Add AEAD ciphers support (#775)

* Add AEAD ciphers support, add manger api * fix test_encrypt_all * Add manager api requirements * #775 fix UDP decrypt_all issue * fix udp replay: decrypt_all return a list remove manager api * fix indent according pep8 * remove abc requirement * remove unused import * fix pep8 format * fix test_aes_256_gcm()
2017-03-04 14:37:29 +08:00 · 2017-03-04 14:37:29 +08:00 · 445a3c9c7e
commit 445a3c9c7e
parent c4731de532
15 changed files with 1086 additions and 80 deletions
--- a/shadowsocks/shell.py
+++ b/shadowsocks/shell.py
@ -28,7 +28,7 @@ import traceback
 from functools import wraps

 from shadowsocks.common import to_bytes, to_str, IPNetwork
-from shadowsocks import encrypt
+from shadowsocks import cryptor


 VERBOSE_LEVEL = 5
@ -200,7 +200,7 @@ def check_config(config, is_local):
    if config.get('dns_server', None) is not None:
        logging.info('Specified DNS server: %s' % config['dns_server'])

-    encrypt.try_cipher(config['password'], config['method'])
+    cryptor.try_cipher(config['password'], config['method'])


 def get_config(is_local):
@ -362,6 +362,18 @@ Proxy options:
  -l LOCAL_PORT          local port, default: 1080
  -k PASSWORD            password
  -m METHOD              encryption method, default: aes-256-cfb
+                         supported method:
+                             chacha20-poly1305, chacha20-ietf-poly1305,
+                             *xchacha20-ietf-poly1305,
+                             aes-128-gcm, aes-192-gcm, aes-256-gcm,
+                             aes-128-cfb, aes-192-cfb, aes-256-cfb,
+                             es-128-ctr, aes-192-ctr, aes-256-ctr,
+                             camellia-128-cfb, camellia-192-cfb,
+                             camellia-256-cfb,
+                             salsa20, chacha20, chacha20-ietf,
+                             bf-cfb, cast5-cfb, des-cfb, idea-cfb,
+                             rc2-cfb, seed-cfb,
+                             rc4, rc4-md5, table.
  -t TIMEOUT             timeout in seconds, default: 300
  -a ONE_TIME_AUTH       one time auth
  --fast-open            use TCP_FASTOPEN, requires Linux 3.7+
@ -392,6 +404,18 @@ Proxy options:
  -p SERVER_PORT         server port, default: 8388
  -k PASSWORD            password
  -m METHOD              encryption method, default: aes-256-cfb
+                         supported method:
+                             chacha20-poly1305, chacha20-ietf-poly1305,
+                             *xchacha20-ietf-poly1305,
+                             aes-128-gcm, aes-192-gcm, aes-256-gcm,
+                             aes-128-cfb, aes-192-cfb, aes-256-cfb,
+                             es-128-ctr, aes-192-ctr, aes-256-ctr,
+                             camellia-128-cfb, camellia-192-cfb,
+                             camellia-256-cfb,
+                             salsa20, chacha20, chacha20-ietf,
+                             bf-cfb, cast5-cfb, des-cfb, idea-cfb,
+                             rc2-cfb, seed-cfb,
+                             rc4, rc4-md5, table.
  -t TIMEOUT             timeout in seconds, default: 300
  -a ONE_TIME_AUTH       one time auth
  --fast-open            use TCP_FASTOPEN, requires Linux 3.7+