A Rust implementation of Trojan with QUIC tunnel, Lite-TLS and more.

Related tags

Cryptography trojan-oxide
Overview

Trojan-Oxide

A Rust implementation of Trojan with QUIC tunnel, Lite-TLS and more.

Overview

  1. Full support for the original Trojan Protocol, including TCP and UDP traffic.
  2. Pure Rust implementation with no comprimise on security and speed.
    • Highly efficient Tokio-based async network io.
    • Minimized memory consumption.
    • Predictable performance with no runtime garbage collector.
    • Poll based UDP Traffic.
  3. QUIC tunnel. The stealth Trojan implementation is still undetectable in the HTTP/3 era.
  4. Lite-TLS. Avoid redundant encrpytion with TLS traffics without modifying the underlying TLS library. We do things in the Trojan way, i.e., we imitate rather than create.
  5. Zero-Copy (Linux Kernel >= 5.8 is required). With Lite-TLS enabled, we can achieve maximum efficiency on both the client and server sides. Up to 60% improvement is observed in a TCP echo server based on io-uring.

License

GPL-3

Examples

Install Rust

Please follow the instructions.

Build Trojan-Oxide From Source

git clone https://github.com/3andne/trojan-oxide.git && cd ./trojan-oxide
cargo build --release

The executable binary file is ./target/release/trojan-oxide.

Build Selected Features

You can select features according to your needs; the default configuration builds both the server and client.

Server Only
cargo build --release --features server_full
Client Only
cargo build --release --features client_full
Zero Copy Feature

This feature is disabled by default since it only works on Linux with a kernel >= 5.8. The following command will build this feature.

cargo build --release --features client_full,zio
cargo build --release --features server_full,zio

Run Server

Suppose you have a server your.website.com.

  • Your TLS certificate is in "/path/to/cert/fullchain.cert".

  • Your TLS private key is in "/path/to/key/private.key".

  • You want the server to listen on port 443, and re-direct unauthenticated traffics to 80.

  • You set password to your_password. If your password contains '$', please write it as '\$'.

Then you should start the server by:

./target/release/trojan-oxide -s -w "your_password" -k "/path/to/key/private.key" -c "/path/to/cert/fullchain.cert" -u "your.website.com" -x 443 -f 80

Note that rustls (the underlying tls library) doesn't support ECC keys as of this moment. Please Follow the instructions if you have a pair of ECC keys.

Run Client

If you have a tcp-tls trojan service on your.website.com:443 with the password your_password. You can start your client by:

./target/release/trojan-oxide -w "your_password" -u you.website.com -x 443 -m t

  • the default tunnel is TCP-TLS

    • use -m q if you want to use the QUIC tunnel
    • use -m l if you want to use the Lite-TLS tunnel

  • you can also specify your server ip by:

    ./target/release/trojan-oxide -w "your_password" -u you.website.com -d 114.51.4.191 -x 443 -m t

  • The default http and socks5 port is 8888 and 8889 respectively. Please specify them by -h and -5.

Run Zero Copy Endpoints

Note that this feature only works when Linux kernel >= 5.8. Please build the client/server with zio feature first.

Then start the client in Lite-TLS mode.

./target/release/trojan-oxide -w "your_password" -u you.website.com -d 114.51.4.191 -x 443 -m l

You don't need to configure the server.

Manual

./target/release/trojan-oxide --help

USAGE:
    trojan-oxide [FLAGS] [OPTIONS] --password <password> [remote-socket-addr]

FLAGS:
        --help       
            Prints help information

    -s, --server     
            whether to start as server

    -V, --version    
            Prints version information


OPTIONS:
        --ca <ca>                              
            

    -c, --cert <cert>                          
            TLS certificate in PEM format

    -m, --connection-mode <connection-mode>    
            Connetion Mode:
            
            - t (for tcp-tls)
            
            - q (for quic)
            
            - l (for lite-tls) [default: t]
    -f, --fallback-port <fallback-port>        
            port to re-direct unauthenticated connections [default: 0]

    -k, --key <key>                            
            TLS private key in PEM format

    -h, --http_port <local-http-addr>          
            client http proxy port [default: 8888]

    -5, --socks5_port <local-socks5-addr>      
            client socks5 proxy port [default: 8889]

    -l, --log-level <log-level>                
            Log level (from least to most verbose):
            
            error < warn < info < debug < trace [default: info]
    -w, --password <password>                  
            the password to authenticate connections

    -u, --server-hostname <server-hostname>    
            Server Name Indication (sni), or Hostname [default: localhost]

    -d, --server-ip <server-ip>                
            server ip address [default: ]

    -x, --server-port <server-port>            
            server proxy port [default: 443]
You might also like...
A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

Sven Assmann 10 Nov 3, 2022
A pure-Rust implementation of group operations on Ristretto and Curve25519
A pure-Rust implementation of group operations on Ristretto and Curve25519

curve25519-dalek A pure-Rust implementation of group operations on Ristretto and Curve25519. curve25519-dalek is a library providing group operations

dalek cryptography 611 Dec 25, 2022
Bulletproofs and Bulletproofs+ Rust implementation for Aggregated Range Proofs over multiple elliptic curves

Bulletproofs This library implements Bulletproofs+ and Bulletproofs aggregated range proofs with multi-exponent verification. The library supports mul

[ZenGo X] 62 Dec 13, 2022
Open source Rust implementation of the Witnet decentralized oracle protocol, including full node and wallet backend ๐Ÿ‘๏ธ๐Ÿฆ€
Open source Rust implementation of the Witnet decentralized oracle protocol, including full node and wallet backend ๐Ÿ‘๏ธ๐Ÿฆ€

witnet-rust is an open source implementation of the Witnet Decentralized Oracle Network protocol written in Rust. Components witnet-rust implements ma

The Witnet Project 155 Nov 21, 2022
An implementation of Keccak derived functions specified in FIPS-202, SP800-185 and KangarooTwelve

tiny-keccak An implementation of Keccak derived functions specified in FIPS-202, SP800-185 and KangarooTwelve. Documentation The Keccak-f[1600] permut

Marek Kotewicz 168 Oct 21, 2022
A pairing-based threshold cryptosystem for collaborative decryption and signatures used in HoneybadgerBFT implementation

threshold_crypto A pairing-based threshold cryptosystem for collaborative decryption and signatures. The threshold_crypto crate provides cryptographic

null 166 Dec 29, 2022
A Rust implementation of BIP-0039

bip39-rs A Rust implementation of BIP0039 Changes See the changelog file, or the Github releases for specific tags. Documentation Add bip39 to your Ca

Infincia LLC 49 Dec 9, 2022
Official Rust implementation of the Nimiq protocol
Official Rust implementation of the Nimiq protocol

Nimiq Core implementation in Rust (core-rs) Rust implementation of the Nimiq Blockchain Core Nimiq is a frictionless payment protocol for the web. Thi

Nimiq 72 Sep 23, 2022
Rust implementation of Zcash protocol

The Parity Zcash client. Gitter Blog: Parity teams up with Zcash Foundation for Parity Zcash client Installing from source Installing the snap Running

Parity Technologies 183 Sep 8, 2022
Comments
  • Compile Error :

    Compile Error : "error[E0554]: `#![feature]` may not be used on the stable release channel"

    System environment : Debian 11

    The source code is : e298001 released on 12 Oct 2021

    Compile command : cargo build --release

    Compilation environment such as rust : rustc --version rustc 1.57.0 (f1edd0429 2021-11-29) rustup --version rustup 1.24.3 (ce5817a94 2021-05-31) cargo --version cargo 1.57.0 (b2e52d7ca 2021-10-21)

    The error is :

    Compiling trojan-oxide v0.1.0 (/root/trojan-oxide)
error[E0554]: `#![feature]` may not be used on the stable release channel
 --> src/main.rs:3:1
  |
3 | #![feature(generic_associated_types)]
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error[E0554]: `#![feature]` may not be used on the stable release channel
 --> src/main.rs:4:1
  |
4 | #![feature(type_alias_impl_trait)]
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error[E0554]: `#![feature]` may not be used on the stable release channel
 --> src/main.rs:5:1
  |
5 | #![feature(associated_type_defaults)]
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

For more information about this error, try `rustc --explain E0554`.
error: could not compile `trojan-oxide` due to 3 previous errors
    opened by nivrrex 1
  • Impl Lite-TLS and Zero Copy

    Impl Lite-TLS and Zero Copy

    Impl Lite-TLS and Zero Copy

    • Introducing Lite-TLS.
    • Add zero copy support for Lite-TLS on latest (>= 5.8) Linux kernels.
    • Refactor and bug fix.
    • We are now open source ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰.
    opened by 3andne 0
  • Run the server error : โ€œthread 'tokio-runtime-worker' panicked at 'removal index (is 0) should be < len (is 0)', src/server/inbound/tcp_tls.rs:25:38โ€

    Run the server error : โ€œthread 'tokio-runtime-worker' panicked at 'removal index (is 0) should be < len (is 0)', src/server/inbound/tcp_tls.rs:25:38โ€

    After the nightly version of rust is compiled and passed (rustc 1.59.0-nightly), an error occurs when running on the server side, and the tcp port cannot be bound.

    Jan 04 11:12:13.108  INFO starting glommio runtime: 0
Jan 04 11:12:13.109  INFO glommio runtime started
Jan 04 11:12:13.115  INFO starting dns resolver
Jan 04 11:12:13.115  INFO server-start
thread 'tokio-runtime-worker' panicked at 'removal index (is 0) should be < len (is 0)', src/server/inbound/tcp_tls.rs:25:38
stack backtrace:
   0:     0x55927954b5dc - <unknown>
   1:     0x55927956fe4c - <unknown>
   2:     0x559279543ff3 - <unknown>
   3:     0x55927954dd42 - <unknown>
   4:     0x55927954d925 - <unknown>
   5:     0x55927954e393 - <unknown>
   6:     0x55927954e0b0 - <unknown>
   7:     0x55927954ba84 - <unknown>
   8:     0x55927954dde9 - <unknown>
   9:     0x55927922f7c1 - <unknown>
  10:     0x55927922f622 - <unknown>
  11:     0x5592792db052 - <unknown>
  12:     0x5592793799ba - <unknown>
  13:     0x55927934be79 - <unknown>
  14:     0x5592792539c2 - <unknown>
  15:     0x559279240989 - <unknown>
  16:     0x55927950be40 - <unknown>
  17:     0x559279510da8 - <unknown>
  18:     0x55927950ff70 - <unknown>
  19:     0x5592794fd40b - <unknown>
  20:     0x55927950fa0c - <unknown>
  21:     0x559279511fb1 - <unknown>
  22:     0x5592795085c4 - <unknown>
  23:     0x559279506640 - <unknown>
  24:     0x5592794ff83c - <unknown>
  25:     0x5592795133fa - <unknown>
  26:     0x559279552653 - <unknown>
  27:     0x7f261e427ea7 - start_thread
  28:     0x7f261e20ddef - clone
  29:                0x0 - <unknown>
Jan 04 11:12:13.128  INFO listening on [udp]0.0.0.0:443
    opened by nivrrex 0
Owner
null
GitHub
[INACTIVE] TLS 1.2 implementation in Rust

suruga is Rust implementation of TLS 1.2. It currently implements some core parts of TLS 1.2, NIST P-256 ECDHE and chacha20-poly1305. Usage extern cra

klutzy/defunct 123 Dec 27, 2022
This is a solana lite rpc which optimizes sending transactions and confirming transactions strategies.

Solana Lite RPC This project aims to create a lite rpc server which is responsible only for sending and confirming the transactions. The lite-rpc serv

Blockworks Foundation 7 Dec 24, 2022
A modern TLS library in Rust

Rustls is a modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification. S

ctz 4k Jan 9, 2023
OpenSSL compatibility layer for the Rust SSL/TLS stack

An OpenSSL compatibility layer for the Rust SSL/TLS stack. MesaLink is an OpenSSL compatibility layer for the Rust SSL/TLS stack, namely rustls, webpk

MesaLock Linux 1.5k Dec 23, 2022
A modern TLS library in Rust

Rustls is a modern TLS library written in Rust. It uses ring for cryptography and libwebpki for certificate verification. Status Rustls is ready for u

null 4k Jan 9, 2023
A no-std / no-alloc TLS 1.3 client

puny-tls - no-std/no-alloc TLS 1.3 client This is an improvement over tiny-tls-rs to make it more useable. However the only reason this exists is to r

Bjรถrn Quentin 2 Aug 22, 2022
A Rust library to interact with the MPesa API, simplifying B2C payment integrations and more.

MPesa SDK (Rust Library) A Rust library to interact with the MPesa API, simplifying B2C payment integrations and more. Features Configuration manageme

Ismael GraHms 8 Aug 23, 2023
Bitcoin PSBT signer, descriptor exporter and more for offline devices.

KeeChain Description KeeChain is a Bitcoin application to transform your offline computer in an AirGap Signing Device (aka Hardware Wallet). Getting s

Yuki Kishimoto 3 Dec 15, 2022
IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Informal Systems 296 Dec 31, 2022
Complete Ethereum and Celo wallet implementation and utilities in Rust

ethers.rs Complete Ethereum and Celo wallet implementation and utilities in Rust Documentation Extensive documentation and examples are available here

Georgios Konstantopoulos 1.5k Jan 8, 2023