mirror of
https://github.com/shtorm-7/sing-box-extended.git
synced 2026-05-31 08:24:24 +03:00
Merge shadowtls to library
This commit is contained in:
世界
@@ -2,8 +2,6 @@ package outbound
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/hmac"
|
||||
"crypto/sha1"
|
||||
"net"
|
||||
"os"
|
||||
|
||||
@@ -13,9 +11,8 @@ import (
|
||||
C "github.com/sagernet/sing-box/constant"
|
||||
"github.com/sagernet/sing-box/log"
|
||||
"github.com/sagernet/sing-box/option"
|
||||
"github.com/sagernet/sing-box/transport/shadowtls"
|
||||
"github.com/sagernet/sing-shadowtls"
|
||||
"github.com/sagernet/sing/common"
|
||||
E "github.com/sagernet/sing/common/exceptions"
|
||||
M "github.com/sagernet/sing/common/metadata"
|
||||
N "github.com/sagernet/sing/common/network"
|
||||
)
|
||||
@@ -24,11 +21,7 @@ var _ adapter.Outbound = (*ShadowTLS)(nil)
|
||||
|
||||
type ShadowTLS struct {
|
||||
myOutboundAdapter
|
||||
dialer N.Dialer
|
||||
serverAddr M.Socksaddr
|
||||
tlsConfig tls.Config
|
||||
version int
|
||||
password string
|
||||
client *shadowtls.Client
|
||||
}
|
||||
|
||||
func NewShadowTLS(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.ShadowTLSOutboundOptions) (*ShadowTLS, error) {
|
||||
@@ -40,84 +33,54 @@ func NewShadowTLS(ctx context.Context, router adapter.Router, logger log.Context
|
||||
logger: logger,
|
||||
tag: tag,
|
||||
},
|
||||
dialer: dialer.New(router, options.DialerOptions),
|
||||
serverAddr: options.ServerOptions.Build(),
|
||||
password: options.Password,
|
||||
}
|
||||
if options.TLS == nil || !options.TLS.Enabled {
|
||||
return nil, C.ErrTLSRequired
|
||||
}
|
||||
outbound.version = options.Version
|
||||
switch options.Version {
|
||||
case 0:
|
||||
fallthrough
|
||||
case 1:
|
||||
if options.Version == 1 {
|
||||
options.TLS.MinVersion = "1.2"
|
||||
options.TLS.MaxVersion = "1.2"
|
||||
case 2:
|
||||
case 3:
|
||||
default:
|
||||
return nil, E.New("unknown shadowtls protocol version: ", options.Version)
|
||||
}
|
||||
var err error
|
||||
if options.Version != 3 {
|
||||
outbound.tlsConfig, err = tls.NewClient(router, options.Server, common.PtrValueOrDefault(options.TLS))
|
||||
} else {
|
||||
outbound.tlsConfig, err = shadowtls.NewClientTLSConfig(options.Server, common.PtrValueOrDefault(options.TLS), options.Password)
|
||||
}
|
||||
tlsConfig, err := tls.NewClient(router, options.Server, common.PtrValueOrDefault(options.TLS))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tlsHandshakeFunc shadowtls.TLSHandshakeFunc
|
||||
switch options.Version {
|
||||
case 1, 2:
|
||||
tlsHandshakeFunc = func(ctx context.Context, conn net.Conn, _ shadowtls.TLSSessionIDGeneratorFunc) error {
|
||||
return common.Error(tls.ClientHandshake(ctx, conn, tlsConfig))
|
||||
}
|
||||
case 3:
|
||||
stdTLSConfig, err := tlsConfig.Config()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsHandshakeFunc = shadowtls.DefaultTLSHandshakeFunc(options.Password, stdTLSConfig)
|
||||
}
|
||||
client, err := shadowtls.NewClient(shadowtls.ClientConfig{
|
||||
Version: options.Version,
|
||||
Password: options.Password,
|
||||
Server: options.ServerOptions.Build(),
|
||||
Dialer: dialer.New(router, options.DialerOptions),
|
||||
TLSHandshake: tlsHandshakeFunc,
|
||||
Logger: logger,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
outbound.client = client
|
||||
return outbound, nil
|
||||
}
|
||||
|
||||
func (s *ShadowTLS) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
|
||||
switch N.NetworkName(network) {
|
||||
case N.NetworkTCP:
|
||||
return s.client.DialContext(ctx)
|
||||
default:
|
||||
return nil, os.ErrInvalid
|
||||
}
|
||||
conn, err := s.dialer.DialContext(ctx, N.NetworkTCP, s.serverAddr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
switch s.version {
|
||||
default:
|
||||
fallthrough
|
||||
case 1:
|
||||
_, err = tls.ClientHandshake(ctx, conn, s.tlsConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return conn, nil
|
||||
case 2:
|
||||
hashConn := shadowtls.NewHashReadConn(conn, s.password)
|
||||
_, err = tls.ClientHandshake(ctx, hashConn, s.tlsConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return shadowtls.NewClientConn(hashConn), nil
|
||||
case 3:
|
||||
streamWrapper := shadowtls.NewStreamWrapper(conn, s.password)
|
||||
_, err = tls.ClientHandshake(ctx, streamWrapper, s.tlsConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
authorized, serverRandom, readHMAC := streamWrapper.Authorized()
|
||||
if !authorized {
|
||||
return nil, E.New("traffic hijacked or TLS1.3 is not supported")
|
||||
}
|
||||
|
||||
hmacAdd := hmac.New(sha1.New, []byte(s.password))
|
||||
hmacAdd.Write(serverRandom)
|
||||
hmacAdd.Write([]byte("C"))
|
||||
|
||||
hmacVerify := hmac.New(sha1.New, []byte(s.password))
|
||||
hmacVerify.Write(serverRandom)
|
||||
hmacVerify.Write([]byte("S"))
|
||||
|
||||
return shadowtls.NewVerifiedConn(conn, hmacAdd, hmacVerify, readHMAC), nil
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ShadowTLS) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
|
||||
|
||||
Reference in New Issue
Block a user