zoukankan      html  css  js  c++  java
  • One Time Auth

    One Time Auth

    One-time authentication (shortened as OTA) is a new experimental feature designed to improve the security against CCA. You should understand the protocol before reading this document.

    By default, the server that supports OTA should run in the compatible mode. OTA is only applied if the client's request header has a flag set. However, if the server switch on OTA explicitly, all clients must switch on OTA, otherwise connections will be denied.

    The authentication method is HMAC-SHA1 which has wide supports among all major platforms and fairly good speed.

    TCP

    The structure of an OTA-enabled request (unencrypted) is shown below:

    +------+---------------------+------------------+-----------+
    | ATYP | Destination Address | Destination Port | HMAC-SHA1 |
    +------+---------------------+------------------+-----------+
    |  1   |       Variable      |         2        |    10     |
    +------+---------------------+------------------+-----------+

    ATYP is a 8-bit char where the rightmost four bits, 0b00001111 (0xf), are reserved for address types, the flag bit of OTA is 0b00010000 (0x10). In C/C++, simply check if ATYP & 0x10 == 0x10, then OTA is enabled.

    The key of HMAC-SHA1 is (IV + KEY), and the input is the whole header (not including HMAC-SHA1). The output of HMAC-SHA1 is truncated to leftmost 80 bits (10 bytes) according to RFC 2104.

    Chunk Authentication

    The structure of an OTA-enabled chunk (decrypted) of shadowsocks TCP relay is shown below:

    +----------+-----------+----------+----
    | DATA.LEN | HMAC-SHA1 |   DATA   | ...
    +----------+-----------+----------+----
    |     2    |     10    | Variable | ...
    +----------+-----------+----------+----

    DATA.LEN is a 16-bit big-endian integer indicating the length of DATA.

    The input of HMAC-SHA1 is DATA. And the key of HMAC-SHA1 is (IV + Chunk ID) where Chunk ID is an unsigned integer counted per connection from 0. In order to achieve this, both server side and client side need to keep a counter for each TCP connection. Chunk ID must be converted to big-endian before constructing the key of HMAC-SHA1.

    For a client, after constructing an OTA-enabled request, the whole chunk is encrypted as a payload then sent to server-side.

    Tips:

    • The server must check the completeness of a shadowsocks TCP request before verifying HMAC-SHA1 and forwarding.
    • The chunk authentication is only applied for the packets sent from client-side shadowsocks.

    UDP

    There is no session in UDP relay, each UDP packet contains both header and data. Therefore, for an OTA-enabled UDP packet, the datagram structure (unencrypted) is slightly different:

    +------+---------------------+------------------+----------+-----------+
    | ATYP | Destination Address | Destination Port |   DATA   | HMAC-SHA1 |
    +------+---------------------+------------------+----------+-----------+
    |  1   |       Variable      |         2        | Variable |     10    |
    +------+---------------------+------------------+----------+-----------+

    The key of HMAC-SHA1 is (IV + KEY), and the input is the header plus data.

  • 相关阅读:
    MyBatis缓存
    MyBatis动态SQL
    MyBatis中#{}和${}的区别
    MyBatis映射配置文件详解
    MyBatis核心配置文件详解
    MyBatis动态代理
    KO ------- 表中字段名和实体类属性名不一致
    对实体类的CRUD操作
    MyBatis配置数据源的两种方式
    MyBatis入门
  • 原文地址:https://www.cnblogs.com/UnGeek/p/5827874.html
Copyright © 2011-2022 走看看