youys
/
shadowsocks-windows
Not watched
1
0
Fork 0
Code
Releases 67 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
781 Commits
5 Branches
32 MB
172 Download
Tree: 2fafc52def
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fafc52def'
${ noResults }
shadowsocks-windows/shadowsocks-csharp/Encryption/IVEncryptor.cs

IVEncryptor.cs 10 kB
Raw Normal View History

refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
Refine encryption(#655) * Refine encryption - Add AES-CTR, blowfish and camellia ciphers aes-256-ctr aes-192-ctr aes-128-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb - Merge the previous PolarSSL and MbedTLS - Switch to MbedTLS's cipher layer functions - Add workaround to set cipher operation(encrypt/decrypt) Signed-off-by: Syrone Wong <wong.syrone@gmail.com> * Add function to get MbedTLS cipher context size and drop hard-coded ctx sizes Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
8 years ago
refactor
10 years ago
support onetime auth
9 years ago
refactor
10 years ago
refactor package name
10 years ago
refactor
10 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
support onetime auth
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Protocol V2
9 years ago
support onetime auth
9 years ago
sodium works
10 years ago
refactor
10 years ago
Refine encryption(#655) * Refine encryption - Add AES-CTR, blowfish and camellia ciphers aes-256-ctr aes-192-ctr aes-128-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb - Merge the previous PolarSSL and MbedTLS - Switch to MbedTLS's cipher layer functions - Add workaround to set cipher operation(encrypt/decrypt) Signed-off-by: Syrone Wong <wong.syrone@gmail.com> * Add function to get MbedTLS cipher context size and drop hard-coded ctx sizes Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
8 years ago
refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
Refine encryption(#655) * Refine encryption - Add AES-CTR, blowfish and camellia ciphers aes-256-ctr aes-192-ctr aes-128-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb - Merge the previous PolarSSL and MbedTLS - Switch to MbedTLS's cipher layer functions - Add workaround to set cipher operation(encrypt/decrypt) Signed-off-by: Syrone Wong <wong.syrone@gmail.com> * Add function to get MbedTLS cipher context size and drop hard-coded ctx sizes Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
8 years ago
refactor
10 years ago
Refine the authentication for true CCA
9 years ago
refactor
10 years ago
refact
9 years ago
refactor
10 years ago
Refine encryption(#655) * Refine encryption - Add AES-CTR, blowfish and camellia ciphers aes-256-ctr aes-192-ctr aes-128-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb - Merge the previous PolarSSL and MbedTLS - Switch to MbedTLS's cipher layer functions - Add workaround to set cipher operation(encrypt/decrypt) Signed-off-by: Syrone Wong <wong.syrone@gmail.com> * Add function to get MbedTLS cipher context size and drop hard-coded ctx sizes Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
8 years ago
refactor
10 years ago
Refine encryption(#655) * Refine encryption - Add AES-CTR, blowfish and camellia ciphers aes-256-ctr aes-192-ctr aes-128-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb - Merge the previous PolarSSL and MbedTLS - Switch to MbedTLS's cipher layer functions - Add workaround to set cipher operation(encrypt/decrypt) Signed-off-by: Syrone Wong <wong.syrone@gmail.com> * Add function to get MbedTLS cipher context size and drop hard-coded ctx sizes Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
8 years ago
refactor
10 years ago
Refine encryption(#655) * Refine encryption - Add AES-CTR, blowfish and camellia ciphers aes-256-ctr aes-192-ctr aes-128-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb - Merge the previous PolarSSL and MbedTLS - Switch to MbedTLS's cipher layer functions - Add workaround to set cipher operation(encrypt/decrypt) Signed-off-by: Syrone Wong <wong.syrone@gmail.com> * Add function to get MbedTLS cipher context size and drop hard-coded ctx sizes Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
8 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
use ConcurrentDictionary instead of Dictionary
9 years ago
refactor
10 years ago
override MD5, so compatible with FIPS
9 years ago
refactor
10 years ago
override MD5, so compatible with FIPS
9 years ago
refactor
10 years ago
no repeat random number generator The stock code use class Random to generate IV, the Random is pseudo random number generator. The IV maybe repeat, this will cause shadowsocks-libev closed the sockets with the error message 'invalid password or cipher'. Reference https://github.com/shadowsocks/shadowsocks-libev/issues/389 Solution is use class RNGCryptoServiceProvider to generate IV, of course it's lower performance, but a little bit.
9 years ago
refactor
10 years ago
Protocol V2
9 years ago
support onetime auth
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Refine the authentication for true CCA
9 years ago
Update the hash function follow with https://github.com/shadowsocks/shadowsocks-libev/commit/5ae4df94e440c4f6826a679a62687ad27303d89b
9 years ago
Protocol V2
9 years ago
refact
9 years ago
refactor
10 years ago
refact
9 years ago
Protocol V2
9 years ago
refactor
10 years ago
refact
9 years ago
refactor
10 years ago
support onetime auth
9 years ago
refactor
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Collections.Concurrent;

  4. using System.Linq;

  5. using System.Security.Cryptography;

  6. using System.Text;

  7. using System.Net;

  8. 

  9. namespace Shadowsocks.Encryption

  10. {

  11.     public abstract class IVEncryptor

  12.         : EncryptorBase

  13.     {

  14.         public const int MAX_KEY_LENGTH = 64;

  15.         public const int MAX_IV_LENGTH = 16;

  16. 

  17.         public const int ONETIMEAUTH_FLAG = 0x10;

  18.         public const int ADDRTYPE_MASK = 0xF;

  19. 

  20.         public const int ONETIMEAUTH_BYTES = 10;

  21. 

  22.         public const int CLEN_BYTES = 2;

  23.         public const int AUTH_BYTES = ONETIMEAUTH_BYTES + CLEN_BYTES;

  24. 

  25.         protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE];

  26. 

  27.         protected Dictionary<string, Dictionary<string, int[]>> ciphers;

  28.         protected Dictionary<string, int[]> ciphersDetail;

  29. 

  30.         private static readonly ConcurrentDictionary<string, byte[]> CachedKeys = new ConcurrentDictionary<string, byte[]>();

  31.         protected byte[] _encryptIV;

  32.         protected byte[] _decryptIV;

  33.         protected bool _decryptIVReceived;

  34.         protected bool _encryptIVSent;

  35.         protected string _method;

  36.         protected int _cipher;

  37.         // cipher name in MbedTLS, useless when using LibSodium

  38.         protected string _cipherMbedName;

  39.         protected int[] _cipherInfo;

  40.         protected byte[] _key;

  41.         protected int keyLen;

  42.         protected int ivLen;

  43.         protected uint counter = 0;

  44.         protected byte[] _keyBuffer = null;

  45. 

  46.         public IVEncryptor(string method, string password, bool onetimeauth, bool isudp)

  47.             : base(method, password, onetimeauth, isudp)

  48.         {

  49.             InitKey(method, password);

  50.         }

  51. 

  52.         protected abstract Dictionary<string, Dictionary<string, int[]>> getCiphers();

  53. 

  54.         protected void InitKey(string method, string password)

  55.         {

  56.             method = method.ToLower();

  57.             _method = method;

  58.             string k = method + ":" + password;

  59.             ciphers = getCiphers();

  60.             ciphersDetail = ciphers[_method];

  61.             _cipherMbedName = ciphersDetail.Keys.FirstOrDefault();

  62.             _cipherInfo = ciphers[_method][_cipherMbedName];

  63.             _cipher = _cipherInfo[2];

  64.             if (_cipher == 0)

  65.             {

  66.                 throw new Exception("method not found");

  67.             }

  68.             keyLen = _cipherInfo[0];

  69.             ivLen = _cipherInfo[1];

  70.             _key = CachedKeys.GetOrAdd(k, (nk) =>

  71.             {

  72.                 byte[] passbuf = Encoding.UTF8.GetBytes(password);

  73.                 byte[] key = new byte[32];

  74.                 byte[] iv = new byte[16];

  75.                 bytesToKey(passbuf, key);

  76.                 return key;

  77.             });

  78.         }

  79. 

  80.         protected void bytesToKey(byte[] password, byte[] key)

  81.         {

  82.             byte[] result = new byte[password.Length + 16];

  83.             int i = 0;

  84.             byte[] md5sum = null;

  85.             while (i < key.Length)

  86.             {

  87.                 if (i == 0)

  88.                 {

  89.                     md5sum = MbedTLS.MD5(password);

  90.                 }

  91.                 else

  92.                 {

  93.                     md5sum.CopyTo(result, 0);

  94.                     password.CopyTo(result, md5sum.Length);

  95.                     md5sum = MbedTLS.MD5(result);

  96.                 }

  97.                 md5sum.CopyTo(key, i);

  98.                 i += md5sum.Length;

  99.             }

  100.         }

  101. 

  102.         protected static void randBytes(byte[] buf, int length)

  103.         {

  104.             byte[] temp = new byte[length];

  105.             RNGCryptoServiceProvider rngServiceProvider = new RNGCryptoServiceProvider();

  106.             rngServiceProvider.GetBytes(temp);

  107.             temp.CopyTo(buf, 0);

  108.         }

  109. 

  110.         protected virtual void initCipher(byte[] iv, bool isCipher)

  111.         {

  112.             if (ivLen > 0)

  113.             {

  114.                 if (isCipher)

  115.                 {

  116.                     _encryptIV = new byte[ivLen];

  117.                     Array.Copy(iv, _encryptIV, ivLen);

  118.                 }

  119.                 else

  120.                 {

  121.                     _decryptIV = new byte[ivLen];

  122.                     Array.Copy(iv, _decryptIV, ivLen);

  123.                 }

  124.             }

  125.         }

  126. 

  127.         protected abstract void cipherUpdate(bool isCipher, int length, byte[] buf, byte[] outbuf);

  128. 

  129.         protected int getHeadLen(byte[] buf, int length)

  130.         {

  131.             int len = 0;

  132.             int atyp = length > 0 ? (buf[0] & ADDRTYPE_MASK) : 0;

  133.             if (atyp == 1)

  134.             {

  135.                 len = 7; // atyp (1 bytes) + ipv4 (4 bytes) + port (2 bytes)

  136.             }

  137.             else if (atyp == 3 && length > 1)

  138.             {

  139.                 int nameLen = buf[1];

  140.                 len = 4 + nameLen; // atyp (1 bytes) + name length (1 bytes) + name (n bytes) + port (2 bytes)

  141.             }

  142.             else if (atyp == 4)

  143.             {

  144.                 len = 19; // atyp (1 bytes) + ipv6 (16 bytes) + port (2 bytes)

  145.             }

  146.             if (len == 0 || len > length)

  147.                 throw new Exception($"invalid header with addr type {atyp}");

  148.             return len;

  149.         }

  150. 

  151.         protected byte[] genOnetimeAuthHash(byte[] msg, int msg_len)

  152.         {

  153.             byte[] auth = new byte[ONETIMEAUTH_BYTES];

  154.             byte[] hash = new byte[20];

  155.             byte[] auth_key = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH];

  156.             Buffer.BlockCopy(_encryptIV, 0, auth_key, 0, ivLen);

  157.             Buffer.BlockCopy(_key, 0, auth_key, ivLen, keyLen);

  158.             Sodium.ss_sha1_hmac_ex(auth_key, (uint)(ivLen + keyLen),

  159.                 msg, 0, (uint)msg_len, hash);

  160.             Buffer.BlockCopy(hash, 0, auth, 0, ONETIMEAUTH_BYTES);

  161.             return auth;

  162.         }

  163. 

  164.         protected void updateKeyBuffer()

  165.         {

  166.             if (_keyBuffer == null)

  167.             {

  168.                 _keyBuffer = new byte[MAX_IV_LENGTH + 4];

  169.                 Buffer.BlockCopy(_encryptIV, 0, _keyBuffer, 0, ivLen);

  170.             }

  171. 

  172.             byte[] counter_bytes = BitConverter.GetBytes((uint)IPAddress.HostToNetworkOrder((int)counter));

  173.             Buffer.BlockCopy(counter_bytes, 0, _keyBuffer, ivLen, 4);

  174.             counter++;

  175.         }

  176. 

  177.         protected byte[] genHash(byte[] buf, int offset, int len)

  178.         {

  179.             byte[] hash = new byte[20];

  180.             updateKeyBuffer();

  181.             Sodium.ss_sha1_hmac_ex(_keyBuffer, (uint)_keyBuffer.Length,

  182.                 buf, offset, (uint)len, hash);

  183.             return hash;

  184.         }

  185. 

  186.         protected void reactBuffer4TCP(byte[] buf, ref int length)

  187.         {

  188.             if (!_encryptIVSent)

  189.             {

  190.                 int headLen = getHeadLen(buf, length);

  191.                 int dataLen = length - headLen;

  192.                 buf[0] |= ONETIMEAUTH_FLAG;

  193.                 byte[] hash = genOnetimeAuthHash(buf, headLen);

  194.                 Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES + AUTH_BYTES, dataLen);

  195.                 Buffer.BlockCopy(hash, 0, buf, headLen, ONETIMEAUTH_BYTES);

  196.                 hash = genHash(buf, headLen + ONETIMEAUTH_BYTES + AUTH_BYTES, dataLen);

  197.                 Buffer.BlockCopy(hash, 0, buf, headLen + ONETIMEAUTH_BYTES + CLEN_BYTES, ONETIMEAUTH_BYTES);

  198.                 byte[] lenBytes = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)dataLen));

  199.                 Buffer.BlockCopy(lenBytes, 0, buf, headLen + ONETIMEAUTH_BYTES, CLEN_BYTES);

  200.                 length = headLen + ONETIMEAUTH_BYTES + AUTH_BYTES + dataLen;

  201.             }

  202.             else

  203.             {

  204.                 byte[] hash = genHash(buf, 0, length);

  205.                 Buffer.BlockCopy(buf, 0, buf, AUTH_BYTES, length);

  206.                 byte[] lenBytes = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)length));

  207.                 Buffer.BlockCopy(lenBytes, 0, buf, 0, CLEN_BYTES);

  208.                 Buffer.BlockCopy(hash, 0, buf, CLEN_BYTES, ONETIMEAUTH_BYTES);

  209.                 length += AUTH_BYTES;

  210.             }

  211.         }

  212. 

  213.         protected void reactBuffer4UDP(byte[] buf, ref int length)

  214.         {

  215.             buf[0] |= ONETIMEAUTH_FLAG;

  216.             byte[] hash = genOnetimeAuthHash(buf, length);

  217.             Buffer.BlockCopy(hash, 0, buf, length, ONETIMEAUTH_BYTES);

  218.             length += ONETIMEAUTH_BYTES;

  219.         }

  220. 

  221.         protected void reactBuffer(byte[] buf, ref int length)

  222.         {

  223.             if (OnetimeAuth && ivLen > 0)

  224.             {

  225.                 if (!IsUDP)

  226.                 {

  227.                     reactBuffer4TCP(buf, ref length);

  228.                 }

  229.                 else

  230.                 {

  231.                     reactBuffer4UDP(buf, ref length);

  232.                 }

  233.             }

  234.         }

  235. 

  236.         public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength)

  237.         {

  238.             if (!_encryptIVSent)

  239.             {

  240.                 randBytes(outbuf, ivLen);

  241.                 initCipher(outbuf, true);

  242.                 outlength = length + ivLen;

  243.                 reactBuffer(buf, ref length);

  244.                 _encryptIVSent = true;

  245.                 lock (tempbuf)

  246.                 {

  247.                     cipherUpdate(true, length, buf, tempbuf);

  248.                     outlength = length + ivLen;

  249.                     Buffer.BlockCopy(tempbuf, 0, outbuf, ivLen, length);

  250.                 }

  251.             }

  252.             else

  253.             {

  254.                 reactBuffer(buf, ref length);

  255.                 outlength = length;

  256.                 cipherUpdate(true, length, buf, outbuf);

  257.             }

  258.         }

  259. 

  260.         public override void Decrypt(byte[] buf, int length, byte[] outbuf, out int outlength)

  261.         {

  262.             if (!_decryptIVReceived)

  263.             {

  264.                 _decryptIVReceived = true;

  265.                 initCipher(buf, false);

  266.                 outlength = length - ivLen;

  267.                 lock (tempbuf)

  268.                 {

  269.                     // C# could be multi-threaded

  270.                     Buffer.BlockCopy(buf, ivLen, tempbuf, 0, length - ivLen);

  271.                     cipherUpdate(false, length - ivLen, tempbuf, outbuf);

  272.                 }

  273.             }

  274.             else

  275.             {

  276.                 outlength = length;

  277.                 cipherUpdate(false, length, buf, outbuf);

  278.             }

  279.         }

  280. 

  281.     }

  282. }

No Description