From 26b2a1d65769c6311737d62f4818c5f409f7340e Mon Sep 17 00:00:00 2001 From: database64128 Date: Mon, 12 Sep 2022 18:28:57 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=AE=20Remove=20`security-iv-printable-?= =?UTF-8?q?prefix`=20feature?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For https://github.com/shadowsocks/shadowsocks-org/issues/204. --- Cargo.lock | 89 +++++++++++++-------------- Cargo.toml | 2 - crates/shadowsocks-service/Cargo.toml | 2 - crates/shadowsocks/Cargo.toml | 2 - crates/shadowsocks/src/context.rs | 33 ---------- 5 files changed, 43 insertions(+), 85 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2ba51ea1f2a7..9469b365fb60 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -66,9 +66,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "0.7.18" +version = "0.7.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e" dependencies = [ "memchr", ] @@ -84,9 +84,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26fa4d7e3f2eebadf743988fc8aec9fa9a9e82611acafd77c1462ed6262440a" +checksum = "b9a8f622bcf6ff3df478e9deba3e03e4e04b300f8e6a139e192c05fa3490afc7" [[package]] name = "arc-swap" @@ -174,9 +174,9 @@ dependencies = [ [[package]] name = "block-buffer" -version = "0.10.2" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324" +checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" dependencies = [ "generic-array", ] @@ -388,9 +388,9 @@ checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" [[package]] name = "cpufeatures" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc948ebb96241bb40ab73effeb80d9f93afaad49359d159a5e61be51619fe813" +checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" dependencies = [ "libc", ] @@ -645,11 +645,10 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "form_urlencoded" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191" +checksum = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8" dependencies = [ - "matches", "percent-encoding", ] @@ -803,7 +802,7 @@ dependencies = [ "indexmap", "slab", "tokio", - "tokio-util 0.7.3", + "tokio-util 0.7.4", "tracing", ] @@ -946,6 +945,16 @@ dependencies = [ "unicode-normalization", ] +[[package]] +name = "idna" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "indexmap" version = "1.9.1" @@ -1449,15 +1458,15 @@ dependencies = [ [[package]] name = "percent-encoding" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" +checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" [[package]] name = "pest" -version = "2.3.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b0560d531d1febc25a3c9398a62a71256c0178f2e3443baedd9ad4bb8c9deb4" +checksum = "cb779fcf4bb850fbbb0edc96ff6cf34fd90c4b1a112ce042653280d9a7364048" dependencies = [ "thiserror", "ucd-trie", @@ -1465,9 +1474,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.3.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "905708f7f674518498c1f8d644481440f476d39ca6ecae83319bba7c6c12da91" +checksum = "502b62a6d0245378b04ffe0a7fb4f4419a4815fce813bd8a0ec89a56e07d67b1" dependencies = [ "pest", "pest_generator", @@ -1475,9 +1484,9 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.3.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5803d8284a629cc999094ecd630f55e91b561a1d1ba75e233b00ae13b91a69ad" +checksum = "451e629bf49b750254da26132f1a5a9d11fd8a95a3df51d15c4abd1ba154cb6c" dependencies = [ "pest", "pest_meta", @@ -1488,13 +1497,13 @@ dependencies = [ [[package]] name = "pest_meta" -version = "2.3.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1538eb784f07615c6d9a8ab061089c6c54a344c5b4301db51990ca1c241e8c04" +checksum = "bcec162c71c45e269dfc3fc2916eaeb97feab22993a21bcce4721d08cd7801a6" dependencies = [ "once_cell", "pest", - "sha-1", + "sha1", ] [[package]] @@ -1929,17 +1938,6 @@ dependencies = [ "yaml-rust", ] -[[package]] -name = "sha-1" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest 0.10.3", -] - [[package]] name = "sha1" version = "0.10.4" @@ -2060,7 +2058,7 @@ dependencies = [ "etherparse", "futures", "hyper", - "idna", + "idna 0.2.3", "ipnet", "iprange", "json5", @@ -2222,9 +2220,9 @@ dependencies = [ [[package]] name = "sysexits" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57c24dea646d0a2a4209a2d960275fd4416be9ab32c77927f51279a621e2b629" +checksum = "70bb908917c14629cfe25e0198e96757ff3d07861da4452d27e4bd4ea333644d" [[package]] name = "tcmalloc" @@ -2426,9 +2424,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc463cd8deddc3770d20f9852143d50bf6094e640b485cb2e189a2099085ff45" +checksum = "0bb2e075f03b3d66d8d8785356224ba688d2906a371015e225beeb65ca92c740" dependencies = [ "bytes", "futures-core", @@ -2516,7 +2514,7 @@ dependencies = [ "futures-util", "h2", "http", - "idna", + "idna 0.2.3", "ipnet", "lazy_static", "rand", @@ -2597,9 +2595,9 @@ checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" [[package]] name = "ucd-trie" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89570599c4fe5585de2b388aab47e99f7fa4e9238a1399f707a02e356058141c" +checksum = "9e79c4d996edb816c91e4308506774452e55e95c3c9de07b6729e17e15a5ef81" [[package]] name = "unicode-bidi" @@ -2649,13 +2647,12 @@ checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" [[package]] name = "url" -version = "2.2.2" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c" +checksum = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643" dependencies = [ "form_urlencoded", - "idna", - "matches", + "idna 0.3.0", "percent-encoding", "serde", ] diff --git a/Cargo.toml b/Cargo.toml index f171358c3600..429fd6490ece 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -136,8 +136,6 @@ aead-cipher-2022-extra = ["shadowsocks-service/aead-cipher-2022-extra"] # Enable detection against replay attack (Stream / AEAD) security-replay-attack-detect = ["shadowsocks-service/security-replay-attack-detect"] replay-attack-detect = ["security-replay-attack-detect"] # Backward compatibility. DO NOT USE. -# Enable IV printable prefix -security-iv-printable-prefix = ["shadowsocks-service/security-iv-printable-prefix"] # Enable ARMv8 related optimizations armv8 = ["shadowsocks-service/armv8"] diff --git a/crates/shadowsocks-service/Cargo.toml b/crates/shadowsocks-service/Cargo.toml index e9f093e9c1c6..8ac7b3b5a3a2 100644 --- a/crates/shadowsocks-service/Cargo.toml +++ b/crates/shadowsocks-service/Cargo.toml @@ -75,8 +75,6 @@ aead-cipher-2022-extra = ["shadowsocks/aead-cipher-2022-extra"] # Enable detection against replay attack security-replay-attack-detect = ["shadowsocks/security-replay-attack-detect"] -# Enable IV printable prefix -security-iv-printable-prefix = ["shadowsocks/security-iv-printable-prefix"] # Enable ARMv8 related optimizations armv8 = ["shadowsocks/armv8"] diff --git a/crates/shadowsocks/Cargo.toml b/crates/shadowsocks/Cargo.toml index 8a2850781c83..1aadcc77246d 100644 --- a/crates/shadowsocks/Cargo.toml +++ b/crates/shadowsocks/Cargo.toml @@ -38,8 +38,6 @@ aead-cipher-2022-extra = ["aead-cipher-2022", "shadowsocks-crypto/v2-extra"] # Enable detection against replay attack security-replay-attack-detect = ["bloomfilter"] -# Enable IV printable prefix -security-iv-printable-prefix = ["rand"] # Enable ARMv8 related optimizations armv8 = ["shadowsocks-crypto/armv8"] diff --git a/crates/shadowsocks/src/context.rs b/crates/shadowsocks/src/context.rs index 69f0d5ea09dc..12aa1c47ab1c 100644 --- a/crates/shadowsocks/src/context.rs +++ b/crates/shadowsocks/src/context.rs @@ -66,22 +66,6 @@ impl Context { loop { random_iv_or_salt(nonce); - // SECURITY: First 6 bytes of payload should be printable characters - // Observation shows that prepending 6 bytes of printable characters to random payload will exempt it from blocking. - // by 2022-01-13 gfw.report et al. - #[cfg(feature = "security-iv-printable-prefix")] - { - const SECURITY_PRINTABLE_PREFIX_LEN: usize = 6; - if nonce.len() >= SECURITY_PRINTABLE_PREFIX_LEN { - // Printable characters use base64 letters instead - static ASCII_PRINTABLE_CHARS: &[u8] = br##"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"##; - - for b in nonce.iter_mut().take(SECURITY_PRINTABLE_PREFIX_LEN) { - *b = ASCII_PRINTABLE_CHARS[(*b as usize) % ASCII_PRINTABLE_CHARS.len()]; - } - } - } - // Salt already exists, generate a new one. if unique && self.check_nonce_and_set(method, nonce) { continue; @@ -163,20 +147,3 @@ impl Context { self.replay_policy } } - -#[cfg(test)] -mod tests { - use crate::config::ServerType; - use crate::context::Context; - use byte_string::ByteStr; - use shadowsocks_crypto::CipherKind; - - #[test] - fn generate_nonce() { - let mut salt = vec![0u8; 64]; - let context = Context::new(ServerType::Server); - context.generate_nonce(CipherKind::AES_128_GCM, &mut salt, false); - println!("generate nonce printable ascii: {:?}", ByteStr::new(&salt)); - } - -}