From f3d3a66d03ffae4d5953387e5b11720ade1026d0 Mon Sep 17 00:00:00 2001
From: ginuerzh <ginuerzh@gmail.com>
Date: Mon, 23 Mar 2015 21:43:44 +0800
Subject: [PATCH] add cipher for transfer data

---
 gost.go | 46 +++++++++++++++++++++++++++++++---------------
 main.go |  1 +
 2 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/gost.go b/gost.go
index 6831afa..30da619 100644
--- a/gost.go
+++ b/gost.go
@@ -28,6 +28,7 @@ const (
 type Gost struct {
 	Laddr, Saddr, Proxy string
 	Shadows             bool // shadowsocks compatible
+	Cipher              bool
 }
 
 func (g *Gost) Run() error {
@@ -80,20 +81,39 @@ func (g *Gost) cli(conn net.Conn) {
 		lg.Logln(err)
 		return
 	}
-	defer sconn.Close()
 
+	defer sconn.Close()
 	laddr := sconn.(*net.TCPConn).LocalAddr().String()
 	lg.Logln(laddr)
 
-	if _, err := sconn.Write([]byte{5, 1, 0}); err != nil {
+	b := make([]byte, 8192)
+	b[0] = 5
+	b[1] = 1
+	if gost.Cipher {
+		b[2] = 0x88
+	}
+
+	if _, err := sconn.Write(b[:3]); err != nil {
 		lg.Logln(err)
 		return
 	}
-	lg.Logln(">>>|", []byte{5, 1, 0})
+	lg.Logln(">>>|", b[:3])
+
+	n, err := io.ReadFull(sconn, b[:2])
+	if err != nil {
+		lg.Logln(err)
+		return
+	}
+	lg.Logln("<<<|", b[:n])
+
+	if b[1] == 0x88 {
+		cipher, _ := shadowsocks.NewCipher("aes-256-cfb", "gost")
+		sconn = shadowsocks.NewConn(sconn, cipher)
+	}
 
 	if g.Shadows {
 		lg.Logln("shadowsocks, aes-256-cfb")
-		cipher, _ := shadowsocks.NewCipher("aes-256-cfb", "123456")
+		cipher, _ := shadowsocks.NewCipher("aes-256-cfb", "gost")
 		conn = shadowsocks.NewConn(conn, cipher)
 		addr, port, extra, err := getRequest(conn)
 		if err != nil {
@@ -133,15 +153,6 @@ func (g *Gost) cli(conn net.Conn) {
 		return
 	}
 
-	b := make([]byte, 8192)
-
-	n, err := io.ReadFull(sconn, b[:2])
-	if err != nil {
-		lg.Logln(err)
-		return
-	}
-	lg.Logln("<<<|", b[:n])
-
 	n, err = conn.Read(b)
 	if err != nil {
 		lg.Logln(err)
@@ -262,12 +273,17 @@ func (g *Gost) srv(conn net.Conn) {
 
 	if b[0] == 5 { // socks5,NO AUTHENTICATION
 		lg.Logln("|>>>", b[:n])
-		if _, err := conn.Write([]byte{5, 0}); err != nil {
+		method := b[2]
+		if _, err := conn.Write([]byte{5, method}); err != nil {
 			lg.Logln(err)
 			return
 		}
-		lg.Logln("|<<<", []byte{5, 0})
+		lg.Logln("|<<<", []byte{5, method})
 
+		if method == 0x88 {
+			cipher, _ := shadowsocks.NewCipher("aes-256-cfb", "gost")
+			conn = shadowsocks.NewConn(conn, cipher)
+		}
 		cmd, err := ReadCmd(conn)
 		if err != nil {
 			lg.Logln(err)
diff --git a/main.go b/main.go
index 79be70a..9ceb6f8 100644
--- a/main.go
+++ b/main.go
@@ -12,6 +12,7 @@ func init() {
 	flag.StringVar(&gost.Proxy, "P", "", "proxy for forward")
 	flag.StringVar(&gost.Saddr, "S", "", "the server that connecting to")
 	flag.StringVar(&gost.Laddr, "L", ":8080", "listen address")
+	flag.BoolVar(&gost.Cipher, "cipher", true, "cipher transfer data")
 	flag.BoolVar(&gost.Shadows, "ss", false, "shadowsocks compatible")
 	flag.BoolVar(&Debug, "d", false, "debug option")
 	flag.Parse()