shadowsocks 0.3 → 0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 210530027df71869738df356d97c6d3155592ab9
-  data.tar.gz: 8a45ea79d7cfe255af4f1926dd26eb9b7c4f3328
+  metadata.gz: 1e13759da84263a5a81769afcb8e2d99b511766b
+  data.tar.gz: 9f0049ec6920bc351fc0c04017f22dbfd2cf8104
 SHA512:
-  metadata.gz: 78fe95f2a08447581d78d6b2f6e31cf5ef9ca60fd5d27e722949b0f3a50070166cf6ac316a092e4c21f655168a2168e091c5b9ba365e807afa19b12ee99a8ce7
-  data.tar.gz: 73b565053f9dbee59d094485e68797e0e740475e4ccd56739f8df62f15b12f7c096e484b6b33aa11ae11e0709762f31f03a73980d6b15240c2172b732e80800c
+  metadata.gz: 44a5fb86332bcbdadc27978a6dcebc2f8f215b8cb7daed472d4b84763d63dfdf1b2740136490bda9fa2c5be6385cf1f1c3c736c187d820eb620869b139e44606
+  data.tar.gz: 9d8ae8792552c49c434b2ee6abf4ca323e81e09c4d6bae01464a0afcb28dd254f5be834915d4695cba575350d6d3d0cb961bb4e3cd3cb6eec699ee5bddd1b0f8

data/README.md

@@ -3,7 +3,7 @@ shadowsocks-ruby
 
 [![Code Climate](https://codeclimate.com/repos/524baea6c7f3a37df208dd4c/badges/9dd6c11b6a17c3a55631/gpa.png)](https://codeclimate.com/repos/524baea6c7f3a37df208dd4c/feed)
 
-Current version: 0.2
+Current version: 0.4
 
 shadowsocks-ruby is a lightweight tunnel proxy which can help you get through firewalls. It is a port of [shadowsocks](https://github.com/clowwindy/shadowsocks).
 
@@ -26,7 +26,8 @@ Create a file named `config.json`, with the following content.
         "server_port":8388,
         "local_port":1080,
         "password":"barfoo!",
-        "timeout":600
+        "timeout":60,
+        "method":"aes-256-cfb"
     }
 
 Explanation of the fields:
@@ -36,6 +37,7 @@ Explanation of the fields:
     local_port      local port
     password        a password used to encrypt transfer
     timeout         in seconds
+    method          encryption method, "bf-cfb", "aes-256-cfb", "des-cfb", "rc4", etc. Default is aes-256-cfb
     
 `cd` into the directory of `config.json`. Run `ss-server` on your server. To run it in the background, run
 `nohup ss-server -c ./config.json > log &`.

data/config.json

@@ -3,5 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
-    "timeout":60
+    "timeout":60,
+    "method":"aes-256-cfb"
 }

data/lib/shadowsocks.rb

@@ -1,6 +1,7 @@
 require 'eventmachine'
 
 module Shadowsocks
+  autoload :Crypto,   'shadowsocks/crypto'
   autoload :Connection, 'shadowsocks/connection'
   autoload :Server,     'shadowsocks/server'
   autoload :Local,      'shadowsocks/local'

data/lib/shadowsocks/cli.rb

@@ -7,12 +7,24 @@ module Shadowsocks
   class Cli
     include ::Shadowsocks::Table
 
-    attr_accessor :side, :args, :config, :table
+    attr_accessor :side, :args, :config
 
     def initialize(options)
       @side   = options[:side]
       @config = options[:config]
-      @table  = get_table(config.password)
+
+      @method_options = {
+        method:   config.method,
+        password: config.password
+      }
+
+      if @config.method == 'table'
+        table = get_table(config.password)
+        @method_options.merge!(
+          encrypt_table: table[:encrypt],
+          decrypt_table: table[:decrypt]
+        )
+      end
     end
 
     def run
@@ -43,7 +55,7 @@ module Shadowsocks
 
     def initialize_connection connection
       connection.config                  = @config
-      connection.table                   = @table
+      connection.crypto                  = Shadowsocks::Crypto.new @method_options
       connection.pending_connect_timeout = @config.timeout
     end
 

data/lib/shadowsocks/config.rb

@@ -2,7 +2,7 @@ require 'json'
 
 module Shadowsocks
   class Config
-    attr_reader :args, :server, :server_port, :local_port, :password, :timeout, :config_path
+    attr_reader :args, :server, :server_port, :local_port, :password, :timeout, :method, :config_path
 
     def initialize(_args)
       @args = _args || []
@@ -22,6 +22,7 @@ module Shadowsocks
       @server_port  = json["server_port"].to_i if @server_port.nil?
       @local_port   = json["local_port"].to_i  if @local_port.nil?
       @timeout      = json["timeout"].to_i     if @timeout.nil?
+      @method       = json["method"]           if @method.nil?
     end
 
     private
@@ -37,7 +38,8 @@ module Shadowsocks
         opts.on("-k", "--password PASSWORD", "Password, should be same in client and server sides")  { |c| @password    = c }
         opts.on("-c", "--config PATH", "config.json path")                                           { |c| @config_path = c }
         opts.on("-p", "--port PORT", Integer, "Remote server port")                                  { |c| @server_port = c }
-        opts.on("-l", "--local_port PORT", Integer,"Local client port")                              { |c| @local_port  = c }
+        opts.on("-l", "--local_port PORT", Integer, "Local client port")                             { |c| @local_port  = c }
+        opts.on("-m", "--method METHOD", Integer, "Encryption method")                               { |c| @method      = c }
         opts.on("-t", "--timeout NUMBER", Integer, "connection timeout")                             { |c| @timeout     = c }
 
         opts.on_tail("-v", "--version", "Show shadowsocks gem version")                              { puts Shadowsocks::VERSION; exit }

data/lib/shadowsocks/connection.rb

@@ -2,8 +2,18 @@ module Shadowsocks
   class Connection < EventMachine::Connection
     BackpressureLevel = 2097152 # 2m
 
+    attr_accessor :crypto
+
     private
 
+    def encrypt(buf)
+      crypto.encrypt(buf)
+    end
+
+    def decrypt(buf)
+      crypto.decrypt(buf)
+    end
+
     def over_pressure?
       remote.get_outbound_data_size > BackpressureLevel
     end

data/lib/shadowsocks/crypto.rb

@@ -0,0 +1,133 @@
+require 'securerandom'
+require 'openssl'
+require 'digest/md5'
+
+module Shadowsocks
+  class Crypto
+    include ::Shadowsocks::Table
+
+    attr_accessor :encrypt_table, :decrypt_table, :password, :method,
+                  :cipher, :bytes_to_key_results, :iv_sent
+
+    def method_supported
+      case method
+      when 'aes-128-cfb'      then [16, 16]
+      when 'aes-192-cfb'      then [24, 16]
+      when 'aes-256-cfb'      then [32, 16]
+      when 'bf-cfb'           then [16, 8 ]
+      when 'camellia-128-cfb' then [16, 16]
+      when 'camellia-192-cfb' then [24, 16]
+      when 'camellia-256-cfb' then [32, 16]
+      when 'cast5-cfb'        then [16, 8 ]
+      when 'des-cfb'          then [8,  8 ]
+      when 'idea-cfb'         then [16, 8 ]
+      when 'rc2-cfb'          then [16, 8 ]
+      when 'rc4'              then [16, 0 ]
+      when 'seed-cfb'         then [16, 16]
+      end
+    end
+    alias_method :get_cipher_len, :method_supported
+
+    def initialize(options = {})
+      @password = options[:password]
+      @method   = options[:method].downcase
+      @iv_sent  = false
+      if method == 'table'
+        @encrypt_table = options[:encrypt_table]
+        @decrypt_table = options[:decrypt_table]
+      else
+        if method_supported.nil?
+          raise "Encrypt method not support"
+        end
+      end
+
+      if method != 'table'
+        @cipher = get_cipher(1, SecureRandom.hex(32))
+      end
+    end
+
+    def encrypt buf
+      return buf if buf.length == 0
+      if method == 'table'
+        translate @encrypt_table, buf
+      else
+        if iv_sent
+          @cipher.update(buf)
+        else
+          @iv_sent = true
+          @cipher_iv + @cipher.update(buf)
+        end
+      end
+    end
+
+    def decrypt buf
+      return buf if buf.length == 0
+      if method == 'table'
+        translate @decrypt_table, buf
+      else
+        if @decipher.nil?
+          decipher_iv_len = get_cipher_len[1]
+          decipher_iv     = buf[0..decipher_iv_len ]
+          @iv             = decipher_iv
+          @decipher       = get_cipher(0, @iv)
+          buf             = buf[decipher_iv_len..-1]
+          return buf if buf.length == 0
+        end
+        @decipher.update(buf)
+      end
+    end
+
+    private
+
+    def iv_len
+      @cipher_iv.length
+    end
+
+    def get_cipher(op, iv)
+      m = get_cipher_len
+      unless m.nil?
+        key, _iv   = EVP_BytesToKey(m[0], m[1])
+
+        iv         = _iv[0..m[1] - 1]
+        @iv        = iv unless @iv
+        @cipher_iv = iv if op == 1
+
+        cipher = OpenSSL::Cipher.new method
+
+        op == 1 ? cipher.encrypt : cipher.decrypt
+
+        cipher.key = key
+        cipher.iv  = @iv
+        cipher
+      end
+    end
+
+    def EVP_BytesToKey key_len, iv_len
+      if bytes_to_key_results
+        return bytes_to_key_results
+      end
+
+      m = []
+      i = 0
+
+      len = key_len + iv_len
+
+      code = password.unpack('H*').first
+
+      while m.join.length < len do
+        data = if i > 0
+                 m[i - 1] + password
+               else
+                 password
+               end
+        m.push Digest::MD5.digest data
+        i += 1
+      end
+      ms  = m.join
+      key = ms[0, key_len]
+      iv  = ms[key_len, key_len + iv_len]
+      bytes_to_key_results = [key, iv]
+      bytes_to_key_results
+    end
+  end
+end

data/lib/shadowsocks/listener.rb

@@ -1,9 +1,7 @@
 module Shadowsocks
   class Listener < ::Shadowsocks::Connection
-    include ::Shadowsocks::Table
-
     attr_accessor :stage, :remote_addr, :remote_port, :addr_to_send, :cached_pieces,
-                  :header_length, :connector, :config, :table
+                  :header_length, :connector, :config
 
     def receive_data data
       data_handler data

data/lib/shadowsocks/local.rb

@@ -5,15 +5,15 @@ module Shadowsocks
         p "connecting #{server.remote_addr[3..-1]} via #{server.config.server}"
         addr_to_send = server.addr_to_send.clone
 
-        send_data encrypt(table[:encrypt_table], addr_to_send)
-        server.cached_pieces.each { |piece| send_data encrypt(table[:encrypt_table], piece) }
+        send_data encrypt(addr_to_send)
+        server.cached_pieces.each { |piece| send_data encrypt(piece) }
         server.cached_pieces = []
 
         server.stage = 5
       end
 
       def receive_data data
-        server.send_data encrypt(table[:decrypt_table], data)
+        server.send_data decrypt(data)
         outbound_checker
       end
     end
@@ -31,7 +31,7 @@ module Shadowsocks
         when 4
           cached_pieces.push data
         when 5
-          connector.send_data(encrypt(table[:encrypt_table], data)) and return
+          connector.send_data(encrypt(data)) and return
         end
       end
 
@@ -49,7 +49,7 @@ module Shadowsocks
           send_data "\x05\x00\x00\x01\x00\x00\x00\x00" + [config.server_port].pack('s>')
 
           @stage = 4
-          @connector = EventMachine.connect config.server, config.server_port, ServerConnector, self, @table
+          @connector = EventMachine.connect config.server, config.server_port, ServerConnector, self, crypto
 
           if data.size > header_length
             cached_pieces.push data[header_length, data.size]

data/lib/shadowsocks/server.rb

@@ -11,7 +11,7 @@ module Shadowsocks
       end
 
       def receive_data data
-        server.send_data encrypt(table[:encrypt_table], data)
+        server.send_data encrypt(data)
         outbound_checker
       end
     end
@@ -20,7 +20,7 @@ module Shadowsocks
       private
 
       def data_handler data
-        data = encrypt table[:decrypt_table], data
+        data = decrypt data
         case stage
         when 0
           fireup_tunnel data
@@ -41,7 +41,7 @@ module Shadowsocks
             cached_pieces.push data[header_length, data.size]
           end
 
-          @connector = EventMachine.connect @remote_addr, @remote_port, RequestConnector, self, table
+          @connector = EventMachine.connect @remote_addr, @remote_port, RequestConnector, self, crypto
         rescue Exception => e
           warn e
           connection_cleanup

data/lib/shadowsocks/table.rb

@@ -45,10 +45,10 @@ module Shadowsocks
         decrypt_table[table[i]] = i
         i += 1
       end
-      { encrypt_table: table, decrypt_table: decrypt_table }
+      { encrypt: table, decrypt: decrypt_table }
     end
 
-    def encrypt (table, buf)
+    def translate(table, buf)
       table_ptr = FFI::MemoryPointer.new(:int, table.length)
       table_ptr.put_array_of_int32(0, table)
 

data/lib/shadowsocks/tunnel.rb

@@ -1,10 +1,10 @@
 module Shadowsocks
   class Tunnel < ::Shadowsocks::Connection
-    attr_accessor :server, :table
+    attr_accessor :server
 
-    def initialize server, table
+    def initialize server, crypto
       @server = server
-      @table  = table
+      @crypto = crypto
       super
     end
 
@@ -15,9 +15,5 @@ module Shadowsocks
     def remote
       server
     end
-
-    def encrypt table, data
-      server.encrypt table, data
-    end
   end
 end

data/lib/shadowsocks/version.rb

@@ -1,3 +1,3 @@
 module Shadowsocks
-  VERSION = '0.3'
+  VERSION = '0.4'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shadowsocks
 version: !ruby/object:Gem::Version
-  version: '0.3'
+  version: '0.4'
 platform: ruby
 authors:
 - Sen
@@ -118,6 +118,7 @@ files:
 - lib/shadowsocks/cli.rb
 - lib/shadowsocks/config.rb
 - lib/shadowsocks/connection.rb
+- lib/shadowsocks/crypto.rb
 - lib/shadowsocks/listener.rb
 - lib/shadowsocks/local.rb
 - lib/shadowsocks/server.rb