youys
/
shadowsocks-windows
Not watched
1
0
Fork 0
Code
Releases 67 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
703 Commits
5 Branches
32 MB
180 Download
Tree: 2086b5900d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2086b5900d'
${ noResults }
shadowsocks-windows/shadowsocks-csharp/Encryption/IVEncryptor.cs

IVEncryptor.cs 10 kB
Raw Normal View History

refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
support onetime auth
9 years ago
refactor
10 years ago
refactor package name
10 years ago
refactor
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
support onetime auth
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Protocol V2
9 years ago
support onetime auth
9 years ago
sodium works
10 years ago
refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
Refine the authentication for true CCA
9 years ago
refactor
10 years ago
refact
9 years ago
refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
override MD5, so compatible with FIPS
9 years ago
refactor
10 years ago
override MD5, so compatible with FIPS
9 years ago
refactor
10 years ago
no repeat random number generator The stock code use class Random to generate IV, the Random is pseudo random number generator. The IV maybe repeat, this will cause shadowsocks-libev closed the sockets with the error message 'invalid password or cipher'. Reference https://github.com/shadowsocks/shadowsocks-libev/issues/389 Solution is use class RNGCryptoServiceProvider to generate IV, of course it's lower performance, but a little bit.
9 years ago
refactor
10 years ago
Protocol V2
9 years ago
support onetime auth
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
refact
9 years ago
refactor
10 years ago
refact
9 years ago
Protocol V2
9 years ago
refactor
10 years ago
refact
9 years ago
refactor
10 years ago
support onetime auth
9 years ago
refactor
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Collections.Concurrent;

  4. using System.Security.Cryptography;

  5. using System.Text;

  6. using System.Net;

  7. 

  8. namespace Shadowsocks.Encryption

  9. {

  10.     public abstract class IVEncryptor

  11.         : EncryptorBase

  12.     {

  13.         public const int MAX_KEY_LENGTH = 64;

  14.         public const int MAX_IV_LENGTH = 16;

  15. 

  16.         public const int ONETIMEAUTH_FLAG = 0x10;

  17.         public const int ADDRTYPE_MASK = 0xF;

  18. 

  19.         public const int ONETIMEAUTH_BYTES = 10;

  20. 

  21.         public const int CLEN_BYTES = 2;

  22.         public const int AUTH_BYTES = ONETIMEAUTH_BYTES + CLEN_BYTES;

  23. 

  24.         protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE];

  25. 

  26.         protected Dictionary<string, int[]> ciphers;

  27. 

  28.         private static readonly ConcurrentDictionary<string, byte[]> CachedKeys = new ConcurrentDictionary<string, byte[]>();

  29.         protected byte[] _encryptIV;

  30.         protected byte[] _decryptIV;

  31.         protected bool _decryptIVReceived;

  32.         protected bool _encryptIVSent;

  33.         protected int _encryptIVOffset = 0;

  34.         protected int _decryptIVOffset = 0;

  35.         protected string _method;

  36.         protected int _cipher;

  37.         protected int[] _cipherInfo;

  38.         protected byte[] _key;

  39.         protected int keyLen;

  40.         protected int ivLen;

  41.         protected uint counter = 0;

  42.         protected byte[] _keyBuffer = null;

  43. 

  44.         public IVEncryptor(string method, string password, bool onetimeauth, bool isudp)

  45.             : base(method, password, onetimeauth, isudp)

  46.         {

  47.             InitKey(method, password);

  48.         }

  49. 

  50.         protected abstract Dictionary<string, int[]> getCiphers();

  51. 

  52.         protected void InitKey(string method, string password)

  53.         {

  54.             method = method.ToLower();

  55.             _method = method;

  56.             string k = method + ":" + password;

  57.             ciphers = getCiphers();

  58.             _cipherInfo = ciphers[_method];

  59.             _cipher = _cipherInfo[2];

  60.             if (_cipher == 0)

  61.             {

  62.                 throw new Exception("method not found");

  63.             }

  64.             keyLen = ciphers[_method][0];

  65.             ivLen = ciphers[_method][1];

  66.             _key = CachedKeys.GetOrAdd(k, (nk) =>

  67.             {

  68.                 byte[] passbuf = Encoding.UTF8.GetBytes(password);

  69.                 byte[] key = new byte[32];

  70.                 byte[] iv = new byte[16];

  71.                 bytesToKey(passbuf, key);

  72.                 return key;

  73.             });

  74.         }

  75. 

  76.         protected void bytesToKey(byte[] password, byte[] key)

  77.         {

  78.             byte[] result = new byte[password.Length + 16];

  79.             int i = 0;

  80.             byte[] md5sum = null;

  81.             while (i < key.Length)

  82.             {

  83.                 if (i == 0)

  84.                 {

  85.                     md5sum = MbedTLS.MD5(password);

  86.                 }

  87.                 else

  88.                 {

  89.                     md5sum.CopyTo(result, 0);

  90.                     password.CopyTo(result, md5sum.Length);

  91.                     md5sum = MbedTLS.MD5(result);

  92.                 }

  93.                 md5sum.CopyTo(key, i);

  94.                 i += md5sum.Length;

  95.             }

  96.         }

  97. 

  98.         protected static void randBytes(byte[] buf, int length)

  99.         {

  100.             byte[] temp = new byte[length];

  101.             RNGCryptoServiceProvider rngServiceProvider = new RNGCryptoServiceProvider();

  102.             rngServiceProvider.GetBytes(temp);

  103.             temp.CopyTo(buf, 0);

  104.         }

  105. 

  106.         protected virtual void initCipher(byte[] iv, bool isCipher)

  107.         {

  108.             if (ivLen > 0)

  109.             {

  110.                 if (isCipher)

  111.                 {

  112.                     _encryptIV = new byte[ivLen];

  113.                     Array.Copy(iv, _encryptIV, ivLen);

  114.                 }

  115.                 else

  116.                 {

  117.                     _decryptIV = new byte[ivLen];

  118.                     Array.Copy(iv, _decryptIV, ivLen);

  119.                 }

  120.             }

  121.         }

  122. 

  123.         protected abstract void cipherUpdate(bool isCipher, int length, byte[] buf, byte[] outbuf);

  124. 

  125.         protected int getHeadLen(byte[] buf, int length)

  126.         {

  127.             int len = 0;

  128.             int atyp = length > 0 ? (buf[0] & ADDRTYPE_MASK) : 0;

  129.             if (atyp == 1)

  130.             {

  131.                 len = 7; // atyp (1 bytes) + ipv4 (4 bytes) + port (2 bytes)

  132.             }

  133.             else if (atyp == 3 && length > 1)

  134.             {

  135.                 int nameLen = buf[1];

  136.                 len = 4 + nameLen; // atyp (1 bytes) + name length (1 bytes) + name (n bytes) + port (2 bytes)

  137.             }

  138.             else if (atyp == 4)

  139.             {

  140.                 len = 19; // atyp (1 bytes) + ipv6 (16 bytes) + port (2 bytes)

  141.             }

  142.             if (len == 0 || len > length)

  143.                 throw new Exception($"invalid header with addr type {atyp}");

  144.             return len;

  145.         }

  146. 

  147.         protected byte[] genOnetimeAuthHash(byte[] msg, int msg_len)

  148.         {

  149.             byte[] auth = new byte[ONETIMEAUTH_BYTES];

  150.             byte[] hash = new byte[20];

  151.             byte[] auth_key = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH];

  152.             Buffer.BlockCopy(_encryptIV, 0, auth_key, 0, ivLen);

  153.             Buffer.BlockCopy(_key, 0, auth_key, ivLen, keyLen);

  154.             Sodium.ss_sha1_hmac_ex(auth_key, (uint)(ivLen + keyLen),

  155.                 msg, 0, (uint)msg_len, hash);

  156.             Buffer.BlockCopy(hash, 0, auth, 0, ONETIMEAUTH_BYTES);

  157.             return auth;

  158.         }

  159. 

  160.         protected void updateKeyBuffer()

  161.         {

  162.             if (_keyBuffer == null)

  163.             {

  164.                 _keyBuffer = new byte[MAX_IV_LENGTH + 4];

  165.                 Buffer.BlockCopy(_encryptIV, 0, _keyBuffer, 0, ivLen);

  166.             }

  167. 

  168.             byte[] counter_bytes = BitConverter.GetBytes((uint)IPAddress.HostToNetworkOrder((int)counter));

  169.             Buffer.BlockCopy(counter_bytes, 0, _keyBuffer, ivLen, 4);

  170.             counter++;

  171.         }

  172. 

  173.         protected byte[] genHash(byte[] buf, int offset, int len)

  174.         {

  175.             byte[] hash = new byte[20];

  176.             updateKeyBuffer();

  177.             Sodium.ss_sha1_hmac_ex(_keyBuffer, (uint)_keyBuffer.Length,

  178.                 buf, offset, (uint)len, hash);

  179.             return hash;

  180.         }

  181. 

  182.         protected void reactBuffer4TCP(byte[] buf, ref int length)

  183.         {

  184.             if (!_encryptIVSent)

  185.             {

  186.                 int headLen = getHeadLen(buf, length);

  187.                 int dataLen = length - headLen;

  188.                 buf[0] |= ONETIMEAUTH_FLAG;

  189.                 byte[] hash = genOnetimeAuthHash(buf, headLen);

  190.                 Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES + AUTH_BYTES, dataLen);

  191.                 Buffer.BlockCopy(hash, 0, buf, headLen, ONETIMEAUTH_BYTES);

  192.                 hash = genHash(buf, headLen + ONETIMEAUTH_BYTES + AUTH_BYTES, dataLen);

  193.                 Buffer.BlockCopy(hash, 0, buf, headLen + ONETIMEAUTH_BYTES + CLEN_BYTES, ONETIMEAUTH_BYTES);

  194.                 byte[] lenBytes = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)dataLen));

  195.                 Buffer.BlockCopy(lenBytes, 0, buf, headLen + ONETIMEAUTH_BYTES, CLEN_BYTES);

  196.                 length = headLen + ONETIMEAUTH_BYTES + AUTH_BYTES + dataLen;

  197.             }

  198.             else

  199.             {

  200.                 byte[] hash = genHash(buf, 0, length);

  201.                 Buffer.BlockCopy(buf, 0, buf, AUTH_BYTES, length);

  202.                 byte[] lenBytes = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)length));

  203.                 Buffer.BlockCopy(lenBytes, 0, buf, 0, CLEN_BYTES);

  204.                 Buffer.BlockCopy(hash, 0, buf, CLEN_BYTES, ONETIMEAUTH_BYTES);

  205.                 length += AUTH_BYTES;

  206.             }

  207.         }

  208. 

  209.         protected void reactBuffer4UDP(byte[] buf, ref int length)

  210.         {

  211.             buf[0] |= ONETIMEAUTH_FLAG;

  212.             byte[] hash = genOnetimeAuthHash(buf, length);

  213.             Buffer.BlockCopy(hash, 0, buf, length, ONETIMEAUTH_BYTES);

  214.             length += ONETIMEAUTH_BYTES;

  215.         }

  216. 

  217.         protected void reactBuffer(byte[] buf, ref int length)

  218.         {

  219.             if (OnetimeAuth && ivLen > 0)

  220.             {

  221.                 if (!IsUDP)

  222.                 {

  223.                     reactBuffer4TCP(buf, ref length);

  224.                 }

  225.                 else

  226.                 {

  227.                     reactBuffer4UDP(buf, ref length);

  228.                 }

  229.             }

  230.         }

  231. 

  232.         public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength)

  233.         {

  234.             if (!_encryptIVSent)

  235.             {

  236.                 randBytes(outbuf, ivLen);

  237.                 initCipher(outbuf, true);

  238.                 outlength = length + ivLen;

  239.                 reactBuffer(buf, ref length);

  240.                 _encryptIVSent = true;

  241.                 lock (tempbuf)

  242.                 {

  243.                     cipherUpdate(true, length, buf, tempbuf);

  244.                     outlength = length + ivLen;

  245.                     Buffer.BlockCopy(tempbuf, 0, outbuf, ivLen, length);

  246.                 }

  247.             }

  248.             else

  249.             {

  250.                 reactBuffer(buf, ref length);

  251.                 outlength = length;

  252.                 cipherUpdate(true, length, buf, outbuf);

  253.             }

  254.         }

  255. 

  256.         public override void Decrypt(byte[] buf, int length, byte[] outbuf, out int outlength)

  257.         {

  258.             if (!_decryptIVReceived)

  259.             {

  260.                 _decryptIVReceived = true;

  261.                 initCipher(buf, false);

  262.                 outlength = length - ivLen;

  263.                 lock (tempbuf)

  264.                 {

  265.                     // C# could be multi-threaded

  266.                     Buffer.BlockCopy(buf, ivLen, tempbuf, 0, length - ivLen);

  267.                     cipherUpdate(false, length - ivLen, tempbuf, outbuf);

  268.                 }

  269.             }

  270.             else

  271.             {

  272.                 outlength = length;

  273.                 cipherUpdate(false, length, buf, outbuf);

  274.             }

  275.         }

  276. 

  277.     }

  278. }

No Description