Home Explore Help
Sign In
wytfy
/
v2ray-core
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

enable global padding for aead by default

Darien Raymond 7 years ago
parent
59fa890332
commit
9f48a6d017
2 changed files with 16 additions and 5 deletions
Unified View Show Diff Stats
  1. 11 4
      common/crypto/auth.go
  2. 5 1
      proxy/vmess/outbound/outbound.go

+ 11 - 4
common/crypto/auth.go
View File 

@@ -2,8 +2,9 @@ package crypto
 
 
 
 import (
 
 import (
 
 	"crypto/cipher"
 
 	"crypto/cipher"
 
-	"crypto/rand"
 
 	"io"
 
 	"io"
 
+	"math/rand"
 
+	"time"
 
 
 
 	"v2ray.com/core/common"
 
 	"v2ray.com/core/common"
 
 	"v2ray.com/core/common/buf"
 
 	"v2ray.com/core/common/buf"
 
@@ -226,16 +227,21 @@ type AuthenticationWriter struct {
 
 	sizeParser   ChunkSizeEncoder
 
 	sizeParser   ChunkSizeEncoder
 
 	transferType protocol.TransferType
 
 	transferType protocol.TransferType
 
 	padding      PaddingLengthGenerator
 
 	padding      PaddingLengthGenerator
 
+	randReader   *rand.Rand
 
 }
 
 }
 
 
 
 func NewAuthenticationWriter(auth Authenticator, sizeParser ChunkSizeEncoder, writer io.Writer, transferType protocol.TransferType, padding PaddingLengthGenerator) *AuthenticationWriter {
 
 func NewAuthenticationWriter(auth Authenticator, sizeParser ChunkSizeEncoder, writer io.Writer, transferType protocol.TransferType, padding PaddingLengthGenerator) *AuthenticationWriter {
 
-	return &AuthenticationWriter{
 
+	w := &AuthenticationWriter{
 
 		auth:         auth,
 
 		auth:         auth,
 
 		writer:       buf.NewWriter(writer),
 
 		writer:       buf.NewWriter(writer),
 
 		sizeParser:   sizeParser,
 
 		sizeParser:   sizeParser,
 
 		transferType: transferType,
 
 		transferType: transferType,
 
-		padding:      padding,
 
 	}
 
 	}
 
+	if padding != nil {
 
+		w.padding = padding
 
+		w.randReader = rand.New(rand.NewSource(time.Now().Unix()))
 
+	}
 
+	return w
 
 }
 
 }
 
 
 
 func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
 
 func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
 
@@ -263,7 +269,8 @@ func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
 
 		return nil, err
 
 		return nil, err
 
 	}
 
 	}
 
 	if paddingSize > 0 {
 
 	if paddingSize > 0 {
 
-		common.Must(eb.AppendSupplier(buf.ReadFullFrom(rand.Reader, int32(paddingSize))))
 
+		// With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
 
+		common.Must(eb.AppendSupplier(buf.ReadFullFrom(w.randReader, int32(paddingSize))))
 
 	}
 
 	}
 
 
 
 	return eb, nil
 
 	return eb, nil

+ 5 - 1
proxy/vmess/outbound/outbound.go
View File 

@@ -103,7 +103,7 @@ func (v *Handler) Process(ctx context.Context, link *vio.Link, dialer internet.D
 
 		request.Option.Set(protocol.RequestOptionChunkMasking)
 
 		request.Option.Set(protocol.RequestOptionChunkMasking)
 
 	}
 
 	}
 
 
 
-	if enablePadding && request.Option.Has(protocol.RequestOptionChunkMasking) {
 
+	if shouldEnablePadding(request.Security) && request.Option.Has(protocol.RequestOptionChunkMasking) {
 
 		request.Option.Set(protocol.RequestOptionGlobalPadding)
 
 		request.Option.Set(protocol.RequestOptionGlobalPadding)
 
 	}
 
 	}
 
 
 
@@ -173,6 +173,10 @@ var (
 
 	enablePadding = false
 
 	enablePadding = false
 
 )
 
 )
 
 
 
+func shouldEnablePadding(s protocol.SecurityType) bool {
 
+	return enablePadding || s == protocol.SecurityType_AES128_GCM || s == protocol.SecurityType_CHACHA20_POLY1305 || s == protocol.SecurityType_AUTO
 
+}
 
+
 
 func init() {
 
 func init() {
 
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 
 		return New(ctx, config.(*Config))
 
 		return New(ctx, config.(*Config))