Merge pull request shadowsocks#20 from riobard/stable

IANA AEAD naming scheme

README.md

@@ -25,22 +25,23 @@ go get -u -v github.com/shadowsocks/go-shadowsocks2
 
 ### Server
 
-Start a server listening on port 8488 using `aes-128-gcm` AEAD cipher with password `your-password`.
+Start a server listening on port 8488 using `AEAD_CHACHA20_POLY1305` AEAD cipher with password `your-password`.
 
 ```sh
-go-shadowsocks2 -s ss://aes-128-gcm:your-password@:8488 -verbose
+go-shadowsocks2 -s ss://AEAD_CHACHA20_POLY1305:your-password@:8488 -verbose
 ```
 
 
 ### Client
 
 Start a client connecting to the above server. The client listens on port 1080 for incoming SOCKS5 
-connections, and tunnels UDP packets received on port 1080 and port 1081 to 8.8.8.8:53 and 8.8.4.4:53 
+connections, and tunnels both UDP and TCP on port 8053 and port 8054 to 8.8.8.8:53 and 8.8.4.4:53 
 respectively. 
 
 ```sh
-go-shadowsocks2 -c ss://aes-128-gcm:your-password@[server_address]:8488 \
-    -socks :1080 -udptun :1080=8.8.8.8:53,:1081=8.8.4.4:53 -verbose
+go-shadowsocks2 -c ss://AEAD_CHACHA20_POLY1305:your-password@[server_address]:8488 \
+     -verbose -socks :1080 -udptun :8053=8.8.8.8:53,:8054=8.8.4.4:53 \
+                           -tcptun :8053=8.8.8.8:53,:8054=8.8.4.4:53
 ```
 
 Replace `[server_address]` with the server's public address.
@@ -57,16 +58,16 @@ A random key is almost always better than a password. Generate a base64url-encod
 go-shadowsocks2 -keygen 16
 ```
 
-Start a server listening on port 8848 using `aes-128-gcm` AEAD cipher with the key generated above.
+Start a server listening on port 8848 using `AEAD_AES_128_GCM` AEAD cipher with the key generated above.
 
 ```sh
-go-shadowsocks2 -s :8488 -cipher aes-128-gcm -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
+go-shadowsocks2 -s :8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
 ```
 
 And the corresponding client to connect to it.
 
 ```sh
-go-shadowsocks2 -c [server_address]:8488 -cipher aes-128-gcm -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
+go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== -verbose
 ```
 
 
@@ -80,7 +81,7 @@ Start a client listening on port 1082 for redirected TCP connections and port 10
 TCP IPv6 connections.
 
 ```sh
-go-shadowsocks2 -c [server_address]:8488 -cipher aes-128-gcm -key k5yEIX5ciUDpkpdtvZm7zQ== \
+go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== \
     -redir :1082 -redir6 :1083
 ```
 
@@ -102,7 +103,7 @@ Start a client on the same machine with the server. The client listens on port 1
 and tunnels to localhost:5201 where iperf3 is listening.
 
 ```sh
-go-shadowsocks2 -c [server_address]:8488 -cipher aes-128-gcm -key k5yEIX5ciUDpkpdtvZm7zQ== \
+go-shadowsocks2 -c [server_address]:8488 -cipher AEAD_AES_128_GCM -key k5yEIX5ciUDpkpdtvZm7zQ== \
     -tcptun :1090=localhost:5201
 ```
 

core/cipher.go

@@ -32,24 +32,24 @@ var aeadList = map[string]struct {
 	KeySize int
 	New     func([]byte) (shadowaead.Cipher, error)
 }{
-	"aes-128-gcm":            {16, shadowaead.AESGCM},
-	"aes-192-gcm":            {24, shadowaead.AESGCM},
-	"aes-256-gcm":            {32, shadowaead.AESGCM},
-	"chacha20-ietf-poly1305": {32, shadowaead.Chacha20IETFPoly1305},
+	"AEAD_AES_128_GCM":       {16, shadowaead.AESGCM},
+	"AEAD_AES_192_GCM":       {24, shadowaead.AESGCM},
+	"AEAD_AES_256_GCM":       {32, shadowaead.AESGCM},
+	"AEAD_CHACHA20_POLY1305": {32, shadowaead.Chacha20Poly1305},
 }
 
 // List of stream ciphers: key size in bytes and constructor
 var streamList = map[string]struct {
 	KeySize int
 	New     func(key []byte) (shadowstream.Cipher, error)
 }{
-	"aes-128-ctr":   {16, shadowstream.AESCTR},
-	"aes-192-ctr":   {24, shadowstream.AESCTR},
-	"aes-256-ctr":   {32, shadowstream.AESCTR},
-	"aes-128-cfb":   {16, shadowstream.AESCFB},
-	"aes-192-cfb":   {24, shadowstream.AESCFB},
-	"aes-256-cfb":   {32, shadowstream.AESCFB},
-	"chacha20-ietf": {32, shadowstream.Chacha20IETF},
+	"AES-128-CTR":   {16, shadowstream.AESCTR},
+	"AES-192-CTR":   {24, shadowstream.AESCTR},
+	"AES-256-CTR":   {32, shadowstream.AESCTR},
+	"AES-128-CFB":   {16, shadowstream.AESCFB},
+	"AES-192-CFB":   {24, shadowstream.AESCFB},
+	"AES-256-CFB":   {32, shadowstream.AESCFB},
+	"CHACHA20-IETF": {32, shadowstream.Chacha20IETF},
 }
 
 // ListCipher returns a list of available cipher names sorted alphabetically.
@@ -67,10 +67,19 @@ func ListCipher() []string {
 
 // PickCipher returns a Cipher of the given name. Derive key from password if given key is empty.
 func PickCipher(name string, key []byte, password string) (Cipher, error) {
-	name = strings.ToLower(name)
+	name = strings.ToUpper(name)
 
-	if name == "dummy" {
+	switch name {
+	case "DUMMY":
 		return &dummy{}, nil
+	case "CHACHA20-IETF-POLY1305":
+		name = "AEAD_CHACHA20_POLY1305"
+	case "AES-128-GCM":
+		name = "AEAD_AES_128_GCM"
+	case "AES-196-GCM":
+		name = "AEAD_AES_196_GCM"
+	case "AES-256-GCM":
+		name = "AEAD_AES_256_GCM"
 	}
 
 	if choice, ok := aeadList[name]; ok {

main.go

@@ -45,13 +45,13 @@ func main() {
 	}
 
 	flag.BoolVar(&config.Verbose, "verbose", false, "verbose mode")
-	flag.StringVar(&flags.Cipher, "cipher", "chacha20-ietf-poly1305", "available ciphers: "+strings.Join(core.ListCipher(), " "))
+	flag.StringVar(&flags.Cipher, "cipher", "AEAD_CHACHA20_POLY1305", "available ciphers: "+strings.Join(core.ListCipher(), " "))
 	flag.StringVar(&flags.Key, "key", "", "base64url-encoded key (derive from password if empty)")
 	flag.IntVar(&flags.Keygen, "keygen", 0, "generate a base64url-encoded random key of given length in byte")
 	flag.StringVar(&flags.Password, "password", "", "password")
 	flag.StringVar(&flags.Server, "s", "", "server listen address or url")
 	flag.StringVar(&flags.Client, "c", "", "client connect address or url")
-	flag.StringVar(&flags.Socks, "socks", ":1080", "(client-only) SOCKS listen address")
+	flag.StringVar(&flags.Socks, "socks", "", "(client-only) SOCKS listen address")
 	flag.StringVar(&flags.RedirTCP, "redir", "", "(client-only) redirect TCP from this address")
 	flag.StringVar(&flags.RedirTCP6, "redir6", "", "(client-only) redirect TCP IPv6 from this address")
 	flag.StringVar(&flags.TCPTun, "tcptun", "", "(client-only) TCP tunnel (laddr1=raddr1,laddr2=raddr2,...)")

shadowaead/cipher.go

@@ -74,9 +74,9 @@ func AESGCM(psk []byte) (Cipher, error) {
 	return &metaCipher{psk: psk, makeAEAD: aesGCM}, nil
 }
 
-// Chacha20IETFPoly1305 creates a new Cipher with a pre-shared key. len(psk)
+// Chacha20Poly1305 creates a new Cipher with a pre-shared key. len(psk)
 // must be 32.
-func Chacha20IETFPoly1305(psk []byte) (Cipher, error) {
+func Chacha20Poly1305(psk []byte) (Cipher, error) {
 	if len(psk) != chacha20poly1305.KeySize {
 		return nil, KeySizeError(chacha20poly1305.KeySize)
 	}