Browse Source

fix test

auth
clowwindy 10 years ago
parent
commit
af5455c820
  1. 5
      shadowsocks/crypto/ctypes_libsodium.py
  2. 22
      shadowsocks/crypto/hmac.py
  3. 2
      shadowsocks/encrypt.py
  4. 1
      shadowsocks/utils.py

5
shadowsocks/crypto/ctypes_libsodium.py

@ -39,7 +39,7 @@ BLOCK_SIZE = 64
def load_libsodium():
global loaded, libsodium, buf, tag_buf
global loaded, libsodium, buf
from ctypes.util import find_library
for p in ('sodium', 'libsodium'):
@ -73,7 +73,6 @@ def load_libsodium():
libsodium.sodium_init()
buf = create_string_buffer(buf_size)
tag_buf = create_string_buffer(16)
loaded = True
@ -118,9 +117,9 @@ class Salsa20Crypto(object):
class Poly1305(object):
@staticmethod
def auth(method, key, data):
global tag_buf
if not loaded:
load_libsodium()
tag_buf = create_string_buffer(16)
libsodium.crypto_onetimeauth(byref(tag_buf), data, len(data), key)
return tag_buf.raw

22
shadowsocks/crypto/hmac.py

@ -24,6 +24,7 @@ from __future__ import absolute_import, division, print_function, \
with_statement
import hmac
import hashlib
from shadowsocks import common
@ -34,13 +35,30 @@ class HMAC(object):
@staticmethod
def auth(method, key, data):
digest = common.to_str(method.replace(b'hmac-', b''))
return hmac.new(key, data, digest).digest()
return hmac.new(key, data, getattr(hashlib, digest)).digest()
@staticmethod
def verify(method, key, data, tag):
digest = common.to_str(method.replace(b'hmac-', b''))
t = hmac.new(key, data, digest).digest()
t = hmac.new(key, data, getattr(hashlib, digest)).digest()
if hasattr(hmac, 'compare_digest'):
return hmac.compare_digest(t, tag)
else:
return _time_independent_equals(t, tag)
# from tornado
def _time_independent_equals(a, b):
if len(a) != len(b):
return False
result = 0
if type(a[0]) is int: # python3 byte strings
for x, y in zip(a, b):
result |= x ^ y
else: # python2
for x, y in zip(a, b):
result |= ord(x) ^ ord(y)
return result == 0
auths = {

2
shadowsocks/encrypt.py

@ -180,7 +180,7 @@ def auth_create(data, password, iv, method):
def auth_open(data, password, iv, method):
if method is None:
if not method:
return data
# verify hmac and remove the hmac or return None
password = common.to_bytes(password)

1
shadowsocks/utils.py

@ -173,6 +173,7 @@ def get_config(is_local):
config['password'] = config.get('password', '')
config['method'] = config.get('method', 'aes-256-cfb')
config['auth'] = config.get('auth', None)
config['port_password'] = config.get('port_password', None)
config['timeout'] = int(config.get('timeout', 300))
config['fast_open'] = config.get('fast_open', False)

Loading…
Cancel
Save