])
request.Port = v2net.PortFromBytes(buffer[38:40])
switch buffer[40] {
case AddrTypeIPv4:
nBytes, err = io.ReadFull(decryptor, buffer[41:45]) // 4 bytes
bufferLen += 4
if err != nil {
log.Debug("VMess: Failed to read target IPv4 (", nBytes, " bytes): ", err)
return nil, err
}
request.Address = v2net.IPAddress(buffer[41:45])
case AddrTypeIPv6:
nBytes, err = io.ReadFull(decryptor, buffer[41:57]) // 16 bytes
bufferLen += 16
if err != nil {
log.Debug("VMess: Failed to read target IPv6 (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
request.Address = v2net.IPAddress(buffer[41:57])
case AddrTypeDomain:
nBytes, err = io.ReadFull(decryptor, buffer[41:42])
if err != nil {
log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
domainLength := int(buffer[41])
if domainLength == 0 {
return nil, transport.ErrCorruptedPacket
}
nBytes, err = io.ReadFull(decryptor, buffer[42:42+domainLength])
if err != nil {
log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
bufferLen += 1 + domainLength
request.Address = v2net.DomainAddress(string(buffer[42 : 42+domainLength]))
}
nBytes, err = io.ReadFull(decryptor, buffer[bufferLen:bufferLen+4])
if err != nil {
log.Debug("VMess: Failed to read checksum (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
fnv1a := fnv.New32a()
fnv1a.Write(buffer[:bufferLen])
actualHash := fnv1a.Sum32()
expectedHash := serial.BytesToUint32(buffer[bufferLen : bufferLen+4])
if actualHash != expectedHash {
return nil, transport.ErrCorruptedPacket
}
return request, nil
}
func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
buffer := make([]byte, 512)
_, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen])
if err != nil {
log.Info("VMess|Server: Failed to read request header: ", err)
return nil, io.EOF
}
user, timestamp, valid := v.userValidator.Get(buffer[:protocol.IDBytesLen])
if !valid {
return nil, errors.New("VMess|Server: Invalid user.")
}
timestampHash := md5.New()
timestampHash.Write(hashTimestamp(timestamp))
iv := timestampHash.Sum(nil)
account, err := user.GetTypedAccount()
if err != nil {
return nil, errors.Base(err).Message("VMess|Server: Failed to get user account.")
}
aesStream := crypto.NewAesDecryptionStream(account.(*vmess.InternalAccount).ID.CmdKey(), iv)
decryptor := crypto.NewCryptionReader(aesStream, reader)
nBytes, err := io.ReadFull(decryptor, buffer[:41])
if err != nil {
return nil, errors.Base(err).Message("VMess|Server: Failed to read request header.")
}
bufferLen := nBytes
request := &protocol.RequestHeader{
User: user,
Version: buffer[0],
}
if request.Version != Version {
return nil, errors.New("VMess|Server: Invalid protocol version ", request.Version)
}
v.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
v.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
v.responseHeader = buffer[33] // 1 byte
request.Option = protocol.RequestOption(buffer[34]) // 1 byte
padingLen := int(buffer[35] >> 4)
request.Security = protocol.NormSecurity(protocol.Security(buffer[35] & 0x0F))
// 1 bytes reserved
request.Command = protocol.RequestCommand(buffer[37])
request.Port = v2net.PortFromBytes(buffer[38:40])
switch buffer[40] {
case AddrTypeIPv4:
_, err = io.ReadFull(decryptor, buffer[41:45]) // 4 bytes
bufferLen += 4
if err != nil {
return nil, errors.Base(err).Message("VMess|Server: Failed to read IPv4.")
}
request.Address = v2net.IPAddress(buffer[41:45])
case AddrTypeIPv6:
_, err = io.ReadFull(decryptor, buffer[41:57]) // 16 bytes
bufferLen += 16
if err != nil {
return nil, errors.Base(err).Message("VMess|Server: Failed to read IPv6 address.")
}
request.Address = v2net.IPAddress(buffer[41:57])
case AddrTypeDomain:
_, err = io.ReadFull(decryptor, buffer[41:42])
if err != nil {
return nil, errors.Base(err).Message("VMess:Server: Failed to read domain.")
}
domainLength := int(buffer[41])
if domainLength == 0 {
return nil, errors.New("VMess|Server: Zero length domain.")
}
_, err = io.ReadFull(decryptor, buffer[42:42+domainLength])
if err != nil {
return nil, errors.Base(err).Message("VMess|Server: Failed to read domain.")
}
bufferLen += 1 + domainLength
request.Address = v2net.DomainAddress(string(buffer[42 : 42+domainLength]))
}
if padingLen > 0 {
_, err = io.ReadFull(decryptor, buffer[bufferLen:bufferLen+padingLen])
if err != nil {
return nil, errors.New("VMess|Server: Failed to read padding.")
}
bufferLen += padingLen
}
_, err = io.ReadFull(decryptor, buffer[bufferLen:bufferLen+4])
if err != nil {
return nil, errors.Base(err).Message("VMess|Server: Failed to read checksum.")
}
fnv1a := fnv.New32a()
fnv1a.Write(buffer[:bufferLen])
actualHash := fnv1a.Sum32()
expectedHash := serial.BytesToUint32(buffer[bufferLen : bufferLen+4])
if actualHash != expectedHash {
return nil, errors.New("VMess|Server: Invalid auth.")
}
if request.Address == nil {
return nil, errors.New("VMess|Server: Invalid remote address.")
}
return request, nil
}