forked from shadowsocks/go-shadowsocks2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
doc.go
35 lines (26 loc) · 1.42 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/*
Package shadowaead implements a simple AEAD-protected secure protocol.
In general, there are two types of connections: stream-oriented and packet-oriented.
Stream-oriented connections (e.g. TCP) assume reliable and orderly delivery of bytes.
Packet-oriented connections (e.g. UDP) assume unreliable and out-of-order delivery of packets,
where each packet is either delivered intact or lost.
An encrypted stream starts with a random salt to derive a session key, followed by any number of
encrypted records. Each encrypted record has the following structure:
[encrypted payload length]
[payload length tag]
[encrypted payload]
[payload tag]
Payload length is 2-byte unsigned big-endian integer capped at 0x3FFF (16383).
The higher 2 bits are reserved and must be set to zero. The first AEAD encrypt/decrypt
operation uses a counting nonce starting from 0. After each encrypt/decrypt operation,
the nonce is incremented by one as if it were an unsigned little-endian integer.
Each encrypted packet transmitted on a packet-oriented connection has the following structure:
[random salt]
[encrypted payload]
[payload tag]
The salt is used to derive a subkey to initiate an AEAD. Packets are encrypted/decrypted independently
using zero nonce.
In both stream-oriented and packet-oriented connections, length of nonce and tag varies
depending on which AEAD is used. Salt should be at least 16-byte long.
*/
package shadowaead