9 年前 · 7d2cf4c0e0
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@@ -102,7 +102,7 @@ func (v *AuthenticationReader) NextChunk() error {
 
				 		return errors.New("AuthenticationReader: invalid packet size.")
			
 
				 	}
			
 
				 	cipherChunk := v.buffer.BytesRange(2, size+2)
			
 
				-	plainChunk, err := v.auth.Open(cipherChunk, cipherChunk)
			
 
				+	plainChunk, err := v.auth.Open(cipherChunk[:0], cipherChunk)
			
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
@@ -131,7 +131,9 @@ func (v *AuthenticationReader) EnsureChunk() error {
 
				 			return nil
			
 
				 		}
			
 
				 		if err == errInsufficientBuffer {
			
 
				-			if !v.buffer.IsEmpty() {
			
 
				+			if v.buffer.IsEmpty() {
			
 
				+				v.buffer.Clear()
			
 
				+			} else {
			
 
				 				leftover := v.buffer.Bytes()
			
 
				 				v.buffer.SetBytesFunc(func(b []byte) int {
			
 
				 					return copy(b, leftover)
			
@@ -175,10 +177,11 @@ func NewAuthenticationWriter(auth Authenticator, writer io.Writer) *Authenticati
 
				 }
			
 
				 
			
 
				 func (v *AuthenticationWriter) Write(b []byte) (int, error) {
			
 
				-	cipherChunk, err := v.auth.Seal(v.buffer[2:], b)
			
 
				+	cipherChunk, err := v.auth.Seal(v.buffer[2:2], b)
			
 
				 	if err != nil {
			
 
				 		return 0, err
			
 
				 	}
			
 
				+
			
 
				 	serial.Uint16ToBytes(uint16(len(cipherChunk)), v.buffer[:0])
			
 
				 	_, err = v.writer.Write(v.buffer[:2+len(cipherChunk)])
			
 
				 	return len(b), err
			
--- a/proxy/vmess/encoding/auth.go
+++ b/proxy/vmess/encoding/auth.go
@@ -26,7 +26,7 @@ func (v *FnvAuthenticator) Overhead() int {
 
				 }
			
 
				 
			
 
				 func (v *FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
			
 
				-	dst = serial.Uint32ToBytes(Authenticate(plaintext), dst[:0])
			
 
				+	dst = serial.Uint32ToBytes(Authenticate(plaintext), dst)
			
 
				 	return append(dst, plaintext...)
			
 
				 }
			
 
				 
			
@@ -34,7 +34,7 @@ func (v *FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) (
 
				 	if serial.BytesToUint32(ciphertext[:4]) != Authenticate(ciphertext[4:]) {
			
 
				 		return dst, crypto.ErrAuthenticationFailed
			
 
				 	}
			
 
				-	return append(dst[:0], ciphertext[4:]...), nil
			
 
				+	return append(dst, ciphertext[4:]...), nil
			
 
				 }
			
 
				 
			
 
				 func GenerateChacha20Poly1305Key(b []byte) []byte {
			
--- a/proxy/vmess/encoding/client.go
+++ b/proxy/vmess/encoding/client.go
@@ -136,25 +136,25 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
 
				 			authWriter = cryptionWriter
			
 
				 		}
			
 
				 	} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {
			
 
				-		block, _ := aes.NewCipher(v.responseBodyKey)
			
 
				+		block, _ := aes.NewCipher(v.requestBodyKey)
			
 
				 		aead, _ := cipher.NewGCM(block)
			
 
				 
			
 
				 		auth := &crypto.AEADAuthenticator{
			
 
				 			AEAD: aead,
			
 
				 			NonceGenerator: &ChunkNonceGenerator{
			
 
				-				Nonce: append([]byte(nil), v.responseBodyIV...),
			
 
				+				Nonce: append([]byte(nil), v.requestBodyIV...),
			
 
				 				Size:  aead.NonceSize(),
			
 
				 			},
			
 
				 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			
 
				 		}
			
 
				 		authWriter = crypto.NewAuthenticationWriter(auth, writer)
			
 
				 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
			
 
				-		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
			
 
				+		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
			
 
				 
			
 
				 		auth := &crypto.AEADAuthenticator{
			
 
				 			AEAD: aead,
			
 
				 			NonceGenerator: &ChunkNonceGenerator{
			
 
				-				Nonce: append([]byte(nil), v.responseBodyIV...),
			
 
				+				Nonce: append([]byte(nil), v.requestBodyIV...),
			
 
				 				Size:  aead.NonceSize(),
			
 
				 			},
			
 
				 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			
@@ -266,7 +266,7 @@ type ChunkNonceGenerator struct {
 
				 }
			
 
				 
			
 
				 func (v *ChunkNonceGenerator) Next() []byte {
			
 
				-	serial.Uint16ToBytes(v.count, v.Nonce[:2])
			
 
				+	serial.Uint16ToBytes(v.count, v.Nonce[:0])
			
 
				 	v.count++
			
 
				 	return v.Nonce[:v.Size]
			
 
				 }
			
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@@ -183,25 +183,25 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
 
				 			authReader = cryptionReader
			
 
				 		}
			
 
				 	} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {
			
 
				-		block, _ := aes.NewCipher(v.responseBodyKey)
			
 
				+		block, _ := aes.NewCipher(v.requestBodyKey)
			
 
				 		aead, _ := cipher.NewGCM(block)
			
 
				 
			
 
				 		auth := &crypto.AEADAuthenticator{
			
 
				 			AEAD: aead,
			
 
				 			NonceGenerator: &ChunkNonceGenerator{
			
 
				-				Nonce: append([]byte(nil), v.responseBodyIV...),
			
 
				+				Nonce: append([]byte(nil), v.requestBodyIV...),
			
 
				 				Size:  aead.NonceSize(),
			
 
				 			},
			
 
				 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			
 
				 		}
			
 
				 		authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
			
 
				 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
			
 
				-		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
			
 
				+		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
			
 
				 
			
 
				 		auth := &crypto.AEADAuthenticator{
			
 
				 			AEAD: aead,
			
 
				 			NonceGenerator: &ChunkNonceGenerator{
			
 
				-				Nonce: append([]byte(nil), v.responseBodyIV...),
			
 
				+				Nonce: append([]byte(nil), v.requestBodyIV...),
			
 
				 				Size:  aead.NonceSize(),
			
 
				 			},
			
 
				 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},