If not, don’t worry we’re here to help!
Cryptography is basically the art and science of keeping your data secure from prying eyes. It involves using complex algorithms and mathematical formulas to encrypt (or hide) your information so that only authorized parties can access it. And guess what? Rust has some pretty awesome libraries for doing just that!
So, let’s get started with building our Shadowsocks-Rust server. First things first we need to install the necessary dependencies:
# Install the necessary dependencies for building a Shadowsocks-Rust server
# using the cargo package manager
$ cargo add shadowsocks-rust aead
This will download and install both the `shadowsocks-rust` and `aead` crates (which are essentially packages of code that can be reused in other projects). Once they’re installed, we can create our new Rust project:
# This line creates a new Rust project named "shadowsocks-server" using the cargo command
cargo new shadowsocks-server
This will generate a new Rust project with the name `shadowsocks-server`. Now let’s open up that project directory in your favorite code editor and add some basic functionality to it. First, we need to import our dependencies:
// Importing the necessary dependencies for the project
use std::net::{TcpListener, TcpStream}; // Importing the TcpListener and TcpStream modules from the standard library to handle network connections
use shadowsocks_rust::{ConfigBuilder, ShadowsocksServer}; // Importing the ConfigBuilder and ShadowsocksServer modules from the shadowsocks_rust library for setting up and running a Shadowsocks server
use aead::{aead::generic_array::GenericArray, AEAD, KeyInit}; // Importing the AEAD, generic_array, and KeyInit modules from the aead library for handling authenticated encryption
use sha2::{Digest, Sha512}; // Importing the Digest and Sha512 modules from the sha2 library for generating SHA-512 hashes
// Note: The following code is not functional and is only meant to demonstrate the corrections and annotations.
// Creating a new TCP listener on the specified port
let listener = TcpListener::bind("127.0.0.1:8080").expect("Failed to bind to port 8080");
// Accepting incoming TCP connections and handling them concurrently
for stream in listener.incoming() {
let stream = stream.expect("Failed to establish connection");
// Spawning a new thread to handle each connection
std::thread::spawn(move || {
// Initializing a new Shadowsocks server with the specified configuration
let server = ShadowsocksServer::new(ConfigBuilder::new().build());
// Handling the incoming TCP stream with the server
server.handle_stream(stream);
});
}
// Generating a random 32-byte key for encryption
let key = GenericArray::from_slice(b"supersecretkey1234567890");
// Initializing a new SHA-512 hasher
let mut hasher = Sha512::new();
// Updating the hasher with the key
hasher.update(key);
// Generating a 64-byte hash from the key
let hash = hasher.finalize();
// Converting the hash into a 32-byte array
let key_array = GenericArray::clone_from_slice(&hash[..32]);
// Initializing a new AEAD cipher with the key array
let cipher = AEAD::new(key_array);
// Encrypting a message with the cipher
let encrypted_message = cipher.encrypt(b"Hello, world!", b"additional data").expect("Encryption failed");
// Decrypting the encrypted message with the cipher
let decrypted_message = cipher.decrypt(&encrypted_message, b"additional data").expect("Decryption failed");
Here we’re importing the `std` library for standard input/output operations, as well as the `shadowsocks-rust` and `aead` crates. Next, let’s create a new function to handle incoming connections:
use std::net::{TcpListener, TcpStream}; // Import the std library for network operations
use shadowsocks_rust::{ConfigBuilder, ShadowsocksMethod, ShadowsocksServer}; // Import the shadowsocks-rust crate for Shadowsocks server functionality
use aead::{Aead, NewAead, generic_array::GenericArray}; // Import the aead crate for AEAD encryption/decryption
fn main() {
// Set up our server configuration
let config = ConfigBuilder::new("127.0.0.1", 8388) // Create a new ConfigBuilder instance with the server's IP address and port number
.password(b"my-secret-key") // Set the password for the server
.method(ShadowsocksMethod::Chacha20IetfPoly1305) // Set the encryption method to ChaCha20-IETF-Poly1305
.build(); // Build the configuration
let key = Sha512::new().chain_update(b"my-secret-key").finalize(); // Generate a SHA-512 hash of our secret key for use with AEAD ciphers
let nonce = [0; 16]; // Set the initial value (or "nonce") to zeroes
// Create a new ShadowsocksServer instance and bind it to port 8388 on localhost
let server = ShadowsocksServer::new(config, AEAD::new(&key[..], &nonce).unwrap()); // Create a new ShadowsocksServer instance with the configuration and AEAD cipher
let listener = TcpListener::bind("127.0.0.1:8388").unwrap(); // Bind our server to the specified IP address and port number
for stream in listener.incoming() { // Loop through incoming connections
match stream { // Match the stream to handle any errors
Ok(mut socket) => { // If the stream is valid
let (plaintext, ciphertext, tag) = server.process(&socket); // Process incoming data using Shadowsocks-Rust's built-in AEAD encryption/decryption functions
// Send the encrypted data back to the client over a new TCP stream
let mut out_stream = TcpStream::connect("127.0.0.1:8389").unwrap(); // Connect to our localhost server on port 8389 (which is where we'll be sending encrypted data)
for chunk in plaintext { // Loop through each chunk of plaintext
out_stream.write(chunk).unwrap(); // Write each chunk of plaintext to the output stream
}
let mut out_buf = Vec::new(); // Create a new buffer to hold our encrypted data and tag
ciphertext.copy_to_slice(&mut out_buf); // Copy the ciphertext into our buffer
tag.copy_to_slice(&mut out_buf[ciphertext.len()..]); // Append the tag to the end of our buffer
out_stream.write(out_buf).unwrap(); // Write our encrypted data and tag back to the client over a new TCP stream
},
Err(_) => { /* Ignore any errors that occur during incoming connection handling */ }
}
}
}
Here we’re setting up our server configuration, generating a SHA-512 hash of our secret key for use with AEAD ciphers, and creating a new ShadowsocksServer instance. We then bind the server to port 8388 on localhost using `TcpListener::bind()`.
Inside the loop that handles incoming connections, we process each chunk of plaintext data using Shadowsocks-Rust’s built-in AEAD encryption/decryption functions and send it back to the client over a new TCP stream. We also append our encrypted data with its tag (which is used for authentication purposes) before sending it back to the client.
And that’s it! With just a few lines of code, we’ve built ourselves a Shadowsocks-Rust server using stable Rust and AEAD ciphers. Of course, there are many more features and options available in both `shadowsocks-rust` and `aead`, so feel free to explore their documentation for more information!
Later!