github.com/Asutorufa/yuhaiin@v0.3.6-0.20240502055049-7984da7023a0/pkg/net/proxy/shadowsocks/shadowaead/doc.go

github.com/Asutorufa/yuhaiin@v0.3.6-0.20240502055049-7984da7023a0/pkg/net/proxy/shadowsocks/shadowaead/doc.go (about)

     1  // Package shadowaead implements a simple AEAD-protected secure protocol.
     2  
     3  // In general, there are two types of connections: stream-oriented and packet-oriented.
     4  // Stream-oriented connections (e.g. TCP) assume reliable and orderly delivery of bytes.
     5  // Packet-oriented connections (e.g. UDP) assume unreliable and out-of-order delivery of packets,
     6  // where each packet is either delivered intact or lost.
     7  
     8  // An encrypted stream starts with a random salt to derive a session key, followed by any number of
     9  // encrypted records. Each encrypted record has the following structure:
    10  
    11  //     [encrypted payload length]
    12  //     [payload length tag]
    13  //     [encrypted payload]
    14  //     [payload tag]
    15  
    16  // Payload length is 2-byte unsigned big-endian integer capped at 0x3FFF (16383).
    17  // The higher 2 bits are reserved and must be set to zero. The first AEAD encrypt/decrypt
    18  // operation uses a counting nonce starting from 0. After each encrypt/decrypt operation,
    19  // the nonce is incremented by one as if it were an unsigned little-endian integer.
    20  
    21  // Each encrypted packet transmitted on a packet-oriented connection has the following structure:
    22  
    23  //     [random salt]
    24  //     [encrypted payload]
    25  //     [payload tag]
    26  
    27  // The salt is used to derive a subkey to initiate an AEAD. Packets are encrypted/decrypted independently
    28  // using zero nonce.
    29  
    30  // In both stream-oriented and packet-oriented connections, length of nonce and tag varies
    31  // depending on which AEAD is used. Salt should be at least 16-byte long.
    32  package shadowaead