Akwụkwọ Shadowsocks
navigation
AEAD
AEAD na-anọchi anya ezoro ezo nke ọma yana data Associated. AEAD ciphers n'otu oge na-enye nzuzo, iguzosi ike n'ezi ihe na eziokwu. Ha nwere arụmọrụ dị mma na arụmọrụ ike na ngwaike ọgbara ọhụrụ. Ndị ọrụ kwesịrị iji akara AEAD mgbe ọ bụla enwere ike.
A na-akwado ciphers AEAD ndị a. Mmejuputa Shadowsocks ga-akwadorịrị AEAD_CHACHA20_POLY1305. Mmemme maka ngwaọrụ nwere ngwa ngwa AES acceleration kwesịkwara mejuputa AEAD_AES_128_GCM na AEAD_AES_256_GCM.
aha | utu aha | Nha igodo | Nha nnu | Nha adịghị | Tag Size |
AEAD_CHACHA20_POLY1305 | chacha20-ietf-poly1305 | 32 | 32 | 12 | 16 |
AEAD_AES_256_GCM | -256 gcm | 32 | 32 | 12 | 16 |
AEAD_AES_128_GCM | -128 gcm | 16 | 16 | 12 | 16 |
Biko mee aka IANA AEAD ndekọ maka atụmatụ aha na nkọwapụta.
Mwepụta igodo
Enwere ike itinye igodo nna ukwu site na onye ọrụ ma ọ bụ nweta ya site na paswọọdụ.
HKDF_SHA1 bụ ọrụ na-ewe igodo nzuzo, nnu na-abụghị nzuzo, eriri ozi, ma na-emepụta obere igodo nke siri ike nke cryptographically ọbụlagodi ma igodo nzuzo ntinye adịghị ike.
HKDF_SHA1(igodo, nnu, ozi) => subkey
Eriri ozi na-ejikọta igodo subkey emepụtara na mpaghara ngwa akọwapụtara. N'ọnọdụ anyị, ọ ga-abụrịrị eriri "ss-subkey" na-enweghị nhota okwu.
Anyị na-enweta igodo nkeji oge ọ bụla site na igodo nna ukwu ekekọrịtara mbụ site na iji HKDF_SHA1. Nnu ga-abụrịrị ihe pụrụ iche site na ndụ niile nke igodo nna ukwu ekekọrịtara mbụ.
Izo ya ezo/Mwepu nke ọma
AE_encrypt bụ ọrụ na-ewe igodo nzuzo, ozi na-abụghị nke nzuzo, ma na-emepụta ciphertext na mkpado nyocha. Onye ọ bụla agaghị abụ ihe pụrụ iche maka igodo enyere na oku ọ bụla.
AE_encrypt(igodo, nonce, ozi) => (ederede, mkpado)
AE_decrypt bụ ọrụ na-ewe igodo nzuzo, enweghị nzuzo, ederede ciphertext, mkpado nyocha, wee wepụta ozi izizi. Ọ bụrụ na etinyere ihe ọ bụla n'ime ntinye ahụ, nbibi ahụ ga-ada.
AE_decrypt(igodo, nonce, ciphertext, mkpado) => ozi
TCP
AEAD ezoro ezo TCP iyi na-amalite site na nnu ewepụtara na-enweghị usoro iji nweta bọkị nke nnọkọ ọ bụla, na-esochi ọnụ ọgụgụ nke chunks ezoro ezo. Akụkụ nke ọ bụla nwere usoro a:
[ogologo ịkwụ ụgwọ ezoro ezo].
Ogologo ụgwọ ịkwụ ụgwọ bụ ọnụọgụ 2-byte nnukwu-endian na-edebanyeghị aha na 0x3FFF. Edobere ibe n'ibe abụọ dị elu ma a ga-edozirịrị ka ọ bụrụ efu. Ya mere ugwo ugwo nwere oke na 16*1024 – 1 bytes.
Nke mbụ AEAD encrypt/decrypt ọrụ na-eji a agụta nonce malite na 0. Mgbe nke ọ bụla encrypt/decrypt ọrụ, nonce na-abawanye site otu dị ka a ga-asị na ọ bụ obere-endian integer na-edeghị ede. Rịba ama na chunk TCP ọ bụla gụnyere ọrụ abụọ AEAD encrypt / decrypt: otu maka ogologo ụgwọ ọrụ, na otu maka ụgwọ ọrụ. Ya mere, nke ọ bụla chunk na-abawanye nonce ugboro abụọ.
TCP
AEAD ezoro ezo TCP iyi na-amalite site na nnu ewepụtara na-enweghị usoro iji nweta bọkị nke nnọkọ ọ bụla, na-esochi ọnụ ọgụgụ nke chunks ezoro ezo. Akụkụ nke ọ bụla nwere usoro a:
[ogologo ịkwụ ụgwọ ezoro ezo].
Ogologo ụgwọ ịkwụ ụgwọ bụ ọnụọgụ 2-byte nnukwu-endian na-edebanyeghị aha na 0x3FFF. Edobere ibe n'ibe abụọ dị elu ma a ga-edozirịrị ka ọ bụrụ efu. Ya mere ugwo ugwo nwere oke na 16*1024 – 1 bytes.
Nke mbụ AEAD encrypt/decrypt ọrụ na-eji a agụta nonce malite na 0. Mgbe nke ọ bụla encrypt/decrypt ọrụ, nonce na-abawanye site otu dị ka a ga-asị na ọ bụ obere-endian integer na-edeghị ede. Rịba ama na chunk TCP ọ bụla gụnyere ọrụ abụọ AEAD encrypt / decrypt: otu maka ogologo ụgwọ ọrụ, na otu maka ụgwọ ọrụ. Ya mere, nke ọ bụla chunk na-abawanye nonce ugboro abụọ.