diff --git a/src/Makefile.am b/src/Makefile.am index 2d386782..b4331f39 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,8 +18,8 @@ sni_src = http.c \ rule.c crypto_src = crypto.c \ - aead.c \ - stream.c + aead.c \ + stream.c plugin_src = plugin.c @@ -31,8 +31,8 @@ ss_local_SOURCES = utils.c \ acl.c \ netutils.c \ local.c \ - $(crypto_src) \ - $(plugin_src) \ + $(crypto_src) \ + $(plugin_src) \ $(sni_src) ss_tunnel_SOURCES = utils.c \ @@ -42,8 +42,8 @@ ss_tunnel_SOURCES = utils.c \ cache.c \ netutils.c \ tunnel.c \ - $(crypto_src) \ - $(plugin_src) + $(crypto_src) \ + $(plugin_src) ss_server_SOURCES = utils.c \ netutils.c \ @@ -54,8 +54,8 @@ ss_server_SOURCES = utils.c \ acl.c \ resolv.c \ server.c \ - $(crypto_src) \ - $(plugin_src) \ + $(crypto_src) \ + $(plugin_src) \ $(sni_src) ss_manager_SOURCES = utils.c \ @@ -88,8 +88,8 @@ ss_redir_SOURCES = utils.c \ cache.c \ udprelay.c \ redir.c \ - $(crypto_src) \ - $(plugin_src) \ + $(crypto_src) \ + $(plugin_src) \ $(sni_src) ss_redir_CFLAGS = $(AM_CFLAGS) -DMODULE_REDIR @@ -105,6 +105,6 @@ libshadowsocks_libev_la_LIBADD = $(ss_local_LDADD) include_HEADERS = shadowsocks.h noinst_HEADERS = acl.h crypto.h stream.h json.h netutils.h redir.h server.h tls.h uthash.h \ - cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h \ - common.h jconf.h manager.h protocol.h rule.h socks5.h udprelay.h + cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h \ + common.h jconf.h manager.h protocol.h rule.h socks5.h udprelay.h EXTRA_DIST = ss-nat diff --git a/src/crypto.c b/src/crypto.c index e24ff153..c5b9afbc 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -40,7 +40,7 @@ int balloc(buffer_t *ptr, size_t capacity) { sodium_memzero(ptr, sizeof(buffer_t)); - ptr->data = ss_malloc(capacity); + ptr->data = ss_malloc(capacity); ptr->capacity = capacity; return capacity; } @@ -52,7 +52,7 @@ brealloc(buffer_t *ptr, size_t len, size_t capacity) return -1; size_t real_capacity = max(len, capacity); if (ptr->capacity < real_capacity) { - ptr->data = ss_realloc(ptr->data, real_capacity); + ptr->data = ss_realloc(ptr->data, real_capacity); ptr->capacity = real_capacity; } return real_capacity; @@ -102,7 +102,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) int crypto_derive_key(const cipher_t *cipher, const uint8_t *pass, - uint8_t *key, size_t nkey) + uint8_t *key, size_t nkey) { size_t datal; datal = strlen((const char *)pass); @@ -117,7 +117,7 @@ crypto_derive_key(const cipher_t *cipher, const uint8_t *pass, int addmd; unsigned int i, j, mds; - mds = mbedtls_md_get_size(md); + mds = mbedtls_md_get_size(md); memset(&c, 0, sizeof(mbedtls_md_context_t)); if (pass == NULL) @@ -158,48 +158,46 @@ crypto_init(const char *password, const char *method) cache_create(&nonce_cache, 1024, NULL); if (method != NULL) { - for (i = 0; i < STREAM_CIPHER_NUM; i++) { + for (i = 0; i < STREAM_CIPHER_NUM; i++) if (strcmp(method, supported_stream_ciphers[i]) == 0) { m = i; break; } - } if (m != -1) { cipher_t *cipher = stream_init(password, method); - if (cipher == NULL) + if (cipher == NULL) return NULL; crypto_t *crypto = (crypto_t *)malloc(sizeof(crypto_t)); - crypto_t tmp = { - .cipher = cipher, + crypto_t tmp = { + .cipher = cipher, .encrypt_all = &stream_encrypt_all, .decrypt_all = &stream_decrypt_all, - .encrypt = &stream_encrypt, - .decrypt = &stream_decrypt, - .ctx_init = &stream_ctx_init, + .encrypt = &stream_encrypt, + .decrypt = &stream_decrypt, + .ctx_init = &stream_ctx_init, .ctx_release = &stream_ctx_release }; memcpy(crypto, &tmp, sizeof(crypto_t)); return crypto; } - for (i = 0; i < AEAD_CIPHER_NUM; i++) { + for (i = 0; i < AEAD_CIPHER_NUM; i++) if (strcmp(method, supported_aead_ciphers[i]) == 0) { m = i; break; } - } if (m != -1) { cipher_t *cipher = aead_init(password, method); - if (cipher == NULL) + if (cipher == NULL) return NULL; crypto_t *crypto = (crypto_t *)ss_malloc(sizeof(crypto_t)); - crypto_t tmp = { - .cipher = cipher, + crypto_t tmp = { + .cipher = cipher, .encrypt_all = &aead_encrypt_all, .decrypt_all = &aead_decrypt_all, - .encrypt = &aead_encrypt, - .decrypt = &aead_decrypt, - .ctx_init = &aead_ctx_init, + .encrypt = &aead_encrypt, + .decrypt = &aead_decrypt, + .ctx_init = &aead_ctx_init, .ctx_release = &aead_ctx_release }; memcpy(crypto, &tmp, sizeof(crypto_t)); diff --git a/src/crypto.h b/src/crypto.h index 0adef50a..e30eec80 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -41,7 +41,7 @@ typedef mbedtls_cipher_info_t cipher_kt_t; typedef mbedtls_cipher_context_t cipher_evp_t; typedef mbedtls_md_info_t digest_type_t; #define MAX_KEY_LENGTH 64 -#define MAX_NONCE_LENGTH 32 +#define MAX_NONCE_LENGTH 32 #define MAX_MD_SIZE MBEDTLS_MD_MAX_SIZE /* we must have MBEDTLS_CIPHER_MODE_CFB defined */ #if !defined(MBEDTLS_CIPHER_MODE_CFB) @@ -91,13 +91,13 @@ typedef struct { typedef struct crypto { cipher_t *cipher; - int (*const encrypt_all)(buffer_t*, cipher_t*, size_t); - int (*const decrypt_all)(buffer_t*, cipher_t*, size_t); - int (*const encrypt)(buffer_t*, cipher_ctx_t*, size_t); - int (*const decrypt)(buffer_t*, cipher_ctx_t*, size_t); + int(*const encrypt_all)(buffer_t *, cipher_t *, size_t); + int(*const decrypt_all)(buffer_t *, cipher_t *, size_t); + int(*const encrypt)(buffer_t *, cipher_ctx_t *, size_t); + int(*const decrypt)(buffer_t *, cipher_ctx_t *, size_t); - void (*const ctx_init)(cipher_t*, cipher_ctx_t*, int); - void (*const ctx_release)(cipher_ctx_t*); + void(*const ctx_init)(cipher_t *, cipher_ctx_t *, int); + void(*const ctx_release)(cipher_ctx_t *); } crypto_t; int balloc(buffer_t *ptr, size_t capacity); @@ -107,10 +107,10 @@ void bfree(buffer_t *ptr); int rand_bytes(void *output, int len); crypto_t *crypto_init(const char *password, const char *method); -unsigned char * crypto_md5(const unsigned char *d, size_t n, - unsigned char *md); +unsigned char *crypto_md5(const unsigned char *d, size_t n, + unsigned char *md); int crypto_derive_key(const cipher_t *cipher, - const uint8_t *pass, uint8_t *key, size_t nkey); + const uint8_t *pass, uint8_t *key, size_t nkey); extern struct cache *nonce_cache; extern const char *supported_stream_ciphers[]; diff --git a/src/stream.c b/src/stream.c index 09bf4e80..ec1b302c 100644 --- a/src/stream.c +++ b/src/stream.c @@ -35,7 +35,6 @@ #include "stream.h" #include "utils.h" - #define SODIUM_BLOCK_SIZE 64 #define NONE -1 @@ -156,6 +155,7 @@ dump(char *tag, char *text, int len) printf("0x%02x ", (uint8_t)text[i]); printf("\n"); } + #endif int @@ -201,7 +201,7 @@ stream_get_cipher_type(int method) return NULL; } - const char *ciphername = supported_stream_ciphers[method]; + const char *ciphername = supported_stream_ciphers[method]; const char *mbedtlsname = supported_stream_ciphers_mbedtls[method]; if (strcmp(mbedtlsname, CIPHER_UNSUPPORTED) == 0) { LOGE("Cipher %s currently is not supported by mbed TLS library", @@ -223,7 +223,7 @@ stream_cipher_ctx_init(cipher_ctx_t *ctx, int method, int enc) return; } - const char *ciphername = supported_stream_ciphers[method]; + const char *ciphername = supported_stream_ciphers[method]; const cipher_kt_t *cipher = stream_get_cipher_type(method); ctx->evp = ss_malloc(sizeof(cipher_evp_t)); @@ -249,7 +249,7 @@ stream_cipher_ctx_release(cipher_ctx_t *cipher_ctx) void cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len, - int enc) + int enc) { const unsigned char *true_key; @@ -272,8 +272,8 @@ cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len, unsigned char key_nonce[32]; memcpy(key_nonce, cipher->key, 16); memcpy(key_nonce + 16, cipher_ctx->nonce, 16); - true_key = crypto_md5(key_nonce, 32, NULL); - nonce_len = 0; + true_key = crypto_md5(key_nonce, 32, NULL); + nonce_len = 0; } else { true_key = cipher->key; } @@ -303,11 +303,11 @@ cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len, static int cipher_ctx_update(cipher_ctx_t *ctx, uint8_t *output, size_t *olen, - const uint8_t *input, size_t ilen) + const uint8_t *input, size_t ilen) { cipher_evp_t *evp = ctx->evp; return mbedtls_cipher_update(evp, (const uint8_t *)input, ilen, - (uint8_t *)output, olen); + (uint8_t *)output, olen); } int @@ -317,7 +317,7 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity) stream_ctx_init(cipher, &cipher_ctx, 1); size_t nonce_len = cipher->nonce_len; - int err = CRYPTO_OK; + int err = CRYPTO_OK; static buffer_t tmp = { 0, 0, 0, NULL }; brealloc(&tmp, nonce_len + plaintext->len, capacity); @@ -332,13 +332,13 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity) if (cipher->method >= SALSA20) { crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len), - (const uint8_t *)plaintext->data, (uint64_t)(plaintext->len), - (const uint8_t *)nonce, - 0, cipher->key, cipher->method); + (const uint8_t *)plaintext->data, (uint64_t)(plaintext->len), + (const uint8_t *)nonce, + 0, cipher->key, cipher->method); } else { err = cipher_ctx_update(&cipher_ctx, (uint8_t *)(ciphertext->data + nonce_len), - &ciphertext->len, (const uint8_t *)plaintext->data, - plaintext->len); + &ciphertext->len, (const uint8_t *)plaintext->data, + plaintext->len); } if (err) { @@ -368,10 +368,10 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity) return CRYPTO_ERROR; cipher_t *cipher = cipher_ctx->cipher; - + static buffer_t tmp = { 0, 0, 0, NULL }; - int err = CRYPTO_OK; + int err = CRYPTO_OK; size_t nonce_len = 0; if (!cipher_ctx->init) { nonce_len = cipher_ctx->cipher->nonce_len; @@ -397,11 +397,11 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity) sodium_memzero(plaintext->data, padding); } crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len), - (const uint8_t *)plaintext->data, - (uint64_t)(plaintext->len + padding), - (const uint8_t *)cipher_ctx->nonce, - cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key, - cipher->method); + (const uint8_t *)plaintext->data, + (uint64_t)(plaintext->len + padding), + (const uint8_t *)cipher_ctx->nonce, + cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key, + cipher->method); cipher_ctx->counter += plaintext->len; if (padding) { memmove(ciphertext->data + nonce_len, @@ -409,9 +409,9 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity) } } else { err = cipher_ctx_update(cipher_ctx, - (uint8_t *)(ciphertext->data + nonce_len), - &ciphertext->len, (const uint8_t *)plaintext->data, - plaintext->len); + (uint8_t *)(ciphertext->data + nonce_len), + &ciphertext->len, (const uint8_t *)plaintext->data, + plaintext->len); if (err) { return CRYPTO_ERROR; } @@ -433,7 +433,7 @@ int stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) { size_t nonce_len = cipher->nonce_len; - int err = CRYPTO_OK; + int err = CRYPTO_OK; if (ciphertext->len <= nonce_len) { return CRYPTO_ERROR; @@ -453,13 +453,13 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) if (cipher->method >= SALSA20) { crypto_stream_xor_ic((uint8_t *)plaintext->data, - (const uint8_t *)(ciphertext->data + nonce_len), - (uint64_t)(ciphertext->len - nonce_len), - (const uint8_t *)nonce, 0, cipher->key, cipher->method); + (const uint8_t *)(ciphertext->data + nonce_len), + (uint64_t)(ciphertext->len - nonce_len), + (const uint8_t *)nonce, 0, cipher->key, cipher->method); } else { err = cipher_ctx_update(&cipher_ctx, (uint8_t *)plaintext->data, &plaintext->len, - (const uint8_t *)(ciphertext->data + nonce_len), - ciphertext->len - nonce_len); + (const uint8_t *)(ciphertext->data + nonce_len), + ciphertext->len - nonce_len); } if (err) { @@ -485,24 +485,26 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) int stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) { - if (cipher_ctx == NULL) return -1; + if (cipher_ctx == NULL) + return -1; cipher_t *cipher = cipher_ctx->cipher; static buffer_t tmp = { 0, 0, 0, NULL }; size_t nonce_len = 0; - int err = CRYPTO_OK; + int err = CRYPTO_OK; brealloc(&tmp, ciphertext->len, capacity); buffer_t *plaintext = &tmp; plaintext->len = ciphertext->len; if (!cipher_ctx->init) { - if (plaintext->len <= nonce_len) return CRYPTO_ERROR; + if (plaintext->len <= nonce_len) + return CRYPTO_ERROR; uint8_t nonce[MAX_NONCE_LENGTH]; - nonce_len = cipher->nonce_len; + nonce_len = cipher->nonce_len; plaintext->len -= nonce_len; memcpy(nonce, ciphertext->data, nonce_len); @@ -531,19 +533,19 @@ stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) sodium_memzero(ciphertext->data + nonce_len, padding); } crypto_stream_xor_ic((uint8_t *)plaintext->data, - (const uint8_t *)(ciphertext->data + nonce_len), - (uint64_t)(ciphertext->len - nonce_len + padding), - (const uint8_t *)cipher_ctx->nonce, - cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key, - cipher->method); + (const uint8_t *)(ciphertext->data + nonce_len), + (uint64_t)(ciphertext->len - nonce_len + padding), + (const uint8_t *)cipher_ctx->nonce, + cipher_ctx->counter / SODIUM_BLOCK_SIZE, cipher->key, + cipher->method); cipher_ctx->counter += ciphertext->len - nonce_len; if (padding) { memmove(plaintext->data, plaintext->data + padding, plaintext->len); } } else { err = cipher_ctx_update(cipher_ctx, (uint8_t *)plaintext->data, &plaintext->len, - (const uint8_t *)(ciphertext->data + nonce_len), - ciphertext->len - nonce_len); + (const uint8_t *)(ciphertext->data + nonce_len), + ciphertext->len - nonce_len); } if (err) { @@ -586,7 +588,7 @@ stream_ctx_release(cipher_ctx_t *cipher_ctx) ss_free(cipher_ctx->evp); } -cipher_t* +cipher_t * stream_key_init(int method, const char *pass) { if (method <= TABLE || method >= STREAM_CIPHER_NUM) { @@ -613,7 +615,7 @@ stream_key_init(int method, const char *pass) } cipher->key_len = crypto_derive_key(cipher, (const uint8_t *)pass, - cipher->key, cipher_key_size(cipher)); + cipher->key, cipher_key_size(cipher)); if (cipher->key_len == 0) { FATAL("Cannot generate key and NONCE"); @@ -648,4 +650,3 @@ stream_init(const char *pass, const char *method) } return stream_key_init(m, pass); } -