User can set use aes or gzip

This commit is contained in:
Gogs 2016-06-14 16:58:53 +08:00
parent 740fb05b21
commit ab6c5c813e
7 changed files with 173 additions and 83 deletions

View File

@ -32,7 +32,7 @@ type ProxyClient struct {
LocalIp string LocalIp string
LocalPort int64 LocalPort int64
Type string Type string
UseEncryption bool UseEncryption int
} }
func (p *ProxyClient) GetLocalConn() (c *conn.Conn, err error) { func (p *ProxyClient) GetLocalConn() (c *conn.Conn, err error) {
@ -89,11 +89,7 @@ func (p *ProxyClient) StartTunnel(serverAddr string, serverPort int64) (err erro
// l means local, r means remote // l means local, r means remote
log.Debug("Join two connections, (l[%s] r[%s]) (l[%s] r[%s])", localConn.GetLocalAddr(), localConn.GetRemoteAddr(), log.Debug("Join two connections, (l[%s] r[%s]) (l[%s] r[%s])", localConn.GetLocalAddr(), localConn.GetRemoteAddr(),
remoteConn.GetLocalAddr(), remoteConn.GetRemoteAddr()) remoteConn.GetLocalAddr(), remoteConn.GetRemoteAddr())
if p.UseEncryption { go conn.JoinMore(localConn, remoteConn, p.AuthToken, p.UseEncryption)
go conn.JoinMore(localConn, remoteConn, p.AuthToken)
} else {
go conn.Join(localConn, remoteConn)
}
return nil return nil
} }

View File

@ -122,10 +122,15 @@ func LoadConf(confFile string) (err error) {
} }
// use_encryption // use_encryption
proxyClient.UseEncryption = false proxyClient.UseEncryption = 0
useEncryptionStr, ok := section["use_encryption"] useEncryptionStr, ok := section["use_encryption"]
if ok && useEncryptionStr == "true" { if ok {
proxyClient.UseEncryption = true tmpRes, err := strconv.Atoi(useEncryptionStr)
if err != nil {
proxyClient.UseEncryption = 0
}
proxyClient.UseEncryption = tmpRes
} }
ProxyClients[proxyClient.Name] = proxyClient ProxyClients[proxyClient.Name] = proxyClient

View File

@ -24,7 +24,7 @@ type ControlReq struct {
Type int64 `json:"type"` Type int64 `json:"type"`
ProxyName string `json:"proxy_name,omitempty"` ProxyName string `json:"proxy_name,omitempty"`
AuthKey string `json:"auth_key, omitempty"` AuthKey string `json:"auth_key, omitempty"`
UseEncryption bool `json:"use_encryption, omitempty"` UseEncryption int `json:"use_encryption, omitempty"`
Timestamp int64 `json:"timestamp, omitempty"` Timestamp int64 `json:"timestamp, omitempty"`
} }

View File

@ -38,7 +38,7 @@ type ProxyServer struct {
CustomDomains []string CustomDomains []string
// configure in frpc.ini // configure in frpc.ini
UseEncryption bool UseEncryption int
Status int64 Status int64
CtlConn *conn.Conn // control connection with frpc CtlConn *conn.Conn // control connection with frpc
@ -144,11 +144,7 @@ func (p *ProxyServer) Start(c *conn.Conn) (err error) {
log.Debug("Join two connections, (l[%s] r[%s]) (l[%s] r[%s])", workConn.GetLocalAddr(), workConn.GetRemoteAddr(), log.Debug("Join two connections, (l[%s] r[%s]) (l[%s] r[%s])", workConn.GetLocalAddr(), workConn.GetRemoteAddr(),
userConn.GetLocalAddr(), userConn.GetRemoteAddr()) userConn.GetLocalAddr(), userConn.GetRemoteAddr())
if p.UseEncryption { go conn.JoinMore(userConn, workConn, p.AuthToken, p.UseEncryption)
go conn.JoinMore(userConn, workConn, p.AuthToken)
} else {
go conn.Join(userConn, workConn)
}
}() }()
} }
}(listener) }(listener)

View File

@ -16,6 +16,8 @@ package conn
import ( import (
"bufio" "bufio"
"bytes"
"encoding/binary"
"fmt" "fmt"
"io" "io"
"net" "net"
@ -192,48 +194,70 @@ func Join(c1 *Conn, c2 *Conn) {
// messages from c1 to c2 will be encrypted // messages from c1 to c2 will be encrypted
// and from c2 to c1 will be decrypted // and from c2 to c1 will be decrypted
func JoinMore(c1 *Conn, c2 *Conn, cryptKey string) { func JoinMore(c1 *Conn, c2 *Conn, cryptKey string, ptype int) {
var wait sync.WaitGroup var wait sync.WaitGroup
encryptPipe := func(from *Conn, to *Conn, key string) { encryptPipe := func(from *Conn, to *Conn, key string, ttype int) {
defer from.Close() defer from.Close()
defer to.Close() defer to.Close()
defer wait.Done() defer wait.Done()
// we don't care about errors here // we don't care about errors here
PipeEncrypt(from.TcpConn, to.TcpConn, key) PipeEncrypt(from.TcpConn, to.TcpConn, key, ttype)
} }
decryptPipe := func(to *Conn, from *Conn, key string) { decryptPipe := func(to *Conn, from *Conn, key string, ttype int) {
defer from.Close() defer from.Close()
defer to.Close() defer to.Close()
defer wait.Done() defer wait.Done()
// we don't care about errors here // we don't care about errors here
PipeDecrypt(to.TcpConn, from.TcpConn, key) PipeDecrypt(to.TcpConn, from.TcpConn, key, ttype)
} }
wait.Add(2) wait.Add(2)
go encryptPipe(c1, c2, cryptKey) go encryptPipe(c1, c2, cryptKey, ptype)
go decryptPipe(c2, c1, cryptKey)
go decryptPipe(c2, c1, cryptKey, ptype)
wait.Wait() wait.Wait()
log.Debug("One tunnel stopped") log.Debug("One tunnel stopped")
return return
} }
func unpkgMsg(data []byte) (int, []byte, []byte) {
if len(data) < 4 {
return -1, nil, nil
}
llen := int(binary.BigEndian.Uint32(data[0:4]))
// no complete
if len(data) < llen+4 {
return -1, nil, nil
}
return 0, data[4 : llen+4], data[llen+4:]
}
// decrypt msg from reader, then write into writer // decrypt msg from reader, then write into writer
func PipeDecrypt(r net.Conn, w net.Conn, key string) error { func PipeDecrypt(r net.Conn, w net.Conn, key string, ptype int) error {
laes := new(pcrypto.Pcrypto) laes := new(pcrypto.Pcrypto)
if err := laes.Init([]byte(key)); err != nil { if err := laes.Init([]byte(key), ptype); err != nil {
log.Error("Pcrypto Init error: %v", err) log.Error("Pcrypto Init error: %v", err)
return fmt.Errorf("Pcrypto Init error: %v", err) return fmt.Errorf("Pcrypto Init error: %v", err)
} }
buf := make([]byte, 10*1024)
var left []byte
nreader := bufio.NewReader(r) nreader := bufio.NewReader(r)
for { for {
buf, err := nreader.ReadBytes('\n') n, err := nreader.Read(buf)
if err != nil { if err != nil {
return err return err
} }
left := append(left, buf[:n]...)
cnt, buf, left := unpkgMsg(left)
if cnt < 0 {
continue
}
res, err := laes.Decrypt(buf) res, err := laes.Decrypt(buf)
if err != nil { if err != nil {
@ -249,10 +273,18 @@ func PipeDecrypt(r net.Conn, w net.Conn, key string) error {
return nil return nil
} }
func pkgMsg(data []byte) []byte {
llen := uint32(len(data))
buf := new(bytes.Buffer)
binary.Write(buf, binary.BigEndian, llen)
buf.Write(data)
return buf.Bytes()
}
// recvive msg from reader, then encrypt msg into write // recvive msg from reader, then encrypt msg into write
func PipeEncrypt(r net.Conn, w net.Conn, key string) error { func PipeEncrypt(r net.Conn, w net.Conn, key string, ptype int) error {
laes := new(pcrypto.Pcrypto) laes := new(pcrypto.Pcrypto)
if err := laes.Init([]byte(key)); err != nil { if err := laes.Init([]byte(key), ptype); err != nil {
log.Error("Pcrypto Init error: %v", err) log.Error("Pcrypto Init error: %v", err)
return fmt.Errorf("Pcrypto Init error: %v", err) return fmt.Errorf("Pcrypto Init error: %v", err)
} }
@ -271,11 +303,12 @@ func PipeEncrypt(r net.Conn, w net.Conn, key string) error {
return fmt.Errorf("Encrypt error: %v", err) return fmt.Errorf("Encrypt error: %v", err)
} }
res = append(res, '\n') res = pkgMsg(res)
_, err = w.Write(res) _, err = w.Write(res)
if err != nil { if err != nil {
return err return err
} }
} }
return nil return nil
} }

View File

@ -20,7 +20,6 @@ import (
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/md5" "crypto/md5"
"encoding/base64"
"encoding/hex" "encoding/hex"
"errors" "errors"
"fmt" "fmt"
@ -30,69 +29,80 @@ import (
type Pcrypto struct { type Pcrypto struct {
pkey []byte pkey []byte
paes cipher.Block paes cipher.Block
// 0: nono; 1:compress; 2: encrypt; 3: compress and encrypt
ptyp int
} }
func (pc *Pcrypto) Init(key []byte) error { func (pc *Pcrypto) Init(key []byte, ptyp int) error {
var err error var err error
pc.pkey = pKCS7Padding(key, aes.BlockSize) pc.pkey = pKCS7Padding(key, aes.BlockSize)
pc.paes, err = aes.NewCipher(pc.pkey) pc.paes, err = aes.NewCipher(pc.pkey)
if ptyp == 1 || ptyp == 2 || ptyp == 3 {
pc.ptyp = ptyp
} else {
pc.ptyp = 0
}
return err return err
} }
func (pc *Pcrypto) Encrypt(src []byte) ([]byte, error) { func (pc *Pcrypto) Encrypt(src []byte) ([]byte, error) {
// gzip
var zbuf bytes.Buffer var zbuf bytes.Buffer
zwr, err := gzip.NewWriterLevel(&zbuf, -1)
if err != nil { // gzip
return nil, err if pc.ptyp == 1 || pc.ptyp == 3 {
zwr, err := gzip.NewWriterLevel(&zbuf, gzip.DefaultCompression)
if err != nil {
return nil, err
}
defer zwr.Close()
zwr.Write(src)
zwr.Flush()
src = zbuf.Bytes()
} }
defer zwr.Close()
zwr.Write(src)
zwr.Flush()
// aes // aes
src = pKCS7Padding(zbuf.Bytes(), aes.BlockSize) if pc.ptyp == 2 || pc.ptyp == 3 {
blockMode := cipher.NewCBCEncrypter(pc.paes, pc.pkey) src = pKCS7Padding(src, aes.BlockSize)
crypted := make([]byte, len(src)) blockMode := cipher.NewCBCEncrypter(pc.paes, pc.pkey)
blockMode.CryptBlocks(crypted, src) crypted := make([]byte, len(src))
blockMode.CryptBlocks(crypted, src)
src = crypted
}
// base64 return src, nil
return []byte(base64.StdEncoding.EncodeToString(crypted)), nil
} }
func (pc *Pcrypto) Decrypt(str []byte) ([]byte, error) { func (pc *Pcrypto) Decrypt(str []byte) ([]byte, error) {
// base64
data, err := base64.StdEncoding.DecodeString(string(str))
if err != nil {
return nil, err
}
// aes // aes
decryptText, err := hex.DecodeString(fmt.Sprintf("%x", data)) if pc.ptyp == 2 || pc.ptyp == 3 {
if err != nil { decryptText, err := hex.DecodeString(fmt.Sprintf("%x", str))
return nil, err if err != nil {
return nil, err
}
if len(decryptText)%aes.BlockSize != 0 {
return nil, errors.New("crypto/cipher: ciphertext is not a multiple of the block size")
}
blockMode := cipher.NewCBCDecrypter(pc.paes, pc.pkey)
blockMode.CryptBlocks(decryptText, decryptText)
str = pKCS7UnPadding(decryptText)
} }
if len(decryptText)%aes.BlockSize != 0 {
return nil, errors.New("crypto/cipher: ciphertext is not a multiple of the block size")
}
blockMode := cipher.NewCBCDecrypter(pc.paes, pc.pkey)
blockMode.CryptBlocks(decryptText, decryptText)
decryptText = pKCS7UnPadding(decryptText)
// gunzip // gunzip
zbuf := bytes.NewBuffer(decryptText) if pc.ptyp == 1 || pc.ptyp == 3 {
zrd, err := gzip.NewReader(zbuf) zbuf := bytes.NewBuffer(str)
if err != nil { zrd, err := gzip.NewReader(zbuf)
return nil, err if err != nil {
return nil, err
}
defer zrd.Close()
str, _ = ioutil.ReadAll(zrd)
} }
defer zrd.Close()
data, _ = ioutil.ReadAll(zrd)
return data, nil return str, nil
} }
func pKCS7Padding(ciphertext []byte, blockSize int) []byte { func pKCS7Padding(ciphertext []byte, blockSize int) []byte {

View File

@ -20,28 +20,78 @@ import (
) )
func TestEncrypt(t *testing.T) { func TestEncrypt(t *testing.T) {
return
pp := new(Pcrypto) pp := new(Pcrypto)
pp.Init([]byte("Hana")) pp.Init([]byte("Hana"), 1)
res, err := pp.Encrypt([]byte("Just One Test!")) res, err := pp.Encrypt([]byte("Test Encrypt!"))
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
fmt.Printf("[%x]\n", res) fmt.Printf("Encrypt: len %d, [%x]\n", len(res), res)
} }
func TestDecrypt(t *testing.T) { func TestDecrypt(t *testing.T) {
pp := new(Pcrypto) fmt.Println("*****************************************************")
pp.Init([]byte("Hana")) {
res, err := pp.Encrypt([]byte("Just One Test!")) pp := new(Pcrypto)
if err != nil { pp.Init([]byte("Hana"), 0)
t.Fatal(err) res, err := pp.Encrypt([]byte("Test Decrypt! 0"))
if err != nil {
t.Fatal(err)
}
res, err = pp.Decrypt(res)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", string(res))
}
{
pp := new(Pcrypto)
pp.Init([]byte("Hana"), 1)
res, err := pp.Encrypt([]byte("Test Decrypt! 1"))
if err != nil {
t.Fatal(err)
}
res, err = pp.Decrypt(res)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", string(res))
}
{
pp := new(Pcrypto)
pp.Init([]byte("Hana"), 2)
res, err := pp.Encrypt([]byte("Test Decrypt! 2"))
if err != nil {
t.Fatal(err)
}
res, err = pp.Decrypt(res)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", string(res))
}
{
pp := new(Pcrypto)
pp.Init([]byte("Hana"), 3)
res, err := pp.Encrypt([]byte("Test Decrypt! 3"))
if err != nil {
t.Fatal(err)
}
res, err = pp.Decrypt(res)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", string(res))
} }
res, err = pp.Decrypt(res)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", string(res))
} }