feat: XChaCha20

Cargo.toml

@@ -52,7 +52,7 @@ thiserror = "2"
 tokio = "1"
 tokio-io-timeout = "1"
 tokio-util = "0.7"
-tokio_chacha20 = { git = "https://github.com/Banyc/tokio_chacha20.git", tag = "v0.0.1" }
+tokio_chacha20 = { git = "https://github.com/Banyc/tokio_chacha20.git", tag = "v0.0.2" }
 tokio_conn_pool = { git = "https://github.com/Banyc/tokio_conn_pool.git", rev = "8454496666bc1960223ca2eb78535fe2fd30cfbe" }
 tokio_kcp = "0.9"
 tokio_throughput = { git = "https://github.com/Banyc/tokio_throughput.git", tag = "v0.0.1" }

common/src/anti_replay.rs

@@ -26,14 +26,14 @@ impl ReplayValidator {
             .unwrap();
         now.abs_diff(timestamp) < self.time_frame
     }
-    pub fn nonce_validates(&self, nonce: [u8; tokio_chacha20::NONCE_BYTES]) -> bool {
+    pub fn nonce_validates(&self, nonce: [u8; tokio_chacha20::X_NONCE_BYTES]) -> bool {
         self.nonce.lock().unwrap().validates(nonce)
     }
 }
 
 #[derive(Debug)]
 pub struct NonceValidator {
-    seen: ExpiringHashMap<[u8; tokio_chacha20::NONCE_BYTES], (), Instant, Duration>,
+    seen: ExpiringHashMap<[u8; tokio_chacha20::X_NONCE_BYTES], (), Instant, Duration>,
     capacity: usize,
 }
 impl NonceValidator {
@@ -43,7 +43,7 @@ impl NonceValidator {
             capacity,
         }
     }
-    pub fn validates(&mut self, nonce: [u8; tokio_chacha20::NONCE_BYTES]) -> bool {
+    pub fn validates(&mut self, nonce: [u8; tokio_chacha20::X_NONCE_BYTES]) -> bool {
         let now = Instant::now();
         self.seen.cleanup(now, |_, _, _| {});
         if self.seen.len() == self.capacity {

common/src/header/codec.rs

@@ -35,6 +35,7 @@ where
     // Read nonce
     {
         let size = cursor.remaining_nonce_size();
+        dbg!(size);
         let buf = &mut buf[..size];
         let res = reader.read_exact(buf);
         add_await([res])?;

common/src/header/heartbeat.rs

@@ -16,7 +16,7 @@ pub async fn send_noop<S>(
 where
     S: AsyncWrite + Unpin,
 {
-    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
     let req = HeartbeatRequest::Noop;
     let res = tokio::time::timeout(
         timeout,
@@ -35,7 +35,7 @@ pub async fn send_upgrade<S>(
 where
     S: AsyncWrite + Unpin,
 {
-    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
     let req = HeartbeatRequest::Upgrade;
     let res = tokio::time::timeout(
         timeout,
@@ -56,7 +56,7 @@ where
     S: AsyncRead + Unpin,
 {
     loop {
-        let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new_x(*crypto.key());
         let res = tokio::time::timeout(
             timeout,
             read_header_async(stream, &mut crypto_cursor, replay_validator),

common/src/header/route.rs

@@ -63,7 +63,7 @@ mod tests {
                 kind: RouteErrorKind::Io,
             }),
         };
-        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
         write_header_async(&mut stream, &original_header, &mut crypto_cursor)
             .await
             .unwrap();
@@ -73,7 +73,7 @@ mod tests {
 
         // Decode header
         let mut stream = io::Cursor::new(buf);
-        let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new_x(*crypto.key());
         let decoded_header = read_header_async(&mut stream, &mut crypto_cursor, &replay_validator)
             .await
             .unwrap();

common/src/stream/steer.rs

@@ -38,7 +38,7 @@ where
         })?;
 
     // Decode header
-    let mut read_crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new(*crypto.key());
+    let mut read_crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new_x(*crypto.key());
     let header: StreamRequestHeader<ST> = timed_read_header_async(
         downstream,
         &mut read_crypto_cursor,
@@ -59,7 +59,8 @@ where
         Some(upstream) => upstream,
         None => {
             let resp = RouteResponse { result: Ok(()) };
-            let mut write_crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+            let mut write_crypto_cursor =
+                tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
             timed_write_header_async(downstream, &resp, &mut write_crypto_cursor, IO_TIMEOUT)
                 .await
                 .map_err(|e| {

common/src/udp/header.rs

@@ -31,7 +31,7 @@ mod tests {
         let original_header: UdpRequestHeader = RouteRequest {
             upstream: Some("1.1.1.1:8080".parse::<SocketAddr>().unwrap().into()),
         };
-        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
         write_header_async(&mut stream, &original_header, &mut crypto_cursor)
             .await
             .unwrap();
@@ -41,7 +41,7 @@ mod tests {
 
         // Decode header
         let mut stream = io::Cursor::new(buf);
-        let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new_x(*crypto.key());
         let decoded_header = read_header_async(&mut stream, &mut crypto_cursor, &replay_validator)
             .await
             .unwrap();

common/src/udp/io_copy.rs

@@ -468,7 +468,7 @@ fn en_dec<'buf>(
 ) -> Option<&'buf [u8]> {
     Some(match en_dir {
         EncryptionDirection::Encrypt => {
-            let mut cursor = tokio_chacha20::cursor::EncryptCursor::new(*config.key());
+            let mut cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*config.key());
 
             let (f, t) = cursor.encrypt(pkt, buf);
             if pkt.len() != f {
@@ -478,7 +478,7 @@ fn en_dec<'buf>(
             &buf[..t]
         }
         EncryptionDirection::Decrypt => {
-            let mut cursor = tokio_chacha20::cursor::DecryptCursor::new(*config.key());
+            let mut cursor = tokio_chacha20::cursor::DecryptCursor::new_x(*config.key());
             let i = cursor.decrypt(pkt).unwrap();
             &pkt[i..]
         }

common/src/udp/respond.rs

@@ -19,7 +19,7 @@ pub async fn respond_with_error(
         result: Err(RouteError { kind }),
     };
     let mut buf = Vec::new();
-    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*header_crypto.key());
+    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*header_crypto.key());
     write_header(&mut buf, &resp, &mut crypto_cursor).unwrap();
     dn_writer.send(&buf).await.map_err(|e| {
         let peer_addr = dn_writer.peer_addr();

common/src/udp/steer.rs

@@ -22,7 +22,7 @@ pub async fn echo(
 ) {
     let resp = RouteResponse { result: Ok(()) };
     let mut wtr = Vec::new();
-    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*header_crypto.key());
+    let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*header_crypto.key());
     write_header(&mut wtr, &resp, &mut crypto_cursor).unwrap();
     wtr.write_all(buf).unwrap();
     let dn_writer = dn_writer.clone();
@@ -40,7 +40,7 @@ pub fn decode_route_header(
     replay_validator: &ReplayValidator,
 ) -> Result<Option<UpstreamAddr>, CodecError> {
     // Decode header
-    let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new(*header_crypto.key());
+    let mut crypto_cursor = tokio_chacha20::cursor::DecryptCursor::new_x(*header_crypto.key());
     let header: UdpRequestHeader = read_header(buf, &mut crypto_cursor, replay_validator)?;
 
     Ok(header.upstream.map(UpstreamAddr))

proxy_client/src/stream.rs

@@ -59,7 +59,7 @@ pub async fn establish(
                 source: e,
                 upstream_addr: addr.clone(),
             })?;
-        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
         timed_write_header_async(&mut stream, header, &mut crypto_cursor, IO_TIMEOUT)
             .await
             .map_err(|e| StreamEstablishError::WriteStreamRequestHeader {
@@ -178,13 +178,13 @@ pub async fn trace_rtt(
     // Write headers to stream
     for (header, crypto) in &pairs {
         heartbeat::send_upgrade(&mut stream, IO_TIMEOUT, crypto).await?;
-        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
         timed_write_header_async(&mut stream, header, &mut crypto_cursor, IO_TIMEOUT).await?;
     }
 
     // Read response
     let mut crypto_cursor =
-        tokio_chacha20::cursor::DecryptCursor::new(*pairs.last().unwrap().1.key());
+        tokio_chacha20::cursor::DecryptCursor::new_x(*pairs.last().unwrap().1.key());
     let resp: RouteResponse = timed_read_header_async(
         &mut stream,
         &mut crypto_cursor,

proxy_client/src/udp.rs

@@ -102,7 +102,7 @@ impl UdpProxyClient {
         let mut writer = io::Cursor::new(&mut buf);
         for (header, crypto) in &pairs {
             trace!(?header, "Writing header to buffer");
-            let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+            let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
             write_header(&mut writer, header, &mut crypto_cursor).unwrap();
         }
 
@@ -259,7 +259,7 @@ impl UdpProxyClientReadHalf {
         for node in self.proxies.iter() {
             trace!(?node.address, "Reading response");
             let mut crypto_cursor =
-                tokio_chacha20::cursor::DecryptCursor::new(*node.header_crypto.key());
+                tokio_chacha20::cursor::DecryptCursor::new_x(*node.header_crypto.key());
             let resp: RouteResponse =
                 read_header(&mut reader, &mut crypto_cursor, &self.replay_validator)?;
             if let Err(err) = resp.result {
@@ -374,7 +374,7 @@ pub async fn trace_rtt(
     let mut buf = Vec::new();
     let mut writer = io::Cursor::new(&mut buf);
     for (header, crypto) in &pairs {
-        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+        let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
         write_header(&mut writer, header, &mut crypto_cursor).unwrap();
     }
 
@@ -393,7 +393,7 @@ pub async fn trace_rtt(
     for node in proxies.iter() {
         trace!(?node.address, "Reading response");
         let mut crypto_cursor =
-            tokio_chacha20::cursor::DecryptCursor::new(*node.header_crypto.key());
+            tokio_chacha20::cursor::DecryptCursor::new_x(*node.header_crypto.key());
         let resp: RouteResponse = read_header(&mut reader, &mut crypto_cursor, replay_validator)?;
         if let Err(err) = resp.result {
             warn!(?err, %node.address, "Upstream responded with an error");

proxy_server/src/stream/tcp.rs

@@ -158,7 +158,7 @@ mod tests {
                     stream_type: ConcreteStreamType::Tcp,
                 }),
             };
-            let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new(*crypto.key());
+            let mut crypto_cursor = tokio_chacha20::cursor::EncryptCursor::new_x(*crypto.key());
             write_header_async(&mut stream, &header, &mut crypto_cursor)
                 .await
                 .unwrap();

proxy_server/src/udp.rs

@@ -168,7 +168,7 @@ impl UdpProxyConnHandler {
             let mut wtr = Vec::new();
             let header = RouteResponse { result: Ok(()) };
             let mut crypto_cursor =
-                tokio_chacha20::cursor::EncryptCursor::new(*self.header_crypto.key());
+                tokio_chacha20::cursor::EncryptCursor::new_x(*self.header_crypto.key());
             write_header(&mut wtr, &header, &mut crypto_cursor).unwrap();
             wtr.into()
         };