Update dependencies

.github/workflows/debug.yml

@@ -1,43 +0,0 @@
-name: Debug build
-
-on:
-  push:
-    branches:
-      - dev
-    paths-ignore:
-      - '**.md'
-      - '.github/**'
-      - '!.github/workflows/debug.yml'
-  pull_request:
-    branches:
-      - dev
-
-jobs:
-  build:
-    name: Debug build
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Get latest go version
-        id: version
-        run: |
-          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
-      - name: Setup Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ steps.version.outputs.go_version }}
-      - name: Add cache to Go proxy
-        run: |
-          version=`git rev-parse HEAD`
-          mkdir build
-          pushd build
-          go mod init build
-          go get -v github.com/sagernet/sing-shadowsocks@$version
-          popd
-        continue-on-error: true
-      - name: Build
-        run: |
-          make test

.github/workflows/lint.yml

@@ -1,8 +1,9 @@
-name: Lint
+name: lint
 
 on:
   push:
     branches:
+      - main
       - dev
     paths-ignore:
       - '**.md'
@@ -10,6 +11,7 @@ on:
       - '!.github/workflows/lint.yml'
   pull_request:
     branches:
+      - main
       - dev
 
 jobs:
@@ -18,24 +20,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Get latest go version
-        id: version
-        run: |
-          echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: ${{ steps.version.outputs.go_version }}
+          go-version: ^1.22
       - name: Cache go module
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
           key: go-${{ hashFiles('**/go.sum') }}
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
           version: latest

.github/workflows/test.yml

@@ -0,0 +1,112 @@
+name: test
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+    paths-ignore:
+      - '**.md'
+      - '.github/**'
+      - '!.github/workflows/debug.yml'
+  pull_request:
+    branches:
+      - main
+      - dev
+
+jobs:
+  build:
+    name: Linux
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ^1.22
+      - name: Build
+        run: |
+          make test
+  build_go118:
+    name: Linux (Go 1.18)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ~1.18
+        continue-on-error: true
+      - name: Build
+        run: |
+          make test
+  build_go120:
+    name: Linux (Go 1.20)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ~1.20
+        continue-on-error: true
+      - name: Build
+        run: |
+          make test
+  build_go121:
+    name: Linux (Go 1.21)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ~1.21
+        continue-on-error: true
+      - name: Build
+        run: |
+          make test
+  build_windows:
+    name: Windows
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ^1.22
+        continue-on-error: true
+      - name: Build
+        run: |
+          make test
+  build_darwin:
+    name: macOS
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ^1.22
+        continue-on-error: true
+      - name: Build
+        run: |
+          make test

.golangci.yml

@@ -13,5 +13,3 @@ linters-settings:
       - standard
       - prefix(github.com/sagernet/)
       - default
-  staticcheck:
-    go: '1.20'

Makefile

@@ -1,7 +1,7 @@
 fmt:
 	@gofumpt -l -w .
 	@gofmt -s -w .
-	@gci write --custom-order -s "standard,prefix(github.com/sagernet/),default" .
+	@gci write --custom-order -s standard -s "prefix(github.com/sagernet/)" -s "default" .
 
 fmt_install:
 	go install -v mvdan.cc/gofumpt@latest

go.mod

@@ -3,12 +3,12 @@ module github.com/sagernet/sing-shadowsocks
 go 1.18
 
 require (
-	github.com/sagernet/sing v0.2.9
-	golang.org/x/crypto v0.11.0
-	lukechampine.com/blake3 v1.2.1
+	github.com/sagernet/sing v0.4.1
+	golang.org/x/crypto v0.23.0
+	lukechampine.com/blake3 v1.3.0
 )
 
 require (
 	github.com/klauspost/cpuid/v2 v2.0.12 // indirect
-	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
 )

go.sum

@@ -1,10 +1,16 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
 github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
-github.com/sagernet/sing v0.2.9 h1:3wsTz+JG5Wzy65eZnh6AuCrD2QqcRF6Iq6f7ttmJsAo=
-github.com/sagernet/sing v0.2.9/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
-lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/sagernet/sing v0.4.1 h1:zVlpE+7k7AFoC2pv6ReqLf0PIHjihL/jsBl5k05PQFk=
+github.com/sagernet/sing v0.4.1/go.mod h1:ieZHA/+Y9YZfXs2I3WtuwgyCZ6GPsIR7HdKb1SdEnls=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE=
+lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=

shadowaead/protocol.go

@@ -232,7 +232,10 @@ func (c *clientPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksad
 	defer buffer.Release()
 	header := buf.With(buffer.ExtendHeader(c.keySaltLength + M.SocksaddrSerializer.AddrPortLen(destination)))
 	header.WriteRandom(c.keySaltLength)
-	common.Must(M.SocksaddrSerializer.WriteAddrPort(header, destination))
+	err := M.SocksaddrSerializer.WriteAddrPort(header, destination)
+	if err != nil {
+		return err
+	}
 	key := buf.NewSize(c.keySaltLength)
 	Kdf(c.key, buffer.To(c.keySaltLength), key)
 	writeCipher, err := c.constructor(key.Bytes())

shadowaead/service_multi.go

@@ -10,7 +10,6 @@ import (
 	"github.com/sagernet/sing-shadowsocks"
 	"github.com/sagernet/sing/common/auth"
 	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -126,11 +125,11 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta
 	metadata.Protocol = "shadowsocks"
 	metadata.Destination = destination
 
-	return s.handler.NewConnection(auth.ContextWithUser(ctx, user), deadline.NewConn(&serverConn{
+	return s.handler.NewConnection(auth.ContextWithUser(ctx, user), &serverConn{
 		Method: method,
 		Conn:   conn,
 		reader: reader,
-	}), metadata)
+	}, metadata)
 }
 
 func (s *MultiService[U]) WriteIsThreadUnsafe() {
@@ -159,6 +158,7 @@ func (s *MultiService[U]) newPacket(ctx context.Context, conn N.PacketConn, buff
 	}
 	var readCipher cipher.AEAD
 	var err error
+	decrypted := make([]byte, 0, buffer.Len())
 	for u, m := range s.methodMap {
 		key := buf.NewSize(m.keySaltLength)
 		Kdf(m.key, buffer.To(m.keySaltLength), key)
@@ -168,13 +168,14 @@ func (s *MultiService[U]) newPacket(ctx context.Context, conn N.PacketConn, buff
 			return err
 		}
 		var packet []byte
-		packet, err = readCipher.Open(buffer.Index(m.keySaltLength), rw.ZeroBytes[:readCipher.NonceSize()], buffer.From(m.keySaltLength), nil)
+		packet, err = readCipher.Open(decrypted, rw.ZeroBytes[:readCipher.NonceSize()], buffer.From(m.keySaltLength), nil)
 		if err != nil {
 			continue
 		}
 
 		buffer.Advance(m.keySaltLength)
 		buffer.Truncate(len(packet))
+		copy(buffer.Bytes(), packet)
 
 		user, method = u, m
 		break

shadowaead_2022/protocol.go

@@ -294,10 +294,13 @@ func (c *clientConn) writeRequest(payload []byte) error {
 	payloadLen := len(payload)
 	variableLengthHeaderLen += payloadLen
 	common.Must(binary.Write(fixedLengthBuffer, binary.BigEndian, uint16(variableLengthHeaderLen)))
-	writer.WriteChunk(header, fixedLengthBuffer.Slice())
+	writer.WriteChunk(header, fixedLengthBuffer.Bytes())
 
 	variableLengthBuffer := buf.NewSize(variableLengthHeaderLen)
-	common.Must(M.SocksaddrSerializer.WriteAddrPort(variableLengthBuffer, c.destination))
+	err = M.SocksaddrSerializer.WriteAddrPort(variableLengthBuffer, c.destination)
+	if err != nil {
+		return err
+	}
 	common.Must(binary.Write(variableLengthBuffer, binary.BigEndian, uint16(paddingLen)))
 	if paddingLen > 0 {
 		variableLengthBuffer.Extend(paddingLen)
@@ -305,7 +308,7 @@ func (c *clientConn) writeRequest(payload []byte) error {
 	if payloadLen > 0 {
 		common.Must1(variableLengthBuffer.Write(payload[:payloadLen]))
 	}
-	writer.WriteChunk(header, variableLengthBuffer.Slice())
+	writer.WriteChunk(header, variableLengthBuffer.Bytes())
 	variableLengthBuffer.Release()
 
 	err = writer.BufferedWriter(header.Len()).Flush()

shadowaead_2022/service.go

@@ -31,8 +31,9 @@ import (
 )
 
 var (
-	ErrNoPadding  = E.New("bad request: missing payload or padding")
-	ErrBadPadding = E.New("bad request: damaged padding")
+	ErrInvalidRequest = E.New("invalid request")
+	ErrNoPadding      = E.New("bad request: missing payload or padding")
+	ErrBadPadding     = E.New("bad request: damaged padding")
 )
 
 var _ shadowsocks.Service = (*Service)(nil)
@@ -286,7 +287,7 @@ func (c *serverConn) writeResponse(payload []byte) (n int, err error) {
 	common.Must1(headerFixedChunk.Write(c.requestSalt))
 	common.Must(binary.Write(headerFixedChunk, binary.BigEndian, uint16(payloadLen)))
 
-	writer.WriteChunk(header, headerFixedChunk.Slice())
+	writer.WriteChunk(header, headerFixedChunk.Bytes())
 	headerFixedChunk.Release()
 	c.requestSalt = nil
 

shadowaead_2022/service_multi.go

@@ -7,6 +7,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/binary"
+	"io"
 	"math"
 	"net"
 	"os"
@@ -115,16 +116,24 @@ func (s *MultiService[U]) UpdateUsersWithPasswords(userList []U, passwordList []
 }
 
 func (s *MultiService[U]) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	err := s.newConnection(ctx, conn, metadata)
+	err := s.NewConnection0(ctx, conn, metadata, conn, nil)
 	if err != nil {
 		err = &shadowsocks.ServerConnError{Conn: conn, Source: metadata.Source, Cause: err}
 	}
 	return err
 }
 
-func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
+func (s *MultiService[U]) NewConnection0(ctx context.Context, conn net.Conn, metadata M.Metadata, handshakeReader io.Reader, handshakeSuccess func()) error {
 	requestHeader := make([]byte, s.keySaltLength+aes.BlockSize+shadowaead.Overhead+RequestHeaderFixedChunkLength)
-	n, err := conn.Read(requestHeader)
+	var (
+		n   int
+		err error
+	)
+	if handshakeSuccess != nil {
+		n, err = io.ReadFull(handshakeReader, requestHeader)
+	} else {
+		n, err = handshakeReader.Read(requestHeader)
+	}
 	if err != nil {
 		return err
 	} else if n < len(requestHeader) {
@@ -158,7 +167,11 @@ func (s *MultiService[U]) newConnection(ctx context.Context, conn net.Conn, meta
 		user = u
 		uPSK = s.uPSK[u]
 	} else {
-		return E.New("invalid request")
+		return ErrInvalidRequest
+	}
+
+	if handshakeSuccess != nil {
+		handshakeSuccess()
 	}
 
 	requestKey := SessionKey(uPSK, requestSalt, s.keySaltLength)