richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Clean up

pull/1152/head
Max Lv 8 years ago
parent
4ebe5aeb12
commit
28e07cc08a
4 changed files with 85 additions and 86 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 24
      src/Makefile.am
  2. 38
      src/crypto.c
  3. 20
      src/crypto.h
  4. 89
      src/stream.c

24
src/Makefile.am
View File

@ -18,8 +18,8 @@ sni_src = http.c \
rule.c
crypto_src = crypto.c \
aead.c \
stream.c
aead.c \
stream.c
plugin_src = plugin.c
@ -31,8 +31,8 @@ ss_local_SOURCES = utils.c \
acl.c \
netutils.c \
local.c \
$(crypto_src) \
$(plugin_src) \
$(crypto_src) \
$(plugin_src) \
$(sni_src)
ss_tunnel_SOURCES = utils.c \
@ -42,8 +42,8 @@ ss_tunnel_SOURCES = utils.c \
cache.c \
netutils.c \
tunnel.c \
$(crypto_src) \
$(plugin_src)
$(crypto_src) \
$(plugin_src)
ss_server_SOURCES = utils.c \
netutils.c \
@ -54,8 +54,8 @@ ss_server_SOURCES = utils.c \
acl.c \
resolv.c \
server.c \
$(crypto_src) \
$(plugin_src) \
$(crypto_src) \
$(plugin_src) \
$(sni_src)
ss_manager_SOURCES = utils.c \
@ -88,8 +88,8 @@ ss_redir_SOURCES = utils.c \
cache.c \
udprelay.c \
redir.c \
$(crypto_src) \
$(plugin_src) \
$(crypto_src) \
$(plugin_src) \
$(sni_src)
ss_redir_CFLAGS = $(AM_CFLAGS) -DMODULE_REDIR
@ -105,6 +105,6 @@ libshadowsocks_libev_la_LIBADD = $(ss_local_LDADD)
include_HEADERS = shadowsocks.h
noinst_HEADERS = acl.h crypto.h stream.h json.h netutils.h redir.h server.h tls.h uthash.h \
cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h \
common.h jconf.h manager.h protocol.h rule.h socks5.h udprelay.h
cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h \
common.h jconf.h manager.h protocol.h rule.h socks5.h udprelay.h
EXTRA_DIST = ss-nat

38
src/crypto.c
View File

@ -40,7 +40,7 @@ int
balloc(buffer_t *ptr, size_t capacity)
{
sodium_memzero(ptr, sizeof(buffer_t));
ptr->data = ss_malloc(capacity);
ptr->data = ss_malloc(capacity);
ptr->capacity = capacity;
return capacity;
}
@ -52,7 +52,7 @@ brealloc(buffer_t *ptr, size_t len, size_t capacity)
return -1;
size_t real_capacity = max(len, capacity);
if (ptr->capacity < real_capacity) {
ptr->data = ss_realloc(ptr->data, real_capacity);
ptr->data = ss_realloc(ptr->data, real_capacity);
ptr->capacity = real_capacity;
}
return real_capacity;
@ -102,7 +102,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
int
crypto_derive_key(const cipher_t *cipher, const uint8_t *pass,
uint8_t *key, size_t nkey)
uint8_t *key, size_t nkey)
{
size_t datal;
datal = strlen((const char *)pass);
@ -117,7 +117,7 @@ crypto_derive_key(const cipher_t *cipher, const uint8_t *pass,
int addmd;
unsigned int i, j, mds;
mds = mbedtls_md_get_size(md);
mds = mbedtls_md_get_size(md);
memset(&c, 0, sizeof(mbedtls_md_context_t));
if (pass == NULL)
@ -158,48 +158,46 @@ crypto_init(const char *password, const char *method)
cache_create(&nonce_cache, 1024, NULL);
if (method != NULL) {
for (i = 0; i < STREAM_CIPHER_NUM; i++) {
for (i = 0; i < STREAM_CIPHER_NUM; i++)
if (strcmp(method, supported_stream_ciphers[i]) == 0) {
m = i;
break;
}
}
if (m != -1) {
cipher_t *cipher = stream_init(password, method);
if (cipher == NULL)
if (cipher == NULL)
return NULL;
crypto_t *crypto = (crypto_t *)malloc(sizeof(crypto_t));
crypto_t tmp = {
.cipher = cipher,
crypto_t tmp = {
.cipher = cipher,
.encrypt_all = &stream_encrypt_all,
.decrypt_all = &stream_decrypt_all,
.encrypt = &stream_encrypt,
.decrypt = &stream_decrypt,
.ctx_init = &stream_ctx_init,
.encrypt = &stream_encrypt,
.decrypt = &stream_decrypt,
.ctx_init = &stream_ctx_init,
.ctx_release = &stream_ctx_release
};
memcpy(crypto, &tmp, sizeof(crypto_t));
return crypto;
}
for (i = 0; i < AEAD_CIPHER_NUM; i++) {
for (i = 0; i < AEAD_CIPHER_NUM; i++)
if (strcmp(method, supported_aead_ciphers[i]) == 0) {
m = i;
break;
}
}
if (m != -1) {
cipher_t *cipher = aead_init(password, method);
if (cipher == NULL)
if (cipher == NULL)
return NULL;
crypto_t *crypto = (crypto_t *)ss_malloc(sizeof(crypto_t));
crypto_t tmp = {
.cipher = cipher,
crypto_t tmp = {
.cipher = cipher,
.encrypt_all = &aead_encrypt_all,
.decrypt_all = &aead_decrypt_all,
.encrypt = &aead_encrypt,
.decrypt = &aead_decrypt,
.ctx_init = &aead_ctx_init,
.encrypt = &aead_encrypt,
.decrypt = &aead_decrypt,
.ctx_init = &aead_ctx_init,
.ctx_release = &aead_ctx_release
};
memcpy(crypto, &tmp, sizeof(crypto_t));

20
src/crypto.h
View File

@ -41,7 +41,7 @@ typedef mbedtls_cipher_info_t cipher_kt_t;
typedef mbedtls_cipher_context_t cipher_evp_t;
typedef mbedtls_md_info_t digest_type_t;
#define MAX_KEY_LENGTH 64
#define MAX_NONCE_LENGTH 32
#define MAX_NONCE_LENGTH 32
#define MAX_MD_SIZE MBEDTLS_MD_MAX_SIZE
/* we must have MBEDTLS_CIPHER_MODE_CFB defined */
#if !defined(MBEDTLS_CIPHER_MODE_CFB)
@ -91,13 +91,13 @@ typedef struct {
typedef struct crypto {
cipher_t *cipher;
int (*const encrypt_all)(buffer_t*, cipher_t*, size_t);
int (*const decrypt_all)(buffer_t*, cipher_t*, size_t);
int (*const encrypt)(buffer_t*, cipher_ctx_t*, size_t);
int (*const decrypt)(buffer_t*, cipher_ctx_t*, size_t);
int(*const encrypt_all)(buffer_t *, cipher_t *, size_t);
int(*const decrypt_all)(buffer_t *, cipher_t *, size_t);
int(*const encrypt)(buffer_t *, cipher_ctx_t *, size_t);
int(*const decrypt)(buffer_t *, cipher_ctx_t *, size_t);
void (*const ctx_init)(cipher_t*, cipher_ctx_t*, int);
void (*const ctx_release)(cipher_ctx_t*);
void(*const ctx_init)(cipher_t *, cipher_ctx_t *, int);
void(*const ctx_release)(cipher_ctx_t *);
} crypto_t;
int balloc(buffer_t *ptr, size_t capacity);
@ -107,10 +107,10 @@ void bfree(buffer_t *ptr);
int rand_bytes(void *output, int len);
crypto_t *crypto_init(const char *password, const char *method);
unsigned char * crypto_md5(const unsigned char *d, size_t n,
unsigned char *md);
unsigned char *crypto_md5(const unsigned char *d, size_t n,
unsigned char *md);
int crypto_derive_key(const cipher_t *cipher,
const uint8_t *pass, uint8_t *key, size_t nkey);
const uint8_t *pass, uint8_t *key, size_t nkey);
extern struct cache *nonce_cache;
extern const char *supported_stream_ciphers[];

89
src/stream.c
View File

@ -35,7 +35,6 @@
#include "stream.h"
#include "utils.h"
#define SODIUM_BLOCK_SIZE 64
#define NONE -1
@ -156,6 +155,7 @@ dump(char *tag, char *text, int len)
printf("0x%02x ", (uint8_t)text[i]);
printf("\n");
}
#endif
int
@ -201,7 +201,7 @@ stream_get_cipher_type(int method)
return NULL;
}
const char *ciphername = supported_stream_ciphers[method];
const char *ciphername = supported_stream_ciphers[method];
const char *mbedtlsname = supported_stream_ciphers_mbedtls[method];
if (strcmp(mbedtlsname, CIPHER_UNSUPPORTED) == 0) {
LOGE("Cipher %s currently is not supported by mbed TLS library",
@ -223,7 +223,7 @@ stream_cipher_ctx_init(cipher_ctx_t *ctx, int method, int enc)
return;
}
const char *ciphername = supported_stream_ciphers[method];
const char *ciphername = supported_stream_ciphers[method];
const cipher_kt_t *cipher = stream_get_cipher_type(method);
ctx->evp = ss_malloc(sizeof(cipher_evp_t));
@ -249,7 +249,7 @@ stream_cipher_ctx_release(cipher_ctx_t *cipher_ctx)
void
cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len,
int enc)
int enc)
{
const unsigned char *true_key;
@ -272,8 +272,8 @@ cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len,
unsigned char key_nonce[32];
memcpy(key_nonce, cipher->key, 16);
memcpy(key_nonce + 16, cipher_ctx->nonce, 16);
true_key = crypto_md5(key_nonce, 32, NULL);
nonce_len = 0;
true_key = crypto_md5(key_nonce, 32, NULL);
nonce_len = 0;
} else {
true_key = cipher->key;
}
@ -303,11 +303,11 @@ cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len,
static int
cipher_ctx_update(cipher_ctx_t *ctx, uint8_t *output, size_t *olen,
const uint8_t *input, size_t ilen)
const uint8_t *input, size_t ilen)
{
cipher_evp_t *evp = ctx->evp;
return mbedtls_cipher_update(evp, (const uint8_t *)input, ilen,
(uint8_t *)output, olen);
(uint8_t *)output, olen);
}
int
@ -317,7 +317,7 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
stream_ctx_init(cipher, &cipher_ctx, 1);
size_t nonce_len = cipher->nonce_len;
int err = CRYPTO_OK;
int err = CRYPTO_OK;
static buffer_t tmp = { 0, 0, 0, NULL };
brealloc(&tmp, nonce_len + plaintext->len, capacity);
@ -332,13 +332,13 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
if (cipher->method >= SALSA20) {
crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len),
(const uint8_t *)plaintext->data, (uint64_t)(plaintext->len),
(const uint8_t *)nonce,
0, cipher->key, cipher->method);
(const uint8_t *)plaintext->data, (uint64_t)(plaintext->len),
(const uint8_t *)nonce,
0, cipher->key, cipher->method);
} else {
err = cipher_ctx_update(&cipher_ctx, (uint8_t *)(ciphertext->data + nonce_len),
&ciphertext->len, (const uint8_t *)plaintext->data,
plaintext->len);
&ciphertext->len, (const uint8_t *)plaintext->data,
plaintext->len);
}
if (err) {
@ -368,10 +368,10 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
return CRYPTO_ERROR;
cipher_t *cipher = cipher_ctx->cipher;
static buffer_t tmp = { 0, 0, 0, NULL };
int err = CRYPTO_OK;
int err = CRYPTO_OK;
size_t nonce_len = 0;
if (!cipher_ctx->init) {
nonce_len = cipher_ctx->cipher->nonce_len;
@ -397,11 +397,11 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
sodium_memzero(plaintext->data, padding);
}
crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len),
(const uint8_t *)plaintext->data,
(uint64_t)(plaintext->len + padding),
(const uint8_t *)cipher_ctx->nonce,
cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key,
cipher->method);
(const uint8_t *)plaintext->data,
(uint64_t)(plaintext->len + padding),
(const uint8_t *)cipher_ctx->nonce,
cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key,
cipher->method);
cipher_ctx->counter += plaintext->len;
if (padding) {
memmove(ciphertext->data + nonce_len,
@ -409,9 +409,9 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
}
} else {
err = cipher_ctx_update(cipher_ctx,
(uint8_t *)(ciphertext->data + nonce_len),
&ciphertext->len, (const uint8_t *)plaintext->data,
plaintext->len);
(uint8_t *)(ciphertext->data + nonce_len),
&ciphertext->len, (const uint8_t *)plaintext->data,
plaintext->len);
if (err) {
return CRYPTO_ERROR;
}
@ -433,7 +433,7 @@ int
stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
{
size_t nonce_len = cipher->nonce_len;
int err = CRYPTO_OK;
int err = CRYPTO_OK;
if (ciphertext->len <= nonce_len) {
return CRYPTO_ERROR;
@ -453,13 +453,13 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
if (cipher->method >= SALSA20) {
crypto_stream_xor_ic((uint8_t *)plaintext->data,
(const uint8_t *)(ciphertext->data + nonce_len),
(uint64_t)(ciphertext->len - nonce_len),
(const uint8_t *)nonce, 0, cipher->key, cipher->method);
(const uint8_t *)(ciphertext->data + nonce_len),
(uint64_t)(ciphertext->len - nonce_len),
(const uint8_t *)nonce, 0, cipher->key, cipher->method);
} else {
err = cipher_ctx_update(&cipher_ctx, (uint8_t *)plaintext->data, &plaintext->len,
(const uint8_t *)(ciphertext->data + nonce_len),
ciphertext->len - nonce_len);
(const uint8_t *)(ciphertext->data + nonce_len),
ciphertext->len - nonce_len);
}
if (err) {
@ -485,24 +485,26 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
int
stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
{
if (cipher_ctx == NULL) return -1;
if (cipher_ctx == NULL)
return -1;
cipher_t *cipher = cipher_ctx->cipher;
static buffer_t tmp = { 0, 0, 0, NULL };
size_t nonce_len = 0;
int err = CRYPTO_OK;
int err = CRYPTO_OK;
brealloc(&tmp, ciphertext->len, capacity);
buffer_t *plaintext = &tmp;
plaintext->len = ciphertext->len;
if (!cipher_ctx->init) {
if (plaintext->len <= nonce_len) return CRYPTO_ERROR;
if (plaintext->len <= nonce_len)
return CRYPTO_ERROR;
uint8_t nonce[MAX_NONCE_LENGTH];
nonce_len = cipher->nonce_len;
nonce_len = cipher->nonce_len;
plaintext->len -= nonce_len;
memcpy(nonce, ciphertext->data, nonce_len);
@ -531,19 +533,19 @@ stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity)
sodium_memzero(ciphertext->data + nonce_len, padding);
}
crypto_stream_xor_ic((uint8_t *)plaintext->data,
(const uint8_t *)(ciphertext->data + nonce_len),
(uint64_t)(ciphertext->len - nonce_len + padding),
(const uint8_t *)cipher_ctx->nonce,
cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key,
cipher->method);
(const uint8_t *)(ciphertext->data + nonce_len),
(uint64_t)(ciphertext->len - nonce_len + padding),
(const uint8_t *)cipher_ctx->nonce,
cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key,
cipher->method);
cipher_ctx->counter += ciphertext->len - nonce_len;
if (padding) {
memmove(plaintext->data, plaintext->data + padding, plaintext->len);
}
} else {
err = cipher_ctx_update(cipher_ctx, (uint8_t *)plaintext->data, &plaintext->len,
(const uint8_t *)(ciphertext->data + nonce_len),
ciphertext->len - nonce_len);
(const uint8_t *)(ciphertext->data + nonce_len),
ciphertext->len - nonce_len);
}
if (err) {
@ -586,7 +588,7 @@ stream_ctx_release(cipher_ctx_t *cipher_ctx)
ss_free(cipher_ctx->evp);
}
cipher_t*
cipher_t *
stream_key_init(int method, const char *pass)
{
if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
@ -613,7 +615,7 @@ stream_key_init(int method, const char *pass)
}
cipher->key_len = crypto_derive_key(cipher, (const uint8_t *)pass,
cipher->key, cipher_key_size(cipher));
cipher->key, cipher_key_size(cipher));
if (cipher->key_len == 0) {
FATAL("Cannot generate key and NONCE");
@ -648,4 +650,3 @@ stream_init(const char *pass, const char *method)
}
return stream_key_init(m, pass);
}
Write Preview
Loading…
Cancel
Save