From b5f3065f3df875a2450629e475d462ce4cdfec30 Mon Sep 17 00:00:00 2001 From: zonyitoo Date: Fri, 14 Jun 2024 23:22:59 +0800 Subject: [PATCH] fix: TABLE cipher doesn't need to make a derived key - fix #887 - Reference Implemetation: shadowsocks-libev, shadowsocks (Python) https://github.com/shadowsocks/shadowsocks-libev/blob/5ff4f27b74be9f390e639b960a6ec8baafc1e850/src/encrypt.c#L1395-L1399 --- Cargo.lock | 34 ++++++++++++++------------- Cargo.toml | 4 ++-- crates/shadowsocks-service/Cargo.toml | 6 ++--- crates/shadowsocks/Cargo.toml | 2 +- crates/shadowsocks/src/config.rs | 7 ++++++ debian/changelog | 6 +++++ 6 files changed, 37 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 34323cf3dc44..9d969d982828 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1980,9 +1980,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.2" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "mimalloc" @@ -2272,7 +2272,7 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.1", + "redox_syscall 0.5.2", "smallvec", "windows-targets 0.52.5", ] @@ -2577,9 +2577,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" +checksum = "c82cf8cff14456045f55ec4241383baeff27af886adb72ffb2162f99911de0fd" dependencies = [ "bitflags 2.5.0", ] @@ -3098,7 +3098,7 @@ dependencies = [ [[package]] name = "shadowsocks" -version = "1.19.1" +version = "1.20.0" dependencies = [ "aes", "arc-swap", @@ -3136,9 +3136,9 @@ dependencies = [ [[package]] name = "shadowsocks-crypto" -version = "0.5.4" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65da645ff4a6440ba1b52a9d6b4c8792054860ac135cb87f8ad3d2c7a78d41b5" +checksum = "a9e49ecfad8b27f3df28848af11f08aa10df0c6b74b45748131753913be23373" dependencies = [ "aead", "aes", @@ -3164,7 +3164,7 @@ dependencies = [ [[package]] name = "shadowsocks-rust" -version = "1.19.4" +version = "1.20.0" dependencies = [ "base64 0.22.1", "build-time", @@ -3205,7 +3205,7 @@ dependencies = [ [[package]] name = "shadowsocks-service" -version = "1.19.4" +version = "1.20.0" dependencies = [ "arc-swap", "async-trait", @@ -3344,18 +3344,18 @@ dependencies = [ [[package]] name = "snmalloc-rs" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc157dd2183548a4b4b0b428d59efbb527b19360a678b632842fe3fcfb2c30f9" +checksum = "2504c9edd7ca7a1cfe637296dc0d263ce1e9975c4ec43f3652616ebce9d1df1c" dependencies = [ "snmalloc-sys", ] [[package]] name = "snmalloc-sys" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0761b83013b42a16bab6c3bd5a68e80b1a54f7af9e68e40f00e017489821e8fa" +checksum = "8d448599db5c3263b35d67ab26a2399e74ca0265211f5f5dd4cb9f4c3ccada6a" dependencies = [ "cmake", ] @@ -3809,20 +3809,22 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "tun2" -version = "1.3.1" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5af6b725dd317dd689d1e37f559e70cfbe6e87effdaf5f62c80d919bfc9eda95" +checksum = "27292e82cd2fdfe35a1cdffd2936f213d1a1f2abcb5115ba2ba465681a3c9cdf" dependencies = [ "bytes", "cfg-if", "futures-core", "ipnet", "libc", + "libloading", "log", "nix", "thiserror", "tokio", "tokio-util", + "windows-sys 0.52.0", "wintun", ] diff --git a/Cargo.toml b/Cargo.toml index a7fb48c33a72..61773b69a2ac 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "shadowsocks-rust" -version = "1.19.4" +version = "1.20.0" authors = ["Shadowsocks Contributors"] description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls." repository = "https://github.com/shadowsocks/shadowsocks-rust" @@ -248,7 +248,7 @@ jemallocator = { version = "0.5", optional = true } snmalloc-rs = { version = "0.3", optional = true } rpmalloc = { version = "0.2", optional = true } -shadowsocks-service = { version = "1.19.4", path = "./crates/shadowsocks-service" } +shadowsocks-service = { version = "1.20.0", path = "./crates/shadowsocks-service" } windows-service = { version = "0.7", optional = true } diff --git a/crates/shadowsocks-service/Cargo.toml b/crates/shadowsocks-service/Cargo.toml index 74fcfd851859..df2489a7af21 100644 --- a/crates/shadowsocks-service/Cargo.toml +++ b/crates/shadowsocks-service/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "shadowsocks-service" -version = "1.19.4" +version = "1.20.0" authors = ["Shadowsocks Contributors"] description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls." repository = "https://github.com/shadowsocks/shadowsocks-rust" @@ -181,7 +181,7 @@ flate2 = { version = "1.0", optional = true } brotli = { version = "6.0", optional = true } zstd = { version = "0.13", optional = true } -tun2 = { version = "1", optional = true, features = ["async"] } +tun2 = { version = "2", optional = true, features = ["async"] } etherparse = { version = "0.15", optional = true } smoltcp = { version = "0.11", optional = true, default-features = false, features = [ "std", @@ -198,7 +198,7 @@ serde = { version = "1.0", features = ["derive"] } json5 = "0.4" bson = { version = "2.10.0", optional = true } -shadowsocks = { version = "1.19.0", path = "../shadowsocks", default-features = false } +shadowsocks = { version = "1.20.0", path = "../shadowsocks", default-features = false } # Just for the ioctl call macro [target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "freebsd"))'.dependencies] diff --git a/crates/shadowsocks/Cargo.toml b/crates/shadowsocks/Cargo.toml index 736a4c63e476..45df2fd9eebf 100644 --- a/crates/shadowsocks/Cargo.toml +++ b/crates/shadowsocks/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "shadowsocks" -version = "1.19.1" +version = "1.20.0" authors = ["Shadowsocks Contributors"] description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls." repository = "https://github.com/shadowsocks/shadowsocks-rust" diff --git a/crates/shadowsocks/src/config.rs b/crates/shadowsocks/src/config.rs index 1c2ea525dcfb..27437372b5de 100644 --- a/crates/shadowsocks/src/config.rs +++ b/crates/shadowsocks/src/config.rs @@ -405,6 +405,13 @@ where { let password = password.into(); + if method == CipherKind::SS_TABLE { + // TABLE cipher doesn't need key derivation. + // Reference implemenation: shadowsocks-libev, shadowsocks (Python) + let enc_key = password.clone().into_bytes().into_boxed_slice(); + return (password, enc_key, Vec::new()); + } + #[cfg(feature = "aead-cipher-2022")] if method_support_eih(method) { // Extensible Identity Headers diff --git a/debian/changelog b/debian/changelog index f535a66cefe5..fbde21d98853 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +shadowsocks-rust (1.20.0) unstable; urgency=medium + + ## Breaking Changes + + - #887 shadowsocks stream cipher (`TABLE`) doesn't need to make a derived key instead of using user's predefined key directly. This change will make shadowsocks-rust not going to be compatible with its older version. Users who are using `TABLE` cipher should upgrade all your local and server instances to the latest version of shadowsocks-rust. On the other hand, `TABLE` cipher is marked deprecated because it is vulnerable, users **must** migrate to other more secured methods immediately. + shadowsocks-rust (1.19.4) unstable; urgency=medium ## Features