fix test

10 years ago · af5455c820
4 changed files with 25 additions and 7 deletions
--- a/shadowsocks/crypto/ctypes_libsodium.py
+++ b/shadowsocks/crypto/ctypes_libsodium.py
@ -39,7 +39,7 @@ BLOCK_SIZE = 64


 def load_libsodium():
-    global loaded, libsodium, buf, tag_buf
+    global loaded, libsodium, buf

    from ctypes.util import find_library
    for p in ('sodium', 'libsodium'):
@ -73,7 +73,6 @@ def load_libsodium():
    libsodium.sodium_init()

    buf = create_string_buffer(buf_size)
-    tag_buf = create_string_buffer(16)
    loaded = True


@ -118,9 +117,9 @@ class Salsa20Crypto(object):
 class Poly1305(object):
    @staticmethod
    def auth(method, key, data):
-        global tag_buf
        if not loaded:
            load_libsodium()
+        tag_buf = create_string_buffer(16)
        libsodium.crypto_onetimeauth(byref(tag_buf), data, len(data), key)
        return tag_buf.raw

--- a/shadowsocks/crypto/hmac.py
+++ b/shadowsocks/crypto/hmac.py
@ -24,6 +24,7 @@ from __future__ import absolute_import, division, print_function, \
    with_statement

 import hmac
+import hashlib

 from shadowsocks import common

@ -34,13 +35,30 @@ class HMAC(object):
    @staticmethod
    def auth(method, key, data):
        digest = common.to_str(method.replace(b'hmac-', b''))
-        return hmac.new(key, data, digest).digest()
+        return hmac.new(key, data, getattr(hashlib, digest)).digest()

    @staticmethod
    def verify(method, key, data, tag):
        digest = common.to_str(method.replace(b'hmac-', b''))
-        t = hmac.new(key, data, digest).digest()
-        return hmac.compare_digest(t, tag)
+        t = hmac.new(key, data, getattr(hashlib, digest)).digest()
+        if hasattr(hmac, 'compare_digest'):
+            return hmac.compare_digest(t, tag)
+        else:
+            return _time_independent_equals(t, tag)
+
+
+# from tornado
+def _time_independent_equals(a, b):
+    if len(a) != len(b):
+        return False
+    result = 0
+    if type(a[0]) is int:  # python3 byte strings
+        for x, y in zip(a, b):
+            result |= x ^ y
+    else:  # python2
+        for x, y in zip(a, b):
+            result |= ord(x) ^ ord(y)
+    return result == 0


 auths = {
--- a/shadowsocks/encrypt.py
+++ b/shadowsocks/encrypt.py
@ -180,7 +180,7 @@ def auth_create(data, password, iv, method):


 def auth_open(data, password, iv, method):
-    if method is None:
+    if not method:
        return data
    # verify hmac and remove the hmac or return None
    password = common.to_bytes(password)
--- a/shadowsocks/utils.py
+++ b/shadowsocks/utils.py
@ -173,6 +173,7 @@ def get_config(is_local):

    config['password'] = config.get('password', '')
    config['method'] = config.get('method', 'aes-256-cfb')
+    config['auth'] = config.get('auth', None)
    config['port_password'] = config.get('port_password', None)
    config['timeout'] = int(config.get('timeout', 300))
    config['fast_open'] = config.get('fast_open', False)