From 3aac1cfcfc6bf083f5b6046c0e92c17db4628af8 Mon Sep 17 00:00:00 2001 From: Gang Zhuo Date: Wed, 23 Sep 2015 02:08:41 -0400 Subject: [PATCH] Refine the authentication for true CCA --- .../Controller/Service/TCPRelay.cs | 2 +- shadowsocks-csharp/Data/cn.txt | 2 +- shadowsocks-csharp/Encryption/IVEncryptor.cs | 96 +++++++++---------- shadowsocks-csharp/View/ConfigForm.cs | 2 +- 4 files changed, 46 insertions(+), 56 deletions(-) diff --git a/shadowsocks-csharp/Controller/Service/TCPRelay.cs b/shadowsocks-csharp/Controller/Service/TCPRelay.cs index ca53a97a..a6b20cb0 100644 --- a/shadowsocks-csharp/Controller/Service/TCPRelay.cs +++ b/shadowsocks-csharp/Controller/Service/TCPRelay.cs @@ -93,7 +93,7 @@ namespace Shadowsocks.Controller private int _firstPacketLength; // Size of receive buffer. public const int RecvSize = 8192; - public const int RecvReserveSize = (RecvSize / IVEncryptor.HASH_BUF_LEN + 1) * IVEncryptor.HASH_BYTES + IVEncryptor.ONETIMEAUTH_BYTES; // reserve for one-time auth + public const int RecvReserveSize = IVEncryptor.ONETIMEAUTH_BYTES + IVEncryptor.AUTH_BYTES; // reserve for one-time auth public const int BufferSize = RecvSize + RecvReserveSize + 32; private int totalRead = 0; diff --git a/shadowsocks-csharp/Data/cn.txt b/shadowsocks-csharp/Data/cn.txt index c8bde1ce..77af2154 100644 --- a/shadowsocks-csharp/Data/cn.txt +++ b/shadowsocks-csharp/Data/cn.txt @@ -42,7 +42,7 @@ Password=密码 Encryption=加密 Proxy Port=代理端口 Remarks=备注 -Onetime Authentication=一次性认证 +Onetime Authentication (Experimental)=一次性认证(实验性) OK=确定 Cancel=取消 New server=未配置的服务器 diff --git a/shadowsocks-csharp/Encryption/IVEncryptor.cs b/shadowsocks-csharp/Encryption/IVEncryptor.cs index bd600c06..a4b66ce4 100755 --- a/shadowsocks-csharp/Encryption/IVEncryptor.cs +++ b/shadowsocks-csharp/Encryption/IVEncryptor.cs @@ -18,8 +18,9 @@ namespace Shadowsocks.Encryption public const int ONETIMEAUTH_BYTES = 16; public const int ONETIMEAUTH_KEYBYTES = 32; - public const int HASH_BUF_LEN = 128; public const int HASH_BYTES = 4; + public const int CLEN_BYTES = 2; + public const int AUTH_BYTES = HASH_BYTES + CLEN_BYTES; protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE]; @@ -38,17 +39,13 @@ namespace Shadowsocks.Encryption protected byte[] _key; protected int keyLen; protected int ivLen; - protected byte[] hash_buf; - protected int hash_idx = 0; + protected uint counter = 0; + protected byte[] _keyBuffer = null; public IVEncryptor(string method, string password, bool onetimeauth) : base(method, password, onetimeauth) { InitKey(method, password); - if (OnetimeAuth) - { - hash_buf = new byte[HASH_BUF_LEN]; - } } protected abstract Dictionary getCiphers(); @@ -153,45 +150,44 @@ namespace Shadowsocks.Encryption return len; } - protected int ss_onetimeauth(byte[] auth, - byte[] msg, int msg_len, - byte[] iv, int iv_len, - byte[] key, int key_len) + protected int ss_onetimeauth(byte[] auth, byte[] msg, int msg_len) { byte[] auth_key = new byte[ONETIMEAUTH_KEYBYTES]; byte[] auth_bytes = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH]; - Buffer.BlockCopy(iv, 0, auth_bytes, 0, ivLen); - Buffer.BlockCopy(key, 0, auth_bytes, ivLen, key_len); - Sodium.crypto_generichash(auth_key, ONETIMEAUTH_KEYBYTES, auth_bytes, (ulong)(iv_len + key_len), null, 0); + Buffer.BlockCopy(_encryptIV, 0, auth_bytes, 0, ivLen); + Buffer.BlockCopy(_key, 0, auth_bytes, ivLen, keyLen); + Sodium.crypto_generichash(auth_key, ONETIMEAUTH_KEYBYTES, auth_bytes, (ulong)(ivLen + keyLen), null, 0); return Sodium.crypto_onetimeauth(auth, msg, (ulong)msg_len, auth_key); } - protected void ss_gen_hash(byte[] in_buf, ref int in_offset, ref int in_len, - byte[] hash_buf, ref int hash_idx, int buf_size) + protected void ss_gen_hash(byte[] buf, ref int offset, ref int len, int buf_size) { - int i, j; - int offset = in_offset; - int blen = in_len; - int cidx = hash_idx; - int size = (blen / HASH_BUF_LEN + 1) * HASH_BYTES + blen; + int size = len + AUTH_BYTES; if (buf_size < (size + offset)) throw new Exception("failed to generate hash: buffer size insufficient"); - byte[] hash = new byte[HASH_BYTES]; - for (i = 0, j = offset; i < blen; i++, j++) + + if (_keyBuffer == null) { - if (cidx == HASH_BUF_LEN) - { - Sodium.crypto_generichash(hash, HASH_BYTES, hash_buf, HASH_BUF_LEN, null, 0); - Buffer.BlockCopy(in_buf, j, in_buf, j + HASH_BYTES, blen - i); - Buffer.BlockCopy(hash, 0, in_buf, j, HASH_BYTES); - j += HASH_BYTES; cidx = 0; - } - hash_buf[cidx] = in_buf[j]; - cidx++; + _keyBuffer = new byte[MAX_IV_LENGTH + 4]; + Buffer.BlockCopy(_encryptIV, 0, _keyBuffer, 0, ivLen); } - in_offset = j; - in_len = j - offset; - hash_idx = cidx; + + byte[] counter_bytes = BitConverter.GetBytes((uint)IPAddress.HostToNetworkOrder((int)counter)); + Buffer.BlockCopy(counter_bytes, 0, _keyBuffer, ivLen, 4); + + byte[] hash = new byte[HASH_BYTES]; + byte[] tmp = new byte[len]; + Buffer.BlockCopy(buf, offset, tmp, 0, len); + Sodium.crypto_generichash(hash, HASH_BYTES, tmp, (ulong)len, _keyBuffer, (uint)_keyBuffer.Length); + + Buffer.BlockCopy(buf, offset, buf, offset + AUTH_BYTES, len); + Buffer.BlockCopy(hash, 0, buf, offset + CLEN_BYTES, HASH_BYTES); + byte[] clen = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)len)); + Buffer.BlockCopy(clen, 0, buf, offset, CLEN_BYTES); + + counter++; + len += AUTH_BYTES; + offset += len; } public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength) @@ -206,19 +202,16 @@ namespace Shadowsocks.Encryption { if (OnetimeAuth) { - lock (hash_buf) - { - int headLen = ss_headlen(buf, length); - int data_len = length - headLen; - Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES, data_len); - buf[0] |= ONETIMEAUTH_FLAG; - byte[] auth = new byte[ONETIMEAUTH_BYTES]; - ss_onetimeauth(auth, buf, headLen, _encryptIV, ivLen, _key, keyLen); - Buffer.BlockCopy(auth, 0, buf, headLen, ONETIMEAUTH_BYTES); - int buf_offset = headLen + ONETIMEAUTH_BYTES; - ss_gen_hash(buf, ref buf_offset, ref data_len, hash_buf, ref hash_idx, buf.Length); - length = headLen + ONETIMEAUTH_BYTES + data_len; - } + int headLen = ss_headlen(buf, length); + int len = length - headLen; + Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES, len); + buf[0] |= ONETIMEAUTH_FLAG; + byte[] auth = new byte[ONETIMEAUTH_BYTES]; + ss_onetimeauth(auth, buf, headLen); + Buffer.BlockCopy(auth, 0, buf, headLen, ONETIMEAUTH_BYTES); + int offset = headLen + ONETIMEAUTH_BYTES; + ss_gen_hash(buf, ref offset, ref len, buf.Length); + length = headLen + ONETIMEAUTH_BYTES + len; } cipherUpdate(true, length, buf, tempbuf); outlength = length + ivLen; @@ -229,11 +222,8 @@ namespace Shadowsocks.Encryption { if (OnetimeAuth) { - lock (hash_buf) - { - int buf_offset = 0; - ss_gen_hash(buf, ref buf_offset, ref length, hash_buf, ref hash_idx, buf.Length); - } + int offset = 0; + ss_gen_hash(buf, ref offset, ref length, buf.Length); } outlength = length; cipherUpdate(true, length, buf, outbuf); diff --git a/shadowsocks-csharp/View/ConfigForm.cs b/shadowsocks-csharp/View/ConfigForm.cs index fd0b8d63..38bdf1ad 100755 --- a/shadowsocks-csharp/View/ConfigForm.cs +++ b/shadowsocks-csharp/View/ConfigForm.cs @@ -48,7 +48,7 @@ namespace Shadowsocks.View EncryptionLabel.Text = I18N.GetString("Encryption"); ProxyPortLabel.Text = I18N.GetString("Proxy Port"); RemarksLabel.Text = I18N.GetString("Remarks"); - OneTimeAuth.Text = I18N.GetString("Onetime Authentication"); + OneTimeAuth.Text = I18N.GetString("Onetime Authentication (Experimental)"); ServerGroupBox.Text = I18N.GetString("Server"); OKButton.Text = I18N.GetString("OK"); MyCancelButton.Text = I18N.GetString("Cancel");