feat(shadowsocks): implement support for SIP022 AEAD-2022 ciphers

2025-05-31 11:28:06 -04:00 · 2025-05-31 11:28:06 -04:00 · 0fb0aac2fa
commit 0fb0aac2fa
parent 1a21984c27
10 changed files with 85 additions and 28 deletions
--- a/pkg/adapter/clash/parse.go
+++ b/pkg/adapter/clash/parse.go
@ -2,6 +2,7 @@ package clash

 import (
 	"fmt"
+	"strings"

 	"github.com/perfect-panel/server/pkg/adapter/proxy"
 )
@ -21,6 +22,11 @@ func parseShadowsocks(s proxy.Proxy, uuid string) (*Proxy, error) {
 		UDP:      true,
 	}

+	if strings.Contains(p.Cipher, "2022") {
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(config, uuid)
+		p.Password = fmt.Sprintf("%s:%s", serverKey, userKey)
+	}
+
 	return p, nil
 }

--- a/pkg/adapter/clash/tool.go
+++ b/pkg/adapter/clash/tool.go
@ -1,6 +1,8 @@
 package clash

-import "github.com/perfect-panel/server/pkg/adapter/proxy"
+import (
+	"github.com/perfect-panel/server/pkg/adapter/proxy"
+)

 func clashTransport(c *Proxy, transportType string, transportConfig proxy.TransportConfig) {

--- a/pkg/adapter/general/uri.go
+++ b/pkg/adapter/general/uri.go
@ -73,11 +73,17 @@ func ShadowsocksUri(data proxy.Proxy, uuid string) string {
 	if !ok {
 		return ""
 	}
-	// sip002
+
+	password := uuid
+	// SIP022 AEAD-2022 Ciphers
+	if strings.Contains(ss.Method, "2022") {
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(ss, uuid)
+		password = fmt.Sprintf("%s:%s", serverKey, userKey)
+	}
+
 	u := &url.URL{
-		Scheme: "ss",
-		// 还没有写 2022 的
-		User:     url.User(strings.TrimSuffix(base64.URLEncoding.EncodeToString([]byte(ss.Method+":"+uuid)), "=")),
+		Scheme:   "ss",
+		User:     url.User(strings.TrimSuffix(base64.URLEncoding.EncodeToString([]byte(ss.Method+":"+password)), "=")),
 		Host:     net.JoinHostPort(data.Server, strconv.Itoa(data.Port)),
 		Fragment: data.Name,
 	}
--- a/pkg/adapter/loon/shadowsocks.go
+++ b/pkg/adapter/loon/shadowsocks.go
@ -6,8 +6,6 @@ import (
 	"strings"

 	"github.com/perfect-panel/server/pkg/adapter/proxy"
-	"github.com/perfect-panel/server/pkg/tool"
-	"github.com/perfect-panel/server/pkg/uuidx"
 )

 func buildShadowsocks(data proxy.Proxy, password string) string {
@ -18,7 +16,7 @@ func buildShadowsocks(data proxy.Proxy, password string) string {
 	}

 	if strings.Contains(shadowsocks.Method, "2022") {
-		serverKey, userKey := generateShadowsocks2022Password(shadowsocks, password)
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(shadowsocks, password)
 		password = fmt.Sprintf("%s:%s", serverKey, userKey)
 	}

@ -34,16 +32,3 @@ func buildShadowsocks(data proxy.Proxy, password string) string {
 	uri := strings.Join(configs, ",")
 	return uri + "\r\n"
 }
-
-func generateShadowsocks2022Password(ss proxy.Shadowsocks, password string) (string, string) {
-	// server key
-	var serverKey string
-	if ss.Method == "2022-blake3-aes-128-gcm" {
-		serverKey = tool.GenerateCipher(ss.ServerKey, 16)
-		password = uuidx.UUIDToBase64(password, 16)
-	} else {
-		serverKey = tool.GenerateCipher(ss.ServerKey, 32)
-		password = uuidx.UUIDToBase64(password, 32)
-	}
-	return serverKey, password
-}
--- a/pkg/adapter/proxy/tool.go
+++ b/pkg/adapter/proxy/tool.go
@ -0,0 +1,19 @@
+package proxy
+
+import (
+	"github.com/perfect-panel/server/pkg/tool"
+	"github.com/perfect-panel/server/pkg/uuidx"
+)
+
+func GenerateShadowsocks2022Password(ss Shadowsocks, password string) (string, string) {
+	// server key
+	var serverKey string
+	if ss.Method == "2022-blake3-aes-128-gcm" {
+		serverKey = tool.GenerateCipher(ss.ServerKey, 16)
+		password = uuidx.UUIDToBase64(password, 16)
+	} else {
+		serverKey = tool.GenerateCipher(ss.ServerKey, 32)
+		password = uuidx.UUIDToBase64(password, 32)
+	}
+	return serverKey, password
+}
--- a/pkg/adapter/quantumultx/shadowsocks.go
+++ b/pkg/adapter/quantumultx/shadowsocks.go
@ -11,10 +11,17 @@ func buildShadowsocks(data proxy.Proxy, uuid string) string {
 	ss := data.Option.(proxy.Shadowsocks)
 	addr := fmt.Sprintf("%s:%d", data.Server, data.Port)

+	password := uuid
+
+	if strings.Contains(ss.Method, "2022") {
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(ss, uuid)
+		password = fmt.Sprintf("%s:%s", serverKey, userKey)
+	}
+
 	config := []string{
 		addr,
 		fmt.Sprintf("method=%s", ss.Method),
-		fmt.Sprintf("password=%s", uuid),
+		fmt.Sprintf("password=%s", password),
 		"fast-open=true",
 		"udp-relay=true",
 		fmt.Sprintf("tag=%s", data.Name),
--- a/pkg/adapter/singbox/shadowsocks.go
+++ b/pkg/adapter/singbox/shadowsocks.go
@ -1,6 +1,9 @@
 package singbox

 import (
+	"fmt"
+	"strings"
+
 	"github.com/perfect-panel/server/pkg/adapter/proxy"
 )

@ -14,7 +17,15 @@ type ShadowsocksOptions struct {
 }

 func ParseShadowsocks(data proxy.Proxy, uuid string) (*Proxy, error) {
-	config := data.Option.(proxy.Shadowsocks)
+	ss := data.Option.(proxy.Shadowsocks)
+
+	password := uuid
+	// SIP022 AEAD-2022 Ciphers
+	if strings.Contains(ss.Method, "2022") {
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(ss, uuid)
+		password = fmt.Sprintf("%s:%s", serverKey, userKey)
+	}
+
 	p := &Proxy{
 		Tag:  data.Name,
 		Type: Shadowsocks,
@ -25,8 +36,8 @@ func ParseShadowsocks(data proxy.Proxy, uuid string) (*Proxy, error) {
 				Server:     data.Server,
 				ServerPort: data.Port,
 			},
-			Method:   config.Method,
-			Password: uuid,
+			Method:   ss.Method,
+			Password: password,
 			Network:  "tcp",
 		},
 	}
--- a/pkg/adapter/surfboard/shadowsocks.go
+++ b/pkg/adapter/surfboard/shadowsocks.go
@ -12,6 +12,10 @@ func buildShadowsocks(data proxy.Proxy, uuid string) string {
 	if !ok {
 		return ""
 	}
+	// Not supporting SIP022 AEAD-2022 Ciphers
+	if strings.Contains(ss.Method, "2022") {
+		return ""
+	}
 	addr := fmt.Sprintf("%s=ss, %s, %d", data.Name, data.Server, data.Port)
 	config := []string{
 		addr,
--- a/pkg/adapter/surge/shadowsocks.go
+++ b/pkg/adapter/surge/shadowsocks.go
@ -12,11 +12,19 @@ func buildShadowsocks(data proxy.Proxy, uuid string) string {
 	if !ok {
 		return ""
 	}
+
+	password := uuid
+	// SIP022 AEAD-2022 Ciphers
+	if strings.Contains(ss.Method, "2022") {
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(ss, uuid)
+		password = fmt.Sprintf("%s:%s", serverKey, userKey)
+	}
+
 	addr := fmt.Sprintf("%s=ss, %s, %d", data.Name, data.Server, data.Port)
 	config := []string{
 		addr,
 		fmt.Sprintf("encrypt-method=%s", ss.Method),
-		fmt.Sprintf("password=%s", uuid),
+		fmt.Sprintf("password=%s", password),
 		"tfo=true",
 		"udp-relay=true",
 	}
--- a/pkg/adapter/v2rayn/v2rayN.go
+++ b/pkg/adapter/v2rayn/v2rayN.go
@ -4,11 +4,12 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/perfect-panel/server/pkg/adapter/proxy"
 	"net"
 	"net/url"
 	"strconv"
 	"strings"
+
+	"github.com/perfect-panel/server/pkg/adapter/proxy"
 )

 type v2rayShareLink struct {
@ -69,11 +70,19 @@ func (m *V2rayN) buildShadowsocks(uuid string, data proxy.Proxy) string {
 	if !ok {
 		return ""
 	}
+
+	password := uuid
+	// SIP022 AEAD-2022 Ciphers
+	if strings.Contains(ss.Method, "2022") {
+		serverKey, userKey := proxy.GenerateShadowsocks2022Password(ss, uuid)
+		password = fmt.Sprintf("%s:%s", serverKey, userKey)
+	}
+
 	// sip002
 	u := &url.URL{
 		Scheme: "ss",
 		// 还没有写 2022 的
-		User:     url.User(strings.TrimSuffix(base64.URLEncoding.EncodeToString([]byte(ss.Method+":"+uuid)), "=")),
+		User:     url.User(strings.TrimSuffix(base64.URLEncoding.EncodeToString([]byte(ss.Method+":"+password)), "=")),
 		Host:     net.JoinHostPort(data.Server, strconv.Itoa(data.Port)),
 		Fragment: data.Name,
 	}