| 16/32B | 11B + 16B tag | variable length + 16B tag | 2B length + 16B tag | variable length + 16B tag |.| | salt | encrypted header chunk | encrypted header chunk | encrypted length chunk | encrypted payload chunk |.| A 12-byte little-endian integer is used as nonce, and is incremented after each encryption or decryption operation. Encryption and DecryptionĮach proxy stream derives its own session subkey with a random salt for encryption and decryption. Standalone header chunks are added to both request and response streams to improve security and protect against replay attacks. These streams carry chunks of data encrypted by the session subkey.įor payload transfer, Shadowsocks 2022 inherits the length-chunk-payload-chunk model from Shadowsocks AEAD, with some minor tweaks to improve performance. A client initiates a proxy connection by starting a request stream, and the server sends back response over the response stream. Each proxy connection carries 2 proxy streams: request stream and response stream. TCP connections over a Shadowsocks 2022 tunnel maps 1:1 to proxy connections. 2022 reflects the fast-changing and flexible nature of the protocol. Method 2022-blake3-aes-128-gcm and 2022-blake3-aes-256-gcm MUST be implemented by all implementations. Session_subkey := blake3::derive_key(context: "shadowsocks 2022 session subkey", key_material: key + salt) The salt has the same length as the pre-shared key. A randomly generated salt is appended to the PSK to be used as key material. Shadowsocks 2022's subkey derivation uses BLAKE3's key derivation mode, which replaces the obsolete HKDF_SHA1 function in previous editions. The key size depends on the chosen method. Practically, it can be generated with openssl rand -base64. The PSK is encoded in base64 for convenience. Implementations MUST NOT use the old EVP_BytesToKey function or any other method to generate keys from passwords. Unlike previous editions, Shadowsocks 2022 requires that a cryptographically-secure fixed-length PSK to be directly provided by the user. The pre-shared key is also used directly in some places. Shadowsocks AEAD: The original AEAD construction of Shadowsocks, standardized in 2017.Ī pre-shared key is used to derive session subkeys, which are subsequently used to encrypt/decrypt traffic for the session.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC2119 RFC8174 when, and only when, they appear in all capitals, as shown here.Ĭommonly used terms in this document are described below. Section 4 defines the encoding details of the optional ChaCha-Poly1305 methods.Section 3 defines the encoding details of the required AES-GCM methods and the process for handling requests and responses.Section 2 describes requirements on the encryption key and how to derive session subkeys.This document describes the Shadowsocks 2022 Edition and is structured as follows: This document specifies requirements that implementations must follow. It is believed that using a pre-shared key without performing handshakes is best for its use cases.Ī Shadowsocks 2022 implementation consists of a server, a client, and optionally a relay. Obsolete cryptographic functions have been replaced by their modern counterparts.Īs with previous editions, Shadowsocks 2022 does not provide forward secrecy. The session-based UDP proxying significantly reduces protocol overhead and improves reliability and efficiency. Each message has its unique type and cannot be used for unintended purposes. The proxy traffic is indistinguishable from a random byte stream, and therefore can circumvent firewalls and Internet censors that rely on DPI (Deep Packet Inspection).Ĭompared to previous editions of the protocol family, Shadowsocks 2022 allows and mandates full replay protection. The protocol uses AEAD with a pre-shared symmetric key to protect payload integrity and confidentiality. Shadowsocks 2022 is a secure proxy protocol for TCP and UDP traffic. Improving upon Shadowsocks AEAD (2017), Shadowsocks 2022 addresses well-known issues of the previous editions, drops usage of obsolete cryptography, optimizes for security and performance, and leaves room for future extensions. This document defines the 2022 Edition of the Shadowsocks protocol. Shadowsocks 2022 Edition: Secure L4 Tunnel with Symmetric Encryption Abstract
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |