feat(ss): support none/dummy cipher via no-op AEAD implementation

The go-gost fork of go-shadowsocks2 dropped built-in support for the
none/dummy cipher that was present in the original go-shadowsocks2.
Combined with the SS components' hard requirement for auth (and
therefore a valid cipher), this made gost fail to start with
method=none or method=dummy.

Add a no-op cipher in x/internal/util/ss/none/ that implements the
core.ShadowCipher interface using the standard go-shadowsocks2 AEAD
framing (salt + length-prefixed chunks, target address embedding)
without actual encryption.  SaltSize=16 ensures random salts on every
connection to avoid bloom-ring replay detection.

Update SS TCP connector/handler and SS UDP connector/handler to detect
method=none/dummy (case-insensitive) and use the no-op cipher instead
of utils.NewClientConfig/NewServerConfig.

Fixes go-gost/x#105
This commit is contained in:
ginuerzh
2026-06-17 22:18:23 +08:00
parent 183252f6ae
commit a86b5ab66b
6 changed files with 155 additions and 22 deletions
+25
View File
@@ -0,0 +1,25 @@
// Package none provides a no-op cipher for Shadowsocks that passes data
// through without encryption. It implements the go-shadowsocks2 core.ShadowCipher
// interface. This cipher is intended for debugging, testing, and compatibility
// purposes and MUST NOT be used in production.
package none
// noopAEAD is a cipher.AEAD that performs no encryption or authentication.
// All data passes through unchanged.
type noopAEAD struct{}
// NonceSize returns 0 since no nonce is needed.
func (noopAEAD) NonceSize() int { return 0 }
// Overhead returns 0 since no authentication tag is added.
func (noopAEAD) Overhead() int { return 0 }
// Seal appends plaintext to dst without encryption.
func (noopAEAD) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
return append(dst, plaintext...)
}
// Open appends ciphertext to dst without decryption.
func (noopAEAD) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
return append(dst, ciphertext...), nil
}