which is hardware accelerated compared to AES-GCM in mbedtls We have to drop this commit when mbedtls support hw-accelerated GCM when compiling with MSVC Signed-off-by: Syrone Wong <wong.syrone@gmail.com>tags/4.0.4
@@ -10,6 +10,7 @@ namespace Shadowsocks.Encryption.AEAD | |||||
: AEADEncryptor, IDisposable | : AEADEncryptor, IDisposable | ||||
{ | { | ||||
private const int CIPHER_CHACHA20IETFPOLY1305 = 1; | private const int CIPHER_CHACHA20IETFPOLY1305 = 1; | ||||
private const int CIPHER_AES256GCM = 2; | |||||
private byte[] _sodiumEncSubkey; | private byte[] _sodiumEncSubkey; | ||||
private byte[] _sodiumDecSubkey; | private byte[] _sodiumDecSubkey; | ||||
@@ -24,6 +25,7 @@ namespace Shadowsocks.Encryption.AEAD | |||||
private static Dictionary<string, EncryptorInfo> _ciphers = new Dictionary<string, EncryptorInfo> | private static Dictionary<string, EncryptorInfo> _ciphers = new Dictionary<string, EncryptorInfo> | ||||
{ | { | ||||
{"chacha20-ietf-poly1305", new EncryptorInfo(32, 32, 12, 16, CIPHER_CHACHA20IETFPOLY1305)}, | {"chacha20-ietf-poly1305", new EncryptorInfo(32, 32, 12, 16, CIPHER_CHACHA20IETFPOLY1305)}, | ||||
{"aes-256-gcm", new EncryptorInfo(32, 32, 12, 16, CIPHER_AES256GCM)}, | |||||
}; | }; | ||||
public static List<string> SupportedCiphers() | public static List<string> SupportedCiphers() | ||||
@@ -63,6 +65,13 @@ namespace Shadowsocks.Encryption.AEAD | |||||
null, _encNonce, | null, _encNonce, | ||||
_sodiumEncSubkey); | _sodiumEncSubkey); | ||||
break; | break; | ||||
case CIPHER_AES256GCM: | |||||
ret = Sodium.crypto_aead_aes256gcm_encrypt(ciphertext, ref encClen, | |||||
plaintext, (ulong)plen, | |||||
null, 0, | |||||
null, _encNonce, | |||||
_sodiumEncSubkey); | |||||
break; | |||||
default: | default: | ||||
throw new System.Exception("not implemented"); | throw new System.Exception("not implemented"); | ||||
} | } | ||||
@@ -91,6 +100,13 @@ namespace Shadowsocks.Encryption.AEAD | |||||
null, 0, | null, 0, | ||||
_decNonce, _sodiumDecSubkey); | _decNonce, _sodiumDecSubkey); | ||||
break; | break; | ||||
case CIPHER_AES256GCM: | |||||
ret = Sodium.crypto_aead_aes256gcm_decrypt(plaintext, ref decPlen, | |||||
null, | |||||
ciphertext, (ulong)clen, | |||||
null, 0, | |||||
_decNonce, _sodiumDecSubkey); | |||||
break; | |||||
default: | default: | ||||
throw new System.Exception("not implemented"); | throw new System.Exception("not implemented"); | ||||
} | } | ||||
@@ -14,6 +14,18 @@ namespace Shadowsocks.Encryption | |||||
static EncryptorFactory() | static EncryptorFactory() | ||||
{ | { | ||||
var AEADMbedTLSEncryptorSupportedCiphers = AEADMbedTLSEncryptor.SupportedCiphers(); | |||||
var AEADSodiumEncryptorSupportedCiphers = AEADSodiumEncryptor.SupportedCiphers(); | |||||
if (Sodium.AES256GCMAvailable) | |||||
{ | |||||
// prefer to aes-256-gcm in libsodium | |||||
AEADMbedTLSEncryptorSupportedCiphers.Remove("aes-256-gcm"); | |||||
} | |||||
else | |||||
{ | |||||
AEADSodiumEncryptorSupportedCiphers.Remove("aes-256-gcm"); | |||||
} | |||||
foreach (string method in StreamMbedTLSEncryptor.SupportedCiphers()) | foreach (string method in StreamMbedTLSEncryptor.SupportedCiphers()) | ||||
{ | { | ||||
_registeredEncryptors.Add(method, typeof(StreamMbedTLSEncryptor)); | _registeredEncryptors.Add(method, typeof(StreamMbedTLSEncryptor)); | ||||
@@ -22,11 +34,11 @@ namespace Shadowsocks.Encryption | |||||
{ | { | ||||
_registeredEncryptors.Add(method, typeof(StreamSodiumEncryptor)); | _registeredEncryptors.Add(method, typeof(StreamSodiumEncryptor)); | ||||
} | } | ||||
foreach (string method in AEADMbedTLSEncryptor.SupportedCiphers()) | |||||
foreach (string method in AEADMbedTLSEncryptorSupportedCiphers) | |||||
{ | { | ||||
_registeredEncryptors.Add(method, typeof(AEADMbedTLSEncryptor)); | _registeredEncryptors.Add(method, typeof(AEADMbedTLSEncryptor)); | ||||
} | } | ||||
foreach (string method in AEADSodiumEncryptor.SupportedCiphers()) | |||||
foreach (string method in AEADSodiumEncryptorSupportedCiphers) | |||||
{ | { | ||||
_registeredEncryptors.Add(method, typeof(AEADSodiumEncryptor)); | _registeredEncryptors.Add(method, typeof(AEADSodiumEncryptor)); | ||||
} | } | ||||
@@ -14,6 +14,8 @@ namespace Shadowsocks.Encryption | |||||
private static bool _initialized = false; | private static bool _initialized = false; | ||||
private static readonly object _initLock = new object(); | private static readonly object _initLock = new object(); | ||||
public static bool AES256GCMAvailable { get; private set; } = false; | |||||
static Sodium() | static Sodium() | ||||
{ | { | ||||
string dllPath = Utils.GetTempPath(DLLNAME); | string dllPath = Utils.GetTempPath(DLLNAME); | ||||
@@ -42,6 +44,9 @@ namespace Shadowsocks.Encryption | |||||
{ | { | ||||
_initialized = true; | _initialized = true; | ||||
} | } | ||||
AES256GCMAvailable = crypto_aead_aes256gcm_is_available() == 1; | |||||
Logging.Debug($"sodium: AES256GCMAvailable is {AES256GCMAvailable}"); | |||||
} | } | ||||
} | } | ||||
} | } | ||||
@@ -52,6 +57,9 @@ namespace Shadowsocks.Encryption | |||||
[DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | [DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | ||||
private static extern int sodium_init(); | private static extern int sodium_init(); | ||||
[DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | |||||
private static extern int crypto_aead_aes256gcm_is_available(); | |||||
#region AEAD | #region AEAD | ||||
[DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | [DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | ||||
@@ -65,6 +73,14 @@ namespace Shadowsocks.Encryption | |||||
public static extern int crypto_aead_chacha20poly1305_ietf_decrypt(byte[] m, ref ulong mlen_p, | public static extern int crypto_aead_chacha20poly1305_ietf_decrypt(byte[] m, ref ulong mlen_p, | ||||
byte[] nsec, byte[] c, ulong clen, byte[] ad, ulong adlen, byte[] npub, byte[] k); | byte[] nsec, byte[] c, ulong clen, byte[] ad, ulong adlen, byte[] npub, byte[] k); | ||||
[DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | |||||
public static extern int crypto_aead_aes256gcm_encrypt(byte[] c, ref ulong clen_p, byte[] m, ulong mlen, | |||||
byte[] ad, ulong adlen, byte[] nsec, byte[] npub, byte[] k); | |||||
[DllImport(DLLNAME, CallingConvention = CallingConvention.Cdecl)] | |||||
public static extern int crypto_aead_aes256gcm_decrypt(byte[] m, ref ulong mlen_p, byte[] nsec, byte[] c, | |||||
ulong clen, byte[] ad, ulong adlen, byte[] npub, byte[] k); | |||||
#endregion | #endregion | ||||
#region Stream | #region Stream | ||||