chore: code cleanup
This commit is contained in:
parent
96d886380a
commit
8e637a2ec7
1 changed files with 24 additions and 29 deletions
|
@ -4,17 +4,16 @@ import (
|
||||||
"crypto"
|
"crypto"
|
||||||
"crypto/aes"
|
"crypto/aes"
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
"crypto/tls"
|
|
||||||
_ "crypto/tls"
|
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
|
"io"
|
||||||
|
|
||||||
"github.com/Dreamacro/clash/common/buf"
|
"github.com/Dreamacro/clash/common/buf"
|
||||||
"github.com/Dreamacro/clash/common/utils"
|
"github.com/Dreamacro/clash/common/utils"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
|
||||||
"github.com/metacubex/quic-go/quicvarint"
|
"github.com/metacubex/quic-go/quicvarint"
|
||||||
"golang.org/x/crypto/hkdf"
|
"golang.org/x/crypto/hkdf"
|
||||||
"io"
|
|
||||||
_ "unsafe"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Modified from https://github.com/v2fly/v2ray-core/blob/master/common/protocol/quic/sniff.go
|
// Modified from https://github.com/v2fly/v2ray-core/blob/master/common/protocol/quic/sniff.go
|
||||||
|
@ -24,28 +23,9 @@ const (
|
||||||
version1 uint32 = 0x1
|
version1 uint32 = 0x1
|
||||||
)
|
)
|
||||||
|
|
||||||
type cipherSuiteTLS13 struct {
|
|
||||||
ID uint16
|
|
||||||
KeyLen int
|
|
||||||
AEAD func(key, fixedNonce []byte) cipher.AEAD
|
|
||||||
Hash crypto.Hash
|
|
||||||
}
|
|
||||||
|
|
||||||
// github.com/quic-go/quic-go/internal/handshake/cipher_suite.go describes these cipher suite implementations are copied from the standard library crypto/tls package.
|
|
||||||
// So we can user go:linkname to implement the same feature.
|
|
||||||
|
|
||||||
//go:linkname aeadAESGCMTLS13 crypto/tls.aeadAESGCMTLS13
|
|
||||||
func aeadAESGCMTLS13(key, nonceMask []byte) cipher.AEAD
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
quicSaltOld = []byte{0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99}
|
quicSaltOld = []byte{0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99}
|
||||||
quicSalt = []byte{0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a}
|
quicSalt = []byte{0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a}
|
||||||
initialSuite = &cipherSuiteTLS13{
|
|
||||||
ID: tls.TLS_AES_128_GCM_SHA256,
|
|
||||||
KeyLen: 16,
|
|
||||||
AEAD: aeadAESGCMTLS13,
|
|
||||||
Hash: crypto.SHA256,
|
|
||||||
}
|
|
||||||
errNotQuic = errors.New("not QUIC")
|
errNotQuic = errors.New("not QUIC")
|
||||||
errNotQuicInitial = errors.New("not QUIC initial packet")
|
errNotQuicInitial = errors.New("not QUIC initial packet")
|
||||||
)
|
)
|
||||||
|
@ -140,7 +120,7 @@ func (quic QuicSniffer) SniffData(b []byte) (string, error) {
|
||||||
}
|
}
|
||||||
initialSecret := hkdf.Extract(crypto.SHA256.New, destConnID, salt)
|
initialSecret := hkdf.Extract(crypto.SHA256.New, destConnID, salt)
|
||||||
secret := hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size())
|
secret := hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size())
|
||||||
hpKey := hkdfExpandLabel(initialSuite.Hash, secret, []byte{}, "quic hp", initialSuite.KeyLen)
|
hpKey := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic hp", 16)
|
||||||
block, err := aes.NewCipher(hpKey)
|
block, err := aes.NewCipher(hpKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
|
@ -175,10 +155,25 @@ func (quic QuicSniffer) SniffData(b []byte) (string, error) {
|
||||||
|
|
||||||
key := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
|
key := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
|
||||||
iv := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
|
iv := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
|
||||||
c := aeadAESGCMTLS13(key, iv)
|
aesCipher, err := aes.NewCipher(key)
|
||||||
nonce := cache.Extend(int(c.NonceSize()))
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
aead, err := cipher.NewGCM(aesCipher)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
nonce := cache.Extend(8) // 64-bit sequence number
|
||||||
binary.BigEndian.PutUint64(nonce[len(nonce)-8:], uint64(packetNumber))
|
binary.BigEndian.PutUint64(nonce[len(nonce)-8:], uint64(packetNumber))
|
||||||
decrypted, err := c.Open(b[extHdrLen:extHdrLen], nonce, data, b[:extHdrLen])
|
// copy from crypto/tls.aeadAESGCMTLS13
|
||||||
|
for i, b := range nonce {
|
||||||
|
iv[4+i] ^= b
|
||||||
|
}
|
||||||
|
decrypted, err := aead.Open(b[extHdrLen:extHdrLen], iv, data, b[:extHdrLen])
|
||||||
|
// We only decrypt once, so we do not need to XOR it back.
|
||||||
|
//for i, b := range nonce {
|
||||||
|
// iv[4+i] ^= b
|
||||||
|
//}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue