diff --git a/proxy/shadowsocks2022/client.go b/proxy/shadowsocks2022/client.go index 979d4b8f264..493cec3a3db 100644 --- a/proxy/shadowsocks2022/client.go +++ b/proxy/shadowsocks2022/client.go @@ -2,6 +2,10 @@ package shadowsocks2022 import ( "context" + gonet "net" + "sync" + "time" + "github.com/v2fly/v2ray-core/v5/common" "github.com/v2fly/v2ray-core/v5/common/buf" "github.com/v2fly/v2ray-core/v5/common/environment" @@ -15,9 +19,6 @@ import ( "github.com/v2fly/v2ray-core/v5/transport" "github.com/v2fly/v2ray-core/v5/transport/internet" "github.com/v2fly/v2ray-core/v5/transport/internet/udp" - gonet "net" - "sync" - "time" ) type Client struct { @@ -33,17 +34,17 @@ type ClientUDPConnState struct { } func (c *ClientUDPConnState) GetOrCreateSession(create func() (*ClientUDPSession, error)) (*ClientUDPSession, error) { - var err error + var errOuter error c.initOnce.Do(func() { sessionState, err := create() if err != nil { - err = newError("failed to create UDP session").Base(err) + errOuter = newError("failed to create UDP session").Base(err) return } c.session = sessionState }) - if err != nil { - return nil, newError("failed to initialize UDP State").Base(err) + if errOuter != nil { + return nil, newError("failed to initialize UDP State").Base(errOuter) } return c.session, nil } @@ -60,7 +61,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter destination := outbound.Target network := destination.Network - var keyDerivation = newBLAKE3KeyDerivation() + keyDerivation := newBLAKE3KeyDerivation() var method Method switch c.config.Method { case "2022-blake3-aes-128-gcm": @@ -107,7 +108,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter return nil }) - if err != nil { return newError("failed to find an available destination").AtWarning().Base(err) } @@ -222,7 +222,6 @@ func (c *Client) getUDPSession(ctx context.Context, network net.Network, dialer } func NewClient(ctx context.Context, config *ClientConfig) (*Client, error) { - storage := envctx.EnvironmentFromContext(ctx).(environment.ProxyEnvironment).TransientStorage() udpState, err := NewClientUDPConnState() diff --git a/proxy/shadowsocks2022/client_session.go b/proxy/shadowsocks2022/client_session.go index 9c70c008cc7..4996689b7d0 100644 --- a/proxy/shadowsocks2022/client_session.go +++ b/proxy/shadowsocks2022/client_session.go @@ -3,13 +3,14 @@ package shadowsocks2022 import ( "context" "crypto/rand" - "github.com/v2fly/v2ray-core/v5/common/buf" - "github.com/v2fly/v2ray-core/v5/common/net" - "github.com/v2fly/v2ray-core/v5/transport/internet" "io" gonet "net" "sync" "time" + + "github.com/v2fly/v2ray-core/v5/common/buf" + "github.com/v2fly/v2ray-core/v5/common/net" + "github.com/v2fly/v2ray-core/v5/transport/internet" ) func NewClientUDPSession(ctx context.Context, conn io.ReadWriteCloser, packetProcessor UDPClientPacketProcessor) *ClientUDPSession { @@ -165,7 +166,7 @@ func (c *ClientUDPSessionConn) ReadFrom(p []byte) (n int, addr net.Addr, err err case resp := <-c.readChan: n = copy(p, resp.Payload.Bytes()) resp.Payload.Release() - addr = &net.UDPAddr{IP: resp.Address.IP(), Port: int(resp.Port)} + addr = &net.UDPAddr{IP: resp.Address.IP(), Port: resp.Port} } return } diff --git a/proxy/shadowsocks2022/eih_aes.go b/proxy/shadowsocks2022/eih_aes.go index 08f5dbe68ee..712871841e5 100644 --- a/proxy/shadowsocks2022/eih_aes.go +++ b/proxy/shadowsocks2022/eih_aes.go @@ -2,9 +2,12 @@ package shadowsocks2022 import ( "crypto/subtle" + "io" + "github.com/lunixbochs/struc" + "github.com/v2fly/v2ray-core/v5/common/buf" - "io" + "lukechampine.com/blake3" ) diff --git a/proxy/shadowsocks2022/encoding.go b/proxy/shadowsocks2022/encoding.go index 70d78e06c34..2825fe08e62 100644 --- a/proxy/shadowsocks2022/encoding.go +++ b/proxy/shadowsocks2022/encoding.go @@ -9,6 +9,7 @@ import ( "time" "github.com/lunixbochs/struc" + "github.com/v2fly/v2ray-core/v5/common/buf" "github.com/v2fly/v2ray-core/v5/common/crypto" "github.com/v2fly/v2ray-core/v5/common/net" @@ -32,7 +33,8 @@ type TCPRequest struct { } func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte, - eih [][]byte, address DestinationAddress, destPort int, initialPayload []byte, Out *buf.Buffer) error { + eih [][]byte, address DestinationAddress, destPort int, initialPayload []byte, out *buf.Buffer, +) error { requestSalt := newRequestSaltWithLength(t.method.GetSessionSubKeyAndSaltLength()) { err := requestSalt.FillAllFrom(cryptoRand.Reader) @@ -41,7 +43,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte, } } t.c2sSalt = requestSalt - var sessionKey = make([]byte, t.method.GetSessionSubKeyAndSaltLength()) + sessionKey := make([]byte, t.method.GetSessionSubKeyAndSaltLength()) { err := t.keyDerivation.GetSessionSubKey(effectivePsk, requestSalt.Bytes(), sessionKey) if err != nil { @@ -54,7 +56,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte, return newError("failed to get stream AEAD").Base(err) } t.c2sAEAD = aead - var paddingLength = TCPMinPaddingLength + paddingLength := TCPMinPaddingLength if initialPayload == nil { initialPayload = []byte{} paddingLength += rand.Intn(TCPMaxPaddingLength) // TODO INSECURE RANDOM USED @@ -128,7 +130,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte, requestNonce := crypto.GenerateInitialAEADNonce() t.c2sNonce = requestNonce { - n, err := Out.Write(preSessionKeyHeaderBuffer.BytesFrom(0)) + n, err := out.Write(preSessionKeyHeaderBuffer.BytesFrom(0)) if err != nil { return newError("failed to write pre session key header").Base(err) } @@ -137,28 +139,28 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte, } } { - fixedLengthEncrypted := Out.Extend(fixedLengthHeaderBuffer.Len() + int32(aead.Overhead())) + fixedLengthEncrypted := out.Extend(fixedLengthHeaderBuffer.Len() + int32(aead.Overhead())) aead.Seal(fixedLengthEncrypted[:0], requestNonce(), fixedLengthHeaderBuffer.Bytes(), nil) } { - variableLengthEncrypted := Out.Extend(variableLengthHeaderBuffer.Len() + int32(aead.Overhead())) + variableLengthEncrypted := out.Extend(variableLengthHeaderBuffer.Len() + int32(aead.Overhead())) aead.Seal(variableLengthEncrypted[:0], requestNonce(), variableLengthHeaderBuffer.Bytes(), nil) } return nil } -func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader) error { +func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, in io.Reader) error { var preSessionKeyHeader TCPResponseHeader1PreSessionKey preSessionKeyHeader.Salt = newRequestSaltWithLength(t.method.GetSessionSubKeyAndSaltLength()) { - err := struc.Unpack(In, &preSessionKeyHeader) + err := struc.Unpack(in, &preSessionKeyHeader) if err != nil { return newError("failed to unpack pre session key header").Base(err) } } - var s2cSalt = preSessionKeyHeader.Salt.Bytes() + s2cSalt := preSessionKeyHeader.Salt.Bytes() t.s2cSalt = preSessionKeyHeader.Salt - var sessionKey = make([]byte, t.method.GetSessionSubKeyAndSaltLength()) + sessionKey := make([]byte, t.method.GetSessionSubKeyAndSaltLength()) { err := t.keyDerivation.GetSessionSubKey(effectivePsk, s2cSalt, sessionKey) if err != nil { @@ -171,17 +173,17 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader) } t.s2cAEAD = aead - var fixedLengthHeaderEncryptedBuffer = buf.New() + fixedLengthHeaderEncryptedBuffer := buf.New() defer fixedLengthHeaderEncryptedBuffer.Release() { - _, err := fixedLengthHeaderEncryptedBuffer.ReadFullFrom(In, 11+int32(t.method.GetSessionSubKeyAndSaltLength())+int32(aead.Overhead())) + _, err := fixedLengthHeaderEncryptedBuffer.ReadFullFrom(in, 11+int32(t.method.GetSessionSubKeyAndSaltLength())+int32(aead.Overhead())) if err != nil { return newError("failed to read fixed length header encrypted").Base(err) } } s2cNonce := crypto.GenerateInitialAEADNonce() t.s2cNonce = s2cNonce - var fixedLengthHeaderDecryptedBuffer = buf.New() + fixedLengthHeaderDecryptedBuffer := buf.New() defer fixedLengthHeaderDecryptedBuffer.Release() { decryptionBuffer := fixedLengthHeaderDecryptedBuffer.Extend(11 + int32(t.method.GetSessionSubKeyAndSaltLength())) @@ -213,13 +215,13 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader) } func (t *TCPRequest) CheckC2SConnectionConstraint() error { - if bytes.Compare(t.c2sSalt.Bytes(), t.s2cSaltAssert.Bytes()) != 0 { + if !bytes.Equal(t.c2sSalt.Bytes(), t.s2cSaltAssert.Bytes()) { return newError("c2s salt not equal to s2c salt assert") } return nil } -func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buffer) (buf.Reader, error) { +func (t *TCPRequest) CreateClientS2CReader(in io.Reader, initialPayload *buf.Buffer) (buf.Reader, error) { AEADAuthenticator := &crypto.AEADAuthenticator{ AEAD: t.s2cAEAD, NonceGenerator: t.s2cNonce, @@ -228,7 +230,7 @@ func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buf initialPayloadEncrypted := buf.NewWithSize(65535) defer initialPayloadEncrypted.Release() initialPayloadEncryptedBytes := initialPayloadEncrypted.Extend(int32(t.s2cAEAD.Overhead()) + int32(t.s2cInitialPayloadSize)) - _, err := io.ReadFull(In, initialPayloadEncryptedBytes) + _, err := io.ReadFull(in, initialPayloadEncryptedBytes) if err != nil { return nil, newError("failed to read initial payload").Base(err) } @@ -239,7 +241,7 @@ func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buf } return crypto.NewAuthenticationReader(AEADAuthenticator, &crypto.AEADChunkSizeParser{ Auth: AEADAuthenticator, - }, In, protocol.TransferTypeStream, nil), nil + }, in, protocol.TransferTypeStream, nil), nil } func (t *TCPRequest) CreateClientC2SWriter(writer io.Writer) buf.Writer { diff --git a/proxy/shadowsocks2022/kdf_blake3.go b/proxy/shadowsocks2022/kdf_blake3.go index 9a6ca813db3..75e2966ee1c 100644 --- a/proxy/shadowsocks2022/kdf_blake3.go +++ b/proxy/shadowsocks2022/kdf_blake3.go @@ -1,31 +1,31 @@ package shadowsocks2022 import ( - "github.com/v2fly/v2ray-core/v5/common/buf" "lukechampine.com/blake3" + + "github.com/v2fly/v2ray-core/v5/common/buf" ) func newBLAKE3KeyDerivation() *BLAKE3KeyDerivation { return &BLAKE3KeyDerivation{} } -type BLAKE3KeyDerivation struct { -} +type BLAKE3KeyDerivation struct{} -func (B BLAKE3KeyDerivation) GetSessionSubKey(effectivePsk, Salt []byte, OutKey []byte) error { +func (b BLAKE3KeyDerivation) GetSessionSubKey(effectivePsk, salt []byte, outKey []byte) error { keyingMaterialBuffer := buf.New() keyingMaterialBuffer.Write(effectivePsk) - keyingMaterialBuffer.Write(Salt) - blake3.DeriveKey(OutKey, "shadowsocks 2022 session subkey", keyingMaterialBuffer.Bytes()) + keyingMaterialBuffer.Write(salt) + blake3.DeriveKey(outKey, "shadowsocks 2022 session subkey", keyingMaterialBuffer.Bytes()) keyingMaterialBuffer.Release() return nil } -func (B BLAKE3KeyDerivation) GetIdentitySubKey(effectivePsk, Salt []byte, OutKey []byte) error { +func (b BLAKE3KeyDerivation) GetIdentitySubKey(effectivePsk, salt []byte, outKey []byte) error { keyingMaterialBuffer := buf.New() keyingMaterialBuffer.Write(effectivePsk) - keyingMaterialBuffer.Write(Salt) - blake3.DeriveKey(OutKey, "shadowsocks 2022 identity subkey", keyingMaterialBuffer.Bytes()) + keyingMaterialBuffer.Write(salt) + blake3.DeriveKey(outKey, "shadowsocks 2022 identity subkey", keyingMaterialBuffer.Bytes()) keyingMaterialBuffer.Release() return nil } diff --git a/proxy/shadowsocks2022/method_aes128gcm.go b/proxy/shadowsocks2022/method_aes128gcm.go index e7ef940a861..5d2d8c8d070 100644 --- a/proxy/shadowsocks2022/method_aes128gcm.go +++ b/proxy/shadowsocks2022/method_aes128gcm.go @@ -9,15 +9,14 @@ func newAES128GCMMethod() *AES128GCMMethod { return &AES128GCMMethod{} } -type AES128GCMMethod struct { -} +type AES128GCMMethod struct{} -func (A AES128GCMMethod) GetSessionSubKeyAndSaltLength() int { +func (a AES128GCMMethod) GetSessionSubKeyAndSaltLength() int { return 16 } -func (A AES128GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error) { - aesCipher, err := aes.NewCipher(SessionSubKey) +func (a AES128GCMMethod) GetStreamAEAD(sessionSubKey []byte) (cipher.AEAD, error) { + aesCipher, err := aes.NewCipher(sessionSubKey) if err != nil { return nil, newError("failed to create AES cipher").Base(err) } @@ -28,8 +27,8 @@ func (A AES128GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error return aead, nil } -func (A AES128GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash []byte, out []byte) error { - aesCipher, err := aes.NewCipher(CurrentIdentitySubKey) +func (a AES128GCMMethod) GenerateEIH(currentIdentitySubKey []byte, nextPskHash []byte, out []byte) error { + aesCipher, err := aes.NewCipher(currentIdentitySubKey) if err != nil { return newError("failed to create AES cipher").Base(err) } @@ -37,7 +36,7 @@ func (A AES128GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash [ return nil } -func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) { +func (a AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) { reqSeparateHeaderPsk := psk if ipsk != nil { reqSeparateHeaderPsk = ipsk[0] @@ -51,9 +50,12 @@ func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva return nil, newError("failed to create AES cipher").Base(err) } getPacketAEAD := func(sessionID []byte) cipher.AEAD { - sessionKey := make([]byte, A.GetSessionSubKeyAndSaltLength()) + sessionKey := make([]byte, a.GetSessionSubKeyAndSaltLength()) derivation.GetSessionSubKey(psk, sessionID, sessionKey) block, err := aes.NewCipher(sessionKey) + if err != nil { + panic(err) + } aead, err := cipher.NewGCM(block) if err != nil { panic(err) @@ -62,7 +64,7 @@ func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva } eihGenerator := newAESEIHGeneratorContainer(len(ipsk), psk, ipsk) getEIH := func(mask []byte) ExtensibleIdentityHeaders { - eih, err := eihGenerator.GenerateEIHUDP(derivation, A, mask) + eih, err := eihGenerator.GenerateEIHUDP(derivation, a, mask) if err != nil { newError("failed to generate EIH").Base(err).WriteToLog() } diff --git a/proxy/shadowsocks2022/method_aes256gcm.go b/proxy/shadowsocks2022/method_aes256gcm.go index 20cc601f3e2..064ff3b8ee7 100644 --- a/proxy/shadowsocks2022/method_aes256gcm.go +++ b/proxy/shadowsocks2022/method_aes256gcm.go @@ -9,15 +9,14 @@ func newAES256GCMMethod() *AES256GCMMethod { return &AES256GCMMethod{} } -type AES256GCMMethod struct { -} +type AES256GCMMethod struct{} -func (A AES256GCMMethod) GetSessionSubKeyAndSaltLength() int { +func (a AES256GCMMethod) GetSessionSubKeyAndSaltLength() int { return 32 } -func (A AES256GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error) { - aesCipher, err := aes.NewCipher(SessionSubKey) +func (a AES256GCMMethod) GetStreamAEAD(sessionSubKey []byte) (cipher.AEAD, error) { + aesCipher, err := aes.NewCipher(sessionSubKey) if err != nil { return nil, newError("failed to create AES cipher").Base(err) } @@ -28,8 +27,8 @@ func (A AES256GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error return aead, nil } -func (A AES256GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash []byte, out []byte) error { - aesCipher, err := aes.NewCipher(CurrentIdentitySubKey) +func (a AES256GCMMethod) GenerateEIH(currentIdentitySubKey []byte, nextPskHash []byte, out []byte) error { + aesCipher, err := aes.NewCipher(currentIdentitySubKey) if err != nil { return newError("failed to create AES cipher").Base(err) } @@ -37,7 +36,7 @@ func (A AES256GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash [ return nil } -func (A AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) { +func (a AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) { reqSeparateHeaderPsk := psk if ipsk != nil { reqSeparateHeaderPsk = ipsk[0] @@ -51,9 +50,12 @@ func (A AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva return nil, newError("failed to create AES cipher").Base(err) } getPacketAEAD := func(sessionID []byte) cipher.AEAD { - sessionKey := make([]byte, A.GetSessionSubKeyAndSaltLength()) + sessionKey := make([]byte, a.GetSessionSubKeyAndSaltLength()) derivation.GetSessionSubKey(psk, sessionID, sessionKey) block, err := aes.NewCipher(sessionKey) + if err != nil { + panic(err) + } aead, err := cipher.NewGCM(block) if err != nil { panic(err) @@ -62,7 +64,7 @@ func (A AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva } eihGenerator := newAESEIHGeneratorContainer(len(ipsk), psk, ipsk) getEIH := func(mask []byte) ExtensibleIdentityHeaders { - eih, err := eihGenerator.GenerateEIHUDP(derivation, A, mask) + eih, err := eihGenerator.GenerateEIHUDP(derivation, a, mask) if err != nil { newError("failed to generate EIH").Base(err).WriteToLog() } diff --git a/proxy/shadowsocks2022/requestsalt.go b/proxy/shadowsocks2022/requestsalt.go index 8f66a74e68e..a407ea714cd 100644 --- a/proxy/shadowsocks2022/requestsalt.go +++ b/proxy/shadowsocks2022/requestsalt.go @@ -2,8 +2,9 @@ package shadowsocks2022 import ( "encoding/hex" - "github.com/lunixbochs/struc" "io" + + "github.com/lunixbochs/struc" ) func newRequestSaltWithLength(length int) RequestSalt { diff --git a/proxy/shadowsocks2022/ss2022.go b/proxy/shadowsocks2022/ss2022.go index 67b425ac4b7..824dbbe6bb4 100644 --- a/proxy/shadowsocks2022/ss2022.go +++ b/proxy/shadowsocks2022/ss2022.go @@ -2,11 +2,13 @@ package shadowsocks2022 import ( "crypto/cipher" + "io" + "github.com/lunixbochs/struc" + "github.com/v2fly/v2ray-core/v5/common/buf" "github.com/v2fly/v2ray-core/v5/common/net" "github.com/v2fly/v2ray-core/v5/common/protocol" - "io" ) //go:generate go run github.com/v2fly/v2ray-core/v5/common/errors/errorgen @@ -78,10 +80,12 @@ type TCPResponseHeader struct { Header TCPResponseHeader2FixedLength } -const TCPHeaderTypeClientToServerStream = byte(0x00) -const TCPHeaderTypeServerToClientStream = byte(0x01) -const TCPMinPaddingLength = 0 -const TCPMaxPaddingLength = 900 +const ( + TCPHeaderTypeClientToServerStream = byte(0x00) + TCPHeaderTypeServerToClientStream = byte(0x01) + TCPMinPaddingLength = 0 + TCPMaxPaddingLength = 900 +) var addrParser = protocol.NewAddressParser( protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4), @@ -103,8 +107,10 @@ type UDPResponse struct { ClientSessionID [8]byte } -const UDPHeaderTypeClientToServerStream = byte(0x00) -const UDPHeaderTypeServerToClientStream = byte(0x01) +const ( + UDPHeaderTypeClientToServerStream = byte(0x00) + UDPHeaderTypeServerToClientStream = byte(0x01) +) // UDPClientPacketProcessor // Caller retain and receive all ownership of the buffer diff --git a/proxy/shadowsocks2022/udp_aes.go b/proxy/shadowsocks2022/udp_aes.go index f7a6d3c3df9..82fba27f75b 100644 --- a/proxy/shadowsocks2022/udp_aes.go +++ b/proxy/shadowsocks2022/udp_aes.go @@ -3,10 +3,12 @@ package shadowsocks2022 import ( "bytes" "crypto/cipher" + "io" + "github.com/lunixbochs/struc" + "github.com/v2fly/v2ray-core/v5/common/buf" "github.com/v2fly/v2ray-core/v5/common/net" - "io" ) type AESUDPClientPacketProcessor struct { @@ -140,7 +142,7 @@ func (p *AESUDPClientPacketProcessor) DecodeUDPResp(input []byte, resp *UDPRespo } } resp.TimeStamp = headerStruct.TimeStamp - var addressReaderBuf = buf.New() + addressReaderBuf := buf.New() defer addressReaderBuf.Release() var port net.Port resp.Address, port, err = addrParser.ReadAddressPort(addressReaderBuf, decryptedDestReader)