Refine ciphers

8 years ago · 894eae567c
11 changed files with 41 additions and 73 deletions
--- a/doc/shadowsocks-libev.asciidoc
+++ b/doc/shadowsocks-libev.asciidoc
@ -50,14 +50,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
 aes-128-gcm, aes-192-gcm, aes-256-gcm,
-chacha20-poly1305, chacha20-ietf-poly1305,
 rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
 camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
-salsa20, chacha20 and chacha20-ietf.
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +
--- a/doc/ss-local.asciidoc
+++ b/doc/ss-local.asciidoc
@ -45,12 +45,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +
--- a/doc/ss-manager.asciidoc
+++ b/doc/ss-manager.asciidoc
@ -43,12 +43,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +
--- a/doc/ss-redir.asciidoc
+++ b/doc/ss-redir.asciidoc
@ -46,12 +46,13 @@ password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +
--- a/doc/ss-server.asciidoc
+++ b/doc/ss-server.asciidoc
@ -43,14 +43,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
-+
-The default cipher is 'rc4-md5'.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 If built with PolarSSL or custom OpenSSL libraries, some of
 these ciphers may not work.
--- a/doc/ss-tunnel.asciidoc
+++ b/doc/ss-tunnel.asciidoc
@ -45,12 +45,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +
--- a/src/aead.c
+++ b/src/aead.c
@ -46,11 +46,10 @@
 * methods below doesn't require it,
 * then we need to fake one
 */
-#define CHACHA20POLY1305        3
-#define CHACHA20POLY1305IETF    4
+#define CHACHA20POLY1305IETF    3

 #ifdef FS_HAVE_XCHACHA20IETF
-#define XCHACHA20POLY1305IETF   5
+#define XCHACHA20POLY1305IETF   4
 #endif

 #define CHUNK_SIZE_LEN          2
@ -146,7 +145,6 @@ const char *supported_aead_ciphers[AEAD_CIPHER_NUM] = {
    "aes-128-gcm",
    "aes-192-gcm",
    "aes-256-gcm",
-    "chacha20-poly1305",
    "chacha20-ietf-poly1305",
 #ifdef FS_HAVE_XCHACHA20IETF
    "xchacha20-ietf-poly1305"
@ -161,28 +159,27 @@ static const char *supported_aead_ciphers_mbedtls[AEAD_CIPHER_NUM] = {
    "AES-192-GCM",
    "AES-256-GCM",
    CIPHER_UNSUPPORTED,
-    CIPHER_UNSUPPORTED,
 #ifdef FS_HAVE_XCHACHA20IETF
    CIPHER_UNSUPPORTED
 #endif
 };

 static const int supported_aead_ciphers_nonce_size[AEAD_CIPHER_NUM] = {
-    12, 12, 12, 8, 12,
+    12, 12, 12, 12,
 #ifdef FS_HAVE_XCHACHA20IETF
    24
 #endif
 };

 static const int supported_aead_ciphers_key_size[AEAD_CIPHER_NUM] = {
-    16, 24, 32, 32, 32,
+    16, 24, 32, 32,
 #ifdef FS_HAVE_XCHACHA20IETF
    32
 #endif
 };

 static const int supported_aead_ciphers_tag_size[AEAD_CIPHER_NUM] = {
-    16, 16, 16, 16, 16,
+    16, 16, 16, 16,
 #ifdef FS_HAVE_XCHACHA20IETF
    16
 #endif
@ -212,11 +209,6 @@ cipher_aead_encrypt(cipher_ctx_t *cipher_ctx,
                                          m, mlen, c, clen, c + mlen, tlen);
        *clen += tlen;
        break;
-    case CHACHA20POLY1305:
-        err = crypto_aead_chacha20poly1305_encrypt(c, &long_clen, m, mlen,
-                                                   ad, adlen, NULL, n, k);
-        *clen = (size_t)long_clen;
-        break;
    case CHACHA20POLY1305IETF:
        err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
                                                        ad, adlen, NULL, n, k);
@ -259,11 +251,6 @@ cipher_aead_decrypt(cipher_ctx_t *cipher_ctx,
        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
        break;
-    case CHACHA20POLY1305:
-        err = crypto_aead_chacha20poly1305_decrypt(p, &long_plen, NULL, m, mlen,
-                                                   ad, adlen, n, k);
-        *plen = (size_t)long_plen; // it's safe to cast 64bit to 32bit length here
-        break;
    case CHACHA20POLY1305IETF:
        err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
                                                        ad, adlen, n, k);
@ -296,7 +283,7 @@ aead_get_cipher_type(int method)
    }

    /* cipher that don't use mbed TLS, just return */
-    if (method >= CHACHA20POLY1305) {
+    if (method >= CHACHA20POLY1305IETF) {
        return NULL;
    }

@ -318,7 +305,7 @@ aead_cipher_ctx_init(cipher_ctx_t *cipher_ctx, int method, int enc)
        return;
    }

-    if (method >= CHACHA20POLY1305) {
+    if (method >= CHACHA20POLY1305IETF) {
        return;
    }

@ -369,7 +356,7 @@ aead_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc)
 void
 aead_ctx_release(cipher_ctx_t *cipher_ctx)
 {
-    if (cipher_ctx->cipher->method >= CHACHA20POLY1305) {
+    if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) {
        return;
    }

@ -722,7 +709,7 @@ aead_key_init(int method, const char *pass)
        FATAL("Failed to initialize sodium");
    }

-    if (method >= CHACHA20POLY1305) {
+    if (method >= CHACHA20POLY1305IETF) {
        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
        cipher->info             = cipher_info;
        cipher->info->base       = NULL;
--- a/src/aead.h
+++ b/src/aead.h
@ -28,9 +28,9 @@
 // currently, XCHACHA20POLY1305IETF is not released yet
 // XCHACHA20POLY1305 is removed in upstream
 #ifdef FS_HAVE_XCHACHA20IETF
-#define AEAD_CIPHER_NUM              6
-#else
 #define AEAD_CIPHER_NUM              5
+#else
+#define AEAD_CIPHER_NUM              4
 #endif

 int aead_encrypt_all(buffer_t *, cipher_t *, size_t);
--- a/src/stream.c
+++ b/src/stream.c
@ -81,9 +81,7 @@ const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
    "seed-cfb",
    "salsa20",
    "chacha20",
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
    "chacha20-ietf"
-#endif
 };

 static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
@ -107,23 +105,15 @@ static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
    CIPHER_UNSUPPORTED,
    "salsa20",
    "chacha20",
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
    "chacha20-ietf"
-#endif
 };

 static const int supported_stream_ciphers_nonce_size[STREAM_CIPHER_NUM] = {
-    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
-    , 12
-#endif
+    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
 };

 static const int supported_stream_ciphers_key_size[STREAM_CIPHER_NUM] = {
-    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
-    , 32
-#endif
+    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32, 32
 };

 static int
@ -136,10 +126,8 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
        return crypto_stream_salsa20_xor_ic(c, m, mlen, n, ic, k);
    case CHACHA20:
        return crypto_stream_chacha20_xor_ic(c, m, mlen, n, ic, k);
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
    case CHACHA20IETF:
        return crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, n, (uint32_t)ic, k);
-#endif
    }
    // always return 0
    return 0;
--- a/src/stream.h
+++ b/src/stream.h
@ -35,11 +35,7 @@
 #endif

 #include <sodium.h>
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
 #define STREAM_CIPHER_NUM          21
-#else
-#define STREAM_CIPHER_NUM          20
-#endif

 #include "crypto.h"

--- a/src/utils.c
+++ b/src/utils.c
@ -281,15 +281,10 @@ usage()
        "                                  camellia-128-cfb, camellia-192-cfb,\n");
    printf(
        "                                  camellia-256-cfb, bf-cfb,\n");
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
    printf(
-        "                                  chacha20-poly1305, chacha20-ietf-poly1305\n");
+        "                                  chacha20-ietf-poly1305,\n");
    printf(
        "                                  salsa20, chacha20 and chacha20-ietf.\n");
-#else
-    printf(
-        "                                  chacha20-poly1305, salsa20, chacha20.\n");
-#endif
    printf(
        "                                  The default cipher is rc4-md5.\n");
    printf("\n");