Skip to content

Commit

Permalink
New Cipher interface to abstract encrypt/decrypt.
Browse files Browse the repository at this point in the history
  • Loading branch information
cyfdecyf committed Jan 16, 2013
1 parent 2e59ddc commit e685305
Show file tree
Hide file tree
Showing 6 changed files with 102 additions and 68 deletions.
6 changes: 3 additions & 3 deletions cmd/shadowsocks-httpget/httpget.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,15 +48,15 @@ func doOneRequest(client *http.Client, uri string, buf []byte) (err error) {
return
}

func get(connid int, uri, serverAddr string, rawAddr []byte, enctbl *ss.EncryptTable, done chan []time.Duration) {
func get(connid int, uri, serverAddr string, rawAddr []byte, cipher ss.Cipher, done chan []time.Duration) {
reqDone := 0
reqTime := make([]time.Duration, config.nreq, config.nreq)
defer func() {
done <- reqTime[:reqDone]
}()
tr := &http.Transport{
Dial: func(_, _ string) (net.Conn, error) {
return ss.DialWithRawAddr(rawAddr, serverAddr, enctbl)
return ss.DialWithRawAddr(rawAddr, serverAddr, cipher)
},
}

Expand Down Expand Up @@ -98,7 +98,7 @@ func main() {
uri = "http://" + uri
}

enctbl := ss.GetTable(config.passwd)
enctbl := ss.NewCipher(config.passwd)
serverAddr := net.JoinHostPort(config.server, strconv.Itoa(config.port))

parsedURL, err := url.Parse(uri)
Expand Down
42 changes: 21 additions & 21 deletions cmd/shadowsocks-local/local.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,72 +138,72 @@ func getRequest(conn net.Conn) (rawaddr []byte, host string, err error) {
return
}

type ServerEnctbl struct {
type ServerCipher struct {
server string
enctbl *ss.EncryptTable
cipher ss.Cipher
}

var servers struct {
srvenc []*ServerEnctbl
idx uint8
srvCipher []*ServerCipher
idx uint8
}

func initServers(config *ss.Config) {
if len(config.ServerPassword) == 0 {
// only one encryption table
enctbl := ss.GetTable(config.Password)
cipher := ss.NewCipher(config.Password)
srvPort := strconv.Itoa(config.ServerPort)
srvArr := config.GetServerArray()
n := len(srvArr)
servers.srvenc = make([]*ServerEnctbl, n, n)
servers.srvCipher = make([]*ServerCipher, n, n)

for i, s := range srvArr {
if ss.HasPort(s) {
log.Println("ignore server_port option for server", s)
servers.srvenc[i] = &ServerEnctbl{s, enctbl}
servers.srvCipher[i] = &ServerCipher{s, cipher}
} else {
servers.srvenc[i] = &ServerEnctbl{s + ":" + srvPort, enctbl}
servers.srvCipher[i] = &ServerCipher{s + ":" + srvPort, cipher}
}
}
} else {
n := len(config.ServerPassword)
servers.srvenc = make([]*ServerEnctbl, n, n)
servers.srvCipher = make([]*ServerCipher, n, n)

tblCache := make(map[string]*ss.EncryptTable)
cipherCache := make(map[string]ss.Cipher)
i := 0
for s, passwd := range config.ServerPassword {
if !ss.HasPort(s) {
log.Fatal("no port for server %s, please specify port in the form of %s:port", s, s)
}
tbl, ok := tblCache[passwd]
cipher, ok := cipherCache[passwd]
if !ok {
tbl = ss.GetTable(passwd)
tblCache[passwd] = tbl
cipher = ss.NewCipher(passwd)
cipherCache[passwd] = cipher
}
servers.srvenc[i] = &ServerEnctbl{s, tbl}
servers.srvCipher[i] = &ServerCipher{s, cipher}
i++
}
}
for _, se := range servers.srvenc {
for _, se := range servers.srvCipher {
log.Println("available remote server", se.server)
}
return
}

// select one server to connect in round robin order
func createServerConn(rawaddr []byte, addr string) (remote *ss.Conn, err error) {
n := len(servers.srvenc)
n := len(servers.srvCipher)
if n == 1 {
se := servers.srvenc[0]
se := servers.srvCipher[0]
debug.Printf("connecting to %s via %s\n", addr, se.server)
return ss.DialWithRawAddr(rawaddr, se.server, se.enctbl)
return ss.DialWithRawAddr(rawaddr, se.server, se.cipher)
}

id := servers.idx
servers.idx++ // it's ok for concurrent update
for i := 0; i < n; i++ {
se := servers.srvenc[(int(id)+i)%n]
remote, err = ss.DialWithRawAddr(rawaddr, se.server, se.enctbl)
se := servers.srvCipher[(int(id)+i)%n]
remote, err = ss.DialWithRawAddr(rawaddr, se.server, se.cipher)
if err == nil {
debug.Printf("connected to %s via %s\n", addr, se.server)
return
Expand Down Expand Up @@ -241,7 +241,7 @@ func handleConnection(conn net.Conn) {

remote, err := createServerConn(rawaddr, addr)
if err != nil {
if len(servers.srvenc) > 1 {
if len(servers.srvCipher) > 1 {
log.Println("Failed connect to all avaiable shadowsocks server")
}
return
Expand Down
22 changes: 8 additions & 14 deletions cmd/shadowsocks-server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,16 +145,6 @@ func handleConnection(conn *ss.Conn) {
return
}

func getTable(password string) (tbl *ss.EncryptTable) {
// I'm not using a map to cache ciphers with same password because map
// needs lock to protect concurrent access. Memory is not an issue
// because each cipher takes only a few more than 512 bytes.
// Besides, many same passwords for different users should be rare, and
// using cipher cache adds complexity with not much benefit.
tbl = ss.GetTable(password)
return
}

type PortListener struct {
password string
listener net.Listener
Expand Down Expand Up @@ -189,6 +179,10 @@ func (pm *PasswdManager) del(port string) {
pm.Unlock()
}

// Update port password would first close a port and restart listening on that
// port. A different approach would be directly change the password used by
// that port, but that requires **sharing** password between the port listener
// and password manager.
func (pm *PasswdManager) updatePortPasswd(port, password string) {
pl, ok := pm.get(port)
if !ok {
Expand Down Expand Up @@ -255,7 +249,7 @@ func run(port, password string) {
return
}
passwdManager.add(port, password, ln)
var encTbl *ss.EncryptTable
var cipher ss.Cipher
log.Printf("server listening port %v ...\n", port)
for {
conn, err := ln.Accept()
Expand All @@ -265,11 +259,11 @@ func run(port, password string) {
return
}
// Creating cipher upon first connection.
if encTbl == nil {
if cipher == nil {
debug.Println("creating cipher for port:", port)
encTbl = getTable(password)
cipher = ss.NewCipher(password)
}
go handleConnection(ss.NewConn(conn, encTbl))
go handleConnection(ss.NewConn(conn, cipher))
}
}

Expand Down
27 changes: 14 additions & 13 deletions shadowsocks/conn.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
package shadowsocks

import (
"errors"
"encoding/binary"
"errors"
"fmt"
"net"
"strconv"
Expand All @@ -11,11 +11,11 @@ import (

type Conn struct {
net.Conn
*EncryptTable
Cipher
}

func NewConn(cn net.Conn, encTbl *EncryptTable) *Conn {
return &Conn{cn, encTbl}
func NewConn(cn net.Conn, cipher Cipher) *Conn {
return &Conn{cn, cipher}
}

func RawAddr(addr string) (buf []byte, err error) {
Expand Down Expand Up @@ -44,12 +44,12 @@ func RawAddr(addr string) (buf []byte, err error) {
// This is intended for use by users implementing a local socks proxy.
// rawaddr shoud contain part of the data in socks request, starting from the
// ATYP field. (Refer to rfc1928 for more information.)
func DialWithRawAddr(rawaddr []byte, server string, encTbl *EncryptTable) (c *Conn, err error) {
func DialWithRawAddr(rawaddr []byte, server string, cipher Cipher) (c *Conn, err error) {
conn, err := net.Dial("tcp", server)
if err != nil {
return
}
c = NewConn(conn, encTbl)
c = NewConn(conn, cipher)
if _, err = c.Write(rawaddr); err != nil {
c.Close()
return nil, err
Expand All @@ -58,25 +58,26 @@ func DialWithRawAddr(rawaddr []byte, server string, encTbl *EncryptTable) (c *Co
}

// addr should be in the form of host:port
func Dial(addr, server string, encTbl *EncryptTable) (c *Conn, err error) {
func Dial(addr, server string, cipher Cipher) (c *Conn, err error) {
ra, err := RawAddr(addr)
if err != nil {
return
}
return DialWithRawAddr(ra, server, encTbl)
return DialWithRawAddr(ra, server, cipher)
}

func (c Conn) Read(b []byte) (n int, err error) {
buf := make([]byte, len(b), len(b))
n, err = c.Conn.Read(buf)
cipherData := make([]byte, len(b), len(b))
n, err = c.Conn.Read(cipherData)
if n > 0 {
encrypt2(c.decTbl, buf[0:n], b[0:n])
c.Decrypt(b[0:n], cipherData[0:n])
}
return
}

func (c Conn) Write(b []byte) (n int, err error) {
buf := encrypt(c.encTbl, b)
n, err = c.Conn.Write(buf)
cipherData := make([]byte, len(b), len(b))
c.Encrypt(cipherData, b)
n, err = c.Conn.Write(cipherData)
return
}
39 changes: 29 additions & 10 deletions shadowsocks/encrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,24 @@ import (
"bytes"
"crypto/md5"
"encoding/binary"
"errors"
"io"
)

type EncryptTable struct {
type Cipher interface {
// dst should have at least the same length as src
Encrypt(dst, src []byte)
Decrypt(dst, src []byte)
}

type TableCipher struct {
encTbl []byte
decTbl []byte
}

func GetTable(key string) (tbl *EncryptTable) {
func NewTableCipher(key string) (tbl *TableCipher) {
const tbl_size = 256
tbl = &EncryptTable{
tbl = &TableCipher{
make([]byte, tbl_size, tbl_size),
make([]byte, tbl_size, tbl_size),
}
Expand Down Expand Up @@ -46,14 +53,26 @@ func GetTable(key string) (tbl *EncryptTable) {
return
}

func encrypt2(table []byte, buf, result []byte) {
for i := 0; i < len(buf); i++ {
result[i] = table[buf[i]]
func (c *TableCipher) Encrypt(dst, src []byte) {
for i := 0; i < len(src); i++ {
dst[i] = c.encTbl[src[i]]
}
}

func encrypt(table []byte, buf []byte) []byte {
var result = make([]byte, len(buf), len(buf))
encrypt2(table, buf, result)
return result
func (c *TableCipher) Decrypt(dst, src []byte) {
for i := 0; i < len(src); i++ {
dst[i] = c.decTbl[src[i]]
}
}

// Function to get default cipher
var NewCipher = NewTableCipher

// Set default cipher. Empty string of cipher name uses the simple table
// cipher.
func SetDefaultCipher(cipherName string) (err error) {
if cipherName == "" {
return
}
return errors.New("cipher " + cipherName + " not supported")
}
34 changes: 27 additions & 7 deletions shadowsocks/encrypt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,8 @@ import (
"testing"
)

const tbl_size = 256

func checkTable(t *testing.T, tbl *EncryptTable, encTarget, decTarget []byte, msg string) {
func checkTable(t *testing.T, tbl *TableCipher, encTarget, decTarget []byte, msg string) {
const tbl_size = 256
for i := 0; i < tbl_size; i++ {
if encTarget[i] != tbl.encTbl[i] {
t.Fatalf("%s: encrypt table error at index %d\n", msg, i)
Expand All @@ -17,16 +16,37 @@ func checkTable(t *testing.T, tbl *EncryptTable, encTarget, decTarget []byte, ms
}
}

func TestEncrypt1(t *testing.T) {
func TestEncrypTable1(t *testing.T) {
enc := []byte{60, 53, 84, 138, 217, 94, 88, 23, 39, 242, 219, 35, 12, 157, 165, 181, 255, 143, 83, 247, 162, 16, 31, 209, 190, 171, 115, 65, 38, 41, 21, 245, 236, 46, 121, 62, 166, 233, 44, 154, 153, 145, 230, 49, 128, 216, 173, 29, 241, 119, 64, 229, 194, 103, 131, 110, 26, 197, 218, 59, 204, 56, 27, 34, 141, 221, 149, 239, 192, 195, 24, 155, 170, 183, 11, 254, 213, 37, 137, 226, 75, 203, 55, 19, 72, 248, 22, 129, 33, 175, 178, 10, 198, 71, 77, 36, 113, 167, 48, 2, 117, 140, 142, 66, 199, 232, 243, 32, 123, 54, 51, 82, 57, 177, 87, 251, 150, 196, 133, 5, 253, 130, 8, 184, 14, 152, 231, 3, 186, 159, 76, 89, 228, 205, 156, 96, 163, 146, 18, 91, 132, 85, 80, 109, 172, 176, 105, 13, 50, 235, 127, 0, 189, 95, 98, 136, 250, 200, 108, 179, 211, 214, 106, 168, 78, 79, 74, 210, 30, 73, 201, 151, 208, 114, 101, 174, 92, 52, 120, 240, 15, 169, 220, 182, 81, 224, 43, 185, 40, 99, 180, 17, 212, 158, 42, 90, 9, 191, 45, 6, 25, 4, 222, 67, 126, 1, 116, 124, 206, 69, 61, 7, 68, 97, 202, 63, 244, 20, 28, 58, 93, 134, 104, 144, 227, 147, 102, 118, 135, 148, 47, 238, 86, 112, 122, 70, 107, 215, 100, 139, 223, 225, 164, 237, 111, 125, 207, 160, 187, 246, 234, 161, 188, 193, 249, 252}
dec := []byte{151, 205, 99, 127, 201, 119, 199, 211, 122, 196, 91, 74, 12, 147, 124, 180, 21, 191, 138, 83, 217, 30, 86, 7, 70, 200, 56, 62, 218, 47, 168, 22, 107, 88, 63, 11, 95, 77, 28, 8, 188, 29, 194, 186, 38, 198, 33, 230, 98, 43, 148, 110, 177, 1, 109, 82, 61, 112, 219, 59, 0, 210, 35, 215, 50, 27, 103, 203, 212, 209, 235, 93, 84, 169, 166, 80, 130, 94, 164, 165, 142, 184, 111, 18, 2, 141, 232, 114, 6, 131, 195, 139, 176, 220, 5, 153, 135, 213, 154, 189, 238, 174, 226, 53, 222, 146, 162, 236, 158, 143, 55, 244, 233, 96, 173, 26, 206, 100, 227, 49, 178, 34, 234, 108, 207, 245, 204, 150, 44, 87, 121, 54, 140, 118, 221, 228, 155, 78, 3, 239, 101, 64, 102, 17, 223, 41, 137, 225, 229, 66, 116, 171, 125, 40, 39, 71, 134, 13, 193, 129, 247, 251, 20, 136, 242, 14, 36, 97, 163, 181, 72, 25, 144, 46, 175, 89, 145, 113, 90, 159, 190, 15, 183, 73, 123, 187, 128, 248, 252, 152, 24, 197, 68, 253, 52, 69, 117, 57, 92, 104, 157, 170, 214, 81, 60, 133, 208, 246, 172, 23, 167, 160, 192, 76, 161, 237, 45, 4, 58, 10, 182, 65, 202, 240, 185, 241, 79, 224, 132, 51, 42, 126, 105, 37, 250, 149, 32, 243, 231, 67, 179, 48, 9, 106, 216, 31, 249, 19, 85, 254, 156, 115, 255, 120, 75, 16}
tbl := GetTable("foobar!")
tbl := NewTableCipher("foobar!")
checkTable(t, tbl, enc, dec, "Error for password foobar!")
}

func TestEncrypt2(t *testing.T) {
func TestEncryptTable2(t *testing.T) {
enc := []byte{124, 30, 170, 247, 27, 127, 224, 59, 13, 22, 196, 76, 72, 154, 32, 209, 4, 2, 131, 62, 101, 51, 230, 9, 166, 11, 99, 80, 208, 112, 36, 248, 81, 102, 130, 88, 218, 38, 168, 15, 241, 228, 167, 117, 158, 41, 10, 180, 194, 50, 204, 243, 246, 251, 29, 198, 219, 210, 195, 21, 54, 91, 203, 221, 70, 57, 183, 17, 147, 49, 133, 65, 77, 55, 202, 122, 162, 169, 188, 200, 190, 125, 63, 244, 96, 31, 107, 106, 74, 143, 116, 148, 78, 46, 1, 137, 150, 110, 181, 56, 95, 139, 58, 3, 231, 66, 165, 142, 242, 43, 192, 157, 89, 175, 109, 220, 128, 0, 178, 42, 255, 20, 214, 185, 83, 160, 253, 7, 23, 92, 111, 153, 26, 226, 33, 176, 144, 18, 216, 212, 28, 151, 71, 206, 222, 182, 8, 174, 205, 201, 152, 240, 155, 108, 223, 104, 239, 98, 164, 211, 184, 34, 193, 14, 114, 187, 40, 254, 12, 67, 93, 217, 6, 94, 16, 19, 82, 86, 245, 24, 197, 134, 132, 138, 229, 121, 5, 235, 238, 85, 47, 103, 113, 179, 69, 250, 45, 135, 156, 25, 61, 75, 44, 146, 189, 84, 207, 172, 119, 53, 123, 186, 120, 171, 68, 227, 145, 136, 100, 90, 48, 79, 159, 149, 39, 213, 236, 126, 52, 60, 225, 199, 105, 73, 233, 252, 118, 215, 35, 115, 64, 37, 97, 129, 161, 177, 87, 237, 141, 173, 191, 163, 140, 234, 232, 249}
dec := []byte{117, 94, 17, 103, 16, 186, 172, 127, 146, 23, 46, 25, 168, 8, 163, 39, 174, 67, 137, 175, 121, 59, 9, 128, 179, 199, 132, 4, 140, 54, 1, 85, 14, 134, 161, 238, 30, 241, 37, 224, 166, 45, 119, 109, 202, 196, 93, 190, 220, 69, 49, 21, 228, 209, 60, 73, 99, 65, 102, 7, 229, 200, 19, 82, 240, 71, 105, 169, 214, 194, 64, 142, 12, 233, 88, 201, 11, 72, 92, 221, 27, 32, 176, 124, 205, 189, 177, 246, 35, 112, 219, 61, 129, 170, 173, 100, 84, 242, 157, 26, 218, 20, 33, 191, 155, 232, 87, 86, 153, 114, 97, 130, 29, 192, 164, 239, 90, 43, 236, 208, 212, 185, 75, 210, 0, 81, 227, 5, 116, 243, 34, 18, 182, 70, 181, 197, 217, 95, 183, 101, 252, 248, 107, 89, 136, 216, 203, 68, 91, 223, 96, 141, 150, 131, 13, 152, 198, 111, 44, 222, 125, 244, 76, 251, 158, 106, 24, 42, 38, 77, 2, 213, 207, 249, 147, 113, 135, 245, 118, 193, 47, 98, 145, 66, 160, 123, 211, 165, 78, 204, 80, 250, 110, 162, 48, 58, 10, 180, 55, 231, 79, 149, 74, 62, 50, 148, 143, 206, 28, 15, 57, 159, 139, 225, 122, 237, 138, 171, 36, 56, 115, 63, 144, 154, 6, 230, 133, 215, 41, 184, 22, 104, 254, 234, 253, 187, 226, 247, 188, 156, 151, 40, 108, 51, 83, 178, 52, 3, 31, 255, 195, 53, 235, 126, 167, 120}
tbl := GetTable("barfoo!")
tbl := NewTableCipher("barfoo!")
checkTable(t, tbl, enc, dec, "Error for password barfoo!")
}

const text = "Don't tell me the moon is shining; show me the glint of light on broken glass."

func testCiphter(t *testing.T, msg string) {
c := NewCipher("OpenSesame")
n := len(text)
cipherBuf := make([]byte, n, n)
originTxt := make([]byte, n, n)

c.Encrypt(cipherBuf, []byte(text))
c.Decrypt(originTxt, cipherBuf)

if string(originTxt) != text {
t.Error(msg, "encrypt then decrytp does not get original text")
}
}

func TestTableCipher(t *testing.T) {
SetDefaultCipher("")
testCiphter(t, "TableCipher")
}

0 comments on commit e685305

Please sign in to comment.