🔙 Shadowsocks: Disable IV check by default

This reverts commit 32a1406 and partially reverts 19ce248. For discussions see shadowsocks/shadowsocks-rust#556.
Shadowsocks-NET · Oct 23, 2021 · cb88d14 · cb88d14
1 parent fba26be
commit cb88d14
Show file tree

Hide file tree

Showing 6 changed files with 63 additions and 68 deletions.
diff --git a/infra/conf/shadowsocks.go b/infra/conf/shadowsocks.go
@@ -27,12 +27,12 @@ func cipherFromString(c string) shadowsocks.CipherType {
 }
 
 type ShadowsocksServerConfig struct {
-	Cipher         string                 `json:"method"`
-	Password       string                 `json:"password"`
-	Level          byte                   `json:"level"`
-	Email          string                 `json:"email"`
-	NetworkList    *cfgcommon.NetworkList `json:"network"`
-	DisableIvCheck bool                   `json:"ivCheck"`
+	Cipher      string                 `json:"method"`
+	Password    string                 `json:"password"`
+	Level       byte                   `json:"level"`
+	Email       string                 `json:"email"`
+	NetworkList *cfgcommon.NetworkList `json:"network"`
+	IvCheck     bool                   `json:"ivCheck"`
 }
 
 func (v *ShadowsocksServerConfig) Build() (proto.Message, error) {
@@ -43,8 +43,8 @@ func (v *ShadowsocksServerConfig) Build() (proto.Message, error) {
 		return nil, newError("Shadowsocks password is not specified.")
 	}
 	account := &shadowsocks.Account{
-		Password:       v.Password,
-		DisableIvCheck: v.DisableIvCheck,
+		Password: v.Password,
+		IvCheck:  v.IvCheck,
 	}
 	account.CipherType = cipherFromString(v.Cipher)
 	if account.CipherType == shadowsocks.CipherType_UNKNOWN {
@@ -61,14 +61,14 @@ func (v *ShadowsocksServerConfig) Build() (proto.Message, error) {
 }
 
 type ShadowsocksServerTarget struct {
-	Address        *cfgcommon.Address `json:"address"`
-	Port           uint16             `json:"port"`
-	Cipher         string             `json:"method"`
-	Password       string             `json:"password"`
-	Email          string             `json:"email"`
-	Ota            bool               `json:"ota"`
-	Level          byte               `json:"level"`
-	DisableIvCheck bool               `json:"ivCheck"`
+	Address  *cfgcommon.Address `json:"address"`
+	Port     uint16             `json:"port"`
+	Cipher   string             `json:"method"`
+	Password string             `json:"password"`
+	Email    string             `json:"email"`
+	Ota      bool               `json:"ota"`
+	Level    byte               `json:"level"`
+	IvCheck  bool               `json:"ivCheck"`
 }
 
 type ShadowsocksClientConfig struct {
@@ -101,7 +101,7 @@ func (v *ShadowsocksClientConfig) Build() (proto.Message, error) {
 			return nil, newError("unknown cipher method: ", server.Cipher)
 		}
 
-		account.DisableIvCheck = server.DisableIvCheck
+		account.IvCheck = server.IvCheck
 
 		ss := &protocol.ServerEndpoint{
 			Address: server.Address.Build(),

diff --git a/proxy/shadowsocks/config.go b/proxy/shadowsocks/config.go
@@ -95,7 +95,7 @@ func (a *Account) AsAccount() (protocol.Account, error) {
 		Cipher: Cipher,
 		Key:    passwordToCipherKey([]byte(a.Password), Cipher.KeySize()),
 		replayFilter: func() antireplay.GeneralizedReplayFilter {
-			if !a.DisableIvCheck {
+			if a.IvCheck {
 				return antireplay.NewBloomRing()
 			}
 			return nil

diff --git a/proxy/shadowsocks/config.pb.go b/proxy/shadowsocks/config.pb.go
diff --git a/proxy/shadowsocks/config.proto b/proxy/shadowsocks/config.proto
@@ -14,7 +14,7 @@ message Account {
   string password = 1;
   CipherType cipher_type = 2;
 
-  bool disable_iv_check = 3;
+  bool iv_check = 3;
 }
 
 enum CipherType {

diff --git a/proxy/shadowsocks/protocol_test.go b/proxy/shadowsocks/protocol_test.go
@@ -70,9 +70,8 @@ func TestTCPRequest(t *testing.T) {
 				User: &protocol.MemoryUser{
 					Email: "[email protected]",
 					Account: toAccount(&Account{
-						Password:       "tcp-password",
-						CipherType:     CipherType_AES_128_GCM,
-						DisableIvCheck: true,
+						Password:   "tcp-password",
+						CipherType: CipherType_AES_128_GCM,
 					}),
 				},
 			},
@@ -87,9 +86,8 @@ func TestTCPRequest(t *testing.T) {
 				User: &protocol.MemoryUser{
 					Email: "[email protected]",
 					Account: toAccount(&Account{
-						Password:       "password",
-						CipherType:     CipherType_AES_256_GCM,
-						DisableIvCheck: true,
+						Password:   "password",
+						CipherType: CipherType_AES_256_GCM,
 					}),
 				},
 			},
@@ -104,9 +102,8 @@ func TestTCPRequest(t *testing.T) {
 				User: &protocol.MemoryUser{
 					Email: "[email protected]",
 					Account: toAccount(&Account{
-						Password:       "password",
-						CipherType:     CipherType_CHACHA20_POLY1305,
-						DisableIvCheck: true,
+						Password:   "password",
+						CipherType: CipherType_CHACHA20_POLY1305,
 					}),
 				},
 			},

diff --git a/testing/scenarios/shadowsocks_test.go b/testing/scenarios/shadowsocks_test.go
@@ -410,9 +410,8 @@ func TestShadowsocksNone(t *testing.T) {
 	defer tcpServer.Close()
 
 	account := serial.ToTypedMessage(&shadowsocks.Account{
-		Password:       "shadowsocks-password",
-		CipherType:     shadowsocks.CipherType_NONE,
-		DisableIvCheck: true,
+		Password:   "shadowsocks-password",
+		CipherType: shadowsocks.CipherType_NONE,
 	})
 
 	serverPort := tcp.PickPort()