Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

upgrade to SIP022 ciphers #2887

Merged
merged 8 commits into from
Jun 19, 2022
Merged

upgrade to SIP022 ciphers #2887

merged 8 commits into from
Jun 19, 2022

Conversation

dev4u
Copy link
Contributor

@dev4u dev4u commented May 20, 2022

(#2865)
Maybe really need to release a new version, so more people can test the new ciphering.
The new ciphering may cause the cell phone's battery to be less durable.

@dev4u dev4u changed the title upgrade to rust 2022 ciphers upgrade to SIP022 ciphers May 21, 2022
@Mygod
Copy link
Contributor

Mygod commented May 21, 2022

@madeye What's your thoughts on this 2022 shenanigans? I haven't been bothered to read it yet.

zonyitoo
zonyitoo reviewed May 21, 2022
View reviewed changes
@zonyitoo
Copy link

Apart from SIP022 (AEAD-2022), there are some improvements in shadowsocks-rust:

  1. shadowsocks-crypto's ciphers have been switched to RustCrypto community, which is in more active development. But RustCrypto's implementations are slightly slower than crypto2.
  2. An experimental tun interface support. It still need performance improvement but working well in most cases.
  3. Supporting | and || in ACL rules for better performance.

AEAD-2022 is ready for test, what do you think about this new protocol? @Mygod

@Mygod
Copy link
Contributor

Mygod commented May 21, 2022

I am unconvinced that a backwards-incompatible upgrade is necessary.

@dev4u
Copy link
Contributor Author

dev4u commented May 22, 2022
edited
Loading

2022协议能走多远?这没人能预测。向后兼容,这更无从说起。
一套协议肯定不是一蹴而就,要经过不断修改、验证、再修改……主要方向对了,那就开干吧。
shadowsocks的协议,也不是一开始就是现在这样,中间也有翻阴沟的时候,例如ota就直接被舍弃。
SS得以各位大佬的奉献,让SS得以持续向前发展。
2022协议,就是为了修复现有协议的缺陷才设计出来的。经过我个人试用后,仍存在某些缺陷。就算是这样,个人觉得还是应该让更多的人参与进来。只有扩大测试人群,得到足够的反馈,才能验证新协议是否有效。

@zonyitoo
Copy link

zonyitoo commented May 22, 2022
edited
Loading

I am unconvinced that a backwards-incompatible upgrade is necessary.

Some discussions in shadowsocks-org have shown that there may be no compatible way to resolve the security flaws. Proposal in SIP022 might be the minimal modification against the SIP004 AEAD protocol.

In the UDP protocol, the main goal is to reduce cryptography overhead, so SIP002 introduces a simple session based protocol. It performs well in stress test.

It is not perfect, maybe. So I will still keep shadowsocks-rust v1.15.0 in alpha release. shadowsocks-android may make an alpha release for letting more users to join.

@madeye
Copy link
Contributor

madeye commented May 22, 2022

@Mygod no matter what I think, they decided to add this cipher... Maybe we just follow it and do some experimental releases, in case anyone wants to give it a try.

@chuxi
Copy link

chuxi commented May 23, 2022

I just released it myself with self-updated ss-rust version v1.14.3 :(

I am unconvinced that a backwards-incompatible upgrade is necessary.

agree with you. but I also updated my server side. because the old version not works anymore. Always detected and blocked on vultr.

@MegoCat MegoCat mentioned this pull request May 26, 2022
Closed
@madeye
Copy link
Contributor

madeye commented May 27, 2022
edited
Loading

Attaching an experimental release here: https://www.dropbox.com/s/qmqptqpu1vbhxlk/shadowsocks-rust-1.15.0-nightly.apk?dl=0

@dev4u
Copy link
Contributor Author

dev4u commented May 27, 2022

有点难为你了,大兄弟。

@dev4u
Copy link
Contributor Author

dev4u commented Jun 5, 2022

如果有小伙伴构建这个PR的,请将ss rust依赖版本更新至:shadowsocks/shadowsocks-rust@c9f7a7b
ref shadowsocks/shadowsocks-rust#855

@madeye madeye merged commit 416afd1 into shadowsocks:master Jun 19, 2022
@dev4u dev4u deleted the upgrade_2022_ciphers branch June 19, 2022 10:31
Mygod
Mygod reviewed Dec 20, 2022
View reviewed changes
core/src/main/java/com/github/shadowsocks/bg/TrafficMonitor.kt
txRate = (txTotal - out.txTotal) * 1000 / delta
rxRate = (rxTotal - out.rxTotal) * 1000 / delta
txRate = (txTotal - out.txTotal) * 1024 / delta
rxRate = (rxTotal - out.rxTotal) * 1024 / delta
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is s to ms.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤣是我贻笑大方了。

Mygod
Mygod reviewed Dec 20, 2022
View reviewed changes
core/src/main/res/values/arrays.xml
<item>AES-128-GCM</item>
<item>AES_128_GCM_SIV</item>
<item>AES-256-GCM</item>
<item>AES_256_GCM_SIV</item>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why inconsistent case?

@HiHat HiHat mentioned this pull request Sep 14, 2023
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@zonyitoo zonyitoo zonyitoo left review comments

@Mygod Mygod Mygod left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dev4u @Mygod @zonyitoo @madeye @chuxi