sing/protocol/shadowsocks/cipher_test.go

package shadowsocks_test

import (
	"bufio"
	"bytes"
	"io"
	"net"
	"sing/common/rw"
	"strings"
	"sync"
	"testing"

	vb "github.com/v2fly/v2ray-core/v5/common/buf"
	vn "github.com/v2fly/v2ray-core/v5/common/net"
	vp "github.com/v2fly/v2ray-core/v5/common/protocol"
	vs "github.com/v2fly/v2ray-core/v5/proxy/shadowsocks"
	"sing/common"
	"sing/common/buf"
	"sing/common/crypto"
	"sing/common/socksaddr"
	"sing/protocol/shadowsocks"
	_ "sing/protocol/shadowsocks/shadowstream"
)

func TestShadowsocks(t *testing.T) {
	for index := 1; index <= int(vs.CipherType_XCHACHA20); index++ {
		cipherType := vs.CipherType(index)
		cipher := strings.ReplaceAll(strings.ToLower(cipherType.String()), "_", "-")
		t.Log("Test", cipher, "server")
		testShadowsocksServerTCPWithCipher(t, cipherType, cipher)
		t.Log("Test", cipher, "client")
		testShadowsocksClientTCPWithCipher(t, cipherType, cipher)
		t.Log("Test", cipher, "udp")
		testShadowsocksUDPWithCipher(t, cipherType, cipher)
	}
}

func testShadowsocksServerTCPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
	password := "fuck me till the daylight"
	cipher, err := shadowsocks.CreateCipher(cipherName)
	if err != nil {
		t.Log("Skip unsupported method: ", cipherName)
		return
	}
	key := shadowsocks.Key([]byte(password), cipher.KeySize())
	address := socksaddr.AddrFromFqdn("internal.sagernet.org")
	data := buf.New()
	defer data.Release()
	data.WriteRandom(1024)

	protoAccount := &vs.Account{
		Password:   password,
		CipherType: cipherType,
	}
	memoryAccount, err := protoAccount.AsAccount()
	common.Must(err)
	memoryUser := &vp.MemoryUser{
		Account: memoryAccount,
	}
	account := memoryAccount.(*vs.MemoryAccount)

	client, server := net.Pipe()
	defer common.Close(client, server)

	wg := new(sync.WaitGroup)
	wg.Add(1)

	go func() {
		defer wg.Done()

		req := &vp.RequestHeader{
			Version: vs.Version,
			Command: vp.RequestCommandTCP,
			Address: vn.DomainAddress(address.Fqdn()),
			Port:    443,
			User:    memoryUser,
		}
		writeIv := crypto.RandomBytes(int(account.Cipher.IVSize()))
		writer, err := vs.WriteTCPRequest(req, client, writeIv, nil)
		if err != nil {
			t.Error(err)
			return
		}
		reader, err := vs.ReadTCPResponse(memoryUser, client, nil)
		if err != nil {
			t.Error(err)
			return
		}
		conn := vb.NewConnection(vb.ConnectionOutputMulti(reader), vb.ConnectionInputMulti(writer))
		_, err = conn.Write(data.ToOwned().Bytes())
		if err != nil {
			t.Error(err)
			return
		}
		clientRead := make([]byte, 1024)
		_, err = io.ReadFull(conn, clientRead)
		if err != nil {
			t.Error(err)
			return
		}
		if bytes.Compare(clientRead, data.Bytes()) > 0 {
			t.Error("bad response data")
			return
		}
		client.Close()
	}()

	var readIv []byte
	if cipher.IVSize() > 0 {
		readIv = make([]byte, cipher.IVSize())
		_, err = io.ReadFull(server, readIv)
		if err != nil {
			t.Fatal(err)
		}
	}
	reader, err := cipher.NewDecryptionReader(key, readIv, server)
	if err != nil {
		t.Fatal(err)
	}
	defer common.Close(reader)

	addr, port, err := shadowsocks.AddressSerializer.ReadAddressAndPort(reader)
	if err != nil {
		t.Fatal(err)
	}
	if addr != address {
		t.Fatal("bad address")
	}
	if port != 443 {
		t.Fatal("bad port")
	}

	var writeIv []byte
	if cipher.IVSize() > 0 {
		writeIv = crypto.RandomBytes(cipher.IVSize())
		_, err = server.Write(writeIv)
		if err != nil {
			t.Fatal(err)
		}
	}

	serverRead := make([]byte, 1024)
	_, err = io.ReadFull(reader, serverRead)
	if err != nil {
		t.Fatal(err)
	}

	if bytes.Compare(serverRead, data.Bytes()) > 0 {
		t.Fatal("bad request data")
	}

	writer, err := cipher.NewEncryptionWriter(key, writeIv, server)
	if err != nil {
		t.Fatal(err)
	}
	writer = rw.GetWriter(writer)
	defer common.Close(writer)
	_, err = writer.Write(data.ToOwned().Bytes())
	if err != nil {
		t.Fatal(err)
	}

	wg.Wait()
}

func BenchmarkShadowsocks(b *testing.B) {
	b.ReportAllocs()
	for _, cipher := range shadowsocks.ListCiphers() {
		b.Run(cipher, func(b *testing.B) {
			benchmarkShadowsocksCipher(b, cipher, 14*1024)
		})
	}
}

func benchmarkShadowsocksCipher(b *testing.B, method string, data int) {
	b.StopTimer()
	b.ResetTimer()
	b.SetBytes(int64(data))
	cipher, _ := shadowsocks.CreateCipher(method)
	iv := buf.New()
	defer iv.Release()
	iv.WriteRandom(cipher.IVSize())
	writer, _ := cipher.NewEncryptionWriter(shadowsocks.Key([]byte("test"), cipher.KeySize()), iv.Bytes(), io.Discard)
	defer common.Close(writer)

	buffer := buf.New()
	defer buffer.Release()
	buffer.Extend(data)

	b.StartTimer()
	if output, ok := writer.(rw.OutputStream); ok {
		for i := 0; i < b.N; i++ {
			output.Process(buffer.Bytes())
		}
	} else {
		writer.Write(buffer.Bytes())
	}

}

func testShadowsocksClientTCPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
	password := "fuck me till the daylight"
	cipher, err := shadowsocks.CreateCipher(cipherName)
	if err != nil {
		t.Log("Skip unsupported method: ", cipherName)
		return
	}
	key := shadowsocks.Key([]byte(password), cipher.KeySize())
	address := socksaddr.AddrFromFqdn("internal.sagernet.org")
	data := buf.New()
	data.WriteRandom(1024)
	defer data.Release()

	protoAccount := &vs.Account{
		Password:   password,
		CipherType: cipherType,
	}
	memoryAccount, err := protoAccount.AsAccount()
	common.Must(err)
	memoryUser := &vp.MemoryUser{
		Account: memoryAccount,
	}
	account := memoryAccount.(*vs.MemoryAccount)

	wg := new(sync.WaitGroup)
	wg.Add(1)

	client, server := net.Pipe()
	defer common.Close(client, server)

	go func() {
		defer wg.Done()

		session, reader, err := vs.ReadTCPSession(memoryUser, server, nil)
		if err != nil {
			t.Error(err)
			return
		}
		if !session.Address.Family().IsDomain() || session.Address.Domain() != address.Fqdn() {
			t.Error("bad request address")
			return
		}
		if session.Port != 443 {
			t.Error("bad request port")
			return
		}
		writeIv := crypto.RandomBytes(int(account.Cipher.IVSize()))
		writer, err := vs.WriteTCPResponse(session, server, writeIv, nil)
		if err != nil {
			t.Error(err)
			return
		}
		conn := vb.NewConnection(vb.ConnectionOutputMulti(reader), vb.ConnectionInputMulti(writer))
		_, err = conn.Write(data.Bytes())
		if err != nil {
			t.Error(err)
			return
		}
		serverRead := make([]byte, 1024)
		_, err = io.ReadFull(conn, serverRead)
		if err != nil {
			t.Error(err)
			return
		}
		if bytes.Compare(serverRead, data.Bytes()) > 0 {
			t.Error("bad request data")
			return
		}
		server.Close()
	}()

	writeIv := crypto.RandomBytes(cipher.IVSize())
	w := bufio.NewWriter(client)
	_, err = w.Write(writeIv)
	if err != nil {
		t.Fatal(err)
	}
	ew, err := cipher.NewEncryptionWriter(key, writeIv, w)
	if err != nil {
		t.Fatal(err)
	}
	defer common.Close(ew)
	bw := bufio.NewWriter(ew)
	err = shadowsocks.AddressSerializer.WriteAddressAndPort(bw, address, 443)
	if err != nil {
		t.Fatal(err)
	}
	_, err = bw.Write(data.ToOwned().Bytes())
	if err != nil {
		t.Fatal(err)
	}
	err = bw.Flush()
	if err != nil {
		t.Fatal(err)
	}
	err = w.Flush()
	if err != nil {
		t.Fatal(err)
	}
	readIv := make([]byte, cipher.IVSize())
	_, err = io.ReadFull(client, readIv)
	if err != nil {
		t.Fatal(err)
	}
	input, err := cipher.NewDecryptionReader(key, readIv, client)
	if err != nil {
		t.Fatal(err)
	}
	defer common.Close(input)
	clientRead := make([]byte, 1024)
	_, err = io.ReadFull(input, clientRead)
	if err != nil {
		t.Fatal(err)
	}
	if bytes.Compare(clientRead, data.Bytes()) > 0 {
		t.Fatal("bad response data")
	}

	client.Close()
	wg.Wait()
}

func testShadowsocksUDPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
	password := "fuck me till the daylight"
	cipher, err := shadowsocks.CreateCipher(cipherName)
	if err != nil {
		t.Log("Skip unsupported method: ", cipherName)
		return
	}
	key := shadowsocks.Key([]byte(password), cipher.KeySize())
	address := socksaddr.AddrFromFqdn("internal.sagernet.org")
	data := buf.New()
	defer data.Release()
	data.WriteRandom(1024)

	protoAccount := &vs.Account{
		Password:   password,
		CipherType: cipherType,
	}
	memoryAccount, err := protoAccount.AsAccount()
	common.Must(err)
	memoryUser := &vp.MemoryUser{
		Account: memoryAccount,
	}

	req := &vp.RequestHeader{
		Version: vs.Version,
		Command: vp.RequestCommandUDP,
		Address: vn.DomainAddress(address.Fqdn()),
		Port:    443,
		User:    memoryUser,
	}
	packet, err := vs.EncodeUDPPacket(req, data.Bytes(), nil)
	if err != nil {
		t.Fatal(err)
	}

	buffer := buf.New()
	defer buffer.Release()
	buffer.Write(packet.BytesTo(int32(cipher.IVSize())))
	err = shadowsocks.AddressSerializer.WriteAddressAndPort(buffer, address, 443)
	if err != nil {
		t.Fatal(err)
	}
	buffer.Write(data.Bytes())

	err = cipher.EncodePacket(key, buffer)
	if err != nil {
		t.Fatal(err)
	}

	if bytes.Compare(packet.Bytes(), buffer.Bytes()) > 0 {
		t.Fatal("bad request data\n", packet.Bytes(), "\n", buffer.Bytes())
	}
}