Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: salt prefix support #1454

Merged
merged 16 commits into from
Nov 10, 2022
Merged

feat: salt prefix support #1454

merged 16 commits into from
Nov 10, 2022

Conversation

bemasc
Copy link
Contributor

@bemasc bemasc commented Oct 25, 2022
edited by fortuna
Loading

This is an experimental version of Outline with "custom salt prefix" support, currently working on Windows, Linux, and Android. It has not yet been tested on macOS/iOS. A pre-built APK is available for Android.

Custom salt prefixes are experimental and are not as secure as standard Outline, so this version should be used only for testing.

To use the prefix feature with Dynamic Keys, add a "prefix" key to the JSON object, with a string value representing the prefix you want. (You can use escape codes like \xFF to represent non-printable byte values.) The prefix is a freeform string of up to 32 bytes, each represented as a unicode codepoint in the U+0 to U+FF range.

To use this feature with ss:// Access Keys, add a URL parameter like &prefix=... to the ss:// URL's query parameters, so that the URL looks like .../?outline=1&prefix=OUTLINE#Name-of-the-server. You must use the encodeURIComponent() function to convert your prefix into escaped form suitable for inclusion in a URL.

Possible prefixes of interest (note: longer prefixes are less secure):

JSON URI-encoded
"POST " POST%20
"HTTP/1.1" HTTP%2F1.1
"POST / HTTP/1.1" POST%20%2F%20HTTP%2F1.1
"GET / HTTP/1.1\r\n\r\n" GET%20%2F%20HTTP%2F1.1%0D%0A%0D%0A
"\u0016\u0003\u0001\u0002\u0000" %16%03%01%02%00

More potentially useful prefixes are mentioned here. Note that some prefixes may be more effective on specific port numbers.

WIP prefix support
60e6da7 
This is working in Electron, untested on Android, and
unimplemented on macOS/iOS.
@github-actions github-actions bot added size/S and removed size/XS labels Oct 26, 2022
fortuna
fortuna reviewed Oct 26, 2022
View reviewed changes
Copy link
Collaborator

@fortuna fortuna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm impressed by how quickly you got this together. Thanks!

I have some comments on how we can decouple the platform-specific code from the protocol details.

cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Show resolved Hide resolved
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Show resolved Hide resolved
cordova-plugin-outline/android/aidl/org/outline/shadowsocks/ShadowsocksConfig.aidl Show resolved Hide resolved
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Show resolved Hide resolved
src/www/app/outline_server_repository/access_key_serialization.ts Show resolved Hide resolved
src/electron/go_vpn_tunnel.ts Outdated Show resolved Hide resolved
fortuna
fortuna reviewed Oct 26, 2022
View reviewed changes
Copy link
Collaborator

@fortuna fortuna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are the Apple builds hitting an Android build error?

@github-actions github-actions bot added size/XXL and removed size/S labels Nov 4, 2022
@bemasc
Copy link
Contributor Author

bemasc commented Nov 4, 2022

This code now builds for Mac and iOS. (I haven't been able to test yet to confirm that it works.)

Why are the Apple builds hitting an Android build error?

It looks like this was because the platforms/android/ directory existed, because I had checked in the APK. I moved the APK to the root.

@bemasc bemasc changed the title WIP prefix support [WIP] salt prefix support Nov 4, 2022
@bemasc bemasc changed the title [WIP] salt prefix support feat: [WIP] salt prefix support Nov 4, 2022
fortuna
fortuna requested changes Nov 4, 2022
View reviewed changes
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnel.java Show resolved Hide resolved
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Outdated Show resolved Hide resolved
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Show resolved Hide resolved
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Show resolved Hide resolved
cordova-plugin-outline/android/java/org/outline/vpn/VpnTunnelService.java Outdated Show resolved Hide resolved
cordova-plugin-outline/apple/src/OutlineTunnel.swift Outdated
@@ -23,9 +23,10 @@ class OutlineTunnel: NSObject, Codable {
var port: String?
var method: String?
var password: String?
var prefix: String?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a byte array instead?
It's usually better to parse things as soon as possible.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, done. I was not able to see a way for this parser to fail, so the parser tolerates arbitrary codepoints and silently ignores the high byte.

cordova-plugin-outline/apple/vpn/PacketTunnelProvider.m Outdated Show resolved Hide resolved
src/electron/go_vpn_tunnel.ts Outdated Show resolved Hide resolved
fortuna
fortuna approved these changes Nov 8, 2022
View reviewed changes
Copy link
Collaborator

@fortuna fortuna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is in good enough shape that we can submit and release for broader testing.

@bemasc
Copy link
Contributor Author

bemasc commented Nov 8, 2022

I think this is in good enough shape that we can submit and release for broader testing.

Thanks. FYI, this is blocked on Jigsaw-Code/outline-go-tun2socks#98.

@fortuna
Copy link
Collaborator

fortuna commented Nov 9, 2022

Approved the other PR as well!

@bemasc bemasc changed the title feat: [WIP] salt prefix support feat: salt prefix support Nov 9, 2022
@bemasc bemasc marked this pull request as ready for review November 9, 2022 20:40
@bemasc bemasc requested review from a team as code owners November 9, 2022 20:40
@bemasc
Copy link
Contributor Author

bemasc commented Nov 9, 2022

Note: This PR still has the Android APK in it. That needs to be deleted before squash-and-merge to avoid polluting master with wasteful binaries.

fortuna
fortuna approved these changes Nov 9, 2022
View reviewed changes
Copy link
Collaborator

@fortuna fortuna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's remove the APK before submitting. Squashing sounds good.

@bemasc bemasc merged commit bd1fc96 into master Nov 10, 2022
@wkrp wkrp mentioned this pull request Nov 13, 2022
Open
@hklcf hklcf mentioned this pull request May 3, 2023
Closed
@sbruens sbruens deleted the bemasc-prefix branch March 5, 2024 22:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fortuna fortuna fortuna approved these changes

Assignees
No one assigned
Labels
size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bemasc @fortuna