youys
/
shadowsocks-windows
Not watched
1
0
Fork 0
Code
Releases 67 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
645 Commits
5 Branches
32 MB
2634 Download
Tree: bc3080701b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bc3080701b'
${ noResults }
shadowsocks-windows/shadowsocks-csharp/Encryption/IVEncryptor.cs

IVEncryptor.cs 10 kB
Raw Normal View History

refactor
11 years ago
support onetime auth
10 years ago
refactor
11 years ago
refactor package name
11 years ago
refactor
11 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
support onetime auth
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Protocol V2
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Refine the authentication for true CCA
10 years ago
Protocol V2
10 years ago
support onetime auth
10 years ago
sodium works
11 years ago
refactor
11 years ago
Refine the authentication for true CCA
10 years ago
refactor
11 years ago
refact
10 years ago
refactor
11 years ago
Fix bug
10 years ago
refactor
11 years ago
Fix bug
10 years ago
refactor
11 years ago
Fix bug
10 years ago
refactor
11 years ago
override MD5, so compatible with FIPS
10 years ago
refactor
11 years ago
override MD5, so compatible with FIPS
10 years ago
refactor
11 years ago
no repeat random number generator The stock code use class Random to generate IV, the Random is pseudo random number generator. The IV maybe repeat, this will cause shadowsocks-libev closed the sockets with the error message 'invalid password or cipher'. Reference https://github.com/shadowsocks/shadowsocks-libev/issues/389 Solution is use class RNGCryptoServiceProvider to generate IV, of course it's lower performance, but a little bit.
10 years ago
refactor
11 years ago
Protocol V2
10 years ago
support onetime auth
10 years ago
Protocol V2
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Protocol V2
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Protocol V2
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Refine the authentication for true CCA
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Refine the authentication for true CCA
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Refine the authentication for true CCA
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
10 years ago
Protocol V2
10 years ago
refact
10 years ago
refactor
11 years ago
refact
10 years ago
Protocol V2
10 years ago
refactor
11 years ago
refact
10 years ago
refactor
11 years ago
support onetime auth
10 years ago
refactor
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Security.Cryptography;

  4. using System.Text;

  5. using System.Net;

  6. 

  7. namespace Shadowsocks.Encryption

  8. {

  9.     public abstract class IVEncryptor

  10.         : EncryptorBase

  11.     {

  12.         public const int MAX_KEY_LENGTH = 64;

  13.         public const int MAX_IV_LENGTH = 16;

  14. 

  15.         public const int ONETIMEAUTH_FLAG = 0x10;

  16.         public const int ADDRTYPE_MASK = 0xF;

  17. 

  18.         public const int ONETIMEAUTH_BYTES = 10;

  19. 

  20.         public const int CLEN_BYTES = 2;

  21.         public const int AUTH_BYTES = ONETIMEAUTH_BYTES + CLEN_BYTES;

  22. 

  23.         protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE];

  24. 

  25.         protected Dictionary<string, int[]> ciphers;

  26. 

  27.         private static readonly Dictionary<string, byte[]> CachedKeys = new Dictionary<string, byte[]>();

  28.         protected byte[] _encryptIV;

  29.         protected byte[] _decryptIV;

  30.         protected bool _decryptIVReceived;

  31.         protected bool _encryptIVSent;

  32.         protected int _encryptIVOffset = 0;

  33.         protected int _decryptIVOffset = 0;

  34.         protected string _method;

  35.         protected int _cipher;

  36.         protected int[] _cipherInfo;

  37.         protected byte[] _key;

  38.         protected int keyLen;

  39.         protected int ivLen;

  40.         protected uint counter = 0;

  41.         protected byte[] _keyBuffer = null;

  42. 

  43.         public IVEncryptor(string method, string password, bool onetimeauth, bool isudp)

  44.             : base(method, password, onetimeauth, isudp)

  45.         {

  46.             InitKey(method, password);

  47.         }

  48. 

  49.         protected abstract Dictionary<string, int[]> getCiphers();

  50. 

  51.         protected void InitKey(string method, string password)

  52.         {

  53.             method = method.ToLower();

  54.             _method = method;

  55.             string k = method + ":" + password;

  56.             ciphers = getCiphers();

  57.             _cipherInfo = ciphers[_method];

  58.             _cipher = _cipherInfo[2];

  59.             if (_cipher == 0)

  60.             {

  61.                 throw new Exception("method not found");

  62.             }

  63.             keyLen = ciphers[_method][0];

  64.             ivLen = ciphers[_method][1];

  65.             if (!CachedKeys.ContainsKey(k))

  66.             {

  67.                 lock (CachedKeys)

  68.                 {

  69.                     if (!CachedKeys.ContainsKey(k))

  70.                     {

  71.                         byte[] passbuf = Encoding.UTF8.GetBytes(password);

  72.                         _key = new byte[32];

  73.                         byte[] iv = new byte[16];

  74.                         bytesToKey(passbuf, _key);

  75.                         CachedKeys[k] = _key;

  76.                     }

  77.                 }

  78.             }

  79.             if (_key == null)

  80.                 _key = CachedKeys[k];

  81.         }

  82. 

  83.         protected void bytesToKey(byte[] password, byte[] key)

  84.         {

  85.             byte[] result = new byte[password.Length + 16];

  86.             int i = 0;

  87.             byte[] md5sum = null;

  88.             while (i < key.Length)

  89.             {

  90.                 if (i == 0)

  91.                 {

  92.                     md5sum = MbedTLS.MD5(password);

  93.                 }

  94.                 else

  95.                 {

  96.                     md5sum.CopyTo(result, 0);

  97.                     password.CopyTo(result, md5sum.Length);

  98.                     md5sum = MbedTLS.MD5(result);

  99.                 }

  100.                 md5sum.CopyTo(key, i);

  101.                 i += md5sum.Length;

  102.             }

  103.         }

  104. 

  105.         protected static void randBytes(byte[] buf, int length)

  106.         {

  107.             byte[] temp = new byte[length];

  108.             RNGCryptoServiceProvider rngServiceProvider = new RNGCryptoServiceProvider();

  109.             rngServiceProvider.GetBytes(temp);

  110.             temp.CopyTo(buf, 0);

  111.         }

  112. 

  113.         protected virtual void initCipher(byte[] iv, bool isCipher)

  114.         {

  115.             if (ivLen > 0)

  116.             {

  117.                 if (isCipher)

  118.                 {

  119.                     _encryptIV = new byte[ivLen];

  120.                     Array.Copy(iv, _encryptIV, ivLen);

  121.                 }

  122.                 else

  123.                 {

  124.                     _decryptIV = new byte[ivLen];

  125.                     Array.Copy(iv, _decryptIV, ivLen);

  126.                 }

  127.             }

  128.         }

  129. 

  130.         protected abstract void cipherUpdate(bool isCipher, int length, byte[] buf, byte[] outbuf);

  131. 

  132.         protected int getHeadLen(byte[] buf, int length)

  133.         {

  134.             int len = 0;

  135.             int atyp = length > 0 ? (buf[0] & ADDRTYPE_MASK) : 0;

  136.             if (atyp == 1)

  137.             {

  138.                 len = 7; // atyp (1 bytes) + ipv4 (4 bytes) + port (2 bytes)

  139.             }

  140.             else if (atyp == 3 && length > 1)

  141.             {

  142.                 int nameLen = buf[1];

  143.                 len = 4 + nameLen; // atyp (1 bytes) + name length (1 bytes) + name (n bytes) + port (2 bytes)

  144.             }

  145.             else if (atyp == 4)

  146.             {

  147.                 len = 19; // atyp (1 bytes) + ipv6 (16 bytes) + port (2 bytes)

  148.             }

  149.             if (len == 0 || len > length)

  150.                 throw new Exception($"invalid header with addr type {atyp}");

  151.             return len;

  152.         }

  153. 

  154.         protected byte[] genOnetimeAuthHash(byte[] msg, int msg_len)

  155.         {

  156.             byte[] auth = new byte[ONETIMEAUTH_BYTES];

  157.             byte[] hash = new byte[20];

  158.             byte[] auth_key = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH];

  159.             Buffer.BlockCopy(_encryptIV, 0, auth_key, 0, ivLen);

  160.             Buffer.BlockCopy(_key, 0, auth_key, ivLen, keyLen);

  161.             Sodium.ss_sha1_hmac_ex(auth_key, (uint)(ivLen + keyLen),

  162.                 msg, 0, (uint)msg_len, hash);

  163.             Buffer.BlockCopy(hash, 0, auth, 0, ONETIMEAUTH_BYTES);

  164.             return auth;

  165.         }

  166. 

  167.         protected void updateKeyBuffer()

  168.         {

  169.             if (_keyBuffer == null)

  170.             {

  171.                 _keyBuffer = new byte[MAX_IV_LENGTH + 4];

  172.                 Buffer.BlockCopy(_encryptIV, 0, _keyBuffer, 0, ivLen);

  173.             }

  174. 

  175.             byte[] counter_bytes = BitConverter.GetBytes((uint)IPAddress.HostToNetworkOrder((int)counter));

  176.             Buffer.BlockCopy(counter_bytes, 0, _keyBuffer, ivLen, 4);

  177.             counter++;

  178.         }

  179. 

  180.         protected byte[] genHash(byte[] buf, int offset, int len)

  181.         {

  182.             byte[] hash = new byte[20];

  183.             updateKeyBuffer();

  184.             Sodium.ss_sha1_hmac_ex(_keyBuffer, (uint)_keyBuffer.Length,

  185.                 buf, offset, (uint)len, hash);

  186.             return hash;

  187.         }

  188. 

  189.         protected void reactBuffer4TCP(byte[] buf, ref int length)

  190.         {

  191.             if (!_encryptIVSent)

  192.             {

  193.                 int headLen = getHeadLen(buf, length);

  194.                 int dataLen = length - headLen;

  195.                 buf[0] |= ONETIMEAUTH_FLAG;

  196.                 byte[] hash = genOnetimeAuthHash(buf, headLen);

  197.                 Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES + AUTH_BYTES, dataLen);

  198.                 Buffer.BlockCopy(hash, 0, buf, headLen, ONETIMEAUTH_BYTES);

  199.                 hash = genHash(buf, headLen + ONETIMEAUTH_BYTES + AUTH_BYTES, dataLen);

  200.                 Buffer.BlockCopy(hash, 0, buf, headLen + ONETIMEAUTH_BYTES + CLEN_BYTES, ONETIMEAUTH_BYTES);

  201.                 byte[] lenBytes = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)dataLen));

  202.                 Buffer.BlockCopy(lenBytes, 0, buf, headLen + ONETIMEAUTH_BYTES, CLEN_BYTES);

  203.                 length = headLen + ONETIMEAUTH_BYTES + AUTH_BYTES + dataLen;

  204.             }

  205.             else

  206.             {

  207.                 byte[] hash = genHash(buf, 0, length);

  208.                 Buffer.BlockCopy(buf, 0, buf, AUTH_BYTES, length);

  209.                 byte[] lenBytes = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)length));

  210.                 Buffer.BlockCopy(lenBytes, 0, buf, 0, CLEN_BYTES);

  211.                 Buffer.BlockCopy(hash, 0, buf, CLEN_BYTES, ONETIMEAUTH_BYTES);

  212.                 length += AUTH_BYTES;

  213.             }

  214.         }

  215. 

  216.         protected void reactBuffer4UDP(byte[] buf, ref int length)

  217.         {

  218.             buf[0] |= ONETIMEAUTH_FLAG;

  219.             byte[] hash = genOnetimeAuthHash(buf, length);

  220.             Buffer.BlockCopy(hash, 0, buf, length, ONETIMEAUTH_BYTES);

  221.             length += ONETIMEAUTH_BYTES;

  222.         }

  223. 

  224.         protected void reactBuffer(byte[] buf, ref int length)

  225.         {

  226.             if (OnetimeAuth && ivLen > 0)

  227.             {

  228.                 if (!IsUDP)

  229.                 {

  230.                     reactBuffer4TCP(buf, ref length);

  231.                 }

  232.                 else

  233.                 {

  234.                     reactBuffer4UDP(buf, ref length);

  235.                 }

  236.             }

  237.         }

  238. 

  239.         public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength)

  240.         {

  241.             if (!_encryptIVSent)

  242.             {

  243.                 randBytes(outbuf, ivLen);

  244.                 initCipher(outbuf, true);

  245.                 outlength = length + ivLen;

  246.                 reactBuffer(buf, ref length);

  247.                 _encryptIVSent = true;

  248.                 lock (tempbuf)

  249.                 {

  250.                     cipherUpdate(true, length, buf, tempbuf);

  251.                     outlength = length + ivLen;

  252.                     Buffer.BlockCopy(tempbuf, 0, outbuf, ivLen, length);

  253.                 }

  254.             }

  255.             else

  256.             {

  257.                 reactBuffer(buf, ref length);

  258.                 outlength = length;

  259.                 cipherUpdate(true, length, buf, outbuf);

  260.             }

  261.         }

  262. 

  263.         public override void Decrypt(byte[] buf, int length, byte[] outbuf, out int outlength)

  264.         {

  265.             if (!_decryptIVReceived)

  266.             {

  267.                 _decryptIVReceived = true;

  268.                 initCipher(buf, false);

  269.                 outlength = length - ivLen;

  270.                 lock (tempbuf)

  271.                 {

  272.                     // C# could be multi-threaded

  273.                     Buffer.BlockCopy(buf, ivLen, tempbuf, 0, length - ivLen);

  274.                     cipherUpdate(false, length - ivLen, tempbuf, outbuf);

  275.                 }

  276.             }

  277.             else

  278.             {

  279.                 outlength = length;

  280.                 cipherUpdate(false, length, buf, outbuf);

  281.             }

  282.         }

  283. 

  284.     }

  285. }

No Description