New Cipher interface to abstract encrypt/decrypt.

dearplain · Jan 16, 2013 · e685305 · e685305
1 parent 2e59ddc
commit e685305
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 68 deletions.
diff --git a/cmd/shadowsocks-httpget/httpget.go b/cmd/shadowsocks-httpget/httpget.go
@@ -48,15 +48,15 @@ func doOneRequest(client *http.Client, uri string, buf []byte) (err error) {
 	return
 }
 
-func get(connid int, uri, serverAddr string, rawAddr []byte, enctbl *ss.EncryptTable, done chan []time.Duration) {
+func get(connid int, uri, serverAddr string, rawAddr []byte, cipher ss.Cipher, done chan []time.Duration) {
 	reqDone := 0
 	reqTime := make([]time.Duration, config.nreq, config.nreq)
 	defer func() {
 		done <- reqTime[:reqDone]
 	}()
 	tr := &http.Transport{
 		Dial: func(_, _ string) (net.Conn, error) {
-			return ss.DialWithRawAddr(rawAddr, serverAddr, enctbl)
+			return ss.DialWithRawAddr(rawAddr, serverAddr, cipher)
 		},
 	}
 
@@ -98,7 +98,7 @@ func main() {
 		uri = "http://" + uri
 	}
 
-	enctbl := ss.GetTable(config.passwd)
+	enctbl := ss.NewCipher(config.passwd)
 	serverAddr := net.JoinHostPort(config.server, strconv.Itoa(config.port))
 
 	parsedURL, err := url.Parse(uri)

diff --git a/cmd/shadowsocks-local/local.go b/cmd/shadowsocks-local/local.go
@@ -138,72 +138,72 @@ func getRequest(conn net.Conn) (rawaddr []byte, host string, err error) {
 	return
 }
 
-type ServerEnctbl struct {
+type ServerCipher struct {
 	server string
-	enctbl *ss.EncryptTable
+	cipher ss.Cipher
 }
 
 var servers struct {
-	srvenc []*ServerEnctbl
-	idx    uint8
+	srvCipher []*ServerCipher
+	idx       uint8
 }
 
 func initServers(config *ss.Config) {
 	if len(config.ServerPassword) == 0 {
 		// only one encryption table
-		enctbl := ss.GetTable(config.Password)
+		cipher := ss.NewCipher(config.Password)
 		srvPort := strconv.Itoa(config.ServerPort)
 		srvArr := config.GetServerArray()
 		n := len(srvArr)
-		servers.srvenc = make([]*ServerEnctbl, n, n)
+		servers.srvCipher = make([]*ServerCipher, n, n)
 
 		for i, s := range srvArr {
 			if ss.HasPort(s) {
 				log.Println("ignore server_port option for server", s)
-				servers.srvenc[i] = &ServerEnctbl{s, enctbl}
+				servers.srvCipher[i] = &ServerCipher{s, cipher}
 			} else {
-				servers.srvenc[i] = &ServerEnctbl{s + ":" + srvPort, enctbl}
+				servers.srvCipher[i] = &ServerCipher{s + ":" + srvPort, cipher}
 			}
 		}
 	} else {
 		n := len(config.ServerPassword)
-		servers.srvenc = make([]*ServerEnctbl, n, n)
+		servers.srvCipher = make([]*ServerCipher, n, n)
 
-		tblCache := make(map[string]*ss.EncryptTable)
+		cipherCache := make(map[string]ss.Cipher)
 		i := 0
 		for s, passwd := range config.ServerPassword {
 			if !ss.HasPort(s) {
 				log.Fatal("no port for server %s, please specify port in the form of %s:port", s, s)
 			}
-			tbl, ok := tblCache[passwd]
+			cipher, ok := cipherCache[passwd]
 			if !ok {
-				tbl = ss.GetTable(passwd)
-				tblCache[passwd] = tbl
+				cipher = ss.NewCipher(passwd)
+				cipherCache[passwd] = cipher
 			}
-			servers.srvenc[i] = &ServerEnctbl{s, tbl}
+			servers.srvCipher[i] = &ServerCipher{s, cipher}
 			i++
 		}
 	}
-	for _, se := range servers.srvenc {
+	for _, se := range servers.srvCipher {
 		log.Println("available remote server", se.server)
 	}
 	return
 }
 
 // select one server to connect in round robin order
 func createServerConn(rawaddr []byte, addr string) (remote *ss.Conn, err error) {
-	n := len(servers.srvenc)
+	n := len(servers.srvCipher)
 	if n == 1 {
-		se := servers.srvenc[0]
+		se := servers.srvCipher[0]
 		debug.Printf("connecting to %s via %s\n", addr, se.server)
-		return ss.DialWithRawAddr(rawaddr, se.server, se.enctbl)
+		return ss.DialWithRawAddr(rawaddr, se.server, se.cipher)
 	}
 
 	id := servers.idx
 	servers.idx++ // it's ok for concurrent update
 	for i := 0; i < n; i++ {
-		se := servers.srvenc[(int(id)+i)%n]
-		remote, err = ss.DialWithRawAddr(rawaddr, se.server, se.enctbl)
+		se := servers.srvCipher[(int(id)+i)%n]
+		remote, err = ss.DialWithRawAddr(rawaddr, se.server, se.cipher)
 		if err == nil {
 			debug.Printf("connected to %s via %s\n", addr, se.server)
 			return
@@ -241,7 +241,7 @@ func handleConnection(conn net.Conn) {
 
 	remote, err := createServerConn(rawaddr, addr)
 	if err != nil {
-		if len(servers.srvenc) > 1 {
+		if len(servers.srvCipher) > 1 {
 			log.Println("Failed connect to all avaiable shadowsocks server")
 		}
 		return

diff --git a/cmd/shadowsocks-server/server.go b/cmd/shadowsocks-server/server.go
@@ -145,16 +145,6 @@ func handleConnection(conn *ss.Conn) {
 	return
 }
 
-func getTable(password string) (tbl *ss.EncryptTable) {
-	// I'm not using a map to cache ciphers with same password because map
-	// needs lock to protect concurrent access. Memory is not an issue
-	// because each cipher takes only a few more than 512 bytes.
-	// Besides, many same passwords for different users should be rare, and
-	// using cipher cache adds complexity with not much benefit.
-	tbl = ss.GetTable(password)
-	return
-}
-
 type PortListener struct {
 	password string
 	listener net.Listener
@@ -189,6 +179,10 @@ func (pm *PasswdManager) del(port string) {
 	pm.Unlock()
 }
 
+// Update port password would first close a port and restart listening on that
+// port. A different approach would be directly change the password used by
+// that port, but that requires **sharing** password between the port listener
+// and password manager.
 func (pm *PasswdManager) updatePortPasswd(port, password string) {
 	pl, ok := pm.get(port)
 	if !ok {
@@ -255,7 +249,7 @@ func run(port, password string) {
 		return
 	}
 	passwdManager.add(port, password, ln)
-	var encTbl *ss.EncryptTable
+	var cipher ss.Cipher
 	log.Printf("server listening port %v ...\n", port)
 	for {
 		conn, err := ln.Accept()
@@ -265,11 +259,11 @@ func run(port, password string) {
 			return
 		}
 		// Creating cipher upon first connection.
-		if encTbl == nil {
+		if cipher == nil {
 			debug.Println("creating cipher for port:", port)
-			encTbl = getTable(password)
+			cipher = ss.NewCipher(password)
 		}
-		go handleConnection(ss.NewConn(conn, encTbl))
+		go handleConnection(ss.NewConn(conn, cipher))
 	}
 }
 

diff --git a/shadowsocks/conn.go b/shadowsocks/conn.go
@@ -1,8 +1,8 @@
 package shadowsocks
 
 import (
-	"errors"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"net"
 	"strconv"
@@ -11,11 +11,11 @@ import (
 
 type Conn struct {
 	net.Conn
-	*EncryptTable
+	Cipher
 }
 
-func NewConn(cn net.Conn, encTbl *EncryptTable) *Conn {
-	return &Conn{cn, encTbl}
+func NewConn(cn net.Conn, cipher Cipher) *Conn {
+	return &Conn{cn, cipher}
 }
 
 func RawAddr(addr string) (buf []byte, err error) {
@@ -44,12 +44,12 @@ func RawAddr(addr string) (buf []byte, err error) {
 // This is intended for use by users implementing a local socks proxy.
 // rawaddr shoud contain part of the data in socks request, starting from the
 // ATYP field. (Refer to rfc1928 for more information.)
-func DialWithRawAddr(rawaddr []byte, server string, encTbl *EncryptTable) (c *Conn, err error) {
+func DialWithRawAddr(rawaddr []byte, server string, cipher Cipher) (c *Conn, err error) {
 	conn, err := net.Dial("tcp", server)
 	if err != nil {
 		return
 	}
-	c = NewConn(conn, encTbl)
+	c = NewConn(conn, cipher)
 	if _, err = c.Write(rawaddr); err != nil {
 		c.Close()
 		return nil, err
@@ -58,25 +58,26 @@ func DialWithRawAddr(rawaddr []byte, server string, encTbl *EncryptTable) (c *Co
 }
 
 // addr should be in the form of host:port
-func Dial(addr, server string, encTbl *EncryptTable) (c *Conn, err error) {
+func Dial(addr, server string, cipher Cipher) (c *Conn, err error) {
 	ra, err := RawAddr(addr)
 	if err != nil {
 		return
 	}
-	return DialWithRawAddr(ra, server, encTbl)
+	return DialWithRawAddr(ra, server, cipher)
 }
 
 func (c Conn) Read(b []byte) (n int, err error) {
-	buf := make([]byte, len(b), len(b))
-	n, err = c.Conn.Read(buf)
+	cipherData := make([]byte, len(b), len(b))
+	n, err = c.Conn.Read(cipherData)
 	if n > 0 {
-		encrypt2(c.decTbl, buf[0:n], b[0:n])
+		c.Decrypt(b[0:n], cipherData[0:n])
 	}
 	return
 }
 
 func (c Conn) Write(b []byte) (n int, err error) {
-	buf := encrypt(c.encTbl, b)
-	n, err = c.Conn.Write(buf)
+	cipherData := make([]byte, len(b), len(b))
+	c.Encrypt(cipherData, b)
+	n, err = c.Conn.Write(cipherData)
 	return
 }
diff --git a/shadowsocks/encrypt.go b/shadowsocks/encrypt.go
@@ -4,17 +4,24 @@ import (
 	"bytes"
 	"crypto/md5"
 	"encoding/binary"
+	"errors"
 	"io"
 )
 
-type EncryptTable struct {
+type Cipher interface {
+	// dst should have at least the same length as src
+	Encrypt(dst, src []byte)
+	Decrypt(dst, src []byte)
+}
+
+type TableCipher struct {
 	encTbl []byte
 	decTbl []byte
 }
 
-func GetTable(key string) (tbl *EncryptTable) {
+func NewTableCipher(key string) (tbl *TableCipher) {
 	const tbl_size = 256
-	tbl = &EncryptTable{
+	tbl = &TableCipher{
 		make([]byte, tbl_size, tbl_size),
 		make([]byte, tbl_size, tbl_size),
 	}
@@ -46,14 +53,26 @@ func GetTable(key string) (tbl *EncryptTable) {
 	return
 }
 
-func encrypt2(table []byte, buf, result []byte) {
-	for i := 0; i < len(buf); i++ {
-		result[i] = table[buf[i]]
+func (c *TableCipher) Encrypt(dst, src []byte) {
+	for i := 0; i < len(src); i++ {
+		dst[i] = c.encTbl[src[i]]
 	}
 }
 
-func encrypt(table []byte, buf []byte) []byte {
-	var result = make([]byte, len(buf), len(buf))
-	encrypt2(table, buf, result)
-	return result
+func (c *TableCipher) Decrypt(dst, src []byte) {
+	for i := 0; i < len(src); i++ {
+		dst[i] = c.decTbl[src[i]]
+	}
+}
+
+// Function to get default cipher
+var NewCipher = NewTableCipher
+
+// Set default cipher. Empty string of cipher name uses the simple table
+// cipher.
+func SetDefaultCipher(cipherName string) (err error) {
+	if cipherName == "" {
+		return
+	}
+	return errors.New("cipher " + cipherName + " not supported")
 }
diff --git a/shadowsocks/encrypt_test.go b/shadowsocks/encrypt_test.go
@@ -4,9 +4,8 @@ import (
 	"testing"
 )
 
-const tbl_size = 256
-
-func checkTable(t *testing.T, tbl *EncryptTable, encTarget, decTarget []byte, msg string) {
+func checkTable(t *testing.T, tbl *TableCipher, encTarget, decTarget []byte, msg string) {
+	const tbl_size = 256
 	for i := 0; i < tbl_size; i++ {
 		if encTarget[i] != tbl.encTbl[i] {
 			t.Fatalf("%s: encrypt table error at index %d\n", msg, i)
@@ -17,16 +16,37 @@ func checkTable(t *testing.T, tbl *EncryptTable, encTarget, decTarget []byte, ms
 	}
 }
 
-func TestEncrypt1(t *testing.T) {
+func TestEncrypTable1(t *testing.T) {
 	enc := []byte{60, 53, 84, 138, 217, 94, 88, 23, 39, 242, 219, 35, 12, 157, 165, 181, 255, 143, 83, 247, 162, 16, 31, 209, 190, 171, 115, 65, 38, 41, 21, 245, 236, 46, 121, 62, 166, 233, 44, 154, 153, 145, 230, 49, 128, 216, 173, 29, 241, 119, 64, 229, 194, 103, 131, 110, 26, 197, 218, 59, 204, 56, 27, 34, 141, 221, 149, 239, 192, 195, 24, 155, 170, 183, 11, 254, 213, 37, 137, 226, 75, 203, 55, 19, 72, 248, 22, 129, 33, 175, 178, 10, 198, 71, 77, 36, 113, 167, 48, 2, 117, 140, 142, 66, 199, 232, 243, 32, 123, 54, 51, 82, 57, 177, 87, 251, 150, 196, 133, 5, 253, 130, 8, 184, 14, 152, 231, 3, 186, 159, 76, 89, 228, 205, 156, 96, 163, 146, 18, 91, 132, 85, 80, 109, 172, 176, 105, 13, 50, 235, 127, 0, 189, 95, 98, 136, 250, 200, 108, 179, 211, 214, 106, 168, 78, 79, 74, 210, 30, 73, 201, 151, 208, 114, 101, 174, 92, 52, 120, 240, 15, 169, 220, 182, 81, 224, 43, 185, 40, 99, 180, 17, 212, 158, 42, 90, 9, 191, 45, 6, 25, 4, 222, 67, 126, 1, 116, 124, 206, 69, 61, 7, 68, 97, 202, 63, 244, 20, 28, 58, 93, 134, 104, 144, 227, 147, 102, 118, 135, 148, 47, 238, 86, 112, 122, 70, 107, 215, 100, 139, 223, 225, 164, 237, 111, 125, 207, 160, 187, 246, 234, 161, 188, 193, 249, 252}
 	dec := []byte{151, 205, 99, 127, 201, 119, 199, 211, 122, 196, 91, 74, 12, 147, 124, 180, 21, 191, 138, 83, 217, 30, 86, 7, 70, 200, 56, 62, 218, 47, 168, 22, 107, 88, 63, 11, 95, 77, 28, 8, 188, 29, 194, 186, 38, 198, 33, 230, 98, 43, 148, 110, 177, 1, 109, 82, 61, 112, 219, 59, 0, 210, 35, 215, 50, 27, 103, 203, 212, 209, 235, 93, 84, 169, 166, 80, 130, 94, 164, 165, 142, 184, 111, 18, 2, 141, 232, 114, 6, 131, 195, 139, 176, 220, 5, 153, 135, 213, 154, 189, 238, 174, 226, 53, 222, 146, 162, 236, 158, 143, 55, 244, 233, 96, 173, 26, 206, 100, 227, 49, 178, 34, 234, 108, 207, 245, 204, 150, 44, 87, 121, 54, 140, 118, 221, 228, 155, 78, 3, 239, 101, 64, 102, 17, 223, 41, 137, 225, 229, 66, 116, 171, 125, 40, 39, 71, 134, 13, 193, 129, 247, 251, 20, 136, 242, 14, 36, 97, 163, 181, 72, 25, 144, 46, 175, 89, 145, 113, 90, 159, 190, 15, 183, 73, 123, 187, 128, 248, 252, 152, 24, 197, 68, 253, 52, 69, 117, 57, 92, 104, 157, 170, 214, 81, 60, 133, 208, 246, 172, 23, 167, 160, 192, 76, 161, 237, 45, 4, 58, 10, 182, 65, 202, 240, 185, 241, 79, 224, 132, 51, 42, 126, 105, 37, 250, 149, 32, 243, 231, 67, 179, 48, 9, 106, 216, 31, 249, 19, 85, 254, 156, 115, 255, 120, 75, 16}
-	tbl := GetTable("foobar!")
+	tbl := NewTableCipher("foobar!")
 	checkTable(t, tbl, enc, dec, "Error for password foobar!")
 }
 
-func TestEncrypt2(t *testing.T) {
+func TestEncryptTable2(t *testing.T) {
 	enc := []byte{124, 30, 170, 247, 27, 127, 224, 59, 13, 22, 196, 76, 72, 154, 32, 209, 4, 2, 131, 62, 101, 51, 230, 9, 166, 11, 99, 80, 208, 112, 36, 248, 81, 102, 130, 88, 218, 38, 168, 15, 241, 228, 167, 117, 158, 41, 10, 180, 194, 50, 204, 243, 246, 251, 29, 198, 219, 210, 195, 21, 54, 91, 203, 221, 70, 57, 183, 17, 147, 49, 133, 65, 77, 55, 202, 122, 162, 169, 188, 200, 190, 125, 63, 244, 96, 31, 107, 106, 74, 143, 116, 148, 78, 46, 1, 137, 150, 110, 181, 56, 95, 139, 58, 3, 231, 66, 165, 142, 242, 43, 192, 157, 89, 175, 109, 220, 128, 0, 178, 42, 255, 20, 214, 185, 83, 160, 253, 7, 23, 92, 111, 153, 26, 226, 33, 176, 144, 18, 216, 212, 28, 151, 71, 206, 222, 182, 8, 174, 205, 201, 152, 240, 155, 108, 223, 104, 239, 98, 164, 211, 184, 34, 193, 14, 114, 187, 40, 254, 12, 67, 93, 217, 6, 94, 16, 19, 82, 86, 245, 24, 197, 134, 132, 138, 229, 121, 5, 235, 238, 85, 47, 103, 113, 179, 69, 250, 45, 135, 156, 25, 61, 75, 44, 146, 189, 84, 207, 172, 119, 53, 123, 186, 120, 171, 68, 227, 145, 136, 100, 90, 48, 79, 159, 149, 39, 213, 236, 126, 52, 60, 225, 199, 105, 73, 233, 252, 118, 215, 35, 115, 64, 37, 97, 129, 161, 177, 87, 237, 141, 173, 191, 163, 140, 234, 232, 249}
 	dec := []byte{117, 94, 17, 103, 16, 186, 172, 127, 146, 23, 46, 25, 168, 8, 163, 39, 174, 67, 137, 175, 121, 59, 9, 128, 179, 199, 132, 4, 140, 54, 1, 85, 14, 134, 161, 238, 30, 241, 37, 224, 166, 45, 119, 109, 202, 196, 93, 190, 220, 69, 49, 21, 228, 209, 60, 73, 99, 65, 102, 7, 229, 200, 19, 82, 240, 71, 105, 169, 214, 194, 64, 142, 12, 233, 88, 201, 11, 72, 92, 221, 27, 32, 176, 124, 205, 189, 177, 246, 35, 112, 219, 61, 129, 170, 173, 100, 84, 242, 157, 26, 218, 20, 33, 191, 155, 232, 87, 86, 153, 114, 97, 130, 29, 192, 164, 239, 90, 43, 236, 208, 212, 185, 75, 210, 0, 81, 227, 5, 116, 243, 34, 18, 182, 70, 181, 197, 217, 95, 183, 101, 252, 248, 107, 89, 136, 216, 203, 68, 91, 223, 96, 141, 150, 131, 13, 152, 198, 111, 44, 222, 125, 244, 76, 251, 158, 106, 24, 42, 38, 77, 2, 213, 207, 249, 147, 113, 135, 245, 118, 193, 47, 98, 145, 66, 160, 123, 211, 165, 78, 204, 80, 250, 110, 162, 48, 58, 10, 180, 55, 231, 79, 149, 74, 62, 50, 148, 143, 206, 28, 15, 57, 159, 139, 225, 122, 237, 138, 171, 36, 56, 115, 63, 144, 154, 6, 230, 133, 215, 41, 184, 22, 104, 254, 234, 253, 187, 226, 247, 188, 156, 151, 40, 108, 51, 83, 178, 52, 3, 31, 255, 195, 53, 235, 126, 167, 120}
-	tbl := GetTable("barfoo!")
+	tbl := NewTableCipher("barfoo!")
 	checkTable(t, tbl, enc, dec, "Error for password barfoo!")
 }
+
+const text = "Don't tell me the moon is shining; show me the glint of light on broken glass."
+
+func testCiphter(t *testing.T, msg string) {
+	c := NewCipher("OpenSesame")
+	n := len(text)
+	cipherBuf := make([]byte, n, n)
+	originTxt := make([]byte, n, n)
+
+	c.Encrypt(cipherBuf, []byte(text))
+	c.Decrypt(originTxt, cipherBuf)
+
+	if string(originTxt) != text {
+		t.Error(msg, "encrypt then decrytp does not get original text")
+	}
+}
+
+func TestTableCipher(t *testing.T) {
+	SetDefaultCipher("")
+	testCiphter(t, "TableCipher")
+}