Skip to content

Commit

Permalink
5.8.7 add support for py_aes_cfb
Browse files Browse the repository at this point in the history
  • Loading branch information
Michael-X-Net committed Nov 15, 2023
1 parent d4cdee2 commit 791bac3
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 25 deletions.
1 change: 1 addition & 0 deletions code/default/launcher/sys_platform.py
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ def show_systray():
sys_tray.serve_forever()

def on_quit():
global sys_tray
sys_tray.on_quit()

elif sys.platform == "ios":
Expand Down
19 changes: 11 additions & 8 deletions code/default/smart_router/local/dns_query.py
Original file line number Diff line number Diff line change
Expand Up @@ -164,16 +164,19 @@ def get_local_dns_server(self):
iplist.append(ip)

elif os.path.isfile('/etc/resolv.conf'):
with open('/etc/resolv.conf', 'rb') as fp:
iplist = re.findall(br'(?m)^nameserver\s+(\S+)', fp.read())
try:
with open('/etc/resolv.conf', 'rb') as fp:
iplist = re.findall(br'(?m)^nameserver\s+(\S+)', fp.read())

xlog.debug("DNS resolve servers:%s", iplist)
xlog.debug("DNS resolve servers:%s", iplist)

local_ips = g.local_ips
for ip in local_ips:
if ip in iplist:
xlog.warn("remove local DNS server %s from upstream", ip)
iplist.remove(ip)
local_ips = g.local_ips
for ip in local_ips:
if ip in iplist:
xlog.warn("remove local DNS server %s from upstream", ip)
iplist.remove(ip)
except Exception as e:
xlog.warn("load /etc/resolv.conf fail:%r", e)

if not iplist:
iplist = [
Expand Down
2 changes: 1 addition & 1 deletion code/default/version.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5.8.6
5.8.7
73 changes: 57 additions & 16 deletions code/default/x_tunnel/local/seley_front/rc4_wrap.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,28 @@
import time
import struct
import json
import os

import env_info
import xlog
data_path = env_info.data_path
module_data_path = os.path.join(data_path, 'x_tunnel')

logger = xlog.getLogger("seley_front", log_path=module_data_path, save_start_log=1500, save_warning_log=True)
logger.set_buffer(300)

try:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
except:
algorithms = None
from py_aes_cfb import lib as aes
logger.debug("load py_aes_cfb success")
except Exception as e:
aes = None

try:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
logger.debug("load cryptography success")
except:
logger.warn("load cryptography failed:%r", e)
algorithms = None


import utils
Expand All @@ -25,16 +42,37 @@ def __init__(self, sock, ip_str=None, sni=None, on_close=None):
self.running = True
self.h2 = False

if not algorithms:
raise socket.error('no cryptography')
if not aes and not algorithms:
raise socket.error('no cryptography 7')

algorithm = algorithms.AES(self.sni)
key = self.sni
iv = b'\x00' * 16
self.cipher = Cipher(algorithm, mode=modes.CFB(iv))
self.decryptor = self.cipher.decryptor()
self.encryptor = self.cipher.encryptor()
if aes:
self.encryptor = aes.encryptor_create(key, len(key), iv, len(iv))
self.decryptor = aes.decryptor_create(key, len(key), iv, len(iv))
else:
algorithm = algorithms.AES(key)
self.cipher = Cipher(algorithm, mode=modes.CFB(iv))
self.decryptor = self.cipher.decryptor()
self.encryptor = self.cipher.encryptor()
self.wrap()

def encode(self, input):
if aes:
out = bytes(input)
aes.encryptor_update(self.encryptor, input, len(input), out)
return out
else:
return self.encryptor.update(input)

def decode(self, input):
if aes:
out = bytes(input)
aes.decryptor_update(self.decryptor, input, len(input), out)
return out
else:
return self.decryptor.update(input)

def wrap(self):
ip, port = utils.get_ip_port(self.ip_str)
if isinstance(ip, str):
Expand All @@ -53,17 +91,17 @@ def do_handshake(self):
data = json.dumps(info)
data_len = len(data)
dat = magic + struct.pack("I", data_len) + utils.to_bytes(data)
dat = self.encryptor.update(dat)
dat = self.encode(dat)
sended = self._sock.send(dat)

res = self._sock.recv(6)
res = self.decryptor.update(res)
res = self.decode(res)
if res[0:2] != b"SE":
raise Exception("handshake failed")

data_len = struct.unpack("I", res[2:])[0]
res = self._sock.recv(data_len)
res = self.decryptor.update(res)
res = self.decode(res)
info = json.loads(res)

def is_support_h2(self):
Expand All @@ -88,6 +126,10 @@ def __del__(self):
if self._on_close:
self._on_close(self.ip_str, self.sni)

if aes:
aes.encryptor_destroy(self.encryptor)
aes.decryptor_destroy(self.decryptor)

def get_cert(self):
self.peer_cert = {
"cert": "",
Expand All @@ -101,7 +143,7 @@ def connect(self, *args, **kwargs):
return

def send(self, data, flags=0):
data = self.encryptor.update(data)
data = self.encode(data)
try:
return self._sock.send(data)
except Exception as e:
Expand All @@ -110,7 +152,7 @@ def send(self, data, flags=0):

def recv(self, bufsiz, flags=0):
data = self._sock.recv(bufsiz)
data = self.decryptor.update(data)
data = self.decode(data)
return data

def recv_into(self, buf, nbytes=None):
Expand All @@ -121,8 +163,7 @@ def recv_into(self, buf, nbytes=None):
if not data:
return None


data = self.decryptor.update(data)
data = self.decode(data)
buf[:len(data)] = data
return len(data)

Expand Down

0 comments on commit 791bac3

Please sign in to comment.