From e2e266114ad62122e606a3c38458ebfc1554dbc3 Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangwang@outlook.com>
Date: Sat, 12 Sep 2020 16:27:40 +0800
Subject: [PATCH] Fix incorrect IV usage which slightly reduced security

---
 proxy/vmess/encoding/client.go | 2 +-
 proxy/vmess/encoding/server.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/proxy/vmess/encoding/client.go b/proxy/vmess/encoding/client.go
index 96808622..836eda5b 100644
--- a/proxy/vmess/encoding/client.go
+++ b/proxy/vmess/encoding/client.go
@@ -71,7 +71,7 @@ func NewClientSession(idHash protocol.IDHash, ctx context.Context) *ClientSessio
 	} else {
 		BodyKey := sha256.Sum256(session.requestBodyKey[:])
 		copy(session.responseBodyKey[:], BodyKey[:16])
-		BodyIV := sha256.Sum256(session.requestBodyKey[:])
+		BodyIV := sha256.Sum256(session.requestBodyIV[:])
 		copy(session.responseBodyIV[:], BodyIV[:16])
 	}
 
diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go
index 11146cd6..680f35ef 100644
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@@ -374,7 +374,7 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
 	} else {
 		BodyKey := sha256.Sum256(s.requestBodyKey[:])
 		copy(s.responseBodyKey[:], BodyKey[:16])
-		BodyIV := sha256.Sum256(s.requestBodyKey[:])
+		BodyIV := sha256.Sum256(s.requestBodyIV[:])
 		copy(s.responseBodyIV[:], BodyIV[:16])
 	}