Skip to content

Commit

Permalink
feat: make aead-cipher an optional feature
Browse files Browse the repository at this point in the history
  • Loading branch information
zonyitoo committed Nov 2, 2024
1 parent ac7b305 commit 466309b
Show file tree
Hide file tree
Showing 10 changed files with 122 additions and 49 deletions.
49 changes: 25 additions & 24 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion crates/shadowsocks/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ aead-cipher = ["shadowsocks-crypto/v1-aead"]

# Enable extra AEAD ciphers
# WARN: These non-standard AEAD ciphers are not officially supported by shadowsocks community
aead-cipher-extra = ["shadowsocks-crypto/v1-aead-extra"]
aead-cipher-extra = ["aead-cipher", "shadowsocks-crypto/v1-aead-extra"]

# Enable AEAD 2022
aead-cipher-2022 = [
Expand Down
30 changes: 17 additions & 13 deletions crates/shadowsocks/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,9 @@ use log::error;
use thiserror::Error;
use url::{self, Url};

use crate::{
crypto::{v1::openssl_bytes_to_key, CipherKind},
plugin::PluginConfig,
relay::socks5::Address,
};
#[cfg(any(feature = "stream-cipher", feature = "aead-cipher"))]
use crate::crypto::v1::openssl_bytes_to_key;
use crate::{crypto::CipherKind, plugin::PluginConfig, relay::socks5::Address};

const USER_KEY_BASE64_ENGINE: base64::engine::GeneralPurpose = base64::engine::GeneralPurpose::new(
&base64::alphabet::STANDARD,
Expand Down Expand Up @@ -427,9 +425,9 @@ pub struct ServerConfig {
source: ServerSource,
}

#[cfg(feature = "aead-cipher-2022")]
#[inline]
fn make_derived_key(method: CipherKind, password: &str, enc_key: &mut [u8]) {
#[cfg(feature = "aead-cipher-2022")]
if method.is_aead_2022() {
// AEAD 2022 password is a base64 form of enc_key
match AEAD2022_PASSWORD_BASE64_ENGINE.decode(password) {
Expand All @@ -449,15 +447,21 @@ fn make_derived_key(method: CipherKind, password: &str, enc_key: &mut [u8]) {
panic!("{method} password {password} is not base64 encoded, error: {err}");
}
}
} else {
openssl_bytes_to_key(password.as_bytes(), enc_key);

return;
}
}

#[cfg(not(feature = "aead-cipher-2022"))]
#[inline]
fn make_derived_key(_method: CipherKind, password: &str, enc_key: &mut [u8]) {
openssl_bytes_to_key(password.as_bytes(), enc_key);
cfg_if! {
if #[cfg(any(feature = "stream-cipher", feature = "aead-cipher"))] {
let _ = method;
openssl_bytes_to_key(password.as_bytes(), enc_key);
} else {
// No default implementation.
let _ = password;
let _ = enc_key;
unreachable!("{method} don't know how to make a derived key");
}
}
}

/// Check if method supports Extended Identity Header
Expand Down
12 changes: 11 additions & 1 deletion crates/shadowsocks/src/context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use log::warn;

use crate::{
config::{ReplayAttackPolicy, ServerType},
crypto::{v1::random_iv_or_salt, CipherKind},
crypto::CipherKind,
dns_resolver::DnsResolver,
security::replay::ReplayProtector,
};
Expand Down Expand Up @@ -50,6 +50,7 @@ impl Context {
/// Check if nonce exist or not
///
/// If not, set into the current bloom filter
#[cfg(any(feature = "stream-cipher", feature = "aead-cipher", feature = "aead-cipher-2022"))]
#[inline(always)]
fn check_nonce_and_set(&self, method: CipherKind, nonce: &[u8]) -> bool {
match self.replay_policy {
Expand All @@ -64,7 +65,10 @@ impl Context {
return;
}

#[cfg(any(feature = "stream-cipher", feature = "aead-cipher", feature = "aead-cipher-2022"))]
loop {
use crate::crypto::v1::random_iv_or_salt;

random_iv_or_salt(nonce);

// Salt already exists, generate a new one.
Expand All @@ -74,6 +78,12 @@ impl Context {

break;
}

#[cfg(not(any(feature = "stream-cipher", feature = "aead-cipher", feature = "aead-cipher-2022")))]
if !nonce.is_empty() {
let _ = unique;
panic!("{method} don't know how to generate nonce");
}
}

/// Check nonce replay
Expand Down
Loading

0 comments on commit 466309b

Please sign in to comment.