add option to encryption: XOR

Author: cnbatch

README.md

@@ -108,8 +108,8 @@ encryption_algorithm=AES-GCM
 | destination_port     | 1 - 65535          |是    |以客户端运行时可以指定端口范围|
 | destination_address  | IP地址、域名        |是    |填入 IPv6 地址时不需要中括号。多个地址请用逗号分隔|
 | dport_refresh        | 20 - 65535         |否    |单位“秒”。预设值 60 秒，小于20秒按20秒算，大于65535时按65536秒算|
-| encryption_algorithm | AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20 |否    |AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305 |
-| encryption_password  | 任意字符            |视情况|设置了 encryption_algorithm 时必填|
+| encryption_algorithm | XOR<br>AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20<br>none |否    |单纯异或运算<br>AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305<br>不加密 |
+| encryption_password  | 任意字符            |视情况|设置了 encryption_algorithm 使用加密时必填，none与XOR除外|
 | timeout              | 0 - 65535          |否    |单位“秒”。预设值为 1800，设为 0 则使用预设值<br>该选项表示的是，UDP 应用程序 ↔ udphop 之间的超时设置 |
 | keep_alive           | 0 - 65535          |否    |预设值为 0，等于停用 Keep Alive |
 | stun_server          | STUN 服务器地址     |否    |listen_port 为端口范围模式时不可使用|

README_EN.md

@@ -106,8 +106,8 @@ encryption_algorithm=AES-GCM
 | destination_port    | 1 - 65535           | Yes      | Specify the port range when running as a client |
 | destination_address | IP address, domain name | Yes   | When inputting an IPv6 address, no need for square brackets. Multiple addresses should be comma-separated.|
 | dport_refresh       | 20 - 65535          | No       | Unit: seconds. Default value is 60 seconds. If less than 20 seconds, it will be considered as 20 seconds; if greater than 65535, it will be considered as 65536 seconds |
-| encryption_algorithm| AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20 | No | Select from AES-256-GCM-AEAD, AES-256-OCB-AEAD, ChaCha20-Poly1305, XChaCha20-Poly1305 |
-| encryption_password | Any characters      | Depending on situation | Required when setting encryption_algorithm |
+| encryption_algorithm | XOR<br>AES-GCM<br>AES-OCB<br>chacha20<br>xchacha20<br>none |No    |XOR Only<br>AES-256-GCM-AEAD<br>AES-256-OCB-AEAD<br>ChaCha20-Poly1305<br>XChaCha20-Poly1305<br>No Encryption |
+| encryption_password  | Any character |Depends…|…on the setting of encryption_algorithm, if the value is set and it is neither `none` nor `XOR`, it is required|
 | timeout             | 0 - 65535           | No       | Unit: seconds. Default value is 1800. Set to 0 to use the default value. Represents the timeout setting between the UDP application and udphop |
 | keep_alive          | 0 - 65535           | No       | Default value is 0, which means Keep Alive is disabled |
 | stun_server         | STUN server address  | No       | Cannot be used when listen_port is in port range mode |

src/main.cpp

@@ -16,15 +16,15 @@
 int main(int argc, char *argv[])
 {
 #ifdef __cpp_lib_format
-	std::cout << std::format("{} version 20250112\n", app_name);
+	std::cout << std::format("{} version 20250301\n", app_name);
 	if (argc <= 1)
 	{
 		std::cout << std::format("Usage: {} config1.conf\n", app_name);
 		std::cout << std::format("       {} config1.conf config2.conf...\n", (int)app_name.length(), app_name.data());
 		return 0;
 	}
 #else
-	std::cout << app_name << " version 20250112\n";
+	std::cout << app_name << " version 20250301\n";
 	if (argc <= 1)
 	{
 		std::cout << "Usage: " << app_name << " config1.conf\n";

src/networks/client.cpp

@@ -463,9 +463,9 @@ void client_mode::data_sender(std::shared_ptr<udp_mappings> udp_session_ptr, std
 
 void client_mode::data_sender(std::shared_ptr<udp_mappings> udp_session_ptr)
 {
-	udp_session_ptr->forwarder_encryption_task_count--;
 	if (udp_session_ptr == nullptr)
 		return;
+	udp_session_ptr->forwarder_encryption_task_count--;
 	std::unique_lock locker{ udp_session_ptr->mutex_encryptions_via_forwarder };
 	if (udp_session_ptr->encryptions_via_forwarder.empty())
 		return;

src/networks/relay.cpp

@@ -652,9 +652,9 @@ void relay_mode::data_sender_via_listener(std::shared_ptr<udp_mappings> udp_sess
 
 void relay_mode::data_sender_via_listener(std::shared_ptr<udp_mappings> udp_session_ptr)
 {
-	udp_session_ptr->listener_encryption_task_count--;
 	if (udp_session_ptr == nullptr)
 		return;
+	udp_session_ptr->listener_encryption_task_count--;
 	std::unique_lock locker{ udp_session_ptr->mutex_encryptions_via_listener };
 	if (udp_session_ptr->encryptions_via_listener.empty())
 		return;

src/networks/server.cpp

@@ -473,8 +473,8 @@ void server_mode::data_sender(std::shared_ptr<udp_mappings> udp_session_ptr, con
 
 void server_mode::data_sender(std::shared_ptr<udp_mappings> udp_session_ptr)
 {
-	udp_session_ptr->listener_encryption_task_count--;
 	if (udp_session_ptr == nullptr) return;
+	udp_session_ptr->listener_encryption_task_count--;
 	std::unique_lock locker{ udp_session_ptr->mutex_encryptions_via_listener };
 	if (udp_session_ptr->encryptions_via_listener.empty())
 		return;

src/shares/configurations.cpp

@@ -152,6 +152,9 @@ std::vector<std::string> parse_the_rest(const std::vector<std::string> &args, us
 				case strhash("none"):
 					current_settings->encryption = encryption_mode::none;
 					break;
+				case strhash("xor"):
+					current_settings->encryption = encryption_mode::plain_xor;
+					break;
 				case strhash("aes-gcm"):
 					current_settings->encryption = encryption_mode::aes_gcm;
 					break;
@@ -328,6 +331,7 @@ void check_settings(user_settings &current_user_settings, std::vector<std::strin
 	if (current_user_settings.encryption != encryption_mode::empty &&
 		current_user_settings.encryption != encryption_mode::unknow &&
 		current_user_settings.encryption != encryption_mode::none &&
+		current_user_settings.encryption != encryption_mode::plain_xor &&
 		current_user_settings.encryption_password.empty())
 		error_msg.emplace_back("encryption_password is not set");
 

src/shares/data_operations.cpp

@@ -173,7 +173,7 @@ std::pair<std::string, size_t> encrypt_data(const std::string &password, encrypt
 	if (length <= 0)
 		return { "empty data", 0 };
 
-	bool no_encryption = false;
+	bool plain_xor = false;
 	size_t cipher_length = 0;
 	std::array<uint8_t, 2> iv_raw{};
 	std::string error_message;
@@ -207,12 +207,16 @@ std::pair<std::string, size_t> encrypt_data(const std::string &password, encrypt
 		error_message = xcc20.encrypt(password, data_ptr, length, data_ptr, cipher_length);
 		break;
 	}
+	case encryption_mode::plain_xor:
+	{
+		plain_xor = true;
+		[[fallthrough]];
+	}
 	default:
 	{
 		thread_local simple_hashing checksum_hash;
 		iv_raw = checksum_hash.checksum16(data_ptr, length);
 		cipher_length = length;
-		no_encryption = true;
 		break;
 	}
 	};
@@ -223,15 +227,15 @@ std::pair<std::string, size_t> encrypt_data(const std::string &password, encrypt
 		cipher_length += constant_values::iv_checksum_block_size;
 	}
 
-	if (no_encryption)
+	if (plain_xor)
 		xor_forward(data_ptr, cipher_length);
 
 	return { std::move(error_message), cipher_length };
 }
 
 std::vector<uint8_t> encrypt_data(const std::string &password, encryption_mode mode, const void *data_ptr, int length, std::string &error_message)
 {
-	bool no_encryption = false;
+	bool plain_xor = false;
 	size_t cipher_length = length;
 	std::array<uint8_t, 2> iv_raw{};
 	std::vector<uint8_t> cipher_cache(length + constant_values::encryption_block_reserve + constant_values::iv_checksum_block_size);
@@ -274,12 +278,16 @@ std::vector<uint8_t> encrypt_data(const std::string &password, encryption_mode m
 			cipher_cache.resize(cipher_length + constant_values::iv_checksum_block_size);
 		break;
 	}
+	case encryption_mode::plain_xor:
+	{
+		plain_xor = true;
+		[[fallthrough]];
+	}
 	default:
 	{
 		thread_local simple_hashing checksum_hash;
 		iv_raw = checksum_hash.checksum16(data_ptr, length);
 		cipher_length = length;
-		no_encryption = true;
 		cipher_cache.resize(cipher_length + constant_values::iv_checksum_block_size);
 		std::copy_n((const uint8_t *)data_ptr, length, cipher_cache.begin());
 		break;
@@ -291,15 +299,15 @@ std::vector<uint8_t> encrypt_data(const std::string &password, encryption_mode m
 		*(uint16_t*)(cipher_cache.data() + cipher_length) = *(uint16_t*)iv_raw.data();
 	}
 
-	if (no_encryption)
+	if (plain_xor)
 		xor_forward(cipher_cache);
 
 	return cipher_cache;
 }
 
 std::vector<uint8_t> encrypt_data(const std::string &password, encryption_mode mode, std::vector<uint8_t> &&input_data, std::string &error_message)
 {
-	bool no_encryption = false;
+	bool plain_xor = false;
 	std::array<uint8_t, 2> iv_raw{};
 	switch (mode)
 	{
@@ -339,6 +347,11 @@ std::vector<uint8_t> encrypt_data(const std::string &password, encryption_mode m
 			return input_data;
 		break;
 	}
+	case encryption_mode::plain_xor:
+	{
+		plain_xor = true;
+		[[fallthrough]];
+	}
 	default:
 	{
 		thread_local simple_hashing checksum_hash;
@@ -351,7 +364,7 @@ std::vector<uint8_t> encrypt_data(const std::string &password, encryption_mode m
 	input_data.resize(cipher_length + constant_values::iv_checksum_block_size);
 	*(uint16_t*)(input_data.data() + cipher_length) = *(uint16_t*)iv_raw.data();
 
-	if (no_encryption)
+	if (plain_xor)
 		xor_forward(input_data);
 
 	return input_data;
@@ -398,10 +411,14 @@ std::pair<std::string, size_t> decrypt_data(const std::string &password, encrypt
 		error_message = xcc20.decrypt(password, data_ptr, input_length, data_ptr, data_length);
 		break;
 	}
-	default:
+	case encryption_mode::plain_xor:
 	{
 		xor_backward(data_ptr, length);
-		*(uint16_t*)iv_raw.data() = *(uint16_t*)(data_ptr + input_length);
+		*(uint16_t *)iv_raw.data() = *(uint16_t *)(data_ptr + input_length);
+		[[fallthrough]];
+	}
+	default:
+	{
 		data_length = input_length;
 		thread_local simple_hashing checksum_hash;
 		std::array<uint8_t, 2> checksum16_value = checksum_hash.checksum16(data_ptr, data_length);
@@ -458,13 +475,17 @@ std::vector<uint8_t> decrypt_data(const std::string &password, encryption_mode m
 		data_cache = xcc20.decrypt(password, std::move(data_cache), error_message);
 		break;
 	}
-	default:
+	case encryption_mode::plain_xor:
 	{
 		data_cache.resize(length);
 		std::copy_n((const uint8_t *)data_ptr, length, data_cache.begin());
 		xor_backward(data_cache);
-		*(uint16_t*)iv_raw.data() = *(uint16_t*)(data_cache.data() + data_length);
+		*(uint16_t *)iv_raw.data() = *(uint16_t *)(data_cache.data() + data_length);
 		data_cache.resize(data_length);
+		[[fallthrough]];
+	}
+	default:
+	{
 		thread_local simple_hashing checksum_hash;
 		std::array<uint8_t, 2> checksum16_value = checksum_hash.checksum16(data_cache.data(), data_length);
 		if (checksum16_value != iv_raw)
@@ -527,10 +548,14 @@ std::vector<uint8_t> decrypt_data(const std::string &password, encryption_mode m
 			return input_data;
 		break;
 	}
-	default:
+	case encryption_mode::plain_xor:
 	{
 		xor_backward(input_data);
-		*(uint16_t*)iv_raw.data() = *(uint16_t*)(input_data.data() + data_length);
+		*(uint16_t *)iv_raw.data() = *(uint16_t *)(input_data.data() + data_length);
+		[[fallthrough]];
+	}
+	default:
+	{
 		thread_local simple_hashing checksum_hash;
 		std::array<uint8_t, 2> checksum16_value = checksum_hash.checksum16(input_data.data(), input_data.size());
 		if (checksum16_value != iv_raw)

src/shares/share_defines.hpp

@@ -21,7 +21,7 @@
 constexpr std::string_view app_name = "udphop";
 
 enum class running_mode { unknow, empty, server, client, relay, relay_ingress, relay_egress };
-enum class encryption_mode { unknow, empty, none, aes_gcm, aes_ocb, chacha20, xchacha20 };
+enum class encryption_mode { unknow, empty, none, plain_xor, aes_gcm, aes_ocb, chacha20, xchacha20 };
 enum class ip_only_options : unsigned short { not_set = 0, ipv4 = 1, ipv6 = 2 };
 
 namespace constant_values