1 files changed, 87 insertions, 0 deletions

diff --git a/pkg/server/hook/aes.go b/pkg/server/hook/aes.go
new file mode 100644
index 0000000..b461a34
--- /dev/null
+++ b/pkg/server/hook/aes.go
@@ -0,0 +1,87 @@
+package hook
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/md5"
+	"crypto/rand"
+	"io"
+	"tunnel/pkg/server/env"
+	"tunnel/pkg/server/opts"
+	"tunnel/pkg/server/queue"
+)
+
+type aesHook struct{}
+
+type aesPipe struct {
+	key []byte
+}
+
+func (a *aesPipe) Send(rq, wq queue.Q) error {
+	block, err := aes.NewCipher(a.key)
+	if err != nil {
+		return err
+	}
+
+	iv := make([]byte, aes.BlockSize)
+
+	if _, err := rand.Read(iv); err != nil {
+		return err
+	}
+
+	writer := &cipher.StreamWriter{
+		S: cipher.NewOFB(block, iv),
+		W: wq.Writer(),
+	}
+
+	wq <- iv
+
+	return queue.IoCopy(rq.Reader(), writer)
+}
+
+func (a *aesPipe) Recv(rq, wq queue.Q) error {
+	block, err := aes.NewCipher(a.key)
+	if err != nil {
+		return err
+	}
+
+	r := rq.Reader()
+
+	iv := make([]byte, aes.BlockSize)
+
+	if _, err := io.ReadFull(r, iv); err != nil {
+		if err == io.EOF {
+			return nil
+		}
+		return err
+	}
+
+	reader := &cipher.StreamReader{
+		S: cipher.NewOFB(block, iv),
+		R: r,
+	}
+
+	return queue.IoCopy(reader, wq.Writer())
+}
+
+func newAes(env env.Env) *aesPipe {
+	s := getAuthSecret(env)
+	h := md5.Sum([]byte(s))
+
+	a := &aesPipe{key: make([]byte, 16)}
+	copy(a.key, h[:])
+
+	return a
+}
+
+func (h aesHook) Open(env env.Env) (interface{}, error) {
+	return newAes(env), nil
+}
+
+func newAesHook(opts.Opts, env.Env) (hook, error) {
+	return aesHook{}, nil
+}
+
+func init() {
+	register("aes", newAesHook)
+}