Skip to content

Commit

Permalink
refactor encrypt; add cfb1 and cfb8 modes
Browse files Browse the repository at this point in the history
  • Loading branch information
clowwindy committed Sep 16, 2014
1 parent a2ed126 commit 76fed23
Show file tree
Hide file tree
Showing 11 changed files with 245 additions and 53 deletions.
2 changes: 2 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ script:
- pep8 .
- python tests/test.py -c tests/table.json
- python tests/test.py -c tests/aes.json
- python tests/test.py -c tests/aes-cfb1.json
- python tests/test.py -c tests/aes-cfb8.json
- python tests/test.py -c tests/rc4-md5.json
- python tests/test.py -c tests/salsa20.json
- python tests/test.py -c tests/server-multi-ports.json
Expand Down
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
author='clowwindy',
author_email='[email protected]',
url='https://github.com/clowwindy/shadowsocks',
packages=['shadowsocks'],
packages=['shadowsocks', 'shadowsocks.crypto'],
package_data={
'shadowsocks': ['README.rst', 'LICENSE']
},
Expand Down
21 changes: 21 additions & 0 deletions shadowsocks/crypto/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/usr/bin/env python

# Copyright (c) 2014 clowwindy
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
100 changes: 100 additions & 0 deletions shadowsocks/crypto/ctypes_openssl.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
#!/usr/bin/env python

# Copyright (c) 2014 clowwindy
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

import logging

__all__ = ['ciphers']

loaded = False


def load_openssl():
global loaded, libcrypto, CDLL, c_char_p, c_int, c_long, byref,\
create_string_buffer, c_void_p, buf
from ctypes import CDLL, c_char_p, c_int, c_long, byref,\
create_string_buffer, c_void_p
from ctypes.util import find_library
libcrypto_path = find_library('crypto')
logging.info('loading libcrypto from %s', libcrypto_path)
libcrypto = CDLL(libcrypto_path)
libcrypto.EVP_get_cipherbyname.restype = c_void_p
libcrypto.EVP_CIPHER_CTX_new.restype = c_void_p
libcrypto.EVP_CIPHER_CTX_new.argtypes = (c_void_p, c_void_p, c_char_p,
c_char_p)

libcrypto.EVP_CipherInit_ex.argtypes = (c_void_p, c_void_p, c_char_p,
c_char_p, c_char_p, c_int)

libcrypto.EVP_CipherUpdate.argtypes = (c_void_p, c_void_p, c_void_p,
c_char_p, c_int)

libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,)
libcrypto.EVP_CIPHER_CTX_free.argtypes = (c_void_p,)

buf = create_string_buffer(65536)
loaded = True


class CtypesCrypto(object):
def __init__(self, cipher_name, key, iv, op):
if not loaded:
load_openssl()
self._ctx = None
cipher = libcrypto.EVP_get_cipherbyname(cipher_name)
if not cipher:
raise Exception('cipher %s not found in libcrypto' % cipher_name)
key_ptr = c_char_p(key)
iv_ptr = c_char_p(iv)
self._ctx = libcrypto.EVP_CIPHER_CTX_new(cipher, None,
key_ptr, iv_ptr)
if not self._ctx:
raise Exception('can not create cipher context')
r = libcrypto.EVP_CipherInit_ex(self._ctx, cipher, None,
key_ptr, iv_ptr, c_int(op))
if not r:
self.clean()
raise Exception('can not initialize cipher context')

def update(self, data):
cipher_out_len = c_long(0)
libcrypto.EVP_CipherUpdate(self._ctx, byref(buf),
byref(cipher_out_len), c_char_p(data),
len(data))
return buf.raw[:cipher_out_len.value]

def __del__(self):
self.clean()

def clean(self):
if self._ctx:
libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx)
libcrypto.EVP_CIPHER_CTX_free(self._ctx)


ciphers = {
'aes-128-cfb8': (16, 16, CtypesCrypto),
'aes-192-cfb8': (24, 16, CtypesCrypto),
'aes-256-cfb8': (32, 16, CtypesCrypto),
'aes-128-cfb1': (16, 16, CtypesCrypto),
'aes-192-cfb1': (24, 16, CtypesCrypto),
'aes-256-cfb1': (32, 16, CtypesCrypto),
}
66 changes: 66 additions & 0 deletions shadowsocks/crypto/m2.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/env python

# Copyright (c) 2014 clowwindy
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

import sys
import logging

__all__ = ['ciphers']

has_m2 = True
try:
__import__('M2Crypto')
except ImportError:
has_m2 = False


def create_cipher(alg, key, iv, op, key_as_bytes=0, d=None, salt=None, i=1,
padding=1):

import M2Crypto.EVP
return M2Crypto.EVP.Cipher('rc4', key, iv, op, key_as_bytes=0,
d='md5', salt=None, i=1, padding=1)


def err(alg, key, iv, op, key_as_bytes=0, d=None, salt=None, i=1, padding=1):
logging.error(('M2Crypto is required to use %s, please run'
' `apt-get install python-m2crypto`') % alg)
sys.exit(1)


if not has_m2:
create_cipher = err

ciphers = {
'aes-128-cfb': (16, 16, create_cipher),
'aes-192-cfb': (24, 16, create_cipher),
'aes-256-cfb': (32, 16, create_cipher),
'bf-cfb': (16, 8, create_cipher),
'camellia-128-cfb': (16, 16, create_cipher),
'camellia-192-cfb': (24, 16, create_cipher),
'camellia-256-cfb': (32, 16, create_cipher),
'cast5-cfb': (16, 8, create_cipher),
'des-cfb': (8, 8, create_cipher),
'idea-cfb': (16, 8, create_cipher),
'rc2-cfb': (16, 8, create_cipher),
'rc4': (16, 0, create_cipher),
'seed-cfb': (16, 16, create_cipher),
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,13 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.


import hashlib


__all__ = ['ciphers']


def create_cipher(alg, key, iv, op, key_as_bytes=0, d=None, salt=None,
i=1, padding=1):
md5 = hashlib.md5()
Expand All @@ -33,3 +37,8 @@ def create_cipher(alg, key, iv, op, key_as_bytes=0, d=None, salt=None,
import M2Crypto.EVP
return M2Crypto.EVP.Cipher('rc4', rc4_key, '', op, key_as_bytes=0,
d='md5', salt=None, i=1, padding=1)


ciphers = {
'rc4-md5': (16, 16, create_cipher),
}
Original file line number Diff line number Diff line change
Expand Up @@ -149,5 +149,10 @@ def test():
assert ''.join(results) == plain


ciphers = {
'salsa20-ctr': (32, 8, Salsa20Cipher),
}


if __name__ == '__main__':
test()
69 changes: 19 additions & 50 deletions shadowsocks/encrypt.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,19 @@
import string
import struct
import logging
import encrypt_salsa20
import encrypt_rc4_md5
import crypto.m2
import crypto.rc4_md5
import crypto.salsa20_ctr
import crypto.ctypes_openssl


method_supported = {
}

method_supported.update(crypto.m2.ciphers)
method_supported.update(crypto.rc4_md5.ciphers)
method_supported.update(crypto.salsa20_ctr.ciphers)
method_supported.update(crypto.ctypes_openssl.ciphers)


def random_string(length):
Expand Down Expand Up @@ -57,13 +68,6 @@ def get_table(key):
def init_table(key, method=None):
if method is not None and method == 'table':
method = None
if method:
try:
__import__('M2Crypto')
except ImportError:
logging.error(('M2Crypto is required to use %s, please run'
' `apt-get install python-m2crypto`') % method)
sys.exit(1)
if not method:
if key in cached_tables:
return cached_tables[key]
Expand Down Expand Up @@ -103,25 +107,6 @@ def EVP_BytesToKey(password, key_len, iv_len):
return (key, iv)


method_supported = {
'aes-128-cfb': (16, 16),
'aes-192-cfb': (24, 16),
'aes-256-cfb': (32, 16),
'bf-cfb': (16, 8),
'camellia-128-cfb': (16, 16),
'camellia-192-cfb': (24, 16),
'camellia-256-cfb': (32, 16),
'cast5-cfb': (16, 8),
'des-cfb': (8, 8),
'idea-cfb': (16, 8),
'rc2-cfb': (16, 8),
'rc4': (16, 0),
'rc4-md5': (16, 16),
'seed-cfb': (16, 16),
'salsa20-ctr': (32, 8),
}


class Encryptor(object):
def __init__(self, key, method=None):
if method == 'table':
Expand All @@ -138,7 +123,7 @@ def __init__(self, key, method=None):
self.encrypt_table, self.decrypt_table = init_table(key)
self.cipher = None

def get_cipher_len(self, method):
def get_cipher_param(self, method):
method = method.lower()
m = method_supported.get(method, None)
return m
Expand All @@ -149,7 +134,7 @@ def iv_len(self):
def get_cipher(self, password, method, op, iv=None):
password = password.encode('utf-8')
method = method.lower()
m = self.get_cipher_len(method)
m = self.get_cipher_param(method)
if m:
key, iv_ = EVP_BytesToKey(password, m[0], m[1])
if iv is None:
Expand All @@ -158,15 +143,7 @@ def get_cipher(self, password, method, op, iv=None):
if op == 1:
# this iv is for cipher not decipher
self.cipher_iv = iv[:m[1]]
if method == 'salsa20-ctr':
return encrypt_salsa20.Salsa20Cipher(method, key, iv, op)
elif method == 'rc4-md5':
return encrypt_rc4_md5.create_cipher(method, key, iv, op)
else:
import M2Crypto.EVP
return M2Crypto.EVP.Cipher(method.replace('-', '_'), key, iv,
op, key_as_bytes=0, d='md5',
salt=None, i=1, padding=1)
return m[2](method, key, iv, op)

logging.error('method %s not supported' % method)
sys.exit(1)
Expand All @@ -190,7 +167,7 @@ def decrypt(self, buf):
return string.translate(buf, self.decrypt_table)
else:
if self.decipher is None:
decipher_iv_len = self.get_cipher_len(self.method)[1]
decipher_iv_len = self.get_cipher_param(self.method)[1]
decipher_iv = buf[:decipher_iv_len]
self.decipher = self.get_cipher(self.key, self.method, 0,
iv=decipher_iv)
Expand All @@ -210,24 +187,16 @@ def encrypt_all(password, method, op, data):
else:
return string.translate(data, decrypt_table)
else:
import M2Crypto.EVP
result = []
method = method.lower()
(key_len, iv_len) = method_supported[method]
(key_len, iv_len, m) = method_supported[method]
(key, _) = EVP_BytesToKey(password, key_len, iv_len)
if op:
iv = random_string(iv_len)
result.append(iv)
else:
iv = data[:iv_len]
data = data[iv_len:]
if method == 'salsa20-ctr':
cipher = encrypt_salsa20.Salsa20Cipher(method, key, iv, op)
elif method == 'rc4-md5':
cipher = encrypt_rc4_md5.create_cipher(method, key, iv, op)
else:
cipher = M2Crypto.EVP.Cipher(method.replace('-', '_'), key, iv,
op, key_as_bytes=0, d='md5',
salt=None, i=1, padding=1)
cipher = m(method, key, iv, op)
result.append(cipher.update(data))
return ''.join(result)
10 changes: 10 additions & 0 deletions tests/aes-cfb1.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"server":"127.0.0.1",
"server_port":8388,
"local_port":1081,
"password":"aes_password",
"timeout":60,
"method":"aes-256-cfb1",
"local_address":"127.0.0.1",
"fast_open":false
}
10 changes: 10 additions & 0 deletions tests/aes-cfb8.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"server":"127.0.0.1",
"server_port":8388,
"local_port":1081,
"password":"aes_password",
"timeout":60,
"method":"aes-256-cfb8",
"local_address":"127.0.0.1",
"fast_open":false
}
Loading

0 comments on commit 76fed23

Please sign in to comment.