Add cache flag

7 years ago · f61bbefa95
3 changed files with 15 additions and 13 deletions
--- a/shadowsocks/encrypt.py
+++ b/shadowsocks/encrypt.py
@ -46,7 +46,7 @@ def try_cipher(key, method=None):
    Encryptor(key, method)


-def EVP_BytesToKey(password, key_len, iv_len):
+def EVP_BytesToKey(password, key_len, iv_len, cache):
    # equivalent to OpenSSL's EVP_BytesToKey() with count 1
    # so that we make the same key and iv as nodejs version
    cached_key = '%s-%d-%d' % (password, key_len, iv_len)
@ -66,13 +66,14 @@ def EVP_BytesToKey(password, key_len, iv_len):
    ms = b''.join(m)
    key = ms[:key_len]
    iv = ms[key_len:key_len + iv_len]
-    cached_keys[cached_key] = (key, iv)
-    cached_keys.sweep()
+    if cache:
+        cached_keys[cached_key] = (key, iv)
+        cached_keys.sweep()
    return key, iv


 class Encryptor(object):
-    def __init__(self, key, method, iv = None):
+    def __init__(self, key, method, iv = None, cache = False):
        self.key = key
        self.method = method
        self.iv = None
@ -81,6 +82,7 @@ class Encryptor(object):
        self.iv_buf = b''
        self.cipher_key = b''
        self.decipher = None
+        self.cache = cache
        method = method.lower()
        self._method_info = self.get_method_info(method)
        if self._method_info:
@ -105,7 +107,7 @@ class Encryptor(object):
        password = common.to_bytes(password)
        m = self._method_info
        if m[0] > 0:
-            key, iv_ = EVP_BytesToKey(password, m[0], m[1])
+            key, iv_ = EVP_BytesToKey(password, m[0], m[1], self.cache)
        else:
            # key_length == 0 indicates we should use the key directly
            key, iv = password, b''
@ -119,6 +121,9 @@ class Encryptor(object):

    def encrypt(self, buf):
        if len(buf) == 0:
+            if not self.iv_sent:
+                self.iv_sent = True
+                return self.cipher_iv
            return buf
        if self.iv_sent:
            return self.cipher.update(buf)
@ -155,7 +160,7 @@ def encrypt_all(password, method, op, data):
    method = method.lower()
    (key_len, iv_len, m) = method_supported[method]
    if key_len > 0:
-        key, _ = EVP_BytesToKey(password, key_len, iv_len)
+        key, _ = EVP_BytesToKey(password, key_len, iv_len, True)
    else:
        key = password
    if op:
@ -172,7 +177,7 @@ def encrypt_key(password, method):
    method = method.lower()
    (key_len, iv_len, m) = method_supported[method]
    if key_len > 0:
-        key, _ = EVP_BytesToKey(password, key_len, iv_len)
+        key, _ = EVP_BytesToKey(password, key_len, iv_len, True)
    else:
        key = password
    return key
--- a/shadowsocks/obfsplugin/auth_chain.py
+++ b/shadowsocks/obfsplugin/auth_chain.py
@ -349,7 +349,6 @@ class auth_chain_a(auth_base):
    def pack_client_data(self, buf):
        buf = self.encryptor.encrypt(buf)
        data = self.rnd_data(len(buf), buf, self.last_client_hash, self.random_client)
-        data_len = len(data) + 8
        mac_key = self.user_key + struct.pack('<I', self.pack_id)
        length = len(buf) ^ struct.unpack('<H', self.last_client_hash[14:])[0]
        data = struct.pack('<H', length) + data
@ -361,7 +360,6 @@ class auth_chain_a(auth_base):
    def pack_server_data(self, buf):
        buf = self.encryptor.encrypt(buf)
        data = self.rnd_data(len(buf), buf, self.last_server_hash, self.random_server)
-        data_len = len(data) + 8
        mac_key = self.user_key + struct.pack('<I', self.pack_id)
        length = len(buf) ^ struct.unpack('<H', self.last_server_hash[14:])[0]
        data = struct.pack('<H', length) + data
@ -372,7 +370,6 @@ class auth_chain_a(auth_base):

    def pack_auth_data(self, auth_data, buf):
        data = auth_data
-        data_len = 12 + 4 + 16 + 4
        data = data + (struct.pack('<H', self.server_info.overhead) + struct.pack('<H', 0))
        mac_key = self.server_info.iv + self.server_info.key

@ -565,7 +562,7 @@ class auth_chain_a(auth_base):
            if length >= 4096:
                self.raw_trans = True
                self.recv_buf = b''
-                if self.recv_id == 0:
+                if self.recv_id == 1:
                    logging.info(self.no_compatible_method + ': over size')
                    return (b'E' * 2048, False)
                else:
@ -581,7 +578,7 @@ class auth_chain_a(auth_base):
                ))
                self.raw_trans = True
                self.recv_buf = b''
-                if self.recv_id == 0:
+                if self.recv_id == 1:
                    return (b'E' * 2048, False)
                else:
                    raise Exception('server_post_decrype data uncorrect checksum')
--- a/shadowsocks/tcprelay.py
+++ b/shadowsocks/tcprelay.py
@ -266,7 +266,7 @@ class TCPRelayHandler(object):
    def _create_encryptor(self, config):
        try:
            self._encryptor = encrypt.Encryptor(config['password'],
-                                                config['method'])
+                                                config['method'], None, True)
            return True
        except Exception:
            self._stage = STAGE_DESTROYED