v2fly/proxy/shadowsocks/config.go

package shadowsocks

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/md5"
	"crypto/sha1"
	"io"

	"golang.org/x/crypto/chacha20poly1305"
	"golang.org/x/crypto/hkdf"

	"v2ray.com/core/common"
	"v2ray.com/core/common/buf"
	"v2ray.com/core/common/crypto"
	"v2ray.com/core/common/protocol"
)

// MemoryAccount is an account type converted from Account.
type MemoryAccount struct {
	Cipher      Cipher
	Key         []byte
	OneTimeAuth Account_OneTimeAuth
}

// Equals implements protocol.Account.Equals().
func (a *MemoryAccount) Equals(another protocol.Account) bool {
	if account, ok := another.(*MemoryAccount); ok {
		return bytes.Equal(a.Key, account.Key)
	}
	return false
}

func createAesGcm(key []byte) cipher.AEAD {
	block, err := aes.NewCipher(key)
	common.Must(err)
	gcm, err := cipher.NewGCM(block)
	common.Must(err)
	return gcm
}

func createChacha20Poly1305(key []byte) cipher.AEAD {
	chacha20, err := chacha20poly1305.New(key)
	common.Must(err)
	return chacha20
}

func (a *Account) getCipher() (Cipher, error) {
	switch a.CipherType {
	case CipherType_AES_128_CFB:
		return &AesCfb{KeyBytes: 16}, nil
	case CipherType_AES_256_CFB:
		return &AesCfb{KeyBytes: 32}, nil
	case CipherType_CHACHA20:
		return &ChaCha20{IVBytes: 8}, nil
	case CipherType_CHACHA20_IETF:
		return &ChaCha20{IVBytes: 12}, nil
	case CipherType_AES_128_GCM:
		return &AEADCipher{
			KeyBytes:        16,
			IVBytes:         16,
			AEADAuthCreator: createAesGcm,
		}, nil
	case CipherType_AES_256_GCM:
		return &AEADCipher{
			KeyBytes:        32,
			IVBytes:         32,
			AEADAuthCreator: createAesGcm,
		}, nil
	case CipherType_CHACHA20_POLY1305:
		return &AEADCipher{
			KeyBytes:        32,
			IVBytes:         32,
			AEADAuthCreator: createChacha20Poly1305,
		}, nil
	case CipherType_NONE:
		return NoneCipher{}, nil
	default:
		return nil, newError("Unsupported cipher.")
	}
}

// AsAccount implements protocol.AsAccount.
func (a *Account) AsAccount() (protocol.Account, error) {
	cipher, err := a.getCipher()
	if err != nil {
		return nil, newError("failed to get cipher").Base(err)
	}
	return &MemoryAccount{
		Cipher:      cipher,
		Key:         passwordToCipherKey([]byte(a.Password), cipher.KeySize()),
		OneTimeAuth: a.Ota,
	}, nil
}

// Cipher is an interface for all Shadowsocks ciphers.
type Cipher interface {
	KeySize() int32
	IVSize() int32
	NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error)
	NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error)
	IsAEAD() bool
	EncodePacket(key []byte, b *buf.Buffer) error
	DecodePacket(key []byte, b *buf.Buffer) error
}

// AesCfb represents all AES-CFB ciphers.
type AesCfb struct {
	KeyBytes int32
}

func (*AesCfb) IsAEAD() bool {
	return false
}

func (v *AesCfb) KeySize() int32 {
	return v.KeyBytes
}

func (v *AesCfb) IVSize() int32 {
	return 16
}

func (v *AesCfb) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
	stream := crypto.NewAesEncryptionStream(key, iv)
	return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil
}

func (v *AesCfb) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
	stream := crypto.NewAesDecryptionStream(key, iv)
	return &buf.SingleReader{
		Reader: crypto.NewCryptionReader(stream, reader),
	}, nil
}

func (v *AesCfb) EncodePacket(key []byte, b *buf.Buffer) error {
	iv := b.BytesTo(v.IVSize())
	stream := crypto.NewAesEncryptionStream(key, iv)
	stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
	return nil
}

func (v *AesCfb) DecodePacket(key []byte, b *buf.Buffer) error {
	if b.Len() <= v.IVSize() {
		return newError("insufficient data: ", b.Len())
	}
	iv := b.BytesTo(v.IVSize())
	stream := crypto.NewAesDecryptionStream(key, iv)
	stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
	b.Advance(v.IVSize())
	return nil
}

type AEADCipher struct {
	KeyBytes        int32
	IVBytes         int32
	AEADAuthCreator func(key []byte) cipher.AEAD
}

func (*AEADCipher) IsAEAD() bool {
	return true
}

func (c *AEADCipher) KeySize() int32 {
	return c.KeyBytes
}

func (c *AEADCipher) IVSize() int32 {
	return c.IVBytes
}

func (c *AEADCipher) createAuthenticator(key []byte, iv []byte) *crypto.AEADAuthenticator {
	nonce := crypto.GenerateInitialAEADNonce()
	subkey := make([]byte, c.KeyBytes)
	hkdfSHA1(key, iv, subkey)
	return &crypto.AEADAuthenticator{
		AEAD:           c.AEADAuthCreator(subkey),
		NonceGenerator: nonce,
	}
}

func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
	auth := c.createAuthenticator(key, iv)
	return crypto.NewAuthenticationWriter(auth, &crypto.AEADChunkSizeParser{
		Auth: auth,
	}, writer, protocol.TransferTypeStream, nil), nil
}

func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
	auth := c.createAuthenticator(key, iv)
	return crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
		Auth: auth,
	}, reader, protocol.TransferTypeStream, nil), nil
}

func (c *AEADCipher) EncodePacket(key []byte, b *buf.Buffer) error {
	ivLen := c.IVSize()
	payloadLen := b.Len()
	auth := c.createAuthenticator(key, b.BytesTo(ivLen))
	return b.Reset(func(bb []byte) (int, error) {
		bbb, err := auth.Seal(bb[:ivLen], bb[ivLen:payloadLen])
		if err != nil {
			return 0, err
		}
		return len(bbb), nil
	})
}

func (c *AEADCipher) DecodePacket(key []byte, b *buf.Buffer) error {
	if b.Len() <= c.IVSize() {
		return newError("insufficient data: ", b.Len())
	}
	ivLen := c.IVSize()
	payloadLen := b.Len()
	auth := c.createAuthenticator(key, b.BytesTo(ivLen))
	if err := b.Reset(func(bb []byte) (int, error) {
		bbb, err := auth.Open(bb[:ivLen], bb[ivLen:payloadLen])
		if err != nil {
			return 0, err
		}
		return len(bbb), nil
	}); err != nil {
		return err
	}
	b.Advance(ivLen)
	return nil
}

type ChaCha20 struct {
	IVBytes int32
}

func (*ChaCha20) IsAEAD() bool {
	return false
}

func (v *ChaCha20) KeySize() int32 {
	return 32
}

func (v *ChaCha20) IVSize() int32 {
	return v.IVBytes
}

func (v *ChaCha20) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
	stream := crypto.NewChaCha20Stream(key, iv)
	return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil
}

func (v *ChaCha20) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
	stream := crypto.NewChaCha20Stream(key, iv)
	return &buf.SingleReader{Reader: crypto.NewCryptionReader(stream, reader)}, nil
}

func (v *ChaCha20) EncodePacket(key []byte, b *buf.Buffer) error {
	iv := b.BytesTo(v.IVSize())
	stream := crypto.NewChaCha20Stream(key, iv)
	stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
	return nil
}

func (v *ChaCha20) DecodePacket(key []byte, b *buf.Buffer) error {
	if b.Len() <= v.IVSize() {
		return newError("insufficient data: ", b.Len())
	}
	iv := b.BytesTo(v.IVSize())
	stream := crypto.NewChaCha20Stream(key, iv)
	stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))
	b.Advance(v.IVSize())
	return nil
}

type NoneCipher struct{}

func (NoneCipher) KeySize() int32 { return 0 }
func (NoneCipher) IVSize() int32  { return 0 }
func (NoneCipher) IsAEAD() bool {
	return true // to avoid OTA
}

func (NoneCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {
	return buf.NewReader(reader), nil
}

func (NoneCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {
	return buf.NewWriter(writer), nil
}

func (NoneCipher) EncodePacket(key []byte, b *buf.Buffer) error {
	return nil
}

func (NoneCipher) DecodePacket(key []byte, b *buf.Buffer) error {
	return nil
}

func passwordToCipherKey(password []byte, keySize int32) []byte {
	key := make([]byte, 0, keySize)

	md5Sum := md5.Sum(password)
	key = append(key, md5Sum[:]...)

	for int32(len(key)) < keySize {
		md5Hash := md5.New()
		common.Must2(md5Hash.Write(md5Sum[:]))
		common.Must2(md5Hash.Write(password))
		md5Hash.Sum(md5Sum[:0])

		key = append(key, md5Sum[:]...)
	}
	return key
}

func hkdfSHA1(secret, salt, outkey []byte) {
	r := hkdf.New(sha1.New, secret, salt, []byte("ss-subkey"))
	common.Must2(io.ReadFull(r, outkey))
}
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`package shadowsocks`

			`import (`
refine shadowsocks server 2016-10-31 10:24:28 -04:00			`"bytes"`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`"crypto/aes"`
Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`"crypto/cipher"`
tcp handler for shadowsocks 2016-01-28 06:33:58 -05:00			`"crypto/md5"`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`"crypto/sha1"`
			`"io"`
fix aes-256-cfb iv length 2016-12-16 11:31:13 -05:00
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`"golang.org/x/crypto/chacha20poly1305"`
			`"golang.org/x/crypto/hkdf"`

			`"v2ray.com/core/common"`
			`"v2ray.com/core/common/buf"`
unified import path 2016-08-20 14:55:45 -04:00			`"v2ray.com/core/common/crypto"`
			`"v2ray.com/core/common/protocol"`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`)`

fix lint warnings 2017-11-29 16:57:18 -05:00			`// MemoryAccount is an account type converted from Account.`
			`type MemoryAccount struct {`
shadowsocks client 2016-10-31 11:35:18 -04:00			`Cipher Cipher`
			`Key []byte`
refine shadowsocks ota settings 2016-11-02 11:17:57 -04:00			`OneTimeAuth Account_OneTimeAuth`
refine shadowsocks server 2016-10-31 10:24:28 -04:00			`}`

fix lint warnings 2017-11-29 16:57:18 -05:00			`// Equals implements protocol.Account.Equals().`
			`func (a *MemoryAccount) Equals(another protocol.Account) bool {`
			`if account, ok := another.(*MemoryAccount); ok {`
			`return bytes.Equal(a.Key, account.Key)`
refine shadowsocks server 2016-10-31 10:24:28 -04:00			`}`
			`return false`
			`}`

implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`func createAesGcm(key []byte) cipher.AEAD {`
			`block, err := aes.NewCipher(key)`
			`common.Must(err)`
			`gcm, err := cipher.NewGCM(block)`
			`common.Must(err)`
			`return gcm`
			`}`

			`func createChacha20Poly1305(key []byte) cipher.AEAD {`
			`chacha20, err := chacha20poly1305.New(key)`
			`common.Must(err)`
			`return chacha20`
			`}`

fix lint warnings 2017-11-29 16:57:18 -05:00			`func (a *Account) getCipher() (Cipher, error) {`
support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`switch a.CipherType {`
refine shadowsocks proto 2016-09-25 16:07:32 -04:00			`case CipherType_AES_128_CFB:`
refine cipher settings 2016-09-25 16:19:49 -04:00			`return &AesCfb{KeyBytes: 16}, nil`
refine shadowsocks proto 2016-09-25 16:07:32 -04:00			`case CipherType_AES_256_CFB:`
refine cipher settings 2016-09-25 16:19:49 -04:00			`return &AesCfb{KeyBytes: 32}, nil`
refine shadowsocks proto 2016-09-25 16:07:32 -04:00			`case CipherType_CHACHA20:`
refine cipher settings 2016-09-25 16:19:49 -04:00			`return &ChaCha20{IVBytes: 8}, nil`
fix #351 2017-01-02 19:37:27 -05:00			`case CipherType_CHACHA20_IETF:`
refine cipher settings 2016-09-25 16:19:49 -04:00			`return &ChaCha20{IVBytes: 12}, nil`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`case CipherType_AES_128_GCM:`
			`return &AEADCipher{`
			`KeyBytes: 16,`
			`IVBytes: 16,`
			`AEADAuthCreator: createAesGcm,`
			`}, nil`
			`case CipherType_AES_256_GCM:`
			`return &AEADCipher{`
			`KeyBytes: 32,`
			`IVBytes: 32,`
			`AEADAuthCreator: createAesGcm,`
			`}, nil`
			`case CipherType_CHACHA20_POLY1305:`
			`return &AEADCipher{`
			`KeyBytes: 32,`
			`IVBytes: 32,`
			`AEADAuthCreator: createChacha20Poly1305,`
			`}, nil`
support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`case CipherType_NONE:`
			`return NoneCipher{}, nil`
refine cipher settings 2016-09-25 16:19:49 -04:00			`default:`
refactor error messages 2017-04-08 19:43:25 -04:00			`return nil, newError("Unsupported cipher.")`
accounts in protobuf 2016-09-17 18:41:21 -04:00			`}`
			`}`

fix lint warnings 2017-11-29 16:57:18 -05:00			`// AsAccount implements protocol.AsAccount.`
support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`func (a *Account) AsAccount() (protocol.Account, error) {`
fix lint warnings 2017-11-29 16:57:18 -05:00			`cipher, err := a.getCipher()`
refine shadowsocks server 2016-10-31 10:24:28 -04:00			`if err != nil {`
refactor error messages 2017-04-08 19:43:25 -04:00			`return nil, newError("failed to get cipher").Base(err)`
refine shadowsocks server 2016-10-31 10:24:28 -04:00			`}`
fix lint warnings 2017-11-29 16:57:18 -05:00			`return &MemoryAccount{`
shadowsocks client 2016-10-31 11:35:18 -04:00			`Cipher: cipher,`
fix lint warnings 2017-11-29 16:57:18 -05:00			`Key: passwordToCipherKey([]byte(a.Password), cipher.KeySize()),`
support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`OneTimeAuth: a.Ota,`
refine shadowsocks server 2016-10-31 10:24:28 -04:00			`}, nil`
accounts in protobuf 2016-09-17 18:41:21 -04:00			`}`

fix lint warnings 2017-11-29 16:57:18 -05:00			`// Cipher is an interface for all Shadowsocks ciphers.`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`type Cipher interface {`
migrate int to int32 2018-04-02 14:00:50 -04:00			`KeySize() int32`
			`IVSize() int32`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error)`
			`NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error)`
handle AEAD cipher 2017-11-25 18:58:57 -05:00			`IsAEAD() bool`
fix aead udp 2017-11-26 15:51:30 -05:00			`EncodePacket(key []byte, b *buf.Buffer) error`
			`DecodePacket(key []byte, b *buf.Buffer) error`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`

fix lint warnings 2017-11-29 16:57:18 -05:00			`// AesCfb represents all AES-CFB ciphers.`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`type AesCfb struct {`
migrate int to int32 2018-04-02 14:00:50 -04:00			`KeyBytes int32`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`

handle AEAD cipher 2017-11-25 18:58:57 -05:00			`func (*AesCfb) IsAEAD() bool {`
			`return false`
			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (v *AesCfb) KeySize() int32 {`
rename 'this' 2016-11-27 15:39:09 -05:00			`return v.KeyBytes`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (v *AesCfb) IVSize() int32 {`
rollback shadowsocks iv change 2016-12-16 17:02:00 -05:00			`return 16`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`

implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`func (v *AesCfb) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {`
refactor protocol 2016-02-25 15:50:10 -05:00			`stream := crypto.NewAesEncryptionStream(key, iv)`
optimize encryption read/write operations 2018-07-31 06:37:59 -04:00			`return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`

implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`func (v *AesCfb) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {`
refactor protocol 2016-02-25 15:50:10 -05:00			`stream := crypto.NewAesDecryptionStream(key, iv)`
optimize encryption read/write operations 2018-07-31 06:37:59 -04:00			`return &buf.SingleReader{`
			`Reader: crypto.NewCryptionReader(stream, reader),`
			`}, nil`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`}`

fix aead udp 2017-11-26 15:51:30 -05:00			`func (v AesCfb) EncodePacket(key []byte, b buf.Buffer) error {`
			`iv := b.BytesTo(v.IVSize())`
			`stream := crypto.NewAesEncryptionStream(key, iv)`
			`stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))`
			`return nil`
			`}`

			`func (v AesCfb) DecodePacket(key []byte, b buf.Buffer) error {`
fix UDP handling in Shadowsocks client 2018-01-19 05:08:34 -05:00			`if b.Len() <= v.IVSize() {`
			`return newError("insufficient data: ", b.Len())`
			`}`
fix aead udp 2017-11-26 15:51:30 -05:00			`iv := b.BytesTo(v.IVSize())`
fix aes cfb decode packet. fix #739 2017-11-27 04:42:34 -05:00			`stream := crypto.NewAesDecryptionStream(key, iv)`
fix aead udp 2017-11-26 15:51:30 -05:00			`stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))`
rename Slice and Slice from to Resize and Advance 2018-04-19 17:48:38 -04:00			`b.Advance(v.IVSize())`
fix aead udp 2017-11-26 15:51:30 -05:00			`return nil`
			`}`

implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`type AEADCipher struct {`
migrate int to int32 2018-04-02 14:00:50 -04:00			`KeyBytes int32`
			`IVBytes int32`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`AEADAuthCreator func(key []byte) cipher.AEAD`
			`}`

handle AEAD cipher 2017-11-25 18:58:57 -05:00			`func (*AEADCipher) IsAEAD() bool {`
			`return true`
			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (c *AEADCipher) KeySize() int32 {`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`return c.KeyBytes`
			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (c *AEADCipher) IVSize() int32 {`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`return c.IVBytes`
			`}`

fix aead udp 2017-11-26 15:51:30 -05:00			`func (c AEADCipher) createAuthenticator(key []byte, iv []byte) crypto.AEADAuthenticator {`
simplify BytesGenerator 2018-04-14 07:10:12 -04:00			`nonce := crypto.GenerateInitialAEADNonce()`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`subkey := make([]byte, c.KeyBytes)`
			`hkdfSHA1(key, iv, subkey)`
fix aead udp 2017-11-26 15:51:30 -05:00			`return &crypto.AEADAuthenticator{`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`AEAD: c.AEADAuthCreator(subkey),`
			`NonceGenerator: nonce,`
			`}`
fix aead udp 2017-11-26 15:51:30 -05:00			`}`

			`func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {`
			`auth := c.createAuthenticator(key, iv)`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`return crypto.NewAuthenticationWriter(auth, &crypto.AEADChunkSizeParser{`
			`Auth: auth,`
global padding in vmess protocol 2018-07-07 09:42:24 -04:00			`}, writer, protocol.TransferTypeStream, nil), nil`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`}`

			`func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {`
fix aead udp 2017-11-26 15:51:30 -05:00			`auth := c.createAuthenticator(key, iv)`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`return crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{`
			`Auth: auth,`
global padding in vmess protocol 2018-07-07 09:42:24 -04:00			`}, reader, protocol.TransferTypeStream, nil), nil`
Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`}`

fix aead udp 2017-11-26 15:51:30 -05:00			`func (c AEADCipher) EncodePacket(key []byte, b buf.Buffer) error {`
			`ivLen := c.IVSize()`
			`payloadLen := b.Len()`
			`auth := c.createAuthenticator(key, b.BytesTo(ivLen))`
			`return b.Reset(func(bb []byte) (int, error) {`
			`bbb, err := auth.Seal(bb[:ivLen], bb[ivLen:payloadLen])`
			`if err != nil {`
			`return 0, err`
			`}`
			`return len(bbb), nil`
			`})`
			`}`

			`func (c AEADCipher) DecodePacket(key []byte, b buf.Buffer) error {`
fix a typo 2018-01-19 08:08:45 -05:00			`if b.Len() <= c.IVSize() {`
fix UDP handling in Shadowsocks client 2018-01-19 05:08:34 -05:00			`return newError("insufficient data: ", b.Len())`
			`}`
fix aead udp 2017-11-26 15:51:30 -05:00			`ivLen := c.IVSize()`
			`payloadLen := b.Len()`
			`auth := c.createAuthenticator(key, b.BytesTo(ivLen))`
			`if err := b.Reset(func(bb []byte) (int, error) {`
			`bbb, err := auth.Open(bb[:ivLen], bb[ivLen:payloadLen])`
			`if err != nil {`
			`return 0, err`
			`}`
			`return len(bbb), nil`
			`}); err != nil {`
			`return err`
			`}`
rename Slice and Slice from to Resize and Advance 2018-04-19 17:48:38 -04:00			`b.Advance(ivLen)`
fix aead udp 2017-11-26 15:51:30 -05:00			`return nil`
			`}`

Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`type ChaCha20 struct {`
migrate int to int32 2018-04-02 14:00:50 -04:00			`IVBytes int32`
Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`}`

handle AEAD cipher 2017-11-25 18:58:57 -05:00			`func (*ChaCha20) IsAEAD() bool {`
			`return false`
			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (v *ChaCha20) KeySize() int32 {`
Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`return 32`
			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (v *ChaCha20) IVSize() int32 {`
rename 'this' 2016-11-27 15:39:09 -05:00			`return v.IVBytes`
Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`}`

implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`func (v *ChaCha20) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {`
			`stream := crypto.NewChaCha20Stream(key, iv)`
optimize encryption read/write operations 2018-07-31 06:37:59 -04:00			`return &buf.SequentialWriter{Writer: crypto.NewCryptionWriter(stream, writer)}, nil`
Add ChaCha20 in Shadowsocks 2016-02-23 12:16:13 -05:00			`}`

implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00			`func (v *ChaCha20) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {`
			`stream := crypto.NewChaCha20Stream(key, iv)`
optimize encryption read/write operations 2018-07-31 06:37:59 -04:00			`return &buf.SingleReader{Reader: crypto.NewCryptionReader(stream, reader)}, nil`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`

fix aead udp 2017-11-26 15:51:30 -05:00			`func (v ChaCha20) EncodePacket(key []byte, b buf.Buffer) error {`
			`iv := b.BytesTo(v.IVSize())`
			`stream := crypto.NewChaCha20Stream(key, iv)`
			`stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))`
			`return nil`
			`}`

			`func (v ChaCha20) DecodePacket(key []byte, b buf.Buffer) error {`
fix UDP handling in Shadowsocks client 2018-01-19 05:08:34 -05:00			`if b.Len() <= v.IVSize() {`
			`return newError("insufficient data: ", b.Len())`
			`}`
fix aead udp 2017-11-26 15:51:30 -05:00			`iv := b.BytesTo(v.IVSize())`
			`stream := crypto.NewChaCha20Stream(key, iv)`
			`stream.XORKeyStream(b.BytesFrom(v.IVSize()), b.BytesFrom(v.IVSize()))`
rename Slice and Slice from to Resize and Advance 2018-04-19 17:48:38 -04:00			`b.Advance(v.IVSize())`
fix aead udp 2017-11-26 15:51:30 -05:00			`return nil`
			`}`

support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`type NoneCipher struct{}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func (NoneCipher) KeySize() int32 { return 0 }`
			`func (NoneCipher) IVSize() int32 { return 0 }`
support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`func (NoneCipher) IsAEAD() bool {`
			`return true // to avoid OTA`
			`}`

			`func (NoneCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (buf.Reader, error) {`
			`return buf.NewReader(reader), nil`
			`}`

			`func (NoneCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (buf.Writer, error) {`
			`return buf.NewWriter(writer), nil`
			`}`

			`func (NoneCipher) EncodePacket(key []byte, b *buf.Buffer) error {`
			`return nil`
			`}`

			`func (NoneCipher) DecodePacket(key []byte, b *buf.Buffer) error {`
			`return nil`
			`}`

migrate int to int32 2018-04-02 14:00:50 -04:00			`func passwordToCipherKey(password []byte, keySize int32) []byte {`
tcp handler for shadowsocks 2016-01-28 06:33:58 -05:00			`key := make([]byte, 0, keySize)`

support none cipher in shadowsocks 2017-11-29 16:19:04 -05:00			`md5Sum := md5.Sum(password)`
tcp handler for shadowsocks 2016-01-28 06:33:58 -05:00			`key = append(key, md5Sum[:]...)`

migrate int to int32 2018-04-02 14:00:50 -04:00			`for int32(len(key)) < keySize {`
tcp handler for shadowsocks 2016-01-28 06:33:58 -05:00			`md5Hash := md5.New()`
fix lint warnings 2017-11-29 16:57:18 -05:00			`common.Must2(md5Hash.Write(md5Sum[:]))`
			`common.Must2(md5Hash.Write(password))`
tcp handler for shadowsocks 2016-01-28 06:33:58 -05:00			`md5Hash.Sum(md5Sum[:0])`

			`key = append(key, md5Sum[:]...)`
			`}`
			`return key`
R.I.P Shadowsocks 2016-01-27 06:46:40 -05:00			`}`
implementation for Shadowsocks AEAD 2017-11-25 18:51:54 -05:00
			`func hkdfSHA1(secret, salt, outkey []byte) {`
			`r := hkdf.New(sha1.New, secret, salt, []byte("ss-subkey"))`
			`common.Must2(io.ReadFull(r, outkey))`
			`}`