|
@@ -18,8 +18,9 @@ namespace Shadowsocks.Encryption |
|
|
public const int ONETIMEAUTH_BYTES = 16;
|
|
|
public const int ONETIMEAUTH_BYTES = 16;
|
|
|
public const int ONETIMEAUTH_KEYBYTES = 32;
|
|
|
public const int ONETIMEAUTH_KEYBYTES = 32;
|
|
|
|
|
|
|
|
|
public const int HASH_BUF_LEN = 128;
|
|
|
|
|
|
public const int HASH_BYTES = 4;
|
|
|
public const int HASH_BYTES = 4;
|
|
|
|
|
|
public const int CLEN_BYTES = 2;
|
|
|
|
|
|
public const int AUTH_BYTES = HASH_BYTES + CLEN_BYTES;
|
|
|
|
|
|
|
|
|
protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE];
|
|
|
protected static byte[] tempbuf = new byte[MAX_INPUT_SIZE];
|
|
|
|
|
|
|
|
@@ -38,17 +39,13 @@ namespace Shadowsocks.Encryption |
|
|
protected byte[] _key;
|
|
|
protected byte[] _key;
|
|
|
protected int keyLen;
|
|
|
protected int keyLen;
|
|
|
protected int ivLen;
|
|
|
protected int ivLen;
|
|
|
protected byte[] hash_buf;
|
|
|
|
|
|
protected int hash_idx = 0;
|
|
|
|
|
|
|
|
|
protected uint counter = 0;
|
|
|
|
|
|
protected byte[] _keyBuffer = null;
|
|
|
|
|
|
|
|
|
public IVEncryptor(string method, string password, bool onetimeauth)
|
|
|
public IVEncryptor(string method, string password, bool onetimeauth)
|
|
|
: base(method, password, onetimeauth)
|
|
|
: base(method, password, onetimeauth)
|
|
|
{
|
|
|
{
|
|
|
InitKey(method, password);
|
|
|
InitKey(method, password);
|
|
|
if (OnetimeAuth)
|
|
|
|
|
|
{
|
|
|
|
|
|
hash_buf = new byte[HASH_BUF_LEN];
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
protected abstract Dictionary<string, int[]> getCiphers();
|
|
|
protected abstract Dictionary<string, int[]> getCiphers();
|
|
@@ -153,45 +150,44 @@ namespace Shadowsocks.Encryption |
|
|
return len;
|
|
|
return len;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
protected int ss_onetimeauth(byte[] auth,
|
|
|
|
|
|
byte[] msg, int msg_len,
|
|
|
|
|
|
byte[] iv, int iv_len,
|
|
|
|
|
|
byte[] key, int key_len)
|
|
|
|
|
|
|
|
|
protected int ss_onetimeauth(byte[] auth, byte[] msg, int msg_len)
|
|
|
{
|
|
|
{
|
|
|
byte[] auth_key = new byte[ONETIMEAUTH_KEYBYTES];
|
|
|
byte[] auth_key = new byte[ONETIMEAUTH_KEYBYTES];
|
|
|
byte[] auth_bytes = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH];
|
|
|
byte[] auth_bytes = new byte[MAX_IV_LENGTH + MAX_KEY_LENGTH];
|
|
|
Buffer.BlockCopy(iv, 0, auth_bytes, 0, ivLen);
|
|
|
|
|
|
Buffer.BlockCopy(key, 0, auth_bytes, ivLen, key_len);
|
|
|
|
|
|
Sodium.crypto_generichash(auth_key, ONETIMEAUTH_KEYBYTES, auth_bytes, (ulong)(iv_len + key_len), null, 0);
|
|
|
|
|
|
|
|
|
Buffer.BlockCopy(_encryptIV, 0, auth_bytes, 0, ivLen);
|
|
|
|
|
|
Buffer.BlockCopy(_key, 0, auth_bytes, ivLen, keyLen);
|
|
|
|
|
|
Sodium.crypto_generichash(auth_key, ONETIMEAUTH_KEYBYTES, auth_bytes, (ulong)(ivLen + keyLen), null, 0);
|
|
|
return Sodium.crypto_onetimeauth(auth, msg, (ulong)msg_len, auth_key);
|
|
|
return Sodium.crypto_onetimeauth(auth, msg, (ulong)msg_len, auth_key);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
protected void ss_gen_hash(byte[] in_buf, ref int in_offset, ref int in_len,
|
|
|
|
|
|
byte[] hash_buf, ref int hash_idx, int buf_size)
|
|
|
|
|
|
|
|
|
protected void ss_gen_hash(byte[] buf, ref int offset, ref int len, int buf_size)
|
|
|
{
|
|
|
{
|
|
|
int i, j;
|
|
|
|
|
|
int offset = in_offset;
|
|
|
|
|
|
int blen = in_len;
|
|
|
|
|
|
int cidx = hash_idx;
|
|
|
|
|
|
int size = (blen / HASH_BUF_LEN + 1) * HASH_BYTES + blen;
|
|
|
|
|
|
|
|
|
int size = len + AUTH_BYTES;
|
|
|
if (buf_size < (size + offset))
|
|
|
if (buf_size < (size + offset))
|
|
|
throw new Exception("failed to generate hash: buffer size insufficient");
|
|
|
throw new Exception("failed to generate hash: buffer size insufficient");
|
|
|
byte[] hash = new byte[HASH_BYTES];
|
|
|
|
|
|
for (i = 0, j = offset; i < blen; i++, j++)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (_keyBuffer == null)
|
|
|
{
|
|
|
{
|
|
|
if (cidx == HASH_BUF_LEN)
|
|
|
|
|
|
{
|
|
|
|
|
|
Sodium.crypto_generichash(hash, HASH_BYTES, hash_buf, HASH_BUF_LEN, null, 0);
|
|
|
|
|
|
Buffer.BlockCopy(in_buf, j, in_buf, j + HASH_BYTES, blen - i);
|
|
|
|
|
|
Buffer.BlockCopy(hash, 0, in_buf, j, HASH_BYTES);
|
|
|
|
|
|
j += HASH_BYTES; cidx = 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
hash_buf[cidx] = in_buf[j];
|
|
|
|
|
|
cidx++;
|
|
|
|
|
|
|
|
|
_keyBuffer = new byte[MAX_IV_LENGTH + 4];
|
|
|
|
|
|
Buffer.BlockCopy(_encryptIV, 0, _keyBuffer, 0, ivLen);
|
|
|
}
|
|
|
}
|
|
|
in_offset = j;
|
|
|
|
|
|
in_len = j - offset;
|
|
|
|
|
|
hash_idx = cidx;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
byte[] counter_bytes = BitConverter.GetBytes((uint)IPAddress.HostToNetworkOrder((int)counter));
|
|
|
|
|
|
Buffer.BlockCopy(counter_bytes, 0, _keyBuffer, ivLen, 4);
|
|
|
|
|
|
|
|
|
|
|
|
byte[] hash = new byte[HASH_BYTES];
|
|
|
|
|
|
byte[] tmp = new byte[len];
|
|
|
|
|
|
Buffer.BlockCopy(buf, offset, tmp, 0, len);
|
|
|
|
|
|
Sodium.crypto_generichash(hash, HASH_BYTES, tmp, (ulong)len, _keyBuffer, (uint)_keyBuffer.Length);
|
|
|
|
|
|
|
|
|
|
|
|
Buffer.BlockCopy(buf, offset, buf, offset + AUTH_BYTES, len);
|
|
|
|
|
|
Buffer.BlockCopy(hash, 0, buf, offset + CLEN_BYTES, HASH_BYTES);
|
|
|
|
|
|
byte[] clen = BitConverter.GetBytes((ushort)IPAddress.HostToNetworkOrder((short)len));
|
|
|
|
|
|
Buffer.BlockCopy(clen, 0, buf, offset, CLEN_BYTES);
|
|
|
|
|
|
|
|
|
|
|
|
counter++;
|
|
|
|
|
|
len += AUTH_BYTES;
|
|
|
|
|
|
offset += len;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength)
|
|
|
public override void Encrypt(byte[] buf, int length, byte[] outbuf, out int outlength)
|
|
@@ -206,19 +202,16 @@ namespace Shadowsocks.Encryption |
|
|
{
|
|
|
{
|
|
|
if (OnetimeAuth)
|
|
|
if (OnetimeAuth)
|
|
|
{
|
|
|
{
|
|
|
lock (hash_buf)
|
|
|
|
|
|
{
|
|
|
|
|
|
int headLen = ss_headlen(buf, length);
|
|
|
|
|
|
int data_len = length - headLen;
|
|
|
|
|
|
Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES, data_len);
|
|
|
|
|
|
buf[0] |= ONETIMEAUTH_FLAG;
|
|
|
|
|
|
byte[] auth = new byte[ONETIMEAUTH_BYTES];
|
|
|
|
|
|
ss_onetimeauth(auth, buf, headLen, _encryptIV, ivLen, _key, keyLen);
|
|
|
|
|
|
Buffer.BlockCopy(auth, 0, buf, headLen, ONETIMEAUTH_BYTES);
|
|
|
|
|
|
int buf_offset = headLen + ONETIMEAUTH_BYTES;
|
|
|
|
|
|
ss_gen_hash(buf, ref buf_offset, ref data_len, hash_buf, ref hash_idx, buf.Length);
|
|
|
|
|
|
length = headLen + ONETIMEAUTH_BYTES + data_len;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
int headLen = ss_headlen(buf, length);
|
|
|
|
|
|
int len = length - headLen;
|
|
|
|
|
|
Buffer.BlockCopy(buf, headLen, buf, headLen + ONETIMEAUTH_BYTES, len);
|
|
|
|
|
|
buf[0] |= ONETIMEAUTH_FLAG;
|
|
|
|
|
|
byte[] auth = new byte[ONETIMEAUTH_BYTES];
|
|
|
|
|
|
ss_onetimeauth(auth, buf, headLen);
|
|
|
|
|
|
Buffer.BlockCopy(auth, 0, buf, headLen, ONETIMEAUTH_BYTES);
|
|
|
|
|
|
int offset = headLen + ONETIMEAUTH_BYTES;
|
|
|
|
|
|
ss_gen_hash(buf, ref offset, ref len, buf.Length);
|
|
|
|
|
|
length = headLen + ONETIMEAUTH_BYTES + len;
|
|
|
}
|
|
|
}
|
|
|
cipherUpdate(true, length, buf, tempbuf);
|
|
|
cipherUpdate(true, length, buf, tempbuf);
|
|
|
outlength = length + ivLen;
|
|
|
outlength = length + ivLen;
|
|
@@ -229,11 +222,8 @@ namespace Shadowsocks.Encryption |
|
|
{
|
|
|
{
|
|
|
if (OnetimeAuth)
|
|
|
if (OnetimeAuth)
|
|
|
{
|
|
|
{
|
|
|
lock (hash_buf)
|
|
|
|
|
|
{
|
|
|
|
|
|
int buf_offset = 0;
|
|
|
|
|
|
ss_gen_hash(buf, ref buf_offset, ref length, hash_buf, ref hash_idx, buf.Length);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
int offset = 0;
|
|
|
|
|
|
ss_gen_hash(buf, ref offset, ref length, buf.Length);
|
|
|
}
|
|
|
}
|
|
|
outlength = length;
|
|
|
outlength = length;
|
|
|
cipherUpdate(true, length, buf, outbuf);
|
|
|
cipherUpdate(true, length, buf, outbuf);
|
|
|