Refine ciphers

doc/shadowsocks-libev.asciidoc

@@ -50,14 +50,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
 aes-128-gcm, aes-192-gcm, aes-256-gcm,
-chacha20-poly1305, chacha20-ietf-poly1305,
 rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
 camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
-salsa20, chacha20 and chacha20-ietf.
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +

doc/ss-local.asciidoc

@@ -45,12 +45,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +

doc/ss-manager.asciidoc

@@ -43,12 +43,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +

doc/ss-redir.asciidoc

@@ -46,12 +46,13 @@ password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +

doc/ss-server.asciidoc

@@ -43,14 +43,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
-+
-The default cipher is 'rc4-md5'.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 If built with PolarSSL or custom OpenSSL libraries, some of
 these ciphers may not work.

doc/ss-tunnel.asciidoc

@@ -45,12 +45,13 @@ Set the password. The server and the client should use the same password.
 -m <encrypt_method>::
 Set the cipher.
 +
-*Shadowsocks-libev* accepts 21 different ciphers:
+*Shadowsocks-libev* accepts 18 different ciphers:
 +
-table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
+aes-128-gcm, aes-192-gcm, aes-256-gcm,
+rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
 aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
-camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
-idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
+chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
 +
 The default cipher is 'rc4-md5'.
 +

src/aead.c

@@ -46,11 +46,10 @@
  * methods below doesn't require it,
  * then we need to fake one
  */
-#define CHACHA20POLY1305        3
-#define CHACHA20POLY1305IETF    4
+#define CHACHA20POLY1305IETF    3
 
 #ifdef FS_HAVE_XCHACHA20IETF
-#define XCHACHA20POLY1305IETF   5
+#define XCHACHA20POLY1305IETF   4
 #endif
 
 #define CHUNK_SIZE_LEN          2
@@ -146,7 +145,6 @@ const char *supported_aead_ciphers[AEAD_CIPHER_NUM] = {
     "aes-128-gcm",
     "aes-192-gcm",
     "aes-256-gcm",
-    "chacha20-poly1305",
     "chacha20-ietf-poly1305",
 #ifdef FS_HAVE_XCHACHA20IETF
     "xchacha20-ietf-poly1305"
@@ -161,28 +159,27 @@ static const char *supported_aead_ciphers_mbedtls[AEAD_CIPHER_NUM] = {
     "AES-192-GCM",
     "AES-256-GCM",
     CIPHER_UNSUPPORTED,
-    CIPHER_UNSUPPORTED,
 #ifdef FS_HAVE_XCHACHA20IETF
     CIPHER_UNSUPPORTED
 #endif
 };
 
 static const int supported_aead_ciphers_nonce_size[AEAD_CIPHER_NUM] = {
-    12, 12, 12, 8, 12,
+    12, 12, 12, 12,
 #ifdef FS_HAVE_XCHACHA20IETF
     24
 #endif
 };
 
 static const int supported_aead_ciphers_key_size[AEAD_CIPHER_NUM] = {
-    16, 24, 32, 32, 32,
+    16, 24, 32, 32,
 #ifdef FS_HAVE_XCHACHA20IETF
     32
 #endif
 };
 
 static const int supported_aead_ciphers_tag_size[AEAD_CIPHER_NUM] = {
-    16, 16, 16, 16, 16,
+    16, 16, 16, 16,
 #ifdef FS_HAVE_XCHACHA20IETF
     16
 #endif
@@ -212,11 +209,6 @@ cipher_aead_encrypt(cipher_ctx_t *cipher_ctx,
                                           m, mlen, c, clen, c + mlen, tlen);
         *clen += tlen;
         break;
-    case CHACHA20POLY1305:
-        err = crypto_aead_chacha20poly1305_encrypt(c, &long_clen, m, mlen,
-                                                   ad, adlen, NULL, n, k);
-        *clen = (size_t)long_clen;
-        break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
                                                         ad, adlen, NULL, n, k);
@@ -259,11 +251,6 @@ cipher_aead_decrypt(cipher_ctx_t *cipher_ctx,
         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
         break;
-    case CHACHA20POLY1305:
-        err = crypto_aead_chacha20poly1305_decrypt(p, &long_plen, NULL, m, mlen,
-                                                   ad, adlen, n, k);
-        *plen = (size_t)long_plen; // it's safe to cast 64bit to 32bit length here
-        break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
                                                         ad, adlen, n, k);
@@ -296,7 +283,7 @@ aead_get_cipher_type(int method)
     }
 
     /* cipher that don't use mbed TLS, just return */
-    if (method >= CHACHA20POLY1305) {
+    if (method >= CHACHA20POLY1305IETF) {
         return NULL;
     }
 
@@ -318,7 +305,7 @@ aead_cipher_ctx_init(cipher_ctx_t *cipher_ctx, int method, int enc)
         return;
     }
 
-    if (method >= CHACHA20POLY1305) {
+    if (method >= CHACHA20POLY1305IETF) {
         return;
     }
 
@@ -369,7 +356,7 @@ aead_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc)
 void
 aead_ctx_release(cipher_ctx_t *cipher_ctx)
 {
-    if (cipher_ctx->cipher->method >= CHACHA20POLY1305) {
+    if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) {
         return;
     }
 
@@ -722,7 +709,7 @@ aead_key_init(int method, const char *pass)
         FATAL("Failed to initialize sodium");
     }
 
-    if (method >= CHACHA20POLY1305) {
+    if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
         cipher->info->base       = NULL;

src/aead.h

@@ -28,9 +28,9 @@
 // currently, XCHACHA20POLY1305IETF is not released yet
 // XCHACHA20POLY1305 is removed in upstream
 #ifdef FS_HAVE_XCHACHA20IETF
-#define AEAD_CIPHER_NUM              6
-#else
 #define AEAD_CIPHER_NUM              5
+#else
+#define AEAD_CIPHER_NUM              4
 #endif
 
 int aead_encrypt_all(buffer_t *, cipher_t *, size_t);

src/stream.c

@@ -81,9 +81,7 @@ const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
     "seed-cfb",
     "salsa20",
     "chacha20",
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
     "chacha20-ietf"
-#endif
 };
 
 static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
@@ -107,23 +105,15 @@ static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
     CIPHER_UNSUPPORTED,
     "salsa20",
     "chacha20",
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
     "chacha20-ietf"
-#endif
 };
 
 static const int supported_stream_ciphers_nonce_size[STREAM_CIPHER_NUM] = {
-    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
-    , 12
-#endif
+    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
 };
 
 static const int supported_stream_ciphers_key_size[STREAM_CIPHER_NUM] = {
-    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
-    , 32
-#endif
+    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32, 32
 };
 
 static int
@@ -136,10 +126,8 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
         return crypto_stream_salsa20_xor_ic(c, m, mlen, n, ic, k);
     case CHACHA20:
         return crypto_stream_chacha20_xor_ic(c, m, mlen, n, ic, k);
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
     case CHACHA20IETF:
         return crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, n, (uint32_t)ic, k);
-#endif
     }
     // always return 0
     return 0;

src/stream.h

@@ -35,11 +35,7 @@
 #endif
 
 #include <sodium.h>
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
 #define STREAM_CIPHER_NUM          21
-#else
-#define STREAM_CIPHER_NUM          20
-#endif
 
 #include "crypto.h"
 

src/utils.c

@@ -281,15 +281,10 @@ usage()
         "                                  camellia-128-cfb, camellia-192-cfb,\n");
     printf(
         "                                  camellia-256-cfb, bf-cfb,\n");
-#if SODIUM_LIBRARY_VERSION_MAJOR >= 8
     printf(
-        "                                  chacha20-poly1305, chacha20-ietf-poly1305\n");
+        "                                  chacha20-ietf-poly1305,\n");
     printf(
         "                                  salsa20, chacha20 and chacha20-ietf.\n");
-#else
-    printf(
-        "                                  chacha20-poly1305, salsa20, chacha20.\n");
-#endif
     printf(
         "                                  The default cipher is rc4-md5.\n");
     printf("\n");