fix proxy ss2022 client lints

proxy/shadowsocks2022/client.go

@@ -2,6 +2,10 @@ package shadowsocks2022
 
 import (
 	"context"
+	gonet "net"
+	"sync"
+	"time"
+
 	"github.com/v2fly/v2ray-core/v5/common"
 	"github.com/v2fly/v2ray-core/v5/common/buf"
 	"github.com/v2fly/v2ray-core/v5/common/environment"
@@ -15,9 +19,6 @@ import (
 	"github.com/v2fly/v2ray-core/v5/transport"
 	"github.com/v2fly/v2ray-core/v5/transport/internet"
 	"github.com/v2fly/v2ray-core/v5/transport/internet/udp"
-	gonet "net"
-	"sync"
-	"time"
 )
 
 type Client struct {
@@ -33,17 +34,17 @@ type ClientUDPConnState struct {
 }
 
 func (c *ClientUDPConnState) GetOrCreateSession(create func() (*ClientUDPSession, error)) (*ClientUDPSession, error) {
-	var err error
+	var errOuter error
 	c.initOnce.Do(func() {
 		sessionState, err := create()
 		if err != nil {
-			err = newError("failed to create UDP session").Base(err)
+			errOuter = newError("failed to create UDP session").Base(err)
 			return
 		}
 		c.session = sessionState
 	})
-	if err != nil {
-		return nil, newError("failed to initialize UDP State").Base(err)
+	if errOuter != nil {
+		return nil, newError("failed to initialize UDP State").Base(errOuter)
 	}
 	return c.session, nil
 }
@@ -60,7 +61,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
 	destination := outbound.Target
 	network := destination.Network
 
-	var keyDerivation = newBLAKE3KeyDerivation()
+	keyDerivation := newBLAKE3KeyDerivation()
 	var method Method
 	switch c.config.Method {
 	case "2022-blake3-aes-128-gcm":
@@ -107,7 +108,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
 
 			return nil
 		})
-
 		if err != nil {
 			return newError("failed to find an available destination").AtWarning().Base(err)
 		}
@@ -222,7 +222,6 @@ func (c *Client) getUDPSession(ctx context.Context, network net.Network, dialer
 }
 
 func NewClient(ctx context.Context, config *ClientConfig) (*Client, error) {
-
 	storage := envctx.EnvironmentFromContext(ctx).(environment.ProxyEnvironment).TransientStorage()
 
 	udpState, err := NewClientUDPConnState()

proxy/shadowsocks2022/client_session.go

@@ -3,13 +3,14 @@ package shadowsocks2022
 import (
 	"context"
 	"crypto/rand"
-	"github.com/v2fly/v2ray-core/v5/common/buf"
-	"github.com/v2fly/v2ray-core/v5/common/net"
-	"github.com/v2fly/v2ray-core/v5/transport/internet"
 	"io"
 	gonet "net"
 	"sync"
 	"time"
+
+	"github.com/v2fly/v2ray-core/v5/common/buf"
+	"github.com/v2fly/v2ray-core/v5/common/net"
+	"github.com/v2fly/v2ray-core/v5/transport/internet"
 )
 
 func NewClientUDPSession(ctx context.Context, conn io.ReadWriteCloser, packetProcessor UDPClientPacketProcessor) *ClientUDPSession {
@@ -165,7 +166,7 @@ func (c *ClientUDPSessionConn) ReadFrom(p []byte) (n int, addr net.Addr, err err
 	case resp := <-c.readChan:
 		n = copy(p, resp.Payload.Bytes())
 		resp.Payload.Release()
-		addr = &net.UDPAddr{IP: resp.Address.IP(), Port: int(resp.Port)}
+		addr = &net.UDPAddr{IP: resp.Address.IP(), Port: resp.Port}
 	}
 	return
 }

proxy/shadowsocks2022/eih_aes.go

@@ -2,9 +2,12 @@ package shadowsocks2022
 
 import (
 	"crypto/subtle"
+	"io"
+
 	"github.com/lunixbochs/struc"
+
 	"github.com/v2fly/v2ray-core/v5/common/buf"
-	"io"
+
 	"lukechampine.com/blake3"
 )
 

proxy/shadowsocks2022/encoding.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/lunixbochs/struc"
+
 	"github.com/v2fly/v2ray-core/v5/common/buf"
 	"github.com/v2fly/v2ray-core/v5/common/crypto"
 	"github.com/v2fly/v2ray-core/v5/common/net"
@@ -32,7 +33,8 @@ type TCPRequest struct {
 }
 
 func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
-	eih [][]byte, address DestinationAddress, destPort int, initialPayload []byte, Out *buf.Buffer) error {
+	eih [][]byte, address DestinationAddress, destPort int, initialPayload []byte, out *buf.Buffer,
+) error {
 	requestSalt := newRequestSaltWithLength(t.method.GetSessionSubKeyAndSaltLength())
 	{
 		err := requestSalt.FillAllFrom(cryptoRand.Reader)
@@ -41,7 +43,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
 		}
 	}
 	t.c2sSalt = requestSalt
-	var sessionKey = make([]byte, t.method.GetSessionSubKeyAndSaltLength())
+	sessionKey := make([]byte, t.method.GetSessionSubKeyAndSaltLength())
 	{
 		err := t.keyDerivation.GetSessionSubKey(effectivePsk, requestSalt.Bytes(), sessionKey)
 		if err != nil {
@@ -54,7 +56,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
 		return newError("failed to get stream AEAD").Base(err)
 	}
 	t.c2sAEAD = aead
-	var paddingLength = TCPMinPaddingLength
+	paddingLength := TCPMinPaddingLength
 	if initialPayload == nil {
 		initialPayload = []byte{}
 		paddingLength += rand.Intn(TCPMaxPaddingLength) // TODO INSECURE RANDOM USED
@@ -128,7 +130,7 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
 	requestNonce := crypto.GenerateInitialAEADNonce()
 	t.c2sNonce = requestNonce
 	{
-		n, err := Out.Write(preSessionKeyHeaderBuffer.BytesFrom(0))
+		n, err := out.Write(preSessionKeyHeaderBuffer.BytesFrom(0))
 		if err != nil {
 			return newError("failed to write pre session key header").Base(err)
 		}
@@ -137,28 +139,28 @@ func (t *TCPRequest) EncodeTCPRequestHeader(effectivePsk []byte,
 		}
 	}
 	{
-		fixedLengthEncrypted := Out.Extend(fixedLengthHeaderBuffer.Len() + int32(aead.Overhead()))
+		fixedLengthEncrypted := out.Extend(fixedLengthHeaderBuffer.Len() + int32(aead.Overhead()))
 		aead.Seal(fixedLengthEncrypted[:0], requestNonce(), fixedLengthHeaderBuffer.Bytes(), nil)
 	}
 	{
-		variableLengthEncrypted := Out.Extend(variableLengthHeaderBuffer.Len() + int32(aead.Overhead()))
+		variableLengthEncrypted := out.Extend(variableLengthHeaderBuffer.Len() + int32(aead.Overhead()))
 		aead.Seal(variableLengthEncrypted[:0], requestNonce(), variableLengthHeaderBuffer.Bytes(), nil)
 	}
 	return nil
 }
 
-func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader) error {
+func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, in io.Reader) error {
 	var preSessionKeyHeader TCPResponseHeader1PreSessionKey
 	preSessionKeyHeader.Salt = newRequestSaltWithLength(t.method.GetSessionSubKeyAndSaltLength())
 	{
-		err := struc.Unpack(In, &preSessionKeyHeader)
+		err := struc.Unpack(in, &preSessionKeyHeader)
 		if err != nil {
 			return newError("failed to unpack pre session key header").Base(err)
 		}
 	}
-	var s2cSalt = preSessionKeyHeader.Salt.Bytes()
+	s2cSalt := preSessionKeyHeader.Salt.Bytes()
 	t.s2cSalt = preSessionKeyHeader.Salt
-	var sessionKey = make([]byte, t.method.GetSessionSubKeyAndSaltLength())
+	sessionKey := make([]byte, t.method.GetSessionSubKeyAndSaltLength())
 	{
 		err := t.keyDerivation.GetSessionSubKey(effectivePsk, s2cSalt, sessionKey)
 		if err != nil {
@@ -171,17 +173,17 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader)
 	}
 	t.s2cAEAD = aead
 
-	var fixedLengthHeaderEncryptedBuffer = buf.New()
+	fixedLengthHeaderEncryptedBuffer := buf.New()
 	defer fixedLengthHeaderEncryptedBuffer.Release()
 	{
-		_, err := fixedLengthHeaderEncryptedBuffer.ReadFullFrom(In, 11+int32(t.method.GetSessionSubKeyAndSaltLength())+int32(aead.Overhead()))
+		_, err := fixedLengthHeaderEncryptedBuffer.ReadFullFrom(in, 11+int32(t.method.GetSessionSubKeyAndSaltLength())+int32(aead.Overhead()))
 		if err != nil {
 			return newError("failed to read fixed length header encrypted").Base(err)
 		}
 	}
 	s2cNonce := crypto.GenerateInitialAEADNonce()
 	t.s2cNonce = s2cNonce
-	var fixedLengthHeaderDecryptedBuffer = buf.New()
+	fixedLengthHeaderDecryptedBuffer := buf.New()
 	defer fixedLengthHeaderDecryptedBuffer.Release()
 	{
 		decryptionBuffer := fixedLengthHeaderDecryptedBuffer.Extend(11 + int32(t.method.GetSessionSubKeyAndSaltLength()))
@@ -213,13 +215,13 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader)
 }
 
 func (t *TCPRequest) CheckC2SConnectionConstraint() error {
-	if bytes.Compare(t.c2sSalt.Bytes(), t.s2cSaltAssert.Bytes()) != 0 {
+	if !bytes.Equal(t.c2sSalt.Bytes(), t.s2cSaltAssert.Bytes()) {
 		return newError("c2s salt not equal to s2c salt assert")
 	}
 	return nil
 }
 
-func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buffer) (buf.Reader, error) {
+func (t *TCPRequest) CreateClientS2CReader(in io.Reader, initialPayload *buf.Buffer) (buf.Reader, error) {
 	AEADAuthenticator := &crypto.AEADAuthenticator{
 		AEAD:                    t.s2cAEAD,
 		NonceGenerator:          t.s2cNonce,
@@ -228,7 +230,7 @@ func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buf
 	initialPayloadEncrypted := buf.NewWithSize(65535)
 	defer initialPayloadEncrypted.Release()
 	initialPayloadEncryptedBytes := initialPayloadEncrypted.Extend(int32(t.s2cAEAD.Overhead()) + int32(t.s2cInitialPayloadSize))
-	_, err := io.ReadFull(In, initialPayloadEncryptedBytes)
+	_, err := io.ReadFull(in, initialPayloadEncryptedBytes)
 	if err != nil {
 		return nil, newError("failed to read initial payload").Base(err)
 	}
@@ -239,7 +241,7 @@ func (t *TCPRequest) CreateClientS2CReader(In io.Reader, initialPayload *buf.Buf
 	}
 	return crypto.NewAuthenticationReader(AEADAuthenticator, &crypto.AEADChunkSizeParser{
 		Auth: AEADAuthenticator,
-	}, In, protocol.TransferTypeStream, nil), nil
+	}, in, protocol.TransferTypeStream, nil), nil
 }
 
 func (t *TCPRequest) CreateClientC2SWriter(writer io.Writer) buf.Writer {

proxy/shadowsocks2022/kdf_blake3.go

@@ -1,31 +1,31 @@
 package shadowsocks2022
 
 import (
-	"github.com/v2fly/v2ray-core/v5/common/buf"
 	"lukechampine.com/blake3"
+
+	"github.com/v2fly/v2ray-core/v5/common/buf"
 )
 
 func newBLAKE3KeyDerivation() *BLAKE3KeyDerivation {
 	return &BLAKE3KeyDerivation{}
 }
 
-type BLAKE3KeyDerivation struct {
-}
+type BLAKE3KeyDerivation struct{}
 
-func (B BLAKE3KeyDerivation) GetSessionSubKey(effectivePsk, Salt []byte, OutKey []byte) error {
+func (b BLAKE3KeyDerivation) GetSessionSubKey(effectivePsk, salt []byte, outKey []byte) error {
 	keyingMaterialBuffer := buf.New()
 	keyingMaterialBuffer.Write(effectivePsk)
-	keyingMaterialBuffer.Write(Salt)
-	blake3.DeriveKey(OutKey, "shadowsocks 2022 session subkey", keyingMaterialBuffer.Bytes())
+	keyingMaterialBuffer.Write(salt)
+	blake3.DeriveKey(outKey, "shadowsocks 2022 session subkey", keyingMaterialBuffer.Bytes())
 	keyingMaterialBuffer.Release()
 	return nil
 }
 
-func (B BLAKE3KeyDerivation) GetIdentitySubKey(effectivePsk, Salt []byte, OutKey []byte) error {
+func (b BLAKE3KeyDerivation) GetIdentitySubKey(effectivePsk, salt []byte, outKey []byte) error {
 	keyingMaterialBuffer := buf.New()
 	keyingMaterialBuffer.Write(effectivePsk)
-	keyingMaterialBuffer.Write(Salt)
-	blake3.DeriveKey(OutKey, "shadowsocks 2022 identity subkey", keyingMaterialBuffer.Bytes())
+	keyingMaterialBuffer.Write(salt)
+	blake3.DeriveKey(outKey, "shadowsocks 2022 identity subkey", keyingMaterialBuffer.Bytes())
 	keyingMaterialBuffer.Release()
 	return nil
 }

proxy/shadowsocks2022/method_aes128gcm.go

@@ -9,15 +9,14 @@ func newAES128GCMMethod() *AES128GCMMethod {
 	return &AES128GCMMethod{}
 }
 
-type AES128GCMMethod struct {
-}
+type AES128GCMMethod struct{}
 
-func (A AES128GCMMethod) GetSessionSubKeyAndSaltLength() int {
+func (a AES128GCMMethod) GetSessionSubKeyAndSaltLength() int {
 	return 16
 }
 
-func (A AES128GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error) {
-	aesCipher, err := aes.NewCipher(SessionSubKey)
+func (a AES128GCMMethod) GetStreamAEAD(sessionSubKey []byte) (cipher.AEAD, error) {
+	aesCipher, err := aes.NewCipher(sessionSubKey)
 	if err != nil {
 		return nil, newError("failed to create AES cipher").Base(err)
 	}
@@ -28,8 +27,8 @@ func (A AES128GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error
 	return aead, nil
 }
 
-func (A AES128GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
-	aesCipher, err := aes.NewCipher(CurrentIdentitySubKey)
+func (a AES128GCMMethod) GenerateEIH(currentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
+	aesCipher, err := aes.NewCipher(currentIdentitySubKey)
 	if err != nil {
 		return newError("failed to create AES cipher").Base(err)
 	}
@@ -37,7 +36,7 @@ func (A AES128GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash [
 	return nil
 }
 
-func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
+func (a AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
 	reqSeparateHeaderPsk := psk
 	if ipsk != nil {
 		reqSeparateHeaderPsk = ipsk[0]
@@ -51,9 +50,12 @@ func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva
 		return nil, newError("failed to create AES cipher").Base(err)
 	}
 	getPacketAEAD := func(sessionID []byte) cipher.AEAD {
-		sessionKey := make([]byte, A.GetSessionSubKeyAndSaltLength())
+		sessionKey := make([]byte, a.GetSessionSubKeyAndSaltLength())
 		derivation.GetSessionSubKey(psk, sessionID, sessionKey)
 		block, err := aes.NewCipher(sessionKey)
+		if err != nil {
+			panic(err)
+		}
 		aead, err := cipher.NewGCM(block)
 		if err != nil {
 			panic(err)
@@ -62,7 +64,7 @@ func (A AES128GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva
 	}
 	eihGenerator := newAESEIHGeneratorContainer(len(ipsk), psk, ipsk)
 	getEIH := func(mask []byte) ExtensibleIdentityHeaders {
-		eih, err := eihGenerator.GenerateEIHUDP(derivation, A, mask)
+		eih, err := eihGenerator.GenerateEIHUDP(derivation, a, mask)
 		if err != nil {
 			newError("failed to generate EIH").Base(err).WriteToLog()
 		}

proxy/shadowsocks2022/method_aes256gcm.go

@@ -9,15 +9,14 @@ func newAES256GCMMethod() *AES256GCMMethod {
 	return &AES256GCMMethod{}
 }
 
-type AES256GCMMethod struct {
-}
+type AES256GCMMethod struct{}
 
-func (A AES256GCMMethod) GetSessionSubKeyAndSaltLength() int {
+func (a AES256GCMMethod) GetSessionSubKeyAndSaltLength() int {
 	return 32
 }
 
-func (A AES256GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error) {
-	aesCipher, err := aes.NewCipher(SessionSubKey)
+func (a AES256GCMMethod) GetStreamAEAD(sessionSubKey []byte) (cipher.AEAD, error) {
+	aesCipher, err := aes.NewCipher(sessionSubKey)
 	if err != nil {
 		return nil, newError("failed to create AES cipher").Base(err)
 	}
@@ -28,8 +27,8 @@ func (A AES256GCMMethod) GetStreamAEAD(SessionSubKey []byte) (cipher.AEAD, error
 	return aead, nil
 }
 
-func (A AES256GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
-	aesCipher, err := aes.NewCipher(CurrentIdentitySubKey)
+func (a AES256GCMMethod) GenerateEIH(currentIdentitySubKey []byte, nextPskHash []byte, out []byte) error {
+	aesCipher, err := aes.NewCipher(currentIdentitySubKey)
 	if err != nil {
 		return newError("failed to create AES cipher").Base(err)
 	}
@@ -37,7 +36,7 @@ func (A AES256GCMMethod) GenerateEIH(CurrentIdentitySubKey []byte, nextPskHash [
 	return nil
 }
 
-func (A AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
+func (a AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, derivation KeyDerivation) (UDPClientPacketProcessor, error) {
 	reqSeparateHeaderPsk := psk
 	if ipsk != nil {
 		reqSeparateHeaderPsk = ipsk[0]
@@ -51,9 +50,12 @@ func (A AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva
 		return nil, newError("failed to create AES cipher").Base(err)
 	}
 	getPacketAEAD := func(sessionID []byte) cipher.AEAD {
-		sessionKey := make([]byte, A.GetSessionSubKeyAndSaltLength())
+		sessionKey := make([]byte, a.GetSessionSubKeyAndSaltLength())
 		derivation.GetSessionSubKey(psk, sessionID, sessionKey)
 		block, err := aes.NewCipher(sessionKey)
+		if err != nil {
+			panic(err)
+		}
 		aead, err := cipher.NewGCM(block)
 		if err != nil {
 			panic(err)
@@ -62,7 +64,7 @@ func (A AES256GCMMethod) GetUDPClientProcessor(ipsk [][]byte, psk []byte, deriva
 	}
 	eihGenerator := newAESEIHGeneratorContainer(len(ipsk), psk, ipsk)
 	getEIH := func(mask []byte) ExtensibleIdentityHeaders {
-		eih, err := eihGenerator.GenerateEIHUDP(derivation, A, mask)
+		eih, err := eihGenerator.GenerateEIHUDP(derivation, a, mask)
 		if err != nil {
 			newError("failed to generate EIH").Base(err).WriteToLog()
 		}

proxy/shadowsocks2022/requestsalt.go

@@ -2,8 +2,9 @@ package shadowsocks2022
 
 import (
 	"encoding/hex"
-	"github.com/lunixbochs/struc"
 	"io"
+
+	"github.com/lunixbochs/struc"
 )
 
 func newRequestSaltWithLength(length int) RequestSalt {

proxy/shadowsocks2022/ss2022.go

@@ -2,11 +2,13 @@ package shadowsocks2022
 
 import (
 	"crypto/cipher"
+	"io"
+
 	"github.com/lunixbochs/struc"
+
 	"github.com/v2fly/v2ray-core/v5/common/buf"
 	"github.com/v2fly/v2ray-core/v5/common/net"
 	"github.com/v2fly/v2ray-core/v5/common/protocol"
-	"io"
 )
 
 //go:generate go run github.com/v2fly/v2ray-core/v5/common/errors/errorgen
@@ -78,10 +80,12 @@ type TCPResponseHeader struct {
 	Header              TCPResponseHeader2FixedLength
 }
 
-const TCPHeaderTypeClientToServerStream = byte(0x00)
-const TCPHeaderTypeServerToClientStream = byte(0x01)
-const TCPMinPaddingLength = 0
-const TCPMaxPaddingLength = 900
+const (
+	TCPHeaderTypeClientToServerStream = byte(0x00)
+	TCPHeaderTypeServerToClientStream = byte(0x01)
+	TCPMinPaddingLength               = 0
+	TCPMaxPaddingLength               = 900
+)
 
 var addrParser = protocol.NewAddressParser(
 	protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4),
@@ -103,8 +107,10 @@ type UDPResponse struct {
 	ClientSessionID [8]byte
 }
 
-const UDPHeaderTypeClientToServerStream = byte(0x00)
-const UDPHeaderTypeServerToClientStream = byte(0x01)
+const (
+	UDPHeaderTypeClientToServerStream = byte(0x00)
+	UDPHeaderTypeServerToClientStream = byte(0x01)
+)
 
 // UDPClientPacketProcessor
 // Caller retain and receive all ownership of the buffer

proxy/shadowsocks2022/udp_aes.go

@@ -3,10 +3,12 @@ package shadowsocks2022
 import (
 	"bytes"
 	"crypto/cipher"
+	"io"
+
 	"github.com/lunixbochs/struc"
+
 	"github.com/v2fly/v2ray-core/v5/common/buf"
 	"github.com/v2fly/v2ray-core/v5/common/net"
-	"io"
 )
 
 type AESUDPClientPacketProcessor struct {
@@ -140,7 +142,7 @@ func (p *AESUDPClientPacketProcessor) DecodeUDPResp(input []byte, resp *UDPRespo
 			}
 		}
 		resp.TimeStamp = headerStruct.TimeStamp
-		var addressReaderBuf = buf.New()
+		addressReaderBuf := buf.New()
 		defer addressReaderBuf.Release()
 		var port net.Port
 		resp.Address, port, err = addrParser.ReadAddressPort(addressReaderBuf, decryptedDestReader)