source/shadowsocks-rust
1
0
Fork 0
mirror of https://github.com/shadowsocks/shadowsocks-rust.git synced 2026-02-09 01:59:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(shadowsocks): double check AEAD-2022 ipsk length

Browse Source
This commit is contained in:
zonyitoo
2025-04-15 03:29:39 +08:00
parent 70ceea3f2a
commit d7ead5de4f
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/shadowsocks/src/config.rs
View File

@@ -394,6 +394,10 @@ pub enum ServerConfigError {
/// Key length mismatch
#[error("invalid key length for {0}, expecting {1} bytes, but found {2} bytes")]
InvalidKeyLength(CipherKind, usize, usize),
/// User Key (ipsk) length mismatch
#[error("invalid user key length for {0}, expecting {1} bytes, but found {2} bytes")]
InvalidUserKeyLength(CipherKind, usize, usize),
}
/// Configuration for a server
@@ -538,6 +542,22 @@ where
for ipsk in split_iter {
match USER_KEY_BASE64_ENGINE.decode(ipsk) {
Ok(v) => {
// Double check identity key's length
match method {
CipherKind::AEAD2022_BLAKE3_AES_128_GCM => {
// AES-128
if v.len() != 16 {
return Err(ServerConfigError::InvalidUserKeyLength(method, 16, v.len()));
}
}
CipherKind::AEAD2022_BLAKE3_AES_256_GCM => {
// AES-256
if v.len() != 32 {
return Err(ServerConfigError::InvalidUserKeyLength(method, 32, v.len()));
}
}
_ => unreachable!("{} doesn't support EIH", method),
}
identity_keys.push(Bytes::from(v));
}
Err(err) => {