Update AEAD design to rely more on AEAD

pull/2606/head
Shelikhoo 4 years ago
parent 327a6ee1f7
commit f19f95af35
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316

@ -12,10 +12,10 @@ const KDFSaltConst_AEADRespHeaderPayloadIV = "AEAD Resp Header IV"
const KDFSaltConst_VMessAEADKDF = "VMess AEAD KDF" const KDFSaltConst_VMessAEADKDF = "VMess AEAD KDF"
const KDFSaltConst_VmessAuthIDCheckValue = "VMess AuthID Check Value"
const KDFSaltConst_VMessLengthMask = "VMess AuthID Mask Value"
const KDFSaltConst_VMessHeaderPayloadAEADKey = "VMess Header AEAD Key" const KDFSaltConst_VMessHeaderPayloadAEADKey = "VMess Header AEAD Key"
const KDFSaltConst_VMessHeaderPayloadAEADIV = "VMess Header AEAD Nonce" const KDFSaltConst_VMessHeaderPayloadAEADIV = "VMess Header AEAD Nonce"
const KDFSaltConst_VMessHeaderPayloadLengthAEADKey = "VMess Header AEAD Key_Length"
const KDFSaltConst_VMessHeaderPayloadLengthAEADIV = "VMess Header AEAD Nonce_Length"

@ -4,10 +4,8 @@ import (
"bytes" "bytes"
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/hmac"
"crypto/rand" "crypto/rand"
"encoding/binary" "encoding/binary"
"errors"
"io" "io"
"time" "time"
"v2ray.com/core/common" "v2ray.com/core/common"
@ -28,15 +26,31 @@ func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen)) common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))
authidCheckValue := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(generatedAuthID[:]), string(aeadPayloadLengthSerializeBuffer.Bytes()), string(connectionNonce))
aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes() aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()
var payloadHeaderLengthAEADEncrypted []byte
{
payloadHeaderLengthAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadLengthAEADKey, string(generatedAuthID[:]), string(connectionNonce))
payloadHeaderLengthAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadLengthAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]
payloadHeaderLengthAEADAESBlock, err := aes.NewCipher(payloadHeaderLengthAEADKey)
if err != nil {
panic(err.Error())
}
payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderLengthAEADAESBlock)
aeadPayloadLengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(generatedAuthID[:]), string(connectionNonce[:]))[:2] if err != nil {
panic(err.Error())
}
payloadHeaderLengthAEADEncrypted = payloadHeaderAEAD.Seal(nil, payloadHeaderLengthAEADNonce, aeadPayloadLengthSerializedByte, generatedAuthID[:])
}
aeadPayloadLengthSerializedByte[0] = aeadPayloadLengthSerializedByte[0] ^ aeadPayloadLengthMask[0] var payloadHeaderAEADEncrypted []byte
aeadPayloadLengthSerializedByte[1] = aeadPayloadLengthSerializedByte[1] ^ aeadPayloadLengthMask[1]
{
payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce)) payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))
payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12] payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]
@ -52,15 +66,14 @@ func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
panic(err.Error()) panic(err.Error())
} }
payloadHeaderAEADEncrypted := payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:]) payloadHeaderAEADEncrypted = payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])
}
var outputBuffer = bytes.NewBuffer(nil) var outputBuffer = bytes.NewBuffer(nil)
common.Must2(outputBuffer.Write(generatedAuthID[:])) //16 common.Must2(outputBuffer.Write(generatedAuthID[:])) //16
common.Must2(outputBuffer.Write(authidCheckValue)) //16 common.Must2(outputBuffer.Write(payloadHeaderLengthAEADEncrypted)) //2+16
common.Must2(outputBuffer.Write(aeadPayloadLengthSerializedByte)) //2
common.Must2(outputBuffer.Write(connectionNonce)) //8 common.Must2(outputBuffer.Write(connectionNonce)) //8
@ -70,42 +83,61 @@ func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
} }
func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) { func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) {
var authidCheckValue [16]byte var payloadHeaderLengthAEADEncrypted [18]byte
var headerPayloadDataLen [2]byte
var nonce [8]byte var nonce [8]byte
authidCheckValueReadBytesCounts, err := io.ReadFull(data, authidCheckValue[:]) var bytesRead int
authidCheckValueReadBytesCounts, err := io.ReadFull(data, payloadHeaderLengthAEADEncrypted[:])
bytesRead += authidCheckValueReadBytesCounts
if err != nil { if err != nil {
return nil, false, err, authidCheckValueReadBytesCounts return nil, false, err, bytesRead
} }
headerPayloadDataLenReadBytesCounts, err := io.ReadFull(data, headerPayloadDataLen[:]) nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])
bytesRead += nonceReadBytesCounts
if err != nil { if err != nil {
return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts return nil, false, err, bytesRead
} }
nonceReadBytesCounts, err := io.ReadFull(data, nonce[:]) //Decrypt Length
var decryptedAEADHeaderLengthPayloadResult []byte
{
payloadHeaderLengthAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadLengthAEADKey, string(authid[:]), string(nonce[:]))
payloadHeaderLengthAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadLengthAEADIV, string(authid[:]), string(nonce[:]))[:12]
payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderLengthAEADKey)
if err != nil { if err != nil {
return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts panic(err.Error())
} }
//Unmask Length payloadHeaderLengthAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
LengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(authid[:]), string(nonce[:]))[:2] if err != nil {
panic(err.Error())
}
headerPayloadDataLen[0] = headerPayloadDataLen[0] ^ LengthMask[0] decryptedAEADHeaderLengthPayload, erropenAEAD := payloadHeaderLengthAEAD.Open(nil, payloadHeaderLengthAEADNonce, payloadHeaderLengthAEADEncrypted[:], authid[:])
headerPayloadDataLen[1] = headerPayloadDataLen[1] ^ LengthMask[1]
authidCheckValueReceivedFromNetwork := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(authid[:]), string(headerPayloadDataLen[:]), string(nonce[:])) if erropenAEAD != nil {
return nil, true, erropenAEAD, bytesRead
}
if !hmac.Equal(authidCheckValueReceivedFromNetwork, authidCheckValue[:]) { decryptedAEADHeaderLengthPayloadResult = decryptedAEADHeaderLengthPayload
return nil, true, errCheckMismatch, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
} }
var length uint16 var length uint16
common.Must(binary.Read(bytes.NewReader(headerPayloadDataLen[:]), binary.BigEndian, &length)) common.Must(binary.Read(bytes.NewReader(decryptedAEADHeaderLengthPayloadResult[:]), binary.BigEndian, &length))
var decryptedAEADHeaderPayloadR []byte
var payloadHeaderAEADEncryptedReadedBytesCounts int
{
payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:])) payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))
payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12] payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]
@ -113,9 +145,10 @@ func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte,
//16 == AEAD Tag size //16 == AEAD Tag size
payloadHeaderAEADEncrypted := make([]byte, length+16) payloadHeaderAEADEncrypted := make([]byte, length+16)
payloadHeaderAEADEncryptedReadedBytesCounts, err := io.ReadFull(data, payloadHeaderAEADEncrypted) payloadHeaderAEADEncryptedReadedBytesCounts, err = io.ReadFull(data, payloadHeaderAEADEncrypted)
bytesRead += payloadHeaderAEADEncryptedReadedBytesCounts
if err != nil { if err != nil {
return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts return nil, false, err, bytesRead
} }
payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey) payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
@ -132,10 +165,11 @@ func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte,
decryptedAEADHeaderPayload, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:]) decryptedAEADHeaderPayload, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])
if erropenAEAD != nil { if erropenAEAD != nil {
return nil, true, erropenAEAD, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts return nil, true, erropenAEAD, bytesRead
} }
return decryptedAEADHeaderPayload, false, nil, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts decryptedAEADHeaderPayloadR = decryptedAEADHeaderPayload
} }
var errCheckMismatch = errors.New("check verify failed") return decryptedAEADHeaderPayloadR, false, nil, bytesRead
}

Loading…
Cancel
Save