mirror of
https://github.com/XTLS/Xray-core.git
synced 2025-04-29 16:58:34 +00:00
VMess AEAD based packet length
(cherry picked from commit 08221600082a79376bdc262f2ffec1a3129ae98d)
This commit is contained in:
Shelikhoo
世界
parent
707efd6d12
commit
ff35118af5
8 changed files with 232 additions and 6 deletions
|
|
@ -7,6 +7,8 @@ import (
|
|||
|
||||
"github.com/xtls/xray-core/common"
|
||||
|
||||
"github.com/xtls/xray-core/common/crypto"
|
||||
|
||||
"golang.org/x/crypto/sha3"
|
||||
)
|
||||
|
||||
|
|
@ -116,3 +118,11 @@ func (s *ShakeSizeParser) NextPaddingLen() uint16 {
|
|||
func (s *ShakeSizeParser) MaxPaddingLen() uint16 {
|
||||
return 64
|
||||
}
|
||||
|
||||
type AEADSizeParser struct {
|
||||
crypto.AEADChunkSizeParser
|
||||
}
|
||||
|
||||
func NewAEADSizeParser(auth *crypto.AEADAuthenticator) *AEADSizeParser {
|
||||
return &AEADSizeParser{crypto.AEADChunkSizeParser{Auth: auth}}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -171,6 +171,17 @@ func (c *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
|
|||
NonceGenerator: GenerateChunkNonce(c.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(c.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD := crypto.NewAesGcm(AuthenticatedLengthKey)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(c.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationWriter(auth, sizeParser, writer, request.Command.TransferType(), padding)
|
||||
case protocol.SecurityType_CHACHA20_POLY1305:
|
||||
aead, err := chacha20poly1305.New(GenerateChacha20Poly1305Key(c.requestBodyKey[:]))
|
||||
|
|
@ -181,6 +192,18 @@ func (c *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
|
|||
NonceGenerator: GenerateChunkNonce(c.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(c.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD, err := chacha20poly1305.New(GenerateChacha20Poly1305Key(AuthenticatedLengthKey))
|
||||
common.Must(err)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(c.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationWriter(auth, sizeParser, writer, request.Command.TransferType(), padding)
|
||||
default:
|
||||
panic("Unknown security type.")
|
||||
|
|
@ -312,6 +335,17 @@ func (c *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
|
|||
NonceGenerator: GenerateChunkNonce(c.responseBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(c.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD := crypto.NewAesGcm(AuthenticatedLengthKey)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(c.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationReader(auth, sizeParser, reader, request.Command.TransferType(), padding)
|
||||
case protocol.SecurityType_CHACHA20_POLY1305:
|
||||
aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(c.responseBodyKey[:]))
|
||||
|
|
@ -321,6 +355,18 @@ func (c *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
|
|||
NonceGenerator: GenerateChunkNonce(c.responseBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(c.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD, err := chacha20poly1305.New(GenerateChacha20Poly1305Key(AuthenticatedLengthKey))
|
||||
common.Must(err)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(c.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationReader(auth, sizeParser, reader, request.Command.TransferType(), padding)
|
||||
default:
|
||||
panic("Unknown security type.")
|
||||
|
|
|
|||
|
|
@ -362,6 +362,17 @@ func (s *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
|
|||
NonceGenerator: GenerateChunkNonce(s.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(s.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD := crypto.NewAesGcm(AuthenticatedLengthKey)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(s.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationReader(auth, sizeParser, reader, request.Command.TransferType(), padding)
|
||||
|
||||
case protocol.SecurityType_CHACHA20_POLY1305:
|
||||
|
|
@ -372,6 +383,18 @@ func (s *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
|
|||
NonceGenerator: GenerateChunkNonce(s.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(s.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD, err := chacha20poly1305.New(GenerateChacha20Poly1305Key(AuthenticatedLengthKey))
|
||||
common.Must(err)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(s.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationReader(auth, sizeParser, reader, request.Command.TransferType(), padding)
|
||||
|
||||
default:
|
||||
|
|
@ -480,6 +503,17 @@ func (s *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
|
|||
NonceGenerator: GenerateChunkNonce(s.responseBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(s.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD := crypto.NewAesGcm(AuthenticatedLengthKey)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(s.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationWriter(auth, sizeParser, writer, request.Command.TransferType(), padding)
|
||||
|
||||
case protocol.SecurityType_CHACHA20_POLY1305:
|
||||
|
|
@ -490,6 +524,18 @@ func (s *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
|
|||
NonceGenerator: GenerateChunkNonce(s.responseBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
if request.Option.Has(protocol.RequestOptionAuthenticatedLength) {
|
||||
AuthenticatedLengthKey := vmessaead.KDF16(s.requestBodyKey[:], "auth_len")
|
||||
AuthenticatedLengthKeyAEAD, err := chacha20poly1305.New(GenerateChacha20Poly1305Key(AuthenticatedLengthKey))
|
||||
common.Must(err)
|
||||
|
||||
lengthAuth := &crypto.AEADAuthenticator{
|
||||
AEAD: AuthenticatedLengthKeyAEAD,
|
||||
NonceGenerator: GenerateChunkNonce(s.requestBodyIV[:], uint32(aead.NonceSize())),
|
||||
AdditionalDataGenerator: crypto.GenerateEmptyBytes(),
|
||||
}
|
||||
sizeParser = NewAEADSizeParser(lengthAuth)
|
||||
}
|
||||
return crypto.NewAuthenticationWriter(auth, sizeParser, writer, request.Command.TransferType(), padding)
|
||||
|
||||
default:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue