outline-server icon indicating copy to clipboard operation
outline-server copied to clipboard
verified publisher icon Jigsaw-Code

Customizable encryption method

Open zonyitoo opened this issue 4 years ago • 7 comments

Right now the encryptionMethod is fixed to chacha20-ietf-poly1305:

https://github.com/Jigsaw-Code/outline-server/blob/037430d732d7e7bcfd2fc0f33cdbee39ce66fe79/src/shadowbox/server/server_access_key.ts#L87

Here are the recommended methods in shadowsocks:

  • aes-128-gcm, aes-256-gcm
  • chacha20-ietf-poly1305

Modern hardwares (CPUs) have crypto instructions that support AES encryption & decryption, so using AES would improve throughput and battery life on protable devices & routers.

Possible solutions:

  1. Configure encryptionMethod with environment variable OUTLINE_USER_ENCRYPTION_METHOD
  2. Configure encryptionMethod with API parameters
  3. Configure encryptionMethod in the configuration file

The 1st one would be the simplest solution.

zonyitoo avatar Sep 06 '21 09:09 zonyitoo

Benchmarks

Test commands:

  1. openssl speed -elapsed -evp aes-256-gcm
  2. openssl speed -elapsed -evp chacha20-poly1305

R4S, RK3399, Aarch64

type                 16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes    16384 bytes
aes-256-gcm         166822.94k   467574.74k   819387.90k  1027504.81k  1096911.53k  1104046.76k
chacha20-poly1305    88770.39k   163836.12k   312933.21k   363375.62k   388057.77k   387132.07k

MBP late-2019, i7-9750H, x86_64

type                 16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-256-gcm         293792.90k   965846.70k  1873837.31k  2794780.67k  3257095.51k  3241642.44k
chacha20-poly1305   227457.32k   434543.98k   937373.01k  1710646.27k  1792524.29k  1757382.68k

All devices above have hardware support of AES.

aes-256-gcm have much better performaces with all sizes of blocks. All the new devices we could buy, including mobile phones, laptops, PCs, routers, even tiny computers like Raspbery Pi are using CPUs that have AES hardware support.

zonyitoo avatar Sep 06 '21 16:09 zonyitoo

I'd like to second this proposal. Back in February, I benchmarked several implementations to compare the transfer rate of a single TCP connection. It was for a different purpose, but the results are still relevant today. Shadowsocks TCP sessions using the aes-256-gcm cipher yields 25 ~ 30% higher throughput than using the chacha20-poly1305 cipher.

In our community deployments, all ~50 server CPUs support the AES instructions. All clients are running on hardware with these instructions, and have software support for them. Switching to AES-GCM ciphers should help reduce energy consumption on mobile and embedded devices, and allow servers to handle more requests.

database64128 avatar Sep 06 '21 17:09 database64128

Ping @fortuna , would you consider adding this feature?

zonyitoo avatar Sep 16 '21 17:09 zonyitoo

Yes, totally. Not in the Manager UI, but I believe we can easily add it to the key creation API. I might as well add a way to name the key on creation.

fortuna avatar Sep 16 '21 17:09 fortuna

@fortuna When will we have this feature? Is it in the development plan?

zonyitoo avatar Sep 19 '21 17:09 zonyitoo

It's happening now: https://github.com/Jigsaw-Code/outline-server/pull/1002

fortuna avatar Oct 20 '21 12:10 fortuna

@fortuna #1002 is awaiting an approval for the workflows to be run and also your review. You wrote "Please re-request review once this is ready..." but I don't see that option on the pull request. Can you take a look pls?

62w71st avatar Oct 01 '22 02:10 62w71st