youys
/
shadowsocks-windows
Not watched
1
0
Fork 0
Code
Releases 67 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
Browse Source

Refine the authentication for true CCA

tags/3.0
Gang Zhuo 9 years ago
parent
f7c9f2049c
commit
3aac1cfcfc
4 changed files with 46 additions and 56 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      shadowsocks-csharp/Controller/Service/TCPRelay.cs
  2. +1
    -1
      shadowsocks-csharp/Data/cn.txt
  3. +43
    -53
      shadowsocks-csharp/Encryption/IVEncryptor.cs
  4. +1
    -1
      shadowsocks-csharp/View/ConfigForm.cs

+ 1
- 1
shadowsocks-csharp/Controller/Service/TCPRelay.cs View File

@@ -93,7 +93,7 @@ namespace Shadowsocks.Controller
private int _firstPacketLength;
// Size of receive buffer.
public const int RecvSize = 8192;
public const int RecvReserveSize = (RecvSize / IVEncryptor.HASH_BUF_LEN + 1) * IVEncryptor.HASH_BYTES + IVEncryptor.ONETIMEAUTH_BYTES; // reserve for one-time auth
public const int RecvReserveSize = IVEncryptor.ONETIMEAUTH_BYTES + IVEncryptor.AUTH_BYTES; // reserve for one-time auth
public const int BufferSize = RecvSize + RecvReserveSize + 32;
private int totalRead = 0;


+ 1
- 1
shadowsocks-csharp/Data/cn.txt View File

@@ -42,7 +42,7 @@ Password=密码
Encryption=加密
Proxy Port=代理端口
Remarks=备注
Onetime Authentication=一次性认证
Onetime Authentication (Experimental)=一次性认证(实验性)
OK=确定
Cancel=取消
New server=未配置的服务器


+ 43
- 53
shadowsocks-csharp/Encryption/IVEncryptor.cs View File

@@ -18,8 +18,9 @@ namespace Shadowsocks.Encryption
public const int ONETIMEAUTH_BYTES = 16;
public const int ONETIMEAUTH_KEYBYTES = 32;
public const int HASH_BUF_LEN = 128;
public const int HASH_BYTES = 4;
public const int CLEN_BYTES = 2;
public const int AUTH_BYTES = HASH_BYTES + CLEN_BYTES;
protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE];
@@ -38,17 +39,13 @@ namespace Shadowsocks.Encryption
protected byte[] _key;
protected int keyLen;
protected int ivLen;
protected byte[] hash_buf;
protected int hash_idx = 0;
protected uint counter = 0;
protected byte[] _keyBuffer = null;
public IVEncryptor(string method, string password, bool onetimeauth)
: base(method, password, onetimeauth)
{
InitKey(method, password);
if (OnetimeAuth)
{
hash_buf = new byte[HASH_BUF_LEN];
}
}
protected abstract Dictionary<string, int[]> getCiphers();
@@ -153,45 +150,44 @@ namespace Shadowsocks.Encryption
return len;
}
protected int ss_onetimeauth(byte[] auth,
byte[] msg, int msg_len,
byte[] iv, int iv_len,
byte[] key, int key_len)
protected int ss_onetimeauth(byte[] auth, byte[] msg, int msg_len)
{
byte[] auth_key = new byte[ONETIMEAUTH_KEYBYTES];
byte[] auth_bytes = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH];
Buffer.BlockCopy(iv, 0, auth_bytes, 0, ivLen);
Buffer.BlockCopy(key, 0, auth_bytes, ivLen, key_len);
Sodium.crypto_generichash(auth_key, ONETIMEAUTH_KEYBYTES, auth_bytes, (ulong)(iv_len + key_len), null, 0);
Buffer.BlockCopy(_encryptIV, 0, auth_bytes, 0, ivLen);
Buffer.BlockCopy(_key, 0, auth_bytes, ivLen, keyLen);
Sodium.crypto_generichash(auth_key, ONETIMEAUTH_KEYBYTES, auth_bytes, (ulong)(ivLen + keyLen), null, 0);
return Sodium.crypto_onetimeauth(auth, msg, (ulong)msg_len, auth_key);
}
protected void ss_gen_hash(byte[] in_buf, ref int in_offset, ref int in_len,
byte[] hash_buf, ref int hash_idx, int buf_size)
protected void ss_gen_hash(byte[] buf, ref int offset, ref int len, int buf_size)
{
int i, j;
int offset = in_offset;
int blen = in_len;
int cidx = hash_idx;
int size = (blen / HASH_BUF_LEN + 1) * HASH_BYTES + blen;
int size = len + AUTH_BYTES;
if (buf_size < (size + offset))
throw new Exception("failed to generate hash: buffer size insufficient");
byte[] hash = new byte[HASH_BYTES];
for (i = 0, j = offset; i < blen; i++, j++)
if (_keyBuffer == null)
{
if (cidx == HASH_BUF_LEN)
{
Sodium.crypto_generichash(hash, HASH_BYTES, hash_buf, HASH_BUF_LEN, null, 0);
Buffer.BlockCopy(in_buf, j, in_buf, j + HASH_BYTES, blen - i);
Buffer.BlockCopy(hash, 0, in_buf, j, HASH_BYTES);
j += HASH_BYTES; cidx = 0;
}
hash_buf[cidx] = in_buf[j];
cidx++;
_keyBuffer = new byte[MAX_IV_LENGTH + 4];
Buffer.BlockCopy(_encryptIV, 0, _keyBuffer, 0, ivLen);
}
in_offset = j;
in_len = j - offset;
hash_idx = cidx;
byte[] counter_bytes = BitConverter.GetBytes((uint)IPAddress.HostToNetworkOrder((int)counter));
Buffer.BlockCopy(counter_bytes, 0, _keyBuffer, ivLen, 4);
byte[] hash = new byte[HASH_BYTES];
byte[] tmp = new byte[len];
Buffer.BlockCopy(buf, offset, tmp, 0, len);
Sodium.crypto_generichash(hash, HASH_BYTES, tmp, (ulong)len, _keyBuffer, (uint)_keyBuffer.Length);
Buffer.BlockCopy(buf, offset, buf, offset + AUTH_BYTES, len);
Buffer.BlockCopy(hash, 0, buf, offset + CLEN_BYTES, HASH_BYTES);
byte[] clen = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)len));
Buffer.BlockCopy(clen, 0, buf, offset, CLEN_BYTES);
counter++;
len += AUTH_BYTES;
offset += len;
}
public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength)
@@ -206,19 +202,16 @@ namespace Shadowsocks.Encryption
{
if (OnetimeAuth)
{
lock (hash_buf)
{
int headLen = ss_headlen(buf, length);
int data_len = length - headLen;
Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES, data_len);
buf[0] |= ONETIMEAUTH_FLAG;
byte[] auth = new byte[ONETIMEAUTH_BYTES];
ss_onetimeauth(auth, buf, headLen, _encryptIV, ivLen, _key, keyLen);
Buffer.BlockCopy(auth, 0, buf, headLen, ONETIMEAUTH_BYTES);
int buf_offset = headLen + ONETIMEAUTH_BYTES;
ss_gen_hash(buf, ref buf_offset, ref data_len, hash_buf, ref hash_idx, buf.Length);
length = headLen + ONETIMEAUTH_BYTES + data_len;
}
int headLen = ss_headlen(buf, length);
int len = length - headLen;
Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES, len);
buf[0] |= ONETIMEAUTH_FLAG;
byte[] auth = new byte[ONETIMEAUTH_BYTES];
ss_onetimeauth(auth, buf, headLen);
Buffer.BlockCopy(auth, 0, buf, headLen, ONETIMEAUTH_BYTES);
int offset = headLen + ONETIMEAUTH_BYTES;
ss_gen_hash(buf, ref offset, ref len, buf.Length);
length = headLen + ONETIMEAUTH_BYTES + len;
}
cipherUpdate(true, length, buf, tempbuf);
outlength = length + ivLen;
@@ -229,11 +222,8 @@ namespace Shadowsocks.Encryption
{
if (OnetimeAuth)
{
lock (hash_buf)
{
int buf_offset = 0;
ss_gen_hash(buf, ref buf_offset, ref length, hash_buf, ref hash_idx, buf.Length);
}
int offset = 0;
ss_gen_hash(buf, ref offset, ref length, buf.Length);
}
outlength = length;
cipherUpdate(true, length, buf, outbuf);


+ 1
- 1
shadowsocks-csharp/View/ConfigForm.cs View File

@@ -48,7 +48,7 @@ namespace Shadowsocks.View
EncryptionLabel.Text = I18N.GetString("Encryption");
ProxyPortLabel.Text = I18N.GetString("Proxy Port");
RemarksLabel.Text = I18N.GetString("Remarks");
OneTimeAuth.Text = I18N.GetString("Onetime Authentication");
OneTimeAuth.Text = I18N.GetString("Onetime Authentication (Experimental)");
ServerGroupBox.Text = I18N.GetString("Server");
OKButton.Text = I18N.GetString("OK");
MyCancelButton.Text = I18N.GetString("Cancel");


Write Preview
Loading…
Cancel
Save