Apply Coding Style

pull/2561/head
Shelikhoo 2020-06-08 13:21:59 +08:00
parent a58b20b5b8
commit 8c886b4b46
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316
6 changed files with 109 additions and 89 deletions

View File

@ -32,7 +32,7 @@ func CreateAuthID(cmdKey []byte, time int64) [16]byte {
} }
func NewCipherFromKey(cmdKey []byte) cipher.Block { func NewCipherFromKey(cmdKey []byte) cipher.Block {
aesBlock, err := aes.NewCipher(KDF16(cmdKey, "AES Auth ID Encryption")) aesBlock, err := aes.NewCipher(KDF16(cmdKey, KDFSaltConst_AuthIDEncryptionKey))
if err != nil { if err != nil {
panic(err) panic(err)
} }

View File

@ -0,0 +1,21 @@
package aead
const KDFSaltConst_AuthIDEncryptionKey = "AES Auth ID Encryption"
const KDFSaltConst_AEADRespHeaderLenKey = "AEAD Resp Header Len Key"
const KDFSaltConst_AEADRespHeaderLenIV = "AEAD Resp Header Len IV"
const KDFSaltConst_AEADRespHeaderPayloadKey = "AEAD Resp Header Key"
const KDFSaltConst_AEADRespHeaderPayloadIV = "AEAD Resp Header IV"
const KDFSaltConst_VMessAEADKDF = "VMess AEAD KDF"
const KDFSaltConst_VmessAuthIDCheckValue = "VMess AuthID Check Value"
const KDFSaltConst_VMessLengthMask = "VMess AuthID Mask Value"
const KDFSaltConst_VMessHeaderPayloadAEADKey = "VMess Header AEAD Key"
const KDFSaltConst_VMessHeaderPayloadAEADIV = "VMess Header AEAD Nonce"

View File

@ -14,128 +14,128 @@ import (
) )
func SealVMessAEADHeader(key [16]byte, data []byte) []byte { func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
authid := CreateAuthID(key[:], time.Now().Unix()) generatedAuthID := CreateAuthID(key[:], time.Now().Unix())
nonce := make([]byte, 8) connectionNonce := make([]byte, 8)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil { if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {
panic(err.Error()) panic(err.Error())
} }
lengthbuf := bytes.NewBuffer(nil) aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)
var HeaderDataLen uint16 var headerPayloadDataLen uint16
HeaderDataLen = uint16(len(data)) headerPayloadDataLen = uint16(len(data))
common.Must(binary.Write(lengthbuf, binary.BigEndian, HeaderDataLen)) common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))
authidCheck := KDF16(key[:], "VMess AuthID Check Value", string(authid[:]), string(lengthbuf.Bytes()), string(nonce)) authidCheckValue := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(generatedAuthID[:]), string(aeadPayloadLengthSerializeBuffer.Bytes()), string(connectionNonce))
lengthbufb := lengthbuf.Bytes() aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()
LengthMask := KDF16(key[:], "VMess AuthID Mask Value", string(authid[:]), string(nonce[:]))[:2] aeadPayloadLengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(generatedAuthID[:]), string(connectionNonce[:]))[:2]
lengthbufb[0] = lengthbufb[0] ^ LengthMask[0] aeadPayloadLengthSerializedByte[0] = aeadPayloadLengthSerializedByte[0] ^ aeadPayloadLengthMask[0]
lengthbufb[1] = lengthbufb[1] ^ LengthMask[1] aeadPayloadLengthSerializedByte[1] = aeadPayloadLengthSerializedByte[1] ^ aeadPayloadLengthMask[1]
HeaderAEADKey := KDF16(key[:], "VMess Header AEAD Key", string(authid[:]), string(nonce)) payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))
HeaderAEADNonce := KDF(key[:], "VMess Header AEAD Nonce", string(authid[:]), string(nonce))[:12] payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]
block, err := aes.NewCipher(HeaderAEADKey) payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
if err != nil { if err != nil {
panic(err.Error()) panic(err.Error())
} }
headerAEAD, err := cipher.NewGCM(block) payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
if err != nil { if err != nil {
panic(err.Error()) panic(err.Error())
} }
headerSealed := headerAEAD.Seal(nil, HeaderAEADNonce, data, authid[:]) payloadHeaderAEADEncrypted := payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])
var outPutBuf = bytes.NewBuffer(nil) var outputBuffer = bytes.NewBuffer(nil)
common.Must2(outPutBuf.Write(authid[:])) //16 common.Must2(outputBuffer.Write(generatedAuthID[:])) //16
common.Must2(outPutBuf.Write(authidCheck)) //16 common.Must2(outputBuffer.Write(authidCheckValue)) //16
common.Must2(outPutBuf.Write(lengthbufb)) //2 common.Must2(outputBuffer.Write(aeadPayloadLengthSerializedByte)) //2
common.Must2(outPutBuf.Write(nonce)) //8 common.Must2(outputBuffer.Write(connectionNonce)) //8
common.Must2(outPutBuf.Write(headerSealed)) common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))
return outPutBuf.Bytes() return outputBuffer.Bytes()
} }
func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) { func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) {
var authidCheck [16]byte var authidCheckValue [16]byte
var lengthbufb [2]byte var headerPayloadDataLen [2]byte
var nonce [8]byte var nonce [8]byte
n, err := io.ReadFull(data, authidCheck[:]) authidCheckValueReadBytesCounts, err := io.ReadFull(data, authidCheckValue[:])
if err != nil { if err != nil {
return nil, false, err, n return nil, false, err, authidCheckValueReadBytesCounts
} }
n2, err := io.ReadFull(data, lengthbufb[:]) headerPayloadDataLenReadBytesCounts, err := io.ReadFull(data, headerPayloadDataLen[:])
if err != nil { if err != nil {
return nil, false, err, n + n2 return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts
} }
n4, err := io.ReadFull(data, nonce[:]) nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])
if err != nil { if err != nil {
return nil, false, err, n + n2 + n4 return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
} }
//Unmask Length //Unmask Length
LengthMask := KDF16(key[:], "VMess AuthID Mask Value", string(authid[:]), string(nonce[:]))[:2] LengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(authid[:]), string(nonce[:]))[:2]
lengthbufb[0] = lengthbufb[0] ^ LengthMask[0] headerPayloadDataLen[0] = headerPayloadDataLen[0] ^ LengthMask[0]
lengthbufb[1] = lengthbufb[1] ^ LengthMask[1] headerPayloadDataLen[1] = headerPayloadDataLen[1] ^ LengthMask[1]
authidCheckV := KDF16(key[:], "VMess AuthID Check Value", string(authid[:]), string(lengthbufb[:]), string(nonce[:])) authidCheckValueReceivedFromNetwork := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(authid[:]), string(headerPayloadDataLen[:]), string(nonce[:]))
if !hmac.Equal(authidCheckV, authidCheck[:]) { if !hmac.Equal(authidCheckValueReceivedFromNetwork, authidCheckValue[:]) {
return nil, true, errCheckMismatch, n + n2 + n4 return nil, true, errCheckMismatch, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
} }
var length uint16 var length uint16
common.Must(binary.Read(bytes.NewReader(lengthbufb[:]), binary.BigEndian, &length)) common.Must(binary.Read(bytes.NewReader(headerPayloadDataLen[:]), binary.BigEndian, &length))
HeaderAEADKey := KDF16(key[:], "VMess Header AEAD Key", string(authid[:]), string(nonce[:])) payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))
HeaderAEADNonce := KDF(key[:], "VMess Header AEAD Nonce", string(authid[:]), string(nonce[:]))[:12] payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]
//16 == AEAD Tag size //16 == AEAD Tag size
header := make([]byte, length+16) payloadHeaderAEADEncrypted := make([]byte, length+16)
n3, err := io.ReadFull(data, header) payloadHeaderAEADEncryptedReadedBytesCounts, err := io.ReadFull(data, payloadHeaderAEADEncrypted)
if err != nil { if err != nil {
return nil, false, err, n + n2 + n3 + n4 return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
} }
block, err := aes.NewCipher(HeaderAEADKey) payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
if err != nil { if err != nil {
panic(err.Error()) panic(err.Error())
} }
headerAEAD, err := cipher.NewGCM(block) payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
if err != nil { if err != nil {
panic(err.Error()) panic(err.Error())
} }
out, erropenAEAD := headerAEAD.Open(nil, HeaderAEADNonce, header, authid[:]) out, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])
if erropenAEAD != nil { if erropenAEAD != nil {
return nil, true, erropenAEAD, n + n2 + n3 + n4 return nil, true, erropenAEAD, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
} }
return out, false, nil, n + n2 + n3 + n4 return out, false, nil, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
} }
var errCheckMismatch = errors.New("check verify failed") var errCheckMismatch = errors.New("check verify failed")

View File

@ -9,7 +9,7 @@ import (
func KDF(key []byte, path ...string) []byte { func KDF(key []byte, path ...string) []byte {
hmacf := hmac.New(func() hash.Hash { hmacf := hmac.New(func() hash.Hash {
return sha256.New() return sha256.New()
}, []byte("VMess AEAD KDF")) }, []byte(KDFSaltConst_VMessAEADKDF))
for _, v := range path { for _, v := range path {
hmacf = hmac.New(func() hash.Hash { hmacf = hmac.New(func() hash.Hash {

View File

@ -208,43 +208,42 @@ func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:]) aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:])
c.responseReader = crypto.NewCryptionReader(aesStream, reader) c.responseReader = crypto.NewCryptionReader(aesStream, reader)
} else { } else {
resph := vmessaead.KDF16(c.responseBodyKey[:], "AEAD Resp Header Len Key") aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderLenKey)
respi := vmessaead.KDF(c.responseBodyIV[:], "AEAD Resp Header Len IV")[:12] aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderLenIV)[:12]
aesblock := common.Must2(aes.NewCipher(resph)).(cipher.Block) aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block)
aeadHeader := common.Must2(cipher.NewGCM(aesblock)).(cipher.AEAD) aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD)
var AEADLen [18]byte var aeadEncryptedResponseHeaderLength [18]byte
var lenresp int var decryptedResponseHeaderLength int
var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16
var lenrespr uint16 if _, err := io.ReadFull(reader, aeadEncryptedResponseHeaderLength[:]); err != nil {
if _, err := io.ReadFull(reader, AEADLen[:]); err != nil {
return nil, newError("Unable to Read Header Len").Base(err) return nil, newError("Unable to Read Header Len").Base(err)
} }
if AEADLend, err := aeadHeader.Open(nil, respi, AEADLen[:], nil); err != nil { if decryptedResponseHeaderLengthBinaryBuffer, err := aeadResponseHeaderLengthEncryptionAEAD.Open(nil, aeadResponseHeaderLengthEncryptionIV, aeadEncryptedResponseHeaderLength[:], nil); err != nil {
return nil, newError("Failed To Decrypt Length").Base(err) return nil, newError("Failed To Decrypt Length").Base(err)
} else { } else {
common.Must(binary.Read(bytes.NewReader(AEADLend), binary.BigEndian, &lenrespr)) common.Must(binary.Read(bytes.NewReader(decryptedResponseHeaderLengthBinaryBuffer), binary.BigEndian, &decryptedResponseHeaderLengthBinaryDeserializeBuffer))
lenresp = int(lenrespr) decryptedResponseHeaderLength = int(decryptedResponseHeaderLengthBinaryDeserializeBuffer)
} }
resphc := vmessaead.KDF16(c.responseBodyKey[:], "AEAD Resp Header Key") aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadKey)
respic := vmessaead.KDF(c.responseBodyIV[:], "AEAD Resp Header IV")[:12] aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadIV)[:12]
aesblockc := common.Must2(aes.NewCipher(resphc)).(cipher.Block) aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block)
aeadHeaderc := common.Must2(cipher.NewGCM(aesblockc)).(cipher.AEAD) aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD)
respPayload := make([]byte, lenresp+16) encryptedResponseHeaderBuffer := make([]byte, decryptedResponseHeaderLength+16)
if _, err := io.ReadFull(reader, respPayload); err != nil { if _, err := io.ReadFull(reader, encryptedResponseHeaderBuffer); err != nil {
return nil, newError("Unable to Read Header Data").Base(err) return nil, newError("Unable to Read Header Data").Base(err)
} }
if AEADData, err := aeadHeaderc.Open(nil, respic, respPayload, nil); err != nil { if decryptedResponseHeaderBuffer, err := aeadResponseHeaderPayloadEncryptionAEAD.Open(nil, aeadResponseHeaderPayloadEncryptionIV, encryptedResponseHeaderBuffer, nil); err != nil {
return nil, newError("Failed To Decrypt Payload").Base(err) return nil, newError("Failed To Decrypt Payload").Base(err)
} else { } else {
c.responseReader = bytes.NewReader(AEADData) c.responseReader = bytes.NewReader(decryptedResponseHeaderBuffer)
} }
} }

View File

@ -383,10 +383,10 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
encryptionWriter = crypto.NewCryptionWriter(aesStream, writer) encryptionWriter = crypto.NewCryptionWriter(aesStream, writer)
s.responseWriter = encryptionWriter s.responseWriter = encryptionWriter
aeadBuffer := bytes.NewBuffer(nil) aeadEncryptedHeaderBuffer := bytes.NewBuffer(nil)
if s.isAEADRequest { if s.isAEADRequest {
encryptionWriter = aeadBuffer encryptionWriter = aeadEncryptedHeaderBuffer
} }
common.Must2(encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)})) common.Must2(encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)}))
@ -397,30 +397,30 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
if s.isAEADRequest { if s.isAEADRequest {
resph := vmessaead.KDF16(s.responseBodyKey[:], "AEAD Resp Header Len Key") aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderLenKey)
respi := vmessaead.KDF(s.responseBodyIV[:], "AEAD Resp Header Len IV")[:12] aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderLenIV)[:12]
aesblock := common.Must2(aes.NewCipher(resph)).(cipher.Block) aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block)
aeadHeader := common.Must2(cipher.NewGCM(aesblock)).(cipher.AEAD) aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD)
aeadlenBuf := bytes.NewBuffer(nil) aeadResponseHeaderLengthEncryptionBuffer := bytes.NewBuffer(nil)
var aeadLen uint16 var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16
aeadLen = uint16(aeadBuffer.Len()) decryptedResponseHeaderLengthBinaryDeserializeBuffer = uint16(aeadEncryptedHeaderBuffer.Len())
common.Must(binary.Write(aeadlenBuf, binary.BigEndian, aeadLen)) common.Must(binary.Write(aeadResponseHeaderLengthEncryptionBuffer, binary.BigEndian, decryptedResponseHeaderLengthBinaryDeserializeBuffer))
sealedLen := aeadHeader.Seal(nil, respi, aeadlenBuf.Bytes(), nil) AEADEncryptedLength := aeadResponseHeaderLengthEncryptionAEAD.Seal(nil, aeadResponseHeaderLengthEncryptionIV, aeadResponseHeaderLengthEncryptionBuffer.Bytes(), nil)
common.Must2(io.Copy(writer, bytes.NewReader(sealedLen))) common.Must2(io.Copy(writer, bytes.NewReader(AEADEncryptedLength)))
resphc := vmessaead.KDF16(s.responseBodyKey[:], "AEAD Resp Header Key") aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadKey)
respic := vmessaead.KDF(s.responseBodyIV[:], "AEAD Resp Header IV")[:12] aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadIV)[:12]
aesblockc := common.Must2(aes.NewCipher(resphc)).(cipher.Block) aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block)
aeadHeaderc := common.Must2(cipher.NewGCM(aesblockc)).(cipher.AEAD) aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD)
sealed := aeadHeaderc.Seal(nil, respic, aeadBuffer.Bytes(), nil) aeadEncryptedHeaderPayload := aeadResponseHeaderPayloadEncryptionAEAD.Seal(nil, aeadResponseHeaderPayloadEncryptionIV, aeadEncryptedHeaderBuffer.Bytes(), nil)
common.Must2(io.Copy(writer, bytes.NewReader(sealed))) common.Must2(io.Copy(writer, bytes.NewReader(aeadEncryptedHeaderPayload)))
} }
} }