From af5455c820308ef5da68d2111ecaf50920f8c37b Mon Sep 17 00:00:00 2001 From: clowwindy Date: Wed, 31 Dec 2014 13:41:51 +0800 Subject: [PATCH] fix test --- shadowsocks/crypto/ctypes_libsodium.py | 5 ++--- shadowsocks/crypto/hmac.py | 24 +++++++++++++++++++++--- shadowsocks/encrypt.py | 2 +- shadowsocks/utils.py | 1 + 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/shadowsocks/crypto/ctypes_libsodium.py b/shadowsocks/crypto/ctypes_libsodium.py index 4845dd1..3598e3b 100644 --- a/shadowsocks/crypto/ctypes_libsodium.py +++ b/shadowsocks/crypto/ctypes_libsodium.py @@ -39,7 +39,7 @@ BLOCK_SIZE = 64 def load_libsodium(): - global loaded, libsodium, buf, tag_buf + global loaded, libsodium, buf from ctypes.util import find_library for p in ('sodium', 'libsodium'): @@ -73,7 +73,6 @@ def load_libsodium(): libsodium.sodium_init() buf = create_string_buffer(buf_size) - tag_buf = create_string_buffer(16) loaded = True @@ -118,9 +117,9 @@ class Salsa20Crypto(object): class Poly1305(object): @staticmethod def auth(method, key, data): - global tag_buf if not loaded: load_libsodium() + tag_buf = create_string_buffer(16) libsodium.crypto_onetimeauth(byref(tag_buf), data, len(data), key) return tag_buf.raw diff --git a/shadowsocks/crypto/hmac.py b/shadowsocks/crypto/hmac.py index 0fbf4e9..ce36540 100644 --- a/shadowsocks/crypto/hmac.py +++ b/shadowsocks/crypto/hmac.py @@ -24,6 +24,7 @@ from __future__ import absolute_import, division, print_function, \ with_statement import hmac +import hashlib from shadowsocks import common @@ -34,13 +35,30 @@ class HMAC(object): @staticmethod def auth(method, key, data): digest = common.to_str(method.replace(b'hmac-', b'')) - return hmac.new(key, data, digest).digest() + return hmac.new(key, data, getattr(hashlib, digest)).digest() @staticmethod def verify(method, key, data, tag): digest = common.to_str(method.replace(b'hmac-', b'')) - t = hmac.new(key, data, digest).digest() - return hmac.compare_digest(t, tag) + t = hmac.new(key, data, getattr(hashlib, digest)).digest() + if hasattr(hmac, 'compare_digest'): + return hmac.compare_digest(t, tag) + else: + return _time_independent_equals(t, tag) + + +# from tornado +def _time_independent_equals(a, b): + if len(a) != len(b): + return False + result = 0 + if type(a[0]) is int: # python3 byte strings + for x, y in zip(a, b): + result |= x ^ y + else: # python2 + for x, y in zip(a, b): + result |= ord(x) ^ ord(y) + return result == 0 auths = { diff --git a/shadowsocks/encrypt.py b/shadowsocks/encrypt.py index b6a931d..632f147 100644 --- a/shadowsocks/encrypt.py +++ b/shadowsocks/encrypt.py @@ -180,7 +180,7 @@ def auth_create(data, password, iv, method): def auth_open(data, password, iv, method): - if method is None: + if not method: return data # verify hmac and remove the hmac or return None password = common.to_bytes(password) diff --git a/shadowsocks/utils.py b/shadowsocks/utils.py index ff6801c..07daf44 100644 --- a/shadowsocks/utils.py +++ b/shadowsocks/utils.py @@ -173,6 +173,7 @@ def get_config(is_local): config['password'] = config.get('password', '') config['method'] = config.get('method', 'aes-256-cfb') + config['auth'] = config.get('auth', None) config['port_password'] = config.get('port_password', None) config['timeout'] = int(config.get('timeout', 300)) config['fast_open'] = config.get('fast_open', False)