Apply Coding Style

pull/2561/head
Shelikhoo 2020-06-08 13:21:59 +08:00
parent a58b20b5b8
commit 8c886b4b46
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316
6 changed files with 109 additions and 89 deletions

View File

@ -32,7 +32,7 @@ func CreateAuthID(cmdKey []byte, time int64) [16]byte {
}
func NewCipherFromKey(cmdKey []byte) cipher.Block {
aesBlock, err := aes.NewCipher(KDF16(cmdKey, "AES Auth ID Encryption"))
aesBlock, err := aes.NewCipher(KDF16(cmdKey, KDFSaltConst_AuthIDEncryptionKey))
if err != nil {
panic(err)
}

View File

@ -0,0 +1,21 @@
package aead
const KDFSaltConst_AuthIDEncryptionKey = "AES Auth ID Encryption"
const KDFSaltConst_AEADRespHeaderLenKey = "AEAD Resp Header Len Key"
const KDFSaltConst_AEADRespHeaderLenIV = "AEAD Resp Header Len IV"
const KDFSaltConst_AEADRespHeaderPayloadKey = "AEAD Resp Header Key"
const KDFSaltConst_AEADRespHeaderPayloadIV = "AEAD Resp Header IV"
const KDFSaltConst_VMessAEADKDF = "VMess AEAD KDF"
const KDFSaltConst_VmessAuthIDCheckValue = "VMess AuthID Check Value"
const KDFSaltConst_VMessLengthMask = "VMess AuthID Mask Value"
const KDFSaltConst_VMessHeaderPayloadAEADKey = "VMess Header AEAD Key"
const KDFSaltConst_VMessHeaderPayloadAEADIV = "VMess Header AEAD Nonce"

View File

@ -14,128 +14,128 @@ import (
)
func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
authid := CreateAuthID(key[:], time.Now().Unix())
generatedAuthID := CreateAuthID(key[:], time.Now().Unix())
nonce := make([]byte, 8)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
connectionNonce := make([]byte, 8)
if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {
panic(err.Error())
}
lengthbuf := bytes.NewBuffer(nil)
aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)
var HeaderDataLen uint16
HeaderDataLen = uint16(len(data))
var headerPayloadDataLen uint16
headerPayloadDataLen = uint16(len(data))
common.Must(binary.Write(lengthbuf, binary.BigEndian, HeaderDataLen))
common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))
authidCheck := KDF16(key[:], "VMess AuthID Check Value", string(authid[:]), string(lengthbuf.Bytes()), string(nonce))
authidCheckValue := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(generatedAuthID[:]), string(aeadPayloadLengthSerializeBuffer.Bytes()), string(connectionNonce))
lengthbufb := lengthbuf.Bytes()
aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()
LengthMask := KDF16(key[:], "VMess AuthID Mask Value", string(authid[:]), string(nonce[:]))[:2]
aeadPayloadLengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(generatedAuthID[:]), string(connectionNonce[:]))[:2]
lengthbufb[0] = lengthbufb[0] ^ LengthMask[0]
lengthbufb[1] = lengthbufb[1] ^ LengthMask[1]
aeadPayloadLengthSerializedByte[0] = aeadPayloadLengthSerializedByte[0] ^ aeadPayloadLengthMask[0]
aeadPayloadLengthSerializedByte[1] = aeadPayloadLengthSerializedByte[1] ^ aeadPayloadLengthMask[1]
HeaderAEADKey := KDF16(key[:], "VMess Header AEAD Key", string(authid[:]), string(nonce))
payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))
HeaderAEADNonce := KDF(key[:], "VMess Header AEAD Nonce", string(authid[:]), string(nonce))[:12]
payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]
block, err := aes.NewCipher(HeaderAEADKey)
payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
if err != nil {
panic(err.Error())
}
headerAEAD, err := cipher.NewGCM(block)
payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
if err != nil {
panic(err.Error())
}
headerSealed := headerAEAD.Seal(nil, HeaderAEADNonce, data, authid[:])
payloadHeaderAEADEncrypted := payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])
var outPutBuf = bytes.NewBuffer(nil)
var outputBuffer = bytes.NewBuffer(nil)
common.Must2(outPutBuf.Write(authid[:])) //16
common.Must2(outputBuffer.Write(generatedAuthID[:])) //16
common.Must2(outPutBuf.Write(authidCheck)) //16
common.Must2(outputBuffer.Write(authidCheckValue)) //16
common.Must2(outPutBuf.Write(lengthbufb)) //2
common.Must2(outputBuffer.Write(aeadPayloadLengthSerializedByte)) //2
common.Must2(outPutBuf.Write(nonce)) //8
common.Must2(outputBuffer.Write(connectionNonce)) //8
common.Must2(outPutBuf.Write(headerSealed))
common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))
return outPutBuf.Bytes()
return outputBuffer.Bytes()
}
func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) {
var authidCheck [16]byte
var lengthbufb [2]byte
var authidCheckValue [16]byte
var headerPayloadDataLen [2]byte
var nonce [8]byte
n, err := io.ReadFull(data, authidCheck[:])
authidCheckValueReadBytesCounts, err := io.ReadFull(data, authidCheckValue[:])
if err != nil {
return nil, false, err, n
return nil, false, err, authidCheckValueReadBytesCounts
}
n2, err := io.ReadFull(data, lengthbufb[:])
headerPayloadDataLenReadBytesCounts, err := io.ReadFull(data, headerPayloadDataLen[:])
if err != nil {
return nil, false, err, n + n2
return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts
}
n4, err := io.ReadFull(data, nonce[:])
nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])
if err != nil {
return nil, false, err, n + n2 + n4
return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
}
//Unmask Length
LengthMask := KDF16(key[:], "VMess AuthID Mask Value", string(authid[:]), string(nonce[:]))[:2]
LengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(authid[:]), string(nonce[:]))[:2]
lengthbufb[0] = lengthbufb[0] ^ LengthMask[0]
lengthbufb[1] = lengthbufb[1] ^ LengthMask[1]
headerPayloadDataLen[0] = headerPayloadDataLen[0] ^ LengthMask[0]
headerPayloadDataLen[1] = headerPayloadDataLen[1] ^ LengthMask[1]
authidCheckV := KDF16(key[:], "VMess AuthID Check Value", string(authid[:]), string(lengthbufb[:]), string(nonce[:]))
authidCheckValueReceivedFromNetwork := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(authid[:]), string(headerPayloadDataLen[:]), string(nonce[:]))
if !hmac.Equal(authidCheckV, authidCheck[:]) {
return nil, true, errCheckMismatch, n + n2 + n4
if !hmac.Equal(authidCheckValueReceivedFromNetwork, authidCheckValue[:]) {
return nil, true, errCheckMismatch, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
}
var length uint16
common.Must(binary.Read(bytes.NewReader(lengthbufb[:]), binary.BigEndian, &length))
common.Must(binary.Read(bytes.NewReader(headerPayloadDataLen[:]), binary.BigEndian, &length))
HeaderAEADKey := KDF16(key[:], "VMess Header AEAD Key", string(authid[:]), string(nonce[:]))
payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))
HeaderAEADNonce := KDF(key[:], "VMess Header AEAD Nonce", string(authid[:]), string(nonce[:]))[:12]
payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]
//16 == AEAD Tag size
header := make([]byte, length+16)
payloadHeaderAEADEncrypted := make([]byte, length+16)
n3, err := io.ReadFull(data, header)
payloadHeaderAEADEncryptedReadedBytesCounts, err := io.ReadFull(data, payloadHeaderAEADEncrypted)
if err != nil {
return nil, false, err, n + n2 + n3 + n4
return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
}
block, err := aes.NewCipher(HeaderAEADKey)
payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
if err != nil {
panic(err.Error())
}
headerAEAD, err := cipher.NewGCM(block)
payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
if err != nil {
panic(err.Error())
}
out, erropenAEAD := headerAEAD.Open(nil, HeaderAEADNonce, header, authid[:])
out, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])
if erropenAEAD != nil {
return nil, true, erropenAEAD, n + n2 + n3 + n4
return nil, true, erropenAEAD, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
}
return out, false, nil, n + n2 + n3 + n4
return out, false, nil, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
}
var errCheckMismatch = errors.New("check verify failed")

View File

@ -9,7 +9,7 @@ import (
func KDF(key []byte, path ...string) []byte {
hmacf := hmac.New(func() hash.Hash {
return sha256.New()
}, []byte("VMess AEAD KDF"))
}, []byte(KDFSaltConst_VMessAEADKDF))
for _, v := range path {
hmacf = hmac.New(func() hash.Hash {

View File

@ -208,43 +208,42 @@ func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:])
c.responseReader = crypto.NewCryptionReader(aesStream, reader)
} else {
resph := vmessaead.KDF16(c.responseBodyKey[:], "AEAD Resp Header Len Key")
respi := vmessaead.KDF(c.responseBodyIV[:], "AEAD Resp Header Len IV")[:12]
aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderLenKey)
aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderLenIV)[:12]
aesblock := common.Must2(aes.NewCipher(resph)).(cipher.Block)
aeadHeader := common.Must2(cipher.NewGCM(aesblock)).(cipher.AEAD)
aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block)
aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD)
var AEADLen [18]byte
var lenresp int
var aeadEncryptedResponseHeaderLength [18]byte
var decryptedResponseHeaderLength int
var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16
var lenrespr uint16
if _, err := io.ReadFull(reader, AEADLen[:]); err != nil {
if _, err := io.ReadFull(reader, aeadEncryptedResponseHeaderLength[:]); err != nil {
return nil, newError("Unable to Read Header Len").Base(err)
}
if AEADLend, err := aeadHeader.Open(nil, respi, AEADLen[:], nil); err != nil {
if decryptedResponseHeaderLengthBinaryBuffer, err := aeadResponseHeaderLengthEncryptionAEAD.Open(nil, aeadResponseHeaderLengthEncryptionIV, aeadEncryptedResponseHeaderLength[:], nil); err != nil {
return nil, newError("Failed To Decrypt Length").Base(err)
} else {
common.Must(binary.Read(bytes.NewReader(AEADLend), binary.BigEndian, &lenrespr))
lenresp = int(lenrespr)
common.Must(binary.Read(bytes.NewReader(decryptedResponseHeaderLengthBinaryBuffer), binary.BigEndian, &decryptedResponseHeaderLengthBinaryDeserializeBuffer))
decryptedResponseHeaderLength = int(decryptedResponseHeaderLengthBinaryDeserializeBuffer)
}
resphc := vmessaead.KDF16(c.responseBodyKey[:], "AEAD Resp Header Key")
respic := vmessaead.KDF(c.responseBodyIV[:], "AEAD Resp Header IV")[:12]
aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadKey)
aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadIV)[:12]
aesblockc := common.Must2(aes.NewCipher(resphc)).(cipher.Block)
aeadHeaderc := common.Must2(cipher.NewGCM(aesblockc)).(cipher.AEAD)
aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block)
aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD)
respPayload := make([]byte, lenresp+16)
encryptedResponseHeaderBuffer := make([]byte, decryptedResponseHeaderLength+16)
if _, err := io.ReadFull(reader, respPayload); err != nil {
if _, err := io.ReadFull(reader, encryptedResponseHeaderBuffer); err != nil {
return nil, newError("Unable to Read Header Data").Base(err)
}
if AEADData, err := aeadHeaderc.Open(nil, respic, respPayload, nil); err != nil {
if decryptedResponseHeaderBuffer, err := aeadResponseHeaderPayloadEncryptionAEAD.Open(nil, aeadResponseHeaderPayloadEncryptionIV, encryptedResponseHeaderBuffer, nil); err != nil {
return nil, newError("Failed To Decrypt Payload").Base(err)
} else {
c.responseReader = bytes.NewReader(AEADData)
c.responseReader = bytes.NewReader(decryptedResponseHeaderBuffer)
}
}

View File

@ -383,10 +383,10 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
encryptionWriter = crypto.NewCryptionWriter(aesStream, writer)
s.responseWriter = encryptionWriter
aeadBuffer := bytes.NewBuffer(nil)
aeadEncryptedHeaderBuffer := bytes.NewBuffer(nil)
if s.isAEADRequest {
encryptionWriter = aeadBuffer
encryptionWriter = aeadEncryptedHeaderBuffer
}
common.Must2(encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)}))
@ -397,30 +397,30 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
if s.isAEADRequest {
resph := vmessaead.KDF16(s.responseBodyKey[:], "AEAD Resp Header Len Key")
respi := vmessaead.KDF(s.responseBodyIV[:], "AEAD Resp Header Len IV")[:12]
aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderLenKey)
aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderLenIV)[:12]
aesblock := common.Must2(aes.NewCipher(resph)).(cipher.Block)
aeadHeader := common.Must2(cipher.NewGCM(aesblock)).(cipher.AEAD)
aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block)
aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD)
aeadlenBuf := bytes.NewBuffer(nil)
aeadResponseHeaderLengthEncryptionBuffer := bytes.NewBuffer(nil)
var aeadLen uint16
aeadLen = uint16(aeadBuffer.Len())
var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16
decryptedResponseHeaderLengthBinaryDeserializeBuffer = uint16(aeadEncryptedHeaderBuffer.Len())
common.Must(binary.Write(aeadlenBuf, binary.BigEndian, aeadLen))
common.Must(binary.Write(aeadResponseHeaderLengthEncryptionBuffer, binary.BigEndian, decryptedResponseHeaderLengthBinaryDeserializeBuffer))
sealedLen := aeadHeader.Seal(nil, respi, aeadlenBuf.Bytes(), nil)
common.Must2(io.Copy(writer, bytes.NewReader(sealedLen)))
AEADEncryptedLength := aeadResponseHeaderLengthEncryptionAEAD.Seal(nil, aeadResponseHeaderLengthEncryptionIV, aeadResponseHeaderLengthEncryptionBuffer.Bytes(), nil)
common.Must2(io.Copy(writer, bytes.NewReader(AEADEncryptedLength)))
resphc := vmessaead.KDF16(s.responseBodyKey[:], "AEAD Resp Header Key")
respic := vmessaead.KDF(s.responseBodyIV[:], "AEAD Resp Header IV")[:12]
aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadKey)
aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadIV)[:12]
aesblockc := common.Must2(aes.NewCipher(resphc)).(cipher.Block)
aeadHeaderc := common.Must2(cipher.NewGCM(aesblockc)).(cipher.AEAD)
aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block)
aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD)
sealed := aeadHeaderc.Seal(nil, respic, aeadBuffer.Bytes(), nil)
common.Must2(io.Copy(writer, bytes.NewReader(sealed)))
aeadEncryptedHeaderPayload := aeadResponseHeaderPayloadEncryptionAEAD.Seal(nil, aeadResponseHeaderPayloadEncryptionIV, aeadEncryptedHeaderBuffer.Bytes(), nil)
common.Must2(io.Copy(writer, bytes.NewReader(aeadEncryptedHeaderPayload)))
}
}