Zolemba za Shadowsocks
Navigation
AEAD
AEAD imayimira Authenticated Encryption with Associated Data. Ma ciphers a AEAD nthawi imodzi amapereka zinsinsi, kukhulupirika, ndi zowona. Iwo ali ndi ntchito zabwino kwambiri komanso mphamvu zamagetsi pa hardware yamakono. Ogwiritsa ntchito ayenera kugwiritsa ntchito zilembo za AEAD ngati kuli kotheka.
Ma ciphers otsatirawa a AEAD akulimbikitsidwa. Kukhazikitsa kogwirizana ndi Shadowsocks kuyenera kuthandizira AEAD_CHACHA20_POLY1305. Kukhazikitsa kwa zida zomwe zili ndi hardware AES mathamangitsidwe ziyeneranso kukhazikitsa AEAD_AES_128_GCM ndi AEAD_AES_256_GCM.
dzina | Zinyama | Kukula Kwambiri | Kukula kwa Mchere | Nonce Size | Tag Tag |
AEAD_CHACHA20_POLY1305 | chacha20-ietf-poly1305 | 32 | 32 | 12 | 16 |
AEAD_AES_256_GCM | kulemera kwake - 256 g | 32 | 32 | 12 | 16 |
AEAD_AES_128_GCM | kulemera kwake - 128 g | 16 | 16 | 12 | 16 |
Chonde onetsani Kulembetsa kwa IANA AEAD za dongosolo la mayina ndi mafotokozedwe.
Kutengera Mfungulo
Chinsinsi cha master chikhoza kulowetsedwa mwachindunji kuchokera kwa wogwiritsa ntchito kapena kupangidwa kuchokera ku mawu achinsinsi.
HKDF_SHA1 ndi ntchito yomwe imatenga kiyi yachinsinsi, mchere wosakhala wachinsinsi, chingwe chachidziwitso, ndikupanga subkey yomwe imakhala yolimba kwambiri ngakhale makiyi achinsinsi olowera ali ofooka.
HKDF_SHA1(kiyi, mchere, zambiri) => subkey
Chingwe chazidziwitso chimamanga subkey yopangidwa kuzinthu zinazake zogwiritsa ntchito. Kwa ife, iyenera kukhala chingwe "ss-subkey" popanda mawu.
Timapeza kamphindi kakang'ono pagawo lililonse kuchokera pa kiyi yogawana nawo kale pogwiritsa ntchito HKDF_SHA1. Mchere uyenera kukhala wapadera pa moyo wonse wa kiyi yogawana nawo kale.
Kutsimikizika Kwachinsinsi / Kutsitsidwa
AE_encrypt ndi ntchito yomwe imatenga kiyi yachinsinsi, nonce yosakhala yachinsinsi, uthenga, ndikupanga ciphertext ndi tag yotsimikizika. Nonce iyenera kukhala yapadera pa kiyi yoperekedwa pakupemphedwa kulikonse.
AE_encrypt(key, nonce, message) => (ciphertext, tag)
AE_decrypt ndi ntchito yomwe imatenga kiyi yachinsinsi, yosadziwika mwachinsinsi, ciphertext, tag yotsimikizira, ndikupanga uthenga woyambirira. Ngati zina mwazolowetsazo zasokonezedwa, kumasulirako kudzalephera.
AE_decrypt(key, nonce, ciphertext, tag) => uthenga
TCP
Mtsinje wa TCP wobisika wa AEAD umayamba ndi mchere wopangidwa mwachisawawa kuti utenge gawo la gawo lililonse, ndikutsatiridwa ndi kuchuluka kwa ma chunks obisika. Chigawo chilichonse chili ndi dongosolo ili:
[malipiro obisika][tag yautali][malipiro obisika][tag yolemetsa]
Utali wamalipiro ndi 2-byte yayikulu-endian yosasainira nambala yonse yomwe ili pa 0x3FFF. Ma bits awiri apamwamba ndi osungidwa ndipo ayenera kukhazikitsidwa kukhala ziro. Kulipira chifukwa chake kumangokhala 16 * 1024 - 1 mabayiti.
Opaleshoni yoyamba ya AEAD encrypt/decrypt imagwiritsa ntchito mawu owerengera kuyambira 0. Pambuyo pa ntchito iliyonse yobisa / kubisa, nonce imakulitsidwa ndi imodzi ngati kuti ndi nambala yaing'ono yosasainidwa. Dziwani kuti chunk iliyonse ya TCP imaphatikizapo ntchito ziwiri za AEAD encrypt / decrypt: imodzi ya kutalika kwa malipiro, ndi imodzi ya malipiro. Chifukwa chake chunk iliyonse imawonjezera nonce kawiri.
TCP
Mtsinje wa TCP wobisika wa AEAD umayamba ndi mchere wopangidwa mwachisawawa kuti utenge gawo la gawo lililonse, ndikutsatiridwa ndi kuchuluka kwa ma chunks obisika. Chigawo chilichonse chili ndi dongosolo ili:
[malipiro obisika][tag yautali][malipiro obisika][tag yolemetsa]
Utali wamalipiro ndi 2-byte yayikulu-endian yosasainira nambala yonse yomwe ili pa 0x3FFF. Ma bits awiri apamwamba ndi osungidwa ndipo ayenera kukhazikitsidwa kukhala ziro. Kulipira chifukwa chake kumangokhala 16 * 1024 - 1 mabayiti.
Opaleshoni yoyamba ya AEAD encrypt/decrypt imagwiritsa ntchito mawu owerengera kuyambira 0. Pambuyo pa ntchito iliyonse yobisa / kubisa, nonce imakulitsidwa ndi imodzi ngati kuti ndi nambala yaing'ono yosasainidwa. Dziwani kuti chunk iliyonse ya TCP imaphatikizapo ntchito ziwiri za AEAD encrypt / decrypt: imodzi ya kutalika kwa malipiro, ndi imodzi ya malipiro. Chifukwa chake chunk iliyonse imawonjezera nonce kawiri.
