def clear_log(textarea):
logfile = settings.get("log_file") or os.path.join(basedir, "ss.log")
log = textarea.get("1.0", tk.END)
log = utils.to_bytes(log)
with open(logfile, "ab") as f:
f.write(log)
textarea.delete("1.0", tk.END)
def get_cipher(self, password, method, op, iv):
password = utils.to_bytes(password)
m = self._method_info
if m[0] > 0:
key, iv_ = EVP_BytesToKey(password, m[0], m[1])
else:
# key_length == 0 indicates we should use the key directly
key, iv = password, b''
iv = iv[:m[1]]
if op == 1:
# this iv is for cipher not decipher
self.cipher_iv = iv[:m[1]]
return m[2](method, key, iv, op)
def http2shadosocks(data):
"""
genearte http response and shadowsocks premble
"""
words = data.split()
if len(words) < 3:
raise HttpRequestError(400, "Bad request version")
method, path, version = words[:3]
https = True if method.upper() == "CONNECT" else False
if version[:5] != 'HTTP/':
raise HttpRequestError(400, "Bad request version (%r)" % version)
# socks5 request format
cmd = 0x01 # connect
try:
if https:
host, port = path.split(":")
else:
result = urlparse.urlsplit(path)
host = result.hostname
if not host:
logging.debug(data)
raise HttpRequestError(400, "Bad request")
port = result.port or 80
uri = result.path or "/"
if result.query:
data += (result.query + "\r\n")
except IndexError:
raise HttpRequestError(400, "Bad request")
atyp = utils.is_ip(host)
if not atyp:
atyp = struct.pack("!B", 0x03)
addr = struct.pack("!B", len(host)) + \
utils.to_bytes(host)
elif atyp == socket.AF_INET:
addr = utils.inet_pton(atyp, host)
atyp = struct.pack("!B", 0x01)
else:
addr = utils.inet_pton(atyp, host)
atyp = struct.pack("!B", 0x04)
premble = atyp + addr + struct.pack("!H", int(port))
if not https:
premble += data.replace(path, uri, 1)
addr = (utils.to_str(host), port)
http_response = "%s 200 Connection Established\r\n"\
"Proxy-Agent: myss\r\n"\
"\r\n" % version if https else ""
return http_response, premble, addr
def __init__(self, cipher_name, key, iv, op):
self._ctx = None
if not loaded:
load_openssl()
cipher_name = utils.to_bytes(cipher_name)
cipher = libcrypto.EVP_get_cipherbyname(cipher_name)
if not cipher:
cipher = load_cipher(cipher_name)
if not cipher:
raise Exception('cipher %s not found in libcrypto' % cipher_name)
key_ptr = c_char_p(key)
iv_ptr = c_char_p(iv)
self._ctx = libcrypto.EVP_CIPHER_CTX_new()
if not self._ctx:
raise Exception('can not create cipher context')
r = libcrypto.EVP_CipherInit_ex(self._ctx, cipher, None, key_ptr,
iv_ptr, c_int(op))
if not r:
self.clean()
raise Exception('can not initialize cipher context')
def parse_header(data):
if not data:
return None
addrtype = ord(data[0])
dest_addr = None
dest_port = None
header_length = 0
if addrtype == ATYP_IPV4:
if len(data) >= 7:
dest_addr = socket.inet_ntoa(data[1:5])
dest_port = struct.unpack('>H', data[5:7])[0]
header_length = 7
else:
logging.warn('header is too short')
elif addrtype == ATYP_HOST:
if len(data) > 2:
addrlen = ord(data[1])
if len(data) >= 2 + addrlen:
dest_addr = data[2:2 + addrlen]
raw_port = data[2 + addrlen:4 + addrlen]
dest_port = struct.unpack('>H', raw_port)[0]
header_length = 4 + addrlen
else:
logging.warn('header is too short')
else:
logging.warn('header is too short')
elif addrtype == ATYP_IPV6:
if len(data) >= 19:
dest_addr = socket.inet_ntop(socket.AF_INET6, data[1:17])
dest_port = struct.unpack('>H', data[17:19])[0]
header_length = 19
else:
logging.warn('header is too short')
else:
logging.warn('unsupported addrtype %d, maybe wrong password or '
'encryption method' % addrtype)
if dest_addr is None:
return None
return addrtype, utils.to_bytes(dest_addr), dest_port, header_length
def ssurl(cls, conf):
ss = "%(method)s-auth:%(password)s@%(rhost)s:%(rport)s" % conf
data = b"ss://" + base64.encodestring(utils.to_bytes(ss))
return data