dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

use random iv so we finally have strong encryption now

1.4
clowwindy 12 years ago
parent
0aa252e2b0
commit
9a6a934261
5 changed files with 65 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 3
      config.json
  3. 66
      encrypt.py
  4. 8
      local.py
  5. 11
      server.py

3
README.md
View File

@ -8,6 +8,9 @@ shadowsocks is a lightweight tunnel proxy which can help you get through firewal
Other ports and clients can be found [here](https://github.com/clowwindy/shadowsocks/wiki/Ports-and-Clients).
Warning: AES, DES, blowfish encryption methods are not implemented the same as other versions(Nodejs, etc) yet, please don't use those methods
if you want to use Python version together with other versions!
usage
-----------

3
config.json
View File

@ -3,5 +3,6 @@
"server_port":8388,
"local_port":1080,
"password":"barfoo!",
"timeout":600
"timeout":600,
"method":null
}

66
encrypt.py
View File

@ -27,6 +27,11 @@ import struct
import logging
def random_string(length):
import M2Crypto.Rand
return M2Crypto.Rand.rand_bytes(length)
def get_table(key):
m = hashlib.md5()
m.update(key)
@ -55,7 +60,7 @@ def init_table(key, method=None):
encrypt_table = ''.join(get_table(key))
decrypt_table = string.maketrans(encrypt_table, string.maketrans('', ''))
else:
get_cipher(key, method, 1)
Encryptor(key, method) # make an Encryptor to test if the settings if OK
def EVP_BytesToKey(password, key_len, iv_len):
@ -89,39 +94,62 @@ method_supported = {
}
def get_cipher(password, method, op):
import M2Crypto.EVP
password = password.encode('utf-8')
method = method.lower()
m = method_supported.get(method, None)
if m:
key, iv = EVP_BytesToKey(password, m[0], m[1])
return M2Crypto.EVP.Cipher(method.replace('-', '_'), key, iv, op, key_as_bytes=0, d='md5', salt=None, i=1, padding=1)
logging.error('method %s not supported' % method)
sys.exit(1)
class Encryptor(object):
def __init__(self, key, method=None):
if method == 'table':
method = None
self.key = key
self.method = method
self.iv = None
self.iv_sent = False
self.cipher_iv = ''
self.decipher = None
if method is not None:
self.cipher = get_cipher(key, method, 1)
self.decipher = get_cipher(key, method, 0)
self.cipher = self.get_cipher(key, method, 1, iv=random_string(32))
else:
self.cipher = None
self.decipher = None
def get_cipher_len(self, method):
method = method.lower()
m = method_supported.get(method, None)
return m
def iv_len(self):
return len(self.cipher_iv)
def get_cipher(self, password, method, op, iv=None):
import M2Crypto.EVP
password = password.encode('utf-8')
method = method.lower()
m = self.get_cipher_len(method)
if m:
key, iv_ = EVP_BytesToKey(password, m[0], m[1])
if iv is None:
iv = iv_[:m[1]]
if op == 1:
self.cipher_iv = iv[:m[1]] # this iv is for cipher, not decipher
return M2Crypto.EVP.Cipher(method.replace('-', '_'), key, iv, op, key_as_bytes=0, d='md5', salt=None, i=1, padding=1)
logging.error('method %s not supported' % method)
sys.exit(1)
def encrypt(self, buf):
if self.cipher is None:
if self.method is None:
return string.translate(buf, encrypt_table)
else:
if self.iv_sent:
return self.cipher.update(buf)
else:
self.iv_sent = True
return self.cipher_iv + self.cipher.update(buf)
def decrypt(self, buf):
if self.cipher is None:
if self.method is None:
return string.translate(buf, decrypt_table)
else:
if self.decipher is None:
decipher_iv_len = self.get_cipher_len(self.method)[1]
decipher_iv = buf[:decipher_iv_len]
self.decipher = self.get_cipher(self.key, self.method, 0, iv=decipher_iv)
buf = buf[decipher_iv_len:]
return self.decipher.update(buf)

8
local.py
View File

@ -67,18 +67,18 @@ class Socks5Server(SocketServer.StreamRequestHandler):
while True:
r, w, e = select.select(fdset, [], [])
if sock in r:
data = sock.recv(4096)
data = self.encrypt(sock.recv(4096))
if len(data) <= 0:
break
result = send_all(remote, self.encrypt(data))
result = send_all(remote, data)
if result < len(data):
raise Exception('failed to send all data')
if remote in r:
data = remote.recv(4096)
data = self.decrypt(remote.recv(4096))
if len(data) <= 0:
break
result = send_all(sock, self.decrypt(data))
result = send_all(sock, data)
if result < len(data):
raise Exception('failed to send all data')
finally:

11
server.py
View File

@ -67,17 +67,17 @@ class Socks5Server(SocketServer.StreamRequestHandler):
while True:
r, w, e = select.select(fdset, [], [])
if sock in r:
data = sock.recv(4096)
data = self.decrypt(sock.recv(4096))
if len(data) <= 0:
break
result = send_all(remote, self.decrypt(data))
result = send_all(remote, data)
if result < len(data):
raise Exception('failed to send all data')
if remote in r:
data = remote.recv(4096)
data = self.encrypt(remote.recv(4096))
if len(data) <= 0:
break
result = send_all(sock, self.encrypt(data))
result = send_all(sock, data)
if result < len(data):
raise Exception('failed to send all data')
@ -95,6 +95,9 @@ class Socks5Server(SocketServer.StreamRequestHandler):
try:
self.encryptor = encrypt.Encryptor(KEY, METHOD)
sock = self.connection
iv_len = self.encryptor.iv_len()
if iv_len:
self.decrypt(sock.recv(iv_len))
addrtype = ord(self.decrypt(sock.recv(1)))
if addrtype == 1:
addr = socket.inet_ntoa(self.decrypt(self.rfile.read(4)))

Write Preview
Loading…
Cancel
Save