2nd step to reduce number of authentication bits

proxy/vmess/inbound/inbound.go

@@ -138,8 +138,7 @@ func (this *VMessInboundHandler) HandleConnection(connection *net.TCPConn) error
 	// Optimize for small response packet
 	buffer := alloc.NewLargeBuffer().Clear()
 	defer buffer.Release()
-	buffer.AppendBytes(request.ResponseHeader[0] ^ request.ResponseHeader[1])
-	buffer.AppendBytes(request.ResponseHeader[2] ^ request.ResponseHeader[3])
+	buffer.AppendBytes(request.ResponseHeader, byte(0))
 	buffer.AppendBytes(byte(0), byte(0))
 
 	if data, open := <-output; open {

proxy/vmess/outbound/outbound.go

@@ -41,12 +41,9 @@ func (this *VMessOutboundHandler) Dispatch(firstPacket v2net.Packet, ray ray.Out
 	buffer := alloc.NewSmallBuffer()
 	defer buffer.Release()                             // Buffer is released after communication finishes.
 	v2net.ReadAllBytes(rand.Reader, buffer.Value[:33]) // 16 + 16 + 1
-	buffer.Value[33] = 0
-	buffer.Value[34] = 0
-	buffer.Value[35] = 0
 	request.RequestIV = buffer.Value[:16]
 	request.RequestKey = buffer.Value[16:32]
-	request.ResponseHeader = buffer.Value[32:36]
+	request.ResponseHeader = buffer.Value[32]
 
 	return this.startCommunicate(request, vNextAddress, ray, firstPacket)
 }
@@ -139,8 +136,8 @@ func (this *VMessOutboundHandler) handleRequest(conn net.Conn, request *protocol
 	return
 }
 
-func headerMatch(request *protocol.VMessRequest, responseHeader []byte) bool {
-	return (request.ResponseHeader[0] == responseHeader[0])
+func headerMatch(request *protocol.VMessRequest, responseHeader byte) bool {
+	return request.ResponseHeader == responseHeader
 }
 
 func (this *VMessOutboundHandler) handleResponse(conn net.Conn, request *protocol.VMessRequest, output chan<- *alloc.Buffer, finish *sync.Mutex, isUDP bool) {
@@ -162,7 +159,7 @@ func (this *VMessOutboundHandler) handleResponse(conn net.Conn, request *protoco
 		buffer.Release()
 		return
 	}
-	if buffer.Len() < 4 || !headerMatch(request, buffer.Value[:2]) {
+	if buffer.Len() < 4 || !headerMatch(request, buffer.Value[0]) {
 		log.Warning("VMessOut: unexepcted response header. The connection is probably hijacked.")
 		return
 	}

proxy/vmess/protocol/vmess.go

@@ -37,7 +37,7 @@ type VMessRequest struct {
 	User           *vmess.User
 	RequestIV      []byte
 	RequestKey     []byte
-	ResponseHeader []byte
+	ResponseHeader byte
 	Command        byte
 	Address        v2net.Address
 	Port           v2net.Port
@@ -108,9 +108,9 @@ func (this *VMessRequestReader) Read(reader io.Reader) (*VMessRequest, error) {
 		return nil, proxy.InvalidProtocolVersion
 	}
 
-	request.RequestIV = append([]byte(nil), buffer.Value[1:17]...)       // 16 bytes
-	request.RequestKey = append([]byte(nil), buffer.Value[17:33]...)     // 16 bytes
-	request.ResponseHeader = append([]byte(nil), buffer.Value[33:37]...) // 4 bytes
+	request.RequestIV = append([]byte(nil), buffer.Value[1:17]...)   // 16 bytes
+	request.RequestKey = append([]byte(nil), buffer.Value[17:33]...) // 16 bytes
+	request.ResponseHeader = buffer.Value[33]                        // 1 byte + 3 bytes reserved.
 	request.Command = buffer.Value[37]
 
 	request.Port = v2net.PortFromBytes(buffer.Value[38:40])
@@ -189,7 +189,7 @@ func (this *VMessRequest) ToBytes(timestampGenerator RandomTimestampGenerator, b
 	buffer.AppendBytes(this.Version)
 	buffer.Append(this.RequestIV)
 	buffer.Append(this.RequestKey)
-	buffer.Append(this.ResponseHeader)
+	buffer.AppendBytes(this.ResponseHeader, byte(0), byte(0), byte(0))
 	buffer.AppendBytes(this.Command)
 	buffer.Append(this.Port.Bytes())
 

proxy/vmess/protocol/vmess_test.go

@@ -48,7 +48,7 @@ func TestVMessSerialization(t *testing.T) {
 	assert.Error(err).IsNil()
 	request.RequestIV = randBytes[:16]
 	request.RequestKey = randBytes[16:32]
-	request.ResponseHeader = randBytes[32:]
+	request.ResponseHeader = randBytes[32]
 
 	request.Command = byte(0x01)
 	request.Address = v2net.DomainAddress("v2ray.com")
@@ -74,7 +74,7 @@ func TestVMessSerialization(t *testing.T) {
 	assert.String(actualRequest.User.ID).Named("UserId").Equals(request.User.ID.String())
 	assert.Bytes(actualRequest.RequestIV).Named("RequestIV").Equals(request.RequestIV[:])
 	assert.Bytes(actualRequest.RequestKey).Named("RequestKey").Equals(request.RequestKey[:])
-	assert.Bytes(actualRequest.ResponseHeader).Named("ResponseHeader").Equals(request.ResponseHeader[:])
+	assert.Byte(actualRequest.ResponseHeader).Named("ResponseHeader").Equals(request.ResponseHeader)
 	assert.Byte(actualRequest.Command).Named("Command").Equals(request.Command)
 	assert.String(actualRequest.Address).Named("Address").Equals(request.Address.String())
 }
@@ -107,7 +107,7 @@ func BenchmarkVMessRequestWriting(b *testing.B) {
 	rand.Read(randBytes)
 	request.RequestIV = randBytes[:16]
 	request.RequestKey = randBytes[16:32]
-	request.ResponseHeader = randBytes[32:]
+	request.ResponseHeader = randBytes[32]
 
 	request.Command = byte(0x01)
 	request.Address = v2net.DomainAddress("v2ray.com")