Imibhalo ye-Shadowsocks
Navigation
I-AEAD
I-AEAD imele Ukubethela Okuqinisekisiwe Ngedatha Ehlobene. Ama-ciphers e-AEAD kanyekanye ahlinzeka ngobumfihlo, ubuqotho, nobuqiniso. Banokusebenza okuhle kakhulu nokusebenza kahle kwamandla ku-hardware yesimanje. Abasebenzisi kufanele basebenzise ama-cipher e-AEAD noma nini lapho kunokwenzeka.
Amaciphe alandelayo e-AEAD ayanconywa. Ukuqaliswa okuthobelanayo nama-Shadowsocks kufanele kusekele i-AEAD_CHACHA20_POLY1305. Ukusetshenziswa kwamadivayisi anehadiwe ye-AES acceleration kufanele futhi kuqalise i-AEAD_AES_128_GCM ne-AEAD_AES_256_GCM.
Igama | alias | Usayizi Obalulekile | Usayizi Kasawoti | Nonce Size | Usayizi wamathegi |
I-AEAD_CHACHA20_POLY1305 | chacha20-ietf-poly1305 | 32 | 32 | 12 | 16 |
AEAD_AES_256_GCM | ubukhulu - 256 g cm | 32 | 32 | 12 | 16 |
AEAD_AES_128_GCM | ubukhulu - 128 g cm | 16 | 16 | 12 | 16 |
Sicela ubheke I-IANA AEAD registry ngohlelo lokuqamba amagama kanye nokucaciswa.
Ukutholwa Okubalulekile
Ukhiye oyinhloko ungafakwa ngokuqondile kumsebenzisi noma ukhiqizwe ngephasiwedi.
HKDF_SHA1 kuwumsebenzi othatha ukhiye oyimfihlo, usawoti ongayimfihlo, iyunithi yezinhlamvu zolwazi, futhi ukhiqize ukhiye ongaphansi oqinile ngokomfanekiso ngisho noma ukhiye oyimfihlo wokufaka ubuthakathaka.
HKDF_SHA1(ukhiye, usawoti, ulwazi) => ukhiye omncane
Iyunithi yezinhlamvu yolwazi ibophezela ukhiye omncane okhiqiziwe kumongo wohlelo lokusebenza oluthile. Esimweni sethu, kufanele kube iyunithi yezinhlamvu "ss-subkey" ngaphandle kwezingcaphuno.
Sithola ukhiye omncane wesikhathi ngasinye kukhiye oyinhloko owabiwe ngaphambilini sisebenzisa i-HKDF_SHA1. Usawoti kufanele uhluke kuyo yonke impilo yokhiye oyinhloko owabiwe kusengaphambili.
Ukubethela/Ukukhipha Ukubethela Okuqinisekisiwe
I-AE_encrypt umsebenzi othatha ukhiye oyimfihlo, i-nonce engeyona imfihlo, umlayezo, futhi ukhiqize i-ciphertext nomaka wokufakazela ubuqiniso. I-Nonce kufanele ihluke kukhiye othile ekunxuseni ngakunye.
AE_bethela(ukhiye, nonce, umyalezo) => (umbhalo wecipher, ithegi)
I-AE_decrypt umsebenzi othatha ukhiye oyimfihlo, i-nonce engeyona imfihlo, i-ciphertext, umaka wokufakazela ubuqiniso, futhi ukhiqize umlayezo wangempela. Uma noma yikuphi okokufaka kuphazanyiswa, ukususwa kwekhodi kuzohluleka.
AE_decrypt(key, nonce, ciphertext, tag) => umyalezo
I-TCP
Ukusakaza okubethelwe kwe-AEAD kwe-TCP kuqala ngosawoti okhiqizwa ngokungahleliwe ukuze kutholwe ukhiye ophansi wesikhathi ngasinye, olandelwa inoma iyiphi inombolo yezingcezu ezibethelwe. Isiqephu ngasinye sinesakhiwo esilandelayo:
[ubude bomthwalo wokukhokha obubethelwe][umaka wobude][umthwalo wokukhokha obethelwe][umaka wokulayisha]
Ubude bokukhokha kuyinombolo engasayiniwe engu-2-byte enkulu evalwe kokuthi 0x3FFF. Amabhithi amabili aphezulu agciniwe futhi kufanele asethelwe kuqanda. Ngakho-ke ukukhokha kukhawulelwe kumabhayithi angu-16*1024 – 1.
Umsebenzi wokuqala we-AEAD wokubethela/ususe ukubethela usebenzisa i-nonce yokubala eqala ku-0. Ngemva komsebenzi ngamunye wokubethela/ukususa ukubethela, i-nonce ikhuliswa ngokukodwa njengokungathi inombolo ephelele ye-endian engabhalisiwe. Qaphela ukuthi isiqephu ngasinye se-TCP sihlanganisa imisebenzi emibili yokubethela/yokususa ukubethela kwe-AEAD: eyodwa ubude bomthwalo okhokhelwayo, kanye neyomthwalo okhokhelwayo. Ngakho-ke i-chunk ngayinye ikhulisa i-nonce kabili.
I-TCP
Ukusakaza okubethelwe kwe-AEAD kwe-TCP kuqala ngosawoti okhiqizwa ngokungahleliwe ukuze kutholwe ukhiye ophansi wesikhathi ngasinye, olandelwa inoma iyiphi inombolo yezingcezu ezibethelwe. Isiqephu ngasinye sinesakhiwo esilandelayo:
[ubude bomthwalo wokukhokha obubethelwe][umaka wobude][umthwalo wokukhokha obethelwe][umaka wokulayisha]
Ubude bokukhokha kuyinombolo engasayiniwe engu-2-byte enkulu evalwe kokuthi 0x3FFF. Amabhithi amabili aphezulu agciniwe futhi kufanele asethelwe kuqanda. Ngakho-ke ukukhokha kukhawulelwe kumabhayithi angu-16*1024 – 1.
Umsebenzi wokuqala we-AEAD wokubethela/ususe ukubethela usebenzisa i-nonce yokubala eqala ku-0. Ngemva komsebenzi ngamunye wokubethela/ukususa ukubethela, i-nonce ikhuliswa ngokukodwa njengokungathi inombolo ephelele ye-endian engabhalisiwe. Qaphela ukuthi isiqephu ngasinye se-TCP sihlanganisa imisebenzi emibili yokubethela/yokususa ukubethela kwe-AEAD: eyodwa ubude bomthwalo okhokhelwayo, kanye neyomthwalo okhokhelwayo. Ngakho-ke i-chunk ngayinye ikhulisa i-nonce kabili.
