diff --git a/proxy/shadowsocks/config.go b/proxy/shadowsocks/config.go index f2a13e33..0bcdcac3 100644 --- a/proxy/shadowsocks/config.go +++ b/proxy/shadowsocks/config.go @@ -216,7 +216,7 @@ func (c *AEADCipher) DecodePacket(key []byte, b *buf.Buffer) error { if err != nil { return err } - b.Resize(ivLen, ivLen+int32(len(bbb))) + b.Resize(ivLen, int32(len(bbb))) return nil } diff --git a/proxy/shadowsocks/config_test.go b/proxy/shadowsocks/config_test.go new file mode 100644 index 00000000..1cdc78d8 --- /dev/null +++ b/proxy/shadowsocks/config_test.go @@ -0,0 +1,38 @@ +package shadowsocks_test + +import ( + "crypto/rand" + "testing" + + "v2ray.com/core/common" + "v2ray.com/core/common/buf" + "v2ray.com/core/common/compare" + "v2ray.com/core/proxy/shadowsocks" +) + +func TestAEADCipherUDP(t *testing.T) { + rawAccount := &shadowsocks.Account{ + CipherType: shadowsocks.CipherType_AES_128_GCM, + Password: "test", + } + account, err := rawAccount.AsAccount() + common.Must(err) + + cipher := account.(*shadowsocks.MemoryAccount).Cipher + + key := make([]byte, cipher.KeySize()) + common.Must2(rand.Read(key)) + + payload := make([]byte, 1024) + common.Must2(rand.Read(payload)) + + b1 := buf.New() + common.Must2(b1.ReadFullFrom(rand.Reader, cipher.IVSize())) + common.Must2(b1.Write(payload)) + common.Must(cipher.EncodePacket(key, b1)) + + common.Must(cipher.DecodePacket(key, b1)) + if err := compare.BytesEqualWithDetail(b1.Bytes(), payload); err != nil { + t.Error(err) + } +} diff --git a/proxy/shadowsocks/protocol.go b/proxy/shadowsocks/protocol.go index b60927d6..8c63b375 100644 --- a/proxy/shadowsocks/protocol.go +++ b/proxy/shadowsocks/protocol.go @@ -142,8 +142,9 @@ func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Wri header.SetByte(0, header.Byte(0)|0x10) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) + authPayload := header.Bytes() authBuffer := header.Extend(AuthSize) - authenticator.Authenticate(header.Bytes(), authBuffer) + authenticator.Authenticate(authPayload, authBuffer) } if err := w.WriteMultiBuffer(buf.NewMultiBufferValue(header)); err != nil {