feat: add Sudoku protocol inbound & outbound support (#2397)

Author: saba-futai

adapter/outbound/sudoku.go

@@ -0,0 +1,263 @@
+package outbound
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/saba-futai/sudoku/apis"
+	"github.com/saba-futai/sudoku/pkg/crypto"
+	"github.com/saba-futai/sudoku/pkg/obfs/httpmask"
+	"github.com/saba-futai/sudoku/pkg/obfs/sudoku"
+
+	N "github.com/metacubex/mihomo/common/net"
+	"github.com/metacubex/mihomo/component/dialer"
+	"github.com/metacubex/mihomo/component/proxydialer"
+	C "github.com/metacubex/mihomo/constant"
+)
+
+type Sudoku struct {
+	*Base
+	option   *SudokuOption
+	table    *sudoku.Table
+	baseConf apis.ProtocolConfig
+}
+
+type SudokuOption struct {
+	BasicOption
+	Name       string `proxy:"name"`
+	Server     string `proxy:"server"`
+	Port       int    `proxy:"port"`
+	Key        string `proxy:"key"`
+	AEADMethod string `proxy:"aead-method,omitempty"`
+	PaddingMin *int   `proxy:"padding-min,omitempty"`
+	PaddingMax *int   `proxy:"padding-max,omitempty"`
+	Seed       string `proxy:"seed,omitempty"`
+	TableType  string `proxy:"table-type,omitempty"` // "prefer_ascii" or "prefer_entropy"
+}
+
+// DialContext implements C.ProxyAdapter
+func (s *Sudoku) DialContext(ctx context.Context, metadata *C.Metadata) (C.Conn, error) {
+	return s.DialContextWithDialer(ctx, dialer.NewDialer(s.DialOptions()...), metadata)
+}
+
+// DialContextWithDialer implements C.ProxyAdapter
+func (s *Sudoku) DialContextWithDialer(ctx context.Context, d C.Dialer, metadata *C.Metadata) (_ C.Conn, err error) {
+	if len(s.option.DialerProxy) > 0 {
+		d, err = proxydialer.NewByName(s.option.DialerProxy, d)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	cfg, err := s.buildConfig(metadata)
+	if err != nil {
+		return nil, err
+	}
+
+	c, err := d.DialContext(ctx, "tcp", s.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
+	}
+
+	defer func() {
+		safeConnClose(c, err)
+	}()
+
+	if ctx.Done() != nil {
+		done := N.SetupContextForConn(ctx, c)
+		defer done(&err)
+	}
+
+	c, err = s.streamConn(c, cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewConn(c, s), nil
+}
+
+// ListenPacketContext implements C.ProxyAdapter
+func (s *Sudoku) ListenPacketContext(ctx context.Context, metadata *C.Metadata) (C.PacketConn, error) {
+	return nil, C.ErrNotSupport
+}
+
+// SupportUOT implements C.ProxyAdapter
+func (s *Sudoku) SupportUOT() bool {
+	return false // Sudoku protocol only supports TCP
+}
+
+// SupportWithDialer implements C.ProxyAdapter
+func (s *Sudoku) SupportWithDialer() C.NetWork {
+	return C.TCP
+}
+
+// ProxyInfo implements C.ProxyAdapter
+func (s *Sudoku) ProxyInfo() C.ProxyInfo {
+	info := s.Base.ProxyInfo()
+	info.DialerProxy = s.option.DialerProxy
+	return info
+}
+
+func (s *Sudoku) buildConfig(metadata *C.Metadata) (*apis.ProtocolConfig, error) {
+	if metadata == nil || metadata.DstPort == 0 || !metadata.Valid() {
+		return nil, fmt.Errorf("invalid metadata for sudoku outbound")
+	}
+
+	cfg := s.baseConf
+	cfg.TargetAddress = metadata.RemoteAddress()
+
+	if err := cfg.ValidateClient(); err != nil {
+		return nil, err
+	}
+	return &cfg, nil
+}
+
+func (s *Sudoku) streamConn(rawConn net.Conn, cfg *apis.ProtocolConfig) (_ net.Conn, err error) {
+	if err = httpmask.WriteRandomRequestHeader(rawConn, cfg.ServerAddress); err != nil {
+		return nil, fmt.Errorf("write http mask failed: %w", err)
+	}
+
+	obfsConn := sudoku.NewConn(rawConn, cfg.Table, cfg.PaddingMin, cfg.PaddingMax, false)
+	cConn, err := crypto.NewAEADConn(obfsConn, cfg.Key, cfg.AEADMethod)
+	if err != nil {
+		return nil, fmt.Errorf("setup crypto failed: %w", err)
+	}
+
+	handshake := buildSudokuHandshakePayload(cfg.Key)
+	if _, err = cConn.Write(handshake[:]); err != nil {
+		cConn.Close()
+		return nil, fmt.Errorf("send handshake failed: %w", err)
+	}
+
+	if err = writeTargetAddress(cConn, cfg.TargetAddress); err != nil {
+		cConn.Close()
+		return nil, fmt.Errorf("send target address failed: %w", err)
+	}
+
+	return cConn, nil
+}
+
+func NewSudoku(option SudokuOption) (*Sudoku, error) {
+	if option.Server == "" {
+		return nil, fmt.Errorf("server is required")
+	}
+	if option.Port <= 0 || option.Port > 65535 {
+		return nil, fmt.Errorf("invalid port: %d", option.Port)
+	}
+	if option.Key == "" {
+		return nil, fmt.Errorf("key is required")
+	}
+
+	tableType := strings.ToLower(option.TableType)
+	if tableType == "" {
+		tableType = "prefer_ascii"
+	}
+	if tableType != "prefer_ascii" && tableType != "prefer_entropy" {
+		return nil, fmt.Errorf("table-type must be prefer_ascii or prefer_entropy")
+	}
+
+	seed := option.Seed
+	if seed == "" {
+		seed = option.Key
+	}
+
+	table := sudoku.NewTable(seed, tableType)
+
+	defaultConf := apis.DefaultConfig()
+	paddingMin := defaultConf.PaddingMin
+	paddingMax := defaultConf.PaddingMax
+	if option.PaddingMin != nil {
+		paddingMin = *option.PaddingMin
+	}
+	if option.PaddingMax != nil {
+		paddingMax = *option.PaddingMax
+	}
+	if option.PaddingMin == nil && option.PaddingMax != nil && paddingMax < paddingMin {
+		paddingMin = paddingMax
+	}
+	if option.PaddingMax == nil && option.PaddingMin != nil && paddingMax < paddingMin {
+		paddingMax = paddingMin
+	}
+
+	baseConf := apis.ProtocolConfig{
+		ServerAddress:           net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
+		Key:                     option.Key,
+		AEADMethod:              defaultConf.AEADMethod,
+		Table:                   table,
+		PaddingMin:              paddingMin,
+		PaddingMax:              paddingMax,
+		HandshakeTimeoutSeconds: defaultConf.HandshakeTimeoutSeconds,
+	}
+	if option.AEADMethod != "" {
+		baseConf.AEADMethod = option.AEADMethod
+	}
+
+	return &Sudoku{
+		Base: &Base{
+			name:   option.Name,
+			addr:   baseConf.ServerAddress,
+			tp:     C.Sudoku,
+			udp:    false,
+			tfo:    option.TFO,
+			mpTcp:  option.MPTCP,
+			iface:  option.Interface,
+			rmark:  option.RoutingMark,
+			prefer: C.NewDNSPrefer(option.IPVersion),
+		},
+		option:   &option,
+		table:    table,
+		baseConf: baseConf,
+	}, nil
+}
+
+func buildSudokuHandshakePayload(key string) [16]byte {
+	var payload [16]byte
+	binary.BigEndian.PutUint64(payload[:8], uint64(time.Now().Unix()))
+	hash := sha256.Sum256([]byte(key))
+	copy(payload[8:], hash[:8])
+	return payload
+}
+
+func writeTargetAddress(w io.Writer, rawAddr string) error {
+	host, portStr, err := net.SplitHostPort(rawAddr)
+	if err != nil {
+		return err
+	}
+
+	portInt, err := net.LookupPort("tcp", portStr)
+	if err != nil {
+		return err
+	}
+
+	var buf []byte
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			buf = append(buf, 0x01) // IPv4
+			buf = append(buf, ip4...)
+		} else {
+			buf = append(buf, 0x04) // IPv6
+			buf = append(buf, ip...)
+		}
+	} else {
+		if len(host) > 255 {
+			return fmt.Errorf("domain too long")
+		}
+		buf = append(buf, 0x03) // domain
+		buf = append(buf, byte(len(host)))
+		buf = append(buf, host...)
+	}
+
+	var portBytes [2]byte
+	binary.BigEndian.PutUint16(portBytes[:], uint16(portInt))
+	buf = append(buf, portBytes[:]...)
+
+	_, err = w.Write(buf)
+	return err
+}

adapter/parser.go

@@ -146,6 +146,13 @@ func ParseProxy(mapping map[string]any) (C.Proxy, error) {
 			break
 		}
 		proxy, err = outbound.NewAnyTLS(*anytlsOption)
+	case "sudoku":
+		sudokuOption := &outbound.SudokuOption{}
+		err = decoder.Decode(mapping, sudokuOption)
+		if err != nil {
+			break
+		}
+		proxy, err = outbound.NewSudoku(*sudokuOption)
 	default:
 		return nil, fmt.Errorf("unsupport proxy type: %s", proxyType)
 	}

constant/adapters.go

@@ -44,6 +44,7 @@ const (
 	Ssh
 	Mieru
 	AnyTLS
+	Sudoku
 )
 
 const (
@@ -230,6 +231,8 @@ func (at AdapterType) String() string {
 		return "Mieru"
 	case AnyTLS:
 		return "AnyTLS"
+	case Sudoku:
+		return "Sudoku"
 	case Relay:
 		return "Relay"
 	case Selector:

constant/metadata.go

@@ -39,6 +39,7 @@ const (
 	HYSTERIA2
 	ANYTLS
 	MIERU
+	SUDOKU
 	INNER
 )
 
@@ -112,6 +113,8 @@ func (t Type) String() string {
 		return "AnyTLS"
 	case MIERU:
 		return "Mieru"
+	case SUDOKU:
+		return "Sudoku"
 	case INNER:
 		return "Inner"
 	default:
@@ -154,6 +157,8 @@ func ParseType(t string) (*Type, error) {
 		res = ANYTLS
 	case "MIERU":
 		res = MIERU
+	case "SUDOKU":
+		res = SUDOKU
 	case "INNER":
 		res = INNER
 	default:

docs/config.yaml

@@ -1038,6 +1038,18 @@ proxies: # socks5
     # 如果想开启 0-RTT 握手，请设置为 HANDSHAKE_NO_WAIT，否则请设置为 HANDSHAKE_STANDARD。默认值为 HANDSHAKE_STANDARD
     # handshake-mode: HANDSHAKE_STANDARD
 
+  # sudoku
+  - name: sudoku
+    type: sudoku
+    server: serverip # 1.2.3.4
+    port: 443 
+    key: "<client_key>" # 如果你使用sudoku生成的ED25519密钥对，请填写密钥对中的私钥，否则填入和服务端相同的uuid
+    aead-method: chacha20-poly1305 # 可选值：chacha20-poly1305、aes-128-gcm、none 我们保证在none的情况下sudoku混淆层仍然确保安全
+    padding-min: 2 # 最小填充字节数
+    padding-max: 7 # 最大填充字节数
+    seed: "<seed-or-key>" # 如果使用sudoku生成的ED25519密钥对，请填写密钥对中的公钥（如果你有安全焦虑，填入私钥也可以，只是私钥长度比较长不好看而已），否则填入和服务端相同的uuid
+    table-type: prefer_ascii    # 可选值：prefer_ascii、prefer_entropy 前者全ascii映射，后者保证熵值（汉明1）低于3
+
   # anytls
   - name: anytls
     type: anytls
@@ -1567,6 +1579,19 @@ listeners:
       username1: password1
       username2: password2
 
+  - name: sudoku-in-1
+    type: sudoku
+    port: 8443 # 仅支持单端口
+    listen: 0.0.0.0
+    key: "<server_key>" # 如果你使用sudoku生成的ED25519密钥对，此处是密钥对中的公钥，当然，你也可以仅仅使用任意uuid充当key
+    aead-method: chacha20-poly1305 # 支持chacha20-poly1305或者aes-128-gcm以及none，sudoku的混淆层可以确保none情况下数据安全
+    padding-min: 1 # 填充最小长度
+    padding-max: 15 # 填充最大长度，均不建议过大
+    seed: "<seed-or-key>" # 如果你不使用ED25519密钥对，就请填入客户端的key，否则仍然是公钥
+    table-type: prefer_ascii # 可选值：prefer_ascii、prefer_entropy 前者全ascii映射，后者保证熵值（汉明1）低于3
+    handshake-timeout: 5   # optional
+
+
   - name: trojan-in-1
     type: trojan
     port: 10819 # 支持使用ports格式，例如200,302 or 200,204,401-429,501-503
@@ -1715,3 +1740,4 @@ listeners:
 #  alpn:
 #    - h3
 #  max-udp-relay-packet-size: 1500
+

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/bahlo/generic-list-go v0.2.0
 	github.com/coreos/go-iptables v0.8.0
 	github.com/dlclark/regexp2 v1.11.5
-	github.com/enfein/mieru/v3 v3.23.0
+	github.com/enfein/mieru/v3 v3.24.0
 	github.com/go-chi/chi/v5 v5.2.3
 	github.com/go-chi/render v1.0.3
 	github.com/gobwas/ws v1.4.0
@@ -43,6 +43,7 @@ require (
 	github.com/mroth/weightedrand/v2 v2.1.0
 	github.com/openacid/low v0.1.21
 	github.com/oschwald/maxminddb-golang v1.12.0 // lastest version compatible with golang1.20
+	github.com/saba-futai/sudoku v0.0.1-e
 	github.com/sagernet/cors v1.2.1
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
 	github.com/samber/lo v1.52.0
@@ -63,6 +64,7 @@ require (
 )
 
 require (
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/RyuaNerin/go-krypto v1.3.0 // indirect
 	github.com/Yawning/aez v0.0.0-20211027044916-e49e68abd344 // indirect
 	github.com/ajg/form v1.5.1 // indirect