richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update the hash function

pull/401/head
Max Lv 9 years ago
parent
7e23ae7a75
commit
5ae4df94e4
10 changed files with 71 additions and 113 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 84
      src/encrypt.c
  2. 8
      src/encrypt.h
  3. 12
      src/local.c
  4. 4
      src/local.h
  5. 10
      src/redir.c
  6. 4
      src/redir.h
  7. 44
      src/server.c
  8. 4
      src/server.h
  9. 10
      src/tunnel.c
  10. 4
      src/tunnel.h

84
src/encrypt.c
View File

@ -1478,97 +1478,53 @@ int enc_init(const char *pass, const char *method)
return m;
}
static const unsigned short crc16tab[256]= {
0x0000,0x1021,0x2042,0x3063,0x4084,0x50a5,0x60c6,0x70e7,
0x8108,0x9129,0xa14a,0xb16b,0xc18c,0xd1ad,0xe1ce,0xf1ef,
0x1231,0x0210,0x3273,0x2252,0x52b5,0x4294,0x72f7,0x62d6,
0x9339,0x8318,0xb37b,0xa35a,0xd3bd,0xc39c,0xf3ff,0xe3de,
0x2462,0x3443,0x0420,0x1401,0x64e6,0x74c7,0x44a4,0x5485,
0xa56a,0xb54b,0x8528,0x9509,0xe5ee,0xf5cf,0xc5ac,0xd58d,
0x3653,0x2672,0x1611,0x0630,0x76d7,0x66f6,0x5695,0x46b4,
0xb75b,0xa77a,0x9719,0x8738,0xf7df,0xe7fe,0xd79d,0xc7bc,
0x48c4,0x58e5,0x6886,0x78a7,0x0840,0x1861,0x2802,0x3823,
0xc9cc,0xd9ed,0xe98e,0xf9af,0x8948,0x9969,0xa90a,0xb92b,
0x5af5,0x4ad4,0x7ab7,0x6a96,0x1a71,0x0a50,0x3a33,0x2a12,
0xdbfd,0xcbdc,0xfbbf,0xeb9e,0x9b79,0x8b58,0xbb3b,0xab1a,
0x6ca6,0x7c87,0x4ce4,0x5cc5,0x2c22,0x3c03,0x0c60,0x1c41,
0xedae,0xfd8f,0xcdec,0xddcd,0xad2a,0xbd0b,0x8d68,0x9d49,
0x7e97,0x6eb6,0x5ed5,0x4ef4,0x3e13,0x2e32,0x1e51,0x0e70,
0xff9f,0xefbe,0xdfdd,0xcffc,0xbf1b,0xaf3a,0x9f59,0x8f78,
0x9188,0x81a9,0xb1ca,0xa1eb,0xd10c,0xc12d,0xf14e,0xe16f,
0x1080,0x00a1,0x30c2,0x20e3,0x5004,0x4025,0x7046,0x6067,
0x83b9,0x9398,0xa3fb,0xb3da,0xc33d,0xd31c,0xe37f,0xf35e,
0x02b1,0x1290,0x22f3,0x32d2,0x4235,0x5214,0x6277,0x7256,
0xb5ea,0xa5cb,0x95a8,0x8589,0xf56e,0xe54f,0xd52c,0xc50d,
0x34e2,0x24c3,0x14a0,0x0481,0x7466,0x6447,0x5424,0x4405,
0xa7db,0xb7fa,0x8799,0x97b8,0xe75f,0xf77e,0xc71d,0xd73c,
0x26d3,0x36f2,0x0691,0x16b0,0x6657,0x7676,0x4615,0x5634,
0xd94c,0xc96d,0xf90e,0xe92f,0x99c8,0x89e9,0xb98a,0xa9ab,
0x5844,0x4865,0x7806,0x6827,0x18c0,0x08e1,0x3882,0x28a3,
0xcb7d,0xdb5c,0xeb3f,0xfb1e,0x8bf9,0x9bd8,0xabbb,0xbb9a,
0x4a75,0x5a54,0x6a37,0x7a16,0x0af1,0x1ad0,0x2ab3,0x3a92,
0xfd2e,0xed0f,0xdd6c,0xcd4d,0xbdaa,0xad8b,0x9de8,0x8dc9,
0x7c26,0x6c07,0x5c64,0x4c45,0x3ca2,0x2c83,0x1ce0,0x0cc1,
0xef1f,0xff3e,0xcf5d,0xdf7c,0xaf9b,0xbfba,0x8fd9,0x9ff8,
0x6e17,0x7e36,0x4e55,0x5e74,0x2e93,0x3eb2,0x0ed1,0x1ef0
};
uint16_t crc16(const void *buf, int len)
{
register int counter;
register uint16_t crc = 0;
for( counter = 0; counter < len; counter++)
crc = (crc<<8) ^ crc16tab[((crc>>8) ^ *(char *)buf++)&0x00FF];
return crc;
}
int ss_check_crc(char *buf, ssize_t *buf_len, char *crc_buf, ssize_t *crc_idx)
int ss_check_hash(char *buf, ssize_t *buf_len, char *hash_buf, ssize_t *hash_idx)
{
int i, j;
ssize_t blen = *buf_len;
ssize_t cidx = *crc_idx;
ssize_t cidx = *hash_idx;
for (i = 0, j = 0; i < blen; i++) {
if (cidx < CRC_BUF_LEN) {
if (cidx < HASH_BUF_LEN) {
buf[j] = buf[i];
j++;
}
crc_buf[cidx] = buf[i];
hash_buf[cidx] = buf[i];
cidx++;
if (cidx == CRC_BUF_LEN + CRC_BYTES) {
uint16_t c = crc16((const void*)crc_buf, CRC_BUF_LEN);
c = htons(c);
if (memcmp(&c, crc_buf + CRC_BUF_LEN, CRC_BYTES) != 0) return 0;
if (cidx == HASH_BUF_LEN + HASH_BYTES) {
uint8_t hash[HASH_BYTES];
crypto_generichash(hash, HASH_BYTES, (uint8_t *)hash_buf, HASH_BUF_LEN, NULL, 0);
if (memcmp(hash, hash_buf + HASH_BUF_LEN, HASH_BYTES) != 0) return 0;
cidx = 0;
}
}
*buf_len = j;
*crc_idx = cidx;
*hash_idx = cidx;
return 1;
}
char *ss_gen_crc(char *buf, ssize_t *buf_len, char *crc_buf, ssize_t *crc_idx, int buf_size)
char *ss_gen_hash(char *buf, ssize_t *buf_len, char *hash_buf, ssize_t *hash_idx, int buf_size)
{
int i, j;
ssize_t blen = *buf_len;
ssize_t cidx = *crc_idx;
int size = max((blen / CRC_BUF_LEN + 1) * CRC_BYTES + blen, buf_size);
ssize_t cidx = *hash_idx;
int size = max((blen / HASH_BUF_LEN + 1) * HASH_BYTES + blen, buf_size);
if (buf_size < size) {
buf = realloc(buf, size);
}
for (i = 0, j = 0; i < blen; i++, j++) {
if (cidx == CRC_BUF_LEN) {
uint16_t c = crc16((const void*)crc_buf, CRC_BUF_LEN);
c = htons(c);
memmove(buf + j + CRC_BYTES, buf + j, blen - i);
memcpy(buf + j, &c, CRC_BYTES);
j += CRC_BYTES; cidx = 0;
if (cidx == HASH_BUF_LEN) {
uint8_t hash[HASH_BYTES];
crypto_generichash(hash, HASH_BYTES, (uint8_t *)hash_buf, HASH_BUF_LEN, NULL, 0);
memmove(buf + j + HASH_BYTES, buf + j, blen - i);
memcpy(buf + j, hash, HASH_BYTES);
j += HASH_BYTES; cidx = 0;
}
crc_buf[cidx] = buf[j];
hash_buf[cidx] = buf[j];
cidx++;
}
*buf_len = j;
*crc_idx = cidx;
*hash_idx = cidx;
return buf;
}

8
src/encrypt.h
View File

@ -146,8 +146,8 @@ typedef struct {
#define ONETIMEAUTH_FLAG 0x10
#define ADDRTYPE_MASK 0xF
#define CRC_BUF_LEN 128
#define CRC_BYTES 2
#define HASH_BUF_LEN 128
#define HASH_BYTES 4
#define min(a, b) (((a) < (b)) ? (a) : (b))
#define max(a, b) (((a) > (b)) ? (a) : (b))
@ -173,7 +173,7 @@ unsigned char *enc_md5(const unsigned char *d, size_t n, unsigned char *md);
int ss_onetimeauth(char *auth, char *msg, int msg_len, struct enc_ctx *ctx);
int ss_onetimeauth_verify(char *auth, char *msg, int msg_len, struct enc_ctx *ctx);
int ss_check_crc(char *buf, ssize_t *buf_len, char *crc_buf, ssize_t *crc_idx);
char * ss_gen_crc(char *buf, ssize_t *buf_len, char *crc_buf, ssize_t *crc_idx, int buf_size);
int ss_check_hash(char *buf, ssize_t *buf_len, char *hash_buf, ssize_t *hash_idx);
char * ss_gen_hash(char *buf, ssize_t *buf_len, char *hash_buf, ssize_t *hash_idx, int buf_size);
#endif // _ENCRYPT_H

12
src/local.c
View File

@ -245,7 +245,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
if (remote->send_ctx->connected && auth) {
remote->buf = ss_gen_crc(remote->buf, &r, remote->crc_buf, &remote->crc_idx, BUF_SIZE);
remote->buf = ss_gen_hash(remote->buf, &r, remote->hash_buf, &remote->hash_idx, BUF_SIZE);
}
// insert shadowsocks header
@ -484,7 +484,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
memcpy(remote->buf, ss_addr_to_send, addr_len);
if (auth) {
buf = ss_gen_crc(buf, &r, remote->crc_buf, &remote->crc_idx, BUF_SIZE);
buf = ss_gen_hash(buf, &r, remote->hash_buf, &remote->hash_idx, BUF_SIZE);
}
if (r > 0) {
@ -1090,6 +1090,10 @@ int main(int argc, char **argv)
#endif
}
if (auth) {
LOGI("onetime authentication enabled");
}
#ifdef __MINGW32__
winsock_init();
#else
@ -1146,10 +1150,6 @@ int main(int argc, char **argv)
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
if (auth) {
LOGI("onetime authentication enabled");
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("udprelay enabled");

4
src/local.h
View File

@ -82,8 +82,8 @@ struct remote {
struct sockaddr_storage addr;
int addr_len;
ssize_t crc_idx;
char crc_buf[CRC_BUF_LEN];
ssize_t hash_idx;
char hash_buf[HASH_BUF_LEN];
};
#endif // _LOCAL_H

10
src/redir.c
View File

@ -185,7 +185,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
if (auth) {
remote->buf = ss_gen_crc(remote->buf, &r, remote->crc_buf, &remote->crc_idx, BUF_SIZE);
remote->buf = ss_gen_hash(remote->buf, &r, remote->hash_buf, &remote->hash_idx, BUF_SIZE);
}
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);
@ -740,6 +740,10 @@ int main(int argc, char **argv)
daemonize(pid_path);
}
if (auth) {
LOGI("onetime authentication enabled");
}
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
@ -786,10 +790,6 @@ int main(int argc, char **argv)
ev_io_start(loop, &listen_ctx.io);
}
if (auth) {
LOGI("onetime authentication enabled");
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");

4
src/redir.h
View File

@ -71,8 +71,8 @@ struct remote {
struct remote_ctx *send_ctx;
struct server *server;
ssize_t crc_idx;
char crc_buf[CRC_BUF_LEN];
ssize_t hash_idx;
char hash_buf[HASH_BUF_LEN];
};
#endif // _LOCAL_H

44
src/server.c
View File

@ -496,8 +496,8 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
// handshake and transmit data
if (server->stage == 5) {
if (server->auth
&& !ss_check_crc(remote->buf, &r, server->crc_buf, &server->crc_idx)) {
LOGE("crc error");
&& !ss_check_hash(remote->buf, &r, server->hash_buf, &server->hash_idx)) {
LOGE("hash error");
report_addr(server->fd);
close_and_free_server(EV_A_ server);
close_and_free_remote(EV_A_ remote);
@ -527,25 +527,27 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
} else if (server->stage == 0) {
/*
* Shadowsocks TCP Relay Protocol:
* Shadowsocks TCP Relay Header:
*
* +------+----------+----------+-----------------+
* | ATYP | DST.ADDR | DST.PORT | AUTH (Optional) |
* +------+----------+----------+-----------------+
* | 1 | Variable | 2 | 16 |
* +------+----------+----------+-----------------+
* +------+----------+----------+---------------------+
* | ATYP | DST.ADDR | DST.PORT | Poly1305 |
* +------+----------+----------+---------------------+
* | 1 | Variable | 2 | 16 |
* +------+----------+----------+---------------------+
*
* If ATYP & ONETIMEAUTH_FLAG(0x10) == 1, AUTH and CRC are enabled.
* If ATYP & ONETIMEAUTH_FLAG(0x10) == 1, Authentication (Poly1305) and Hash (BLAKE2b) are enabled.
*
* The key of Poly1305 is BLAKE2b(IV + KEY) and the input is the whole header.
*/
/*
* Shadowsocks TCP Request Payload CRC (Optional, no CRC for response's payload):
* Shadowsocks TCP Request Payload CRC (Optional, no hash check for response's payload):
*
* +------+-------+------+-------+------+
* | DATA | CRC16 | DATA | CRC16 | ...
* +------+-------+------+-------+------+
* | 128 | 2 | 128 | 2 | ...
* +------+-------+------+-------+------+
* +------+---------+------+---------+------+
* | DATA | BLAKE2b | DATA | BLAKE2b | ...
* +------+---------+------+---------+------+
* | 128 | 4 | 128 | 4 | ...
* +------+---------+------+---------+------+
*/
int offset = 0;
@ -682,8 +684,8 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
if (server->auth
&& !ss_check_crc(server->buf + server->buf_idx, &server->buf_len, server->crc_buf, &server->crc_idx)) {
LOGE("crc error");
&& !ss_check_hash(server->buf + server->buf_idx, &server->buf_len, server->hash_buf, &server->hash_idx)) {
LOGE("hash error");
report_addr(server->fd);
close_and_free_server(EV_A_ server);
return;
@ -1385,6 +1387,10 @@ int main(int argc, char **argv)
#endif
}
if (auth) {
LOGI("onetime authentication enabled");
}
#ifdef __MINGW32__
winsock_init();
#else
@ -1471,10 +1477,6 @@ int main(int argc, char **argv)
ev_timer_start(EV_DEFAULT, &stat_update_watcher);
}
if (auth) {
LOGI("onetime authentication enabled");
}
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
}

4
src/server.h
View File

@ -57,8 +57,8 @@ struct server {
char *buf; // server send from, remote recv into
int auth;
ssize_t crc_idx;
char crc_buf[CRC_BUF_LEN + CRC_BYTES]; // 2 bytes for CRC16
ssize_t hash_idx;
char hash_buf[HASH_BUF_LEN + HASH_BYTES]; // 2 bytes for HASH16
struct enc_ctx *e_ctx;
struct enc_ctx *d_ctx;

10
src/tunnel.c
View File

@ -197,7 +197,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
if (auth) {
remote->buf = ss_gen_crc(remote->buf, &r, remote->crc_buf, &remote->crc_idx, BUF_SIZE);
remote->buf = ss_gen_hash(remote->buf, &r, remote->hash_buf, &remote->hash_idx, BUF_SIZE);
}
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);
@ -805,6 +805,10 @@ int main(int argc, char **argv)
daemonize(pid_path);
}
if (auth) {
LOGI("onetime authentication enabled");
}
// parse tunnel addr
parse_addr(tunnel_addr_str, &tunnel_addr);
@ -864,10 +868,6 @@ int main(int argc, char **argv)
ev_io_start(loop, &listen_ctx.io);
}
if (auth) {
LOGI("onetime authentication enabled");
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");

4
src/tunnel.h
View File

@ -75,8 +75,8 @@ struct remote {
struct remote_ctx *send_ctx;
struct server *server;
ssize_t crc_idx;
char crc_buf[CRC_BUF_LEN];
ssize_t hash_idx;
char hash_buf[HASH_BUF_LEN];
};
#endif // _TUNNEL_H
Write Preview
Loading…
Cancel
Save