richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use IV + Chunk id as key of BLAKE2b

pull/405/head
Max Lv 9 years ago
parent
5a02b74c7a
commit
9f553536cb
6 changed files with 19 additions and 19 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      src/encrypt.c
  2. 4
      src/encrypt.h
  3. 4
      src/local.c
  4. 2
      src/redir.c
  5. 6
      src/server.c
  6. 2
      src/tunnel.c

20
src/encrypt.c
View File

@ -1478,7 +1478,7 @@ int enc_init(const char *pass, const char *method)
return m; return m;
} }
int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf_size)
int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, struct enc_ctx *ctx, int buf_size)
{ {
int i, j, k; int i, j, k;
char *buf = *buf_ptr; char *buf = *buf_ptr;
@ -1511,12 +1511,12 @@ int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf
if (cidx == chunk->len + AUTH_BYTES) { if (cidx == chunk->len + AUTH_BYTES) {
// Compare hash // Compare hash
uint8_t *hash = (uint8_t *)malloc(chunk->len); uint8_t *hash = (uint8_t *)malloc(chunk->len);
uint8_t key[MAX_KEY_LENGTH + sizeof(uint32_t)];
uint8_t key[MAX_IV_LENGTH + sizeof(uint32_t)];
memcpy(key, enc_key, enc_key_len);
memcpy(key + enc_key_len, &chunk->counter, sizeof(uint32_t));
memcpy(key, ctx->evp.iv, enc_key_len);
memcpy(key + enc_iv_len, &chunk->counter, sizeof(uint32_t));
crypto_generichash(hash, HASH_BYTES, (uint8_t *)chunk->buf + AUTH_BYTES, chunk->len, crypto_generichash(hash, HASH_BYTES, (uint8_t *)chunk->buf + AUTH_BYTES, chunk->len,
key, enc_key_len + sizeof(uint32_t));
key, enc_iv_len + sizeof(uint32_t));
if (memcmp(hash, chunk->buf + CLEN_BYTES, HASH_BYTES) != 0) return 0; if (memcmp(hash, chunk->buf + CLEN_BYTES, HASH_BYTES) != 0) return 0;
@ -1538,7 +1538,7 @@ int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf
return 1; return 1;
} }
char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, int buf_size)
char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, struct enc_ctx *ctx, int buf_size)
{ {
ssize_t blen = *buf_len; ssize_t blen = *buf_len;
int size = max(AUTH_BYTES + blen, buf_size); int size = max(AUTH_BYTES + blen, buf_size);
@ -1549,11 +1549,11 @@ char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, int buf_size)
uint16_t chunk_len = htons((uint16_t)blen); uint16_t chunk_len = htons((uint16_t)blen);
uint8_t hash[HASH_BYTES]; uint8_t hash[HASH_BYTES];
uint8_t key[MAX_KEY_LENGTH + sizeof(uint32_t)];
uint8_t key[MAX_IV_LENGTH + sizeof(uint32_t)];
memcpy(key, enc_key, enc_key_len);
memcpy(key + enc_key_len, counter, sizeof(uint32_t));
crypto_generichash(hash, HASH_BYTES, (uint8_t *)buf, blen, key, enc_key_len + sizeof(uint32_t));
memcpy(key, ctx->evp.iv, enc_iv_len);
memcpy(key + enc_iv_len, counter, sizeof(uint32_t));
crypto_generichash(hash, HASH_BYTES, (uint8_t *)buf, blen, key, enc_iv_len + sizeof(uint32_t));
memmove(buf + AUTH_BYTES, buf, blen); memmove(buf + AUTH_BYTES, buf, blen);
memcpy(buf + CLEN_BYTES, hash, HASH_BYTES); memcpy(buf + CLEN_BYTES, hash, HASH_BYTES);

4
src/encrypt.h
View File

@ -181,7 +181,7 @@ unsigned char *enc_md5(const unsigned char *d, size_t n, unsigned char *md);
int ss_onetimeauth(char *auth, char *msg, int msg_len, struct enc_ctx *ctx); int ss_onetimeauth(char *auth, char *msg, int msg_len, struct enc_ctx *ctx);
int ss_onetimeauth_verify(char *auth, char *msg, int msg_len, struct enc_ctx *ctx); int ss_onetimeauth_verify(char *auth, char *msg, int msg_len, struct enc_ctx *ctx);
int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf_size);
char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, int buf_size);
int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, struct enc_ctx *ctx, int buf_size);
char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, struct enc_ctx *ctx, int buf_size);
#endif // _ENCRYPT_H #endif // _ENCRYPT_H

4
src/local.c
View File

@ -245,7 +245,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
} }
if (!remote->direct && remote->send_ctx->connected && auth) { if (!remote->direct && remote->send_ctx->connected && auth) {
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, BUF_SIZE);
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, server->e_ctx, BUF_SIZE);
} }
// insert shadowsocks header // insert shadowsocks header
@ -485,7 +485,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
if (r > 0) { if (r > 0) {
if (auth) { if (auth) {
buf = ss_gen_hash(buf, &r, &remote->counter, BUF_SIZE);
buf = ss_gen_hash(buf, &r, &remote->counter, server->e_ctx, BUF_SIZE);
} }
memcpy(remote->buf + addr_len, buf, r); memcpy(remote->buf + addr_len, buf, r);
} }

2
src/redir.c
View File

@ -185,7 +185,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
} }
if (auth) { if (auth) {
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, BUF_SIZE);
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, server->e_ctx, BUF_SIZE);
} }
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx); remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);

6
src/server.c
View File

@ -495,7 +495,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
// handshake and transmit data // handshake and transmit data
if (server->stage == 5) { if (server->stage == 5) {
if (server->auth && !ss_check_hash(&remote->buf, &r, server->chunk, BUF_SIZE)) {
if (server->auth && !ss_check_hash(&remote->buf, &r, server->chunk, server->e_ctx, BUF_SIZE)) {
LOGE("hash error"); LOGE("hash error");
report_addr(server->fd); report_addr(server->fd);
close_and_free_server(EV_A_ server); close_and_free_server(EV_A_ server);
@ -548,7 +548,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
* | 2 | 4 | Variable | ... * | 2 | 4 | Variable | ...
* +------+---------+-------------+------+ * +------+---------+-------------+------+
* *
* The key of BLAKE2b is (KEY + CHUNK ID)
* The key of BLAKE2b is (IV + CHUNK ID)
*/ */
int offset = 0; int offset = 0;
@ -684,7 +684,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
memmove(server->buf, server->buf + offset, server->buf_len); memmove(server->buf, server->buf + offset, server->buf_len);
} }
if (server->auth && !ss_check_hash(&server->buf, &server->buf_len, server->chunk, BUF_SIZE)) {
if (server->auth && !ss_check_hash(&server->buf, &server->buf_len, server->chunk, server->d_ctx, BUF_SIZE)) {
LOGE("hash error"); LOGE("hash error");
report_addr(server->fd); report_addr(server->fd);
close_and_free_server(EV_A_ server); close_and_free_server(EV_A_ server);

2
src/tunnel.c
View File

@ -197,7 +197,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
} }
if (auth) { if (auth) {
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, BUF_SIZE);
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, server->e_ctx, BUF_SIZE);
} }
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx); remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);

Write Preview
Loading…
Cancel
Save