shadowsocks_ruby 0.1.0

data/lib/shadowsocks_ruby/connections/udp/client_connection.rb

@@ -0,0 +1,43 @@
+module ShadowsocksRuby
+  module Connections
+    # Provides various functionality code of a UDP Connection.
+    #
+    # @example
+    #     class DummyConnection < EventMachine::Connection
+    #       include ShadowsocksRuby::Connections::UDP::ClientConnection
+    #     end
+    #     # some how get a DummyConnection object
+    #     # dummy_connection = ...
+    #     # dummy_connection.plexer_protocol.udp_process_client will be called looply
+    module UDP
+      # (see TCP::ClientConnection)
+      module ClientConnection
+        include ShadowsocksRuby::Connections::Connection
+        include ShadowsocksRuby::Connections::ServerConnection
+
+        # (see TCP::ClientConnection#initialize)
+        def initialize protocol_stack, params, backend_protocol_stack, backend_params
+          super
+        end
+
+        def process_first_packet
+          address_bin = packet_protocol.udp_receive_from_client(-1)
+          create_plexer(@params[:host], @params[:port], RemoteServerConnection)
+          plexer.packet_protocol.udp_send_to_remoteserver address_bin
+          class << self
+            alias process_hook process_other_packet
+          end
+        end
+
+        # This is Called by process loop 
+        alias process_hook process_first_packet
+
+        def process_other_packet
+          data = packet_protocol.udp_receive_from_client(-1)
+          plexer.packet_protocol.udp_send_to_remoteserver(data)
+        end
+
+      end
+    end
+  end
+end

data/lib/shadowsocks_ruby/connections/udp/destination_connection.rb

@@ -0,0 +1,18 @@
+module ShadowsocksRuby
+  module Connections
+    module UDP
+      # (see TCP::ClientConnection)
+      module DestinationConnection
+        include ShadowsocksRuby::Connections::Connection
+        include ShadowsocksRuby::Connections::BackendConnection
+
+        # (see TCP::ClientConnection#process_hook)
+        def process_hook
+          data = packet_protocol.udp_receive_from_destination(-1)
+          plexer.packet_protocol.udp_send_to_localbackend(data)
+        end
+
+      end
+    end
+  end
+end

data/lib/shadowsocks_ruby/connections/udp/localbackend_connection.rb

@@ -0,0 +1,29 @@
+module ShadowsocksRuby
+  module Connections
+    module UDP
+      # (see TCP::ClientConnection)
+      module LocalBackendConnection
+        include ShadowsocksRuby::Connections::Connection
+        include ShadowsocksRuby::Connections::ServerConnection
+
+        def process_first_packet
+          address_bin = packet_protocol.udp_receive_from_localbackend(-1)
+          host, port = Util::parse_address_bin(address_bin)
+          create_plexer(host, port, DestinationConnection)
+          class << self
+            alias process_hook process_other_packet
+          end
+        end
+
+        # (see TCP::ClientConnection#process_hook)
+        alias process_hook process_first_packet
+
+        def process_other_packet
+          data = packet_protocol.udp_receive_from_localbackend(-1)
+          plexer.packet_protocol.udp_send_to_destination(data)
+        end
+
+      end
+    end
+  end
+end

data/lib/shadowsocks_ruby/connections/udp/remoteserver_connection.rb

@@ -0,0 +1,18 @@
+module ShadowsocksRuby
+  module Connections
+    module UDP
+      # (see TCP::ClientConnection)
+      module RemoteServerConnection
+        include ShadowsocksRuby::Connections::Connection
+        include ShadowsocksRuby::Connections::BackendConnection
+
+        # (see TCP::ClientConnection#process_hook)
+        def process_hook
+          data = packet_protocol.udp_receive_from_remoteserver(-1)
+          plexer.packet_protocol.udp_send_to_client(data)
+        end
+
+      end
+    end
+  end
+end

data/lib/shadowsocks_ruby/protocols/cipher/iv_cipher.rb

@@ -0,0 +1,99 @@
+module ShadowsocksRuby
+  module Protocols
+
+    # To be used with any cipher methods with an IV, like {Cipher::OpenSSL},
+    # {Cipher::RbNaCl} and {Cipher::RC4_MD5}.
+    class IvCipherProtocol
+      include DummyHelper
+      include BufferHelper
+
+      attr_accessor :next_protocol
+
+      # @param [Hash]                                                                  configuration parameters
+      # @option params [Cipher::OpenSSL, Cipher::RbNaCl, Cipher::RC4_MD5] :cipher      a cipher object with IV and a key, +required+
+      def initialize params = {}
+        @cipher = params[:cipher] or raise ProtocolError, "params[:cipher] is required"
+        @buffer =""
+      end
+
+      def tcp_receive_from_remoteserver_first_packet n
+        iv_len = @cipher.iv_len
+        @recv_iv = async_recv iv_len
+        class << self
+          alias tcp_receive_from_remoteserver tcp_receive_from_remoteserver_other_packet
+        end
+        tcp_receive_from_remoteserver_other_packet n
+      end
+
+      alias tcp_receive_from_remoteserver tcp_receive_from_remoteserver_first_packet
+
+      def tcp_receive_from_remoteserver_other_packet n
+        @buffer << @cipher.decrypt(async_recv(-1), @recv_iv)
+        tcp_receive_from_remoteserver_other_packet_helper n
+      end
+
+      def tcp_send_to_remoteserver_first_packet data
+        send_first_packet_process data
+        class << self
+          alias tcp_send_to_remoteserver send_other_packet
+        end
+      end
+
+      alias tcp_send_to_remoteserver tcp_send_to_remoteserver_first_packet
+
+      def tcp_receive_from_localbackend_first_packet n
+        iv_len = @cipher.iv_len
+        @recv_iv = async_recv iv_len
+        class << self
+          alias tcp_receive_from_localbackend tcp_receive_from_localbackend_other_packet
+        end
+        tcp_receive_from_localbackend_other_packet n
+      end
+
+      alias tcp_receive_from_localbackend tcp_receive_from_localbackend_first_packet
+
+      def tcp_receive_from_localbackend_other_packet n
+        @buffer << @cipher.decrypt(async_recv(-1), @recv_iv)
+        tcp_receive_from_localbackend_other_packet_helper n
+      end
+
+      def tcp_send_to_localbackend_first_packet data
+        send_first_packet_process data
+        class << self
+          alias tcp_send_to_localbackend send_other_packet
+        end
+      end
+
+      alias tcp_send_to_localbackend tcp_send_to_localbackend_first_packet
+
+
+      def send_first_packet_process data
+        @send_iv = @cipher.random_iv
+        send_data @send_iv + @cipher.encrypt(data, @send_iv)
+      end
+
+      def send_other_packet data
+        send_data @cipher.encrypt(data, @send_iv)
+      end
+
+      alias tcp_receive_from_client raise_me
+      alias tcp_send_to_client raise_me
+      #alias tcp_receive_from_remoteserver raise_me
+      #alias tcp_send_to_remoteserver raise_me
+      #alias tcp_receive_from_localbackend raise_me
+      #alias tcp_send_to_localbackend raise_me
+      alias tcp_receive_from_destination raise_me
+      alias tcp_send_to_destination raise_me
+
+      alias udp_receive_from_client raise_me
+      alias udp_send_to_client raise_me
+      alias udp_receive_from_remoteserver raise_me
+      alias udp_send_to_remoteserver raise_me
+      alias udp_receive_from_localbackend raise_me
+      alias udp_send_to_localbackend raise_me
+      alias udp_receive_from_destination raise_me
+      alias udp_send_to_destination raise_me
+
+    end
+  end
+end

data/lib/shadowsocks_ruby/protocols/cipher/no_iv_cipher.rb

@@ -0,0 +1,53 @@
+module ShadowsocksRuby
+  module Protocols
+
+    # To be used with protocols without an IV, like {Cipher::Table}
+    class NoIvCipherProtocol
+      include DummyHelper
+
+      attr_accessor :next_protocol
+
+      # @param [Hash]                                                     configuration parameters
+      # @option params [Cipher::Table] :cipher                            a cipher object without IV,  +required+
+      def initialize params = {}
+        @cipher = params[:cipher] or raise ProtocolError, "params[:cipher] is required"
+      end
+
+      def tcp_receive_from_remoteserver n
+        @cipher.decrypt(async_recv n)
+      end
+
+      def tcp_send_to_remoteserver data
+        send_data(@cipher.encrypt data)
+      end
+
+      def tcp_receive_from_localbackend n
+        @cipher.decrypt(async_recv n)
+      end
+
+      def tcp_send_to_localbackend data
+        send_data(@cipher.encrypt data)
+      end
+
+      private
+
+      alias tcp_receive_from_client raise_me
+      alias tcp_send_to_client raise_me
+      #alias tcp_receive_from_remoteserver raise_me
+      #alias tcp_send_to_remoteserver raise_me
+      #alias tcp_receive_from_localbackend raise_me
+      #alias tcp_send_to_localbackend raise_me
+      alias tcp_receive_from_destination raise_me
+      alias tcp_send_to_destination raise_me
+
+      alias udp_receive_from_client raise_me
+      alias udp_send_to_client raise_me
+      alias udp_receive_from_remoteserver raise_me
+      alias udp_send_to_remoteserver raise_me
+      alias udp_receive_from_localbackend raise_me
+      alias udp_send_to_localbackend raise_me
+      alias udp_receive_from_destination raise_me
+      alias udp_send_to_destination raise_me
+    end
+  end
+end

data/lib/shadowsocks_ruby/protocols/cipher/verify_sha1.rb

@@ -0,0 +1,138 @@
+module ShadowsocksRuby
+  module Protocols
+    # Origin shadowsocks protocols with One Time Authenticate
+    #
+    # specification: https://shadowsocks.org/en/spec/protocol.html
+    class VerifySha1Protocol
+      include DummyHelper
+      include BufferHelper
+
+      attr_accessor :next_protocol
+
+      ATYP_IPV4      = 1
+      ATYP_DOMAIN    = 3
+      ATYP_IPV6      = 4
+
+      # @param [Hash]                                                     configuration parameters
+      # @option params [Cipher::OpenSSL, Cipher::RbNaCl, Cipher::RC4_MD5] :cipher      a cipher object with IV and a key, +required+
+      # @option params [Boolean]                                          :compatible  compatibility with origin mode, default _true_
+      def initialize params = {}
+        @params = {:compatible => true}.merge(params)
+        @cipher = @params[:cipher] or raise ProtocolError, "params[:cipher] is required"
+        raise ProtocolError, "cipher object mush have an IV and a key" if @cipher.iv_len == 0 || @cipher.key == nil
+        @buffer = ""
+        @counter = 0
+      end
+
+      def tcp_receive_from_remoteserver_first_packet n
+        @recv_iv = async_recv(@cipher.iv_len)
+        class << self
+          alias tcp_receive_from_remoteserver tcp_receive_from_remoteserver_other_packet
+        end
+        tcp_receive_from_remoteserver_other_packet n
+      end
+
+      alias tcp_receive_from_remoteserver tcp_receive_from_remoteserver_first_packet
+
+      def tcp_receive_from_remoteserver_other_packet n
+        @buffer << @cipher.decrypt(async_recv(-1), @recv_iv)
+        tcp_receive_from_remoteserver_other_packet_helper n
+      end
+
+      def tcp_send_to_remoteserver_first_packet data
+        data[0] = [0x10 | data.unpack("C").first].pack("C") # set ota flag
+        @send_iv = @cipher.random_iv
+        hmac = ShadowsocksRuby::Cipher.hmac_sha1_digest(@send_iv + @cipher.key, data)
+        send_data @send_iv + @cipher.encrypt(data + hmac, @send_iv)
+        class << self
+          alias tcp_send_to_remoteserver tcp_send_to_remoteserver_other_packet
+        end
+      end
+
+      alias tcp_send_to_remoteserver tcp_send_to_remoteserver_first_packet
+
+      def tcp_send_to_remoteserver_other_packet data
+        data = @cipher.encrypt(data, @send_iv)
+        hmac = ShadowsocksRuby::Cipher.hmac_sha1_digest(@send_iv + [@counter].pack("n"), data)
+        send_data [data.length].pack("n") << hmac << data
+        @counter += 1
+      end
+
+      def tcp_receive_from_localbackend_first_packet n
+        class << self
+          alias tcp_receive_from_localbackend tcp_receive_from_localbackend_other_packet
+        end
+        data = async_recv(-1) # first packet
+        @recv_iv = data.slice!(0, @cipher.iv_len)
+        data = @cipher.decrypt(data, @recv_iv)
+        @atyp = data.unpack("C")[0]
+        if @atyp & 0x10 == 0x10 # OTA mode
+          hmac = data[-10, 10]
+          raise PharseError, "hmac_sha1 is not correct" \
+            unless ShadowsocksRuby::Cipher.hmac_sha1_digest(@recv_iv + @cipher.key, data[0 ... -10]) == hmac
+          data[0] = [0x0F & @atyp].pack("C") # clear ota flag
+          @buffer << data[0 ... -10]
+          tcp_receive_from_localbackend_other_packet_helper n
+        else # origin mode
+          if @params[:compatible] == false
+            raise PharseError, "invalid OTA first packet in strict OTA mode"
+          end
+          @buffer << data
+          tcp_receive_from_localbackend_other_packet_helper n
+        end
+
+      end
+
+      alias tcp_receive_from_localbackend tcp_receive_from_localbackend_first_packet
+
+      def tcp_receive_from_localbackend_other_packet n
+        if @atyp & 0x10 == 0x10 # OTA mode
+          len = async_recv(2).unpack("n").first
+          hmac = async_recv(10)
+          data = async_recv(len)
+          raise PharseError, "hmac_sha1 is not correct" \
+            unless ShadowsocksRuby::Cipher.hmac_sha1_digest(@recv_iv + [@counter].pack("n"), data) == hmac
+          @buffer << @cipher.decrypt(data, @recv_iv)
+          @counter += 1
+          tcp_receive_from_localbackend_other_packet_helper n
+        else # origin mode
+          @buffer << @cipher.decrypt(async_recv(-1), @recv_iv)
+          tcp_receive_from_localbackend_other_packet_helper n
+        end
+      end
+
+      def tcp_send_to_localbackend_first_packet data
+        @send_iv = @cipher.random_iv
+        send_data @send_iv + @cipher.encrypt(data, @send_iv)
+        class << self
+          alias tcp_send_to_localbackend tcp_send_to_localbackend_other_packet
+        end
+      end
+
+      alias tcp_send_to_localbackend tcp_send_to_localbackend_first_packet
+
+      def tcp_send_to_localbackend_other_packet data
+        send_data @cipher.encrypt(data, @send_iv)
+      end
+
+      alias tcp_receive_from_client raise_me
+      alias tcp_send_to_client raise_me
+      #alias tcp_receive_from_remoteserver raise_me
+      #alias tcp_send_to_remoteserver raise_me
+      #alias tcp_receive_from_localbackend raise_me
+      #alias tcp_send_to_localbackend raise_me
+      alias tcp_receive_from_destination raise_me
+      alias tcp_send_to_destination raise_me
+
+      alias udp_receive_from_client raise_me
+      alias udp_send_to_client raise_me
+      alias udp_receive_from_remoteserver raise_me
+      alias udp_send_to_remoteserver raise_me
+      alias udp_receive_from_localbackend raise_me
+      alias udp_send_to_localbackend raise_me
+      alias udp_receive_from_destination raise_me
+      alias udp_send_to_destination raise_me
+
+    end
+  end
+end

data/lib/shadowsocks_ruby/protocols/obfs/http_simple.rb

@@ -0,0 +1,189 @@
+module ShadowsocksRuby
+  module Protocols
+    # Http Simple Obfuscation Protocol
+    #
+    # Specification:
+    # * https://github.com/shadowsocksr/shadowsocksr/blob/manyuser/shadowsocks/obfsplugin/http_simple.py
+    # * https://github.com/shadowsocksr/obfsplugin/blob/master/c/http_simple.c
+    class HttpSimpleProtocol
+      include DummyHelper
+      include BufferHelper
+
+      attr_accessor :next_protocol
+
+      USER_AGENTS = ["Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0",
+            "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/44.0",
+            "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
+            "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/27.0.1453.93 Chrome/27.0.1453.93 Safari/537.36",
+            "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0",
+            "Mozilla/5.0 (compatible; WOW64; MSIE 10.0; Windows NT 6.2)",
+            "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
+            "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)",
+            "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
+            "Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/BuildID) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36",
+            "Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3",
+            "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3"]
+
+      # @param [Hash]                          configuration parameters
+      # @option params [String]                :host  shadowsocks server address, required by remoteserver protocol
+      # @option params [String]                :port  shadowsocks server port, required by remoteserver protocol
+      # @option params [Boolean]               :compatible  compatibility with origin mode, default _true_
+      # @option params [String]                :obfs_param   obfs param, optional
+      def initialize params = {}
+        @params = {:compatible => true }.merge(params)
+        @buffer = ''
+      end
+
+      def tcp_receive_from_remoteserver_first_packet n
+        class << self
+          alias tcp_receive_from_remoteserver tcp_receive_from_remoteserver_other_packet
+        end
+
+        async_recv_until("\r\n\r\n")
+        async_recv n
+      end
+
+      alias tcp_receive_from_remoteserver tcp_receive_from_remoteserver_first_packet
+
+      def tcp_receive_from_remoteserver_other_packet n
+        async_recv n
+      end
+
+      def tcp_send_to_remoteserver_first_packet data
+        if data.length > 30 + 64
+          headlen = 30 + Random.rand(64 + 1)
+        else
+          headlen = data.length
+        end
+        headdata = data.slice!(0, headlen)
+        port = ''
+        raise ProtocolError, "No :port params" if @params[:port] == nil
+        if @params[:port] != 80
+          port = ':' << @params[:port].to_s 
+        end
+
+        body = nil
+        hosts = @params[:obfs_param] || @params[:host]
+        raise ProtocolError, "No :host or :obfs_param parameters" if hosts == nil
+        if hosts.include?('#')
+          hosts, body = hosts.split('#')
+          body = body.gsub(/\n/,"\r\n")
+          body = body.gsub(/\\n/,"\r\n")
+        end
+        hosts = hosts.split(",")
+        host = hosts[Random.rand(hosts.length)]
+
+        http_head = "GET /" << headdata.unpack("H*")[0].gsub(/../,'%\0') << " HTTP/1.1\r\n"
+        http_head << "Host: " << host << port << "\r\n"
+
+        if body != nil
+          http_head << body << "\r\n\r\n"
+        else
+          http_head << "User-Agent: " + USER_AGENTS[Random.rand(USER_AGENTS.length)] << "\r\n"
+          http_head << "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\n\r\n"
+        end
+        send_data(http_head << data)
+        class << self
+          alias tcp_send_to_remoteserver tcp_send_to_remoteserver_other_packet
+        end
+
+      end
+
+      alias tcp_send_to_remoteserver tcp_send_to_remoteserver_first_packet
+
+      def tcp_send_to_remoteserver_other_packet data
+        send_data data
+      end
+
+
+      def tcp_receive_from_localbackend_first_packet n
+        data = async_recv 10
+        if (data =~ /^GET|^POST/) == nil
+          if @params[:compatible]
+            @buffer << data << async_recv(n - data.length)
+          else
+            raise PharseError, "not a valid http_simple first packet in strict mode"
+          end
+        else
+          buf = ""
+          buf << data << async_recv_until("\r\n\r\n")
+          host = get_host_from_http_header(buf)
+          if host != nil && @params[:obfs_param] != nil
+            hosts = @params[:obfs_param]
+            if hosts.include?('#')
+              hosts, body = hosts.split('#')
+              body = body.gsub(/\n/,"\r\n")
+              body = body.gsub(/\\n/,"\r\n")
+            end
+            hosts = hosts.split(",") 
+            if !hosts.include?(host)
+              raise PharseError, "request host not in :obfs_param"
+            end
+          end
+          ret_buf = get_data_from_http_header(buf)
+          raise PharseError, "not a valid request" if ret_buf.length < 4
+          @buffer << ret_buf
+        end
+
+        class << self
+          alias tcp_receive_from_localbackend tcp_receive_from_localbackend_other_packet
+        end
+        tcp_receive_from_localbackend_other_packet_helper n
+      end
+
+      alias tcp_receive_from_localbackend tcp_receive_from_localbackend_first_packet
+
+      def tcp_receive_from_localbackend_other_packet n
+        async_recv(n)
+      end
+
+      def tcp_send_to_localbackend_first_packet data
+        class << self
+          alias tcp_send_to_localbackend tcp_send_to_localbackend_other_packet
+        end
+
+        header = "HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nContent-Type: text/html\r\nDate: "
+        header << Time.now.strftime('%a, %d %b %Y %H:%M:%S GMT')
+        header << "\r\nServer: nginx\r\nVary: Accept-Encoding\r\n\r\n"
+        send_data header << data
+      end
+
+      alias tcp_send_to_localbackend tcp_send_to_localbackend_first_packet
+
+      def tcp_send_to_localbackend_other_packet data
+        send_data data
+      end
+
+      # helpers
+      def get_data_from_http_header buf
+        [buf.split("\r\n")[0][/(%..)+/].gsub(/%/,'')].pack("H*")
+      end
+
+      def get_host_from_http_header buf
+        buf[/^Host: (.+):/,1]
+      end
+
+      def async_recv_until str
+        @next_protocol.async_recv_until str
+      end
+
+      alias tcp_receive_from_client raise_me
+      alias tcp_send_to_client raise_me
+      #alias tcp_receive_from_remoteserver raise_me
+      #alias tcp_send_to_remoteserver raise_me
+      #alias tcp_receive_from_localbackend raise_me
+      #alias tcp_send_to_localbackend raise_me
+      alias tcp_receive_from_destination raise_me
+      alias tcp_send_to_destination raise_me
+
+      alias udp_receive_from_client raise_me
+      alias udp_send_to_client raise_me
+      alias udp_receive_from_remoteserver raise_me
+      alias udp_send_to_remoteserver raise_me
+      alias udp_receive_from_localbackend raise_me
+      alias udp_send_to_localbackend raise_me
+      alias udp_receive_from_destination raise_me
+      alias udp_send_to_destination raise_me
+    end
+  end
+end