github
/
v2ray-core
mirror of https://github.com/v2ray/v2ray-core
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

enable global padding for aead by default

pull/1366/head
Darien Raymond 6 years ago
parent
59fa890332
commit
9f48a6d017
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
2 changed files with 16 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      common/crypto/auth.go
  2. 6
      proxy/vmess/outbound/outbound.go

15
common/crypto/auth.go
Unescape View File

@ -2,8 +2,9 @@ package crypto
import ( import (
"crypto/cipher" "crypto/cipher"
"crypto/rand"
"io" "io"
"math/rand"
"time"
"v2ray.com/core/common" "v2ray.com/core/common"
"v2ray.com/core/common/buf" "v2ray.com/core/common/buf"
@ -226,16 +227,21 @@ type AuthenticationWriter struct {
sizeParser ChunkSizeEncoder sizeParser ChunkSizeEncoder
transferType protocol.TransferType transferType protocol.TransferType
padding PaddingLengthGenerator padding PaddingLengthGenerator
randReader *rand.Rand
} }
func NewAuthenticationWriter(auth Authenticator, sizeParser ChunkSizeEncoder, writer io.Writer, transferType protocol.TransferType, padding PaddingLengthGenerator) *AuthenticationWriter { func NewAuthenticationWriter(auth Authenticator, sizeParser ChunkSizeEncoder, writer io.Writer, transferType protocol.TransferType, padding PaddingLengthGenerator) *AuthenticationWriter {
return &AuthenticationWriter{ w := &AuthenticationWriter{
auth: auth, auth: auth,
writer: buf.NewWriter(writer), writer: buf.NewWriter(writer),
sizeParser: sizeParser, sizeParser: sizeParser,
transferType: transferType, transferType: transferType,
padding: padding,
} }
if padding != nil {
w.padding = padding
w.randReader = rand.New(rand.NewSource(time.Now().Unix()))
}
return w
} }
func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) { func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
@ -263,7 +269,8 @@ func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
return nil, err return nil, err
} }
if paddingSize > 0 { if paddingSize > 0 {
common.Must(eb.AppendSupplier(buf.ReadFullFrom(rand.Reader, int32(paddingSize)))) // With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
common.Must(eb.AppendSupplier(buf.ReadFullFrom(w.randReader, int32(paddingSize))))
} }
return eb, nil return eb, nil

6
proxy/vmess/outbound/outbound.go
Unescape View File

@ -103,7 +103,7 @@ func (v *Handler) Process(ctx context.Context, link *vio.Link, dialer internet.D
request.Option.Set(protocol.RequestOptionChunkMasking) request.Option.Set(protocol.RequestOptionChunkMasking)
} }
if enablePadding && request.Option.Has(protocol.RequestOptionChunkMasking) { if shouldEnablePadding(request.Security) && request.Option.Has(protocol.RequestOptionChunkMasking) {
request.Option.Set(protocol.RequestOptionGlobalPadding) request.Option.Set(protocol.RequestOptionGlobalPadding)
} }
@ -173,6 +173,10 @@ var (
enablePadding = false enablePadding = false
) )
func shouldEnablePadding(s protocol.SecurityType) bool {
return enablePadding || s == protocol.SecurityType_AES128_GCM || s == protocol.SecurityType_CHACHA20_POLY1305 || s == protocol.SecurityType_AUTO
}
func init() { func init() {
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
return New(ctx, config.(*Config)) return New(ctx, config.(*Config))

Write Preview
Loading…
Cancel
Save