AEAD-2022 ciphers (new protocol)

- Draft:
  shadowsocks/shadowsocks-org#194 (comment)

Cargo.toml

@@ -126,6 +126,9 @@ stream-cipher = ["shadowsocks-service/stream-cipher"]
 # WARN: These non-standard AEAD ciphers are not officially supported by shadowsocks community
 aead-cipher-extra = ["shadowsocks-service/aead-cipher-extra"]
 
+# Enable AEAD 2022
+aead-cipher-2022 = ["shadowsocks-service/aead-cipher-2022"]
+
 # Enable detection against replay attack
 security-replay-attack-detect = ["shadowsocks-service/security-replay-attack-detect"]
 replay-attack-detect = ["security-replay-attack-detect"] # Backward compatibility. DO NOT USE.

bin/ssurl.rs

@@ -3,7 +3,7 @@
 //! SS-URI = "ss://" userinfo "@" hostname ":" port [ "/" ] [ "?" plugin ] [ "#" tag ]
 //! userinfo = websafe-base64-encode-utf8(method  ":" password)
 
-use clap::{Command, Arg};
+use clap::{Arg, Command};
 use qrcode::{types::Color, QrCode};
 
 use shadowsocks_service::{

crates/shadowsocks-service/Cargo.toml

@@ -38,7 +38,7 @@ dns-over-tls = ["trust-dns", "trust-dns-resolver/dns-over-tls", "trust-dns-resol
 dns-over-https = ["trust-dns", "trust-dns-resolver/dns-over-https", "trust-dns-resolver/dns-over-https-rustls"]
 
 # Enable DNS-relay
-local-dns = ["local", "trust-dns", "rand"]
+local-dns = ["local", "trust-dns"]
 # Backward compatibility, DO NOT USE
 local-dns-relay = ["local-dns"]
 # Enable client flow statistic report
@@ -56,7 +56,7 @@ local-tunnel = ["local"]
 # Enable socks4 protocol for sslocal
 local-socks4 = ["local"]
 # Enable Tun interface protocol for sslocal
-local-tun = ["local", "etherparse", "tun", "rand", "smoltcp"]
+local-tun = ["local", "etherparse", "tun", "smoltcp"]
 
 # Enable Stream Cipher Protocol
 # WARN: Stream Cipher Protocol is proved to be insecure
@@ -68,6 +68,9 @@ stream-cipher = ["shadowsocks/stream-cipher"]
 # WARN: These non-standard AEAD ciphers are not officially supported by shadowsocks community
 aead-cipher-extra = ["shadowsocks/aead-cipher-extra"]
 
+# Enable AEAD 2022
+aead-cipher-2022 = ["shadowsocks/aead-cipher-2022"]
+
 # Enable detection against replay attack
 security-replay-attack-detect = ["shadowsocks/security-replay-attack-detect"]
 # Enable IV printable prefix
@@ -92,7 +95,7 @@ lru_time_cache = "0.11"
 bytes = "1.0"
 byte_string = "1.0"
 byteorder = "1.3"
-rand = { version = "0.8", optional = true }
+rand = "0.8"
 
 futures = "0.3"
 tokio = { version = "1.5", features = ["io-util", "macros", "net", "parking_lot", "rt", "sync", "time"] }

crates/shadowsocks-service/src/config.rs

@@ -66,7 +66,7 @@ use serde::{Deserialize, Serialize};
 use shadowsocks::relay::socks5::Address;
 use shadowsocks::{
     config::{ManagerAddr, Mode, ReplayAttackPolicy, ServerAddr, ServerConfig, ServerWeight},
-    crypto::v1::CipherKind,
+    crypto::CipherKind,
     plugin::PluginConfig,
 };
 #[cfg(feature = "trust-dns")]

crates/shadowsocks-service/src/local/http/connector.rs

@@ -31,9 +31,9 @@ impl Connector {
 }
 
 impl Service<Uri> for Connector {
-    type Response = ProxyHttpStream;
     type Error = io::Error;
     type Future = Connecting;
+    type Response = ProxyHttpStream;
 
     fn poll_ready(&mut self, _cx: &mut task::Context<'_>) -> Poll<Result<(), Self::Error>> {
         Poll::Ready(Ok(()))
@@ -67,7 +67,7 @@ impl Service<Uri> for Connector {
                     }
                 }
             }
-                .boxed(),
+            .boxed(),
         }
     }
 }

crates/shadowsocks-service/src/local/net/tcp/auto_proxy_stream.rs

@@ -11,12 +11,9 @@ use std::{
 use pin_project::pin_project;
 use shadowsocks::{
     net::TcpStream,
-    relay::{
-        socks5::Address,
-        tcprelay::proxy_stream::{ProxyClientStream, ProxyClientStreamReadHalf, ProxyClientStreamWriteHalf},
-    },
+    relay::{socks5::Address, tcprelay::proxy_stream::ProxyClientStream},
 };
-use tokio::io::{AsyncRead, AsyncWrite, ReadBuf, ReadHalf, WriteHalf};
+use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
 
 use crate::{
     local::{context::ServiceContext, loadbalancing::ServerIdent},
@@ -160,93 +157,3 @@ impl From<ProxyClientStream<MonProxyStream<TcpStream>>> for AutoProxyClientStrea
         AutoProxyClientStream::Proxied(s)
     }
 }
-
-impl AutoProxyClientStream {
-    pub fn into_split(self) -> (AutoProxyClientStreamReadHalf, AutoProxyClientStreamWriteHalf) {
-        match self {
-            AutoProxyClientStream::Proxied(s) => {
-                let (r, w) = s.into_split();
-                (
-                    AutoProxyClientStreamReadHalf::Proxied(r),
-                    AutoProxyClientStreamWriteHalf::Proxied(w),
-                )
-            }
-            AutoProxyClientStream::Bypassed(s) => {
-                let (r, w) = tokio::io::split(s);
-                (
-                    AutoProxyClientStreamReadHalf::Bypassed(r),
-                    AutoProxyClientStreamWriteHalf::Bypassed(w),
-                )
-            }
-        }
-    }
-}
-
-#[allow(clippy::large_enum_variant)]
-#[pin_project(project = AutoProxyClientStreamReadHalfProj)]
-pub enum AutoProxyClientStreamReadHalf {
-    Proxied(#[pin] ProxyClientStreamReadHalf<MonProxyStream<TcpStream>>),
-    Bypassed(#[pin] ReadHalf<TcpStream>),
-}
-
-impl AutoProxyIo for AutoProxyClientStreamReadHalf {
-    fn is_proxied(&self) -> bool {
-        matches!(*self, AutoProxyClientStreamReadHalf::Proxied(..))
-    }
-}
-
-impl AsyncRead for AutoProxyClientStreamReadHalf {
-    fn poll_read(self: Pin<&mut Self>, cx: &mut task::Context<'_>, buf: &mut ReadBuf<'_>) -> Poll<io::Result<()>> {
-        match self.project() {
-            AutoProxyClientStreamReadHalfProj::Proxied(s) => s.poll_read(cx, buf),
-            AutoProxyClientStreamReadHalfProj::Bypassed(s) => s.poll_read(cx, buf),
-        }
-    }
-}
-
-#[allow(clippy::large_enum_variant)]
-#[pin_project(project = AutoProxyClientStreamWriteHalfProj)]
-pub enum AutoProxyClientStreamWriteHalf {
-    Proxied(#[pin] ProxyClientStreamWriteHalf<MonProxyStream<TcpStream>>),
-    Bypassed(#[pin] WriteHalf<TcpStream>),
-}
-
-impl AutoProxyIo for AutoProxyClientStreamWriteHalf {
-    fn is_proxied(&self) -> bool {
-        matches!(*self, AutoProxyClientStreamWriteHalf::Proxied(..))
-    }
-}
-
-impl AsyncWrite for AutoProxyClientStreamWriteHalf {
-    fn poll_write(self: Pin<&mut Self>, cx: &mut task::Context<'_>, buf: &[u8]) -> Poll<io::Result<usize>> {
-        match self.project() {
-            AutoProxyClientStreamWriteHalfProj::Proxied(s) => s.poll_write(cx, buf),
-            AutoProxyClientStreamWriteHalfProj::Bypassed(s) => s.poll_write(cx, buf),
-        }
-    }
-
-    fn poll_flush(self: Pin<&mut Self>, cx: &mut task::Context<'_>) -> Poll<io::Result<()>> {
-        match self.project() {
-            AutoProxyClientStreamWriteHalfProj::Proxied(s) => s.poll_flush(cx),
-            AutoProxyClientStreamWriteHalfProj::Bypassed(s) => s.poll_flush(cx),
-        }
-    }
-
-    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut task::Context<'_>) -> Poll<io::Result<()>> {
-        match self.project() {
-            AutoProxyClientStreamWriteHalfProj::Proxied(s) => s.poll_shutdown(cx),
-            AutoProxyClientStreamWriteHalfProj::Bypassed(s) => s.poll_shutdown(cx),
-        }
-    }
-
-    fn poll_write_vectored(
-        self: Pin<&mut Self>,
-        cx: &mut task::Context<'_>,
-        bufs: &[IoSlice<'_>],
-    ) -> Poll<io::Result<usize>> {
-        match self.project() {
-            AutoProxyClientStreamWriteHalfProj::Proxied(s) => s.poll_write_vectored(cx, bufs),
-            AutoProxyClientStreamWriteHalfProj::Bypassed(s) => s.poll_write_vectored(cx, bufs),
-        }
-    }
-}