Browse Source

enable global padding for aead by default

pull/1366/head
Darien Raymond 6 years ago
parent
commit
9f48a6d017
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
  1. 15
      common/crypto/auth.go
  2. 6
      proxy/vmess/outbound/outbound.go

15
common/crypto/auth.go

@ -2,8 +2,9 @@ package crypto
import (
"crypto/cipher"
"crypto/rand"
"io"
"math/rand"
"time"
"v2ray.com/core/common"
"v2ray.com/core/common/buf"
@ -226,16 +227,21 @@ type AuthenticationWriter struct {
sizeParser ChunkSizeEncoder
transferType protocol.TransferType
padding PaddingLengthGenerator
randReader *rand.Rand
}
func NewAuthenticationWriter(auth Authenticator, sizeParser ChunkSizeEncoder, writer io.Writer, transferType protocol.TransferType, padding PaddingLengthGenerator) *AuthenticationWriter {
return &AuthenticationWriter{
w := &AuthenticationWriter{
auth: auth,
writer: buf.NewWriter(writer),
sizeParser: sizeParser,
transferType: transferType,
padding: padding,
}
if padding != nil {
w.padding = padding
w.randReader = rand.New(rand.NewSource(time.Now().Unix()))
}
return w
}
func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
@ -263,7 +269,8 @@ func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
return nil, err
}
if paddingSize > 0 {
common.Must(eb.AppendSupplier(buf.ReadFullFrom(rand.Reader, int32(paddingSize))))
// With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
common.Must(eb.AppendSupplier(buf.ReadFullFrom(w.randReader, int32(paddingSize))))
}
return eb, nil

6
proxy/vmess/outbound/outbound.go

@ -103,7 +103,7 @@ func (v *Handler) Process(ctx context.Context, link *vio.Link, dialer internet.D
request.Option.Set(protocol.RequestOptionChunkMasking)
}
if enablePadding && request.Option.Has(protocol.RequestOptionChunkMasking) {
if shouldEnablePadding(request.Security) && request.Option.Has(protocol.RequestOptionChunkMasking) {
request.Option.Set(protocol.RequestOptionGlobalPadding)
}
@ -173,6 +173,10 @@ var (
enablePadding = false
)
func shouldEnablePadding(s protocol.SecurityType) bool {
return enablePadding || s == protocol.SecurityType_AES128_GCM || s == protocol.SecurityType_CHACHA20_POLY1305 || s == protocol.SecurityType_AUTO
}
func init() {
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
return New(ctx, config.(*Config))

Loading…
Cancel
Save