From 9ea1bf7c1dfad892aafc8807b56ce398bb2eb819 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 18 Dec 2021 23:23:09 -0500 Subject: [PATCH] Fix shadowsocks xchacha cipher nonce size --- common/crypto/auth.go | 4 ---- proxy/shadowsocks/protocol.go | 2 +- proxy/shadowsocks/validator.go | 6 +++--- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/common/crypto/auth.go b/common/crypto/auth.go index 13866a4d..8c659ff0 100644 --- a/common/crypto/auth.go +++ b/common/crypto/auth.go @@ -39,10 +39,6 @@ func GenerateIncreasingNonce(nonce []byte) BytesGenerator { } } -func GenerateInitialAEADNonce() BytesGenerator { - return GenerateIncreasingNonce([]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}) -} - func GenerateAEADNonceWithSize(nonceSize int) BytesGenerator { c := make([]byte, nonceSize) for i := 0; i < nonceSize; i++ { diff --git a/proxy/shadowsocks/protocol.go b/proxy/shadowsocks/protocol.go index ee2b62c8..d310b009 100644 --- a/proxy/shadowsocks/protocol.go +++ b/proxy/shadowsocks/protocol.go @@ -86,7 +86,7 @@ func ReadTCPSession(validator *Validator, reader io.Reader) (*protocol.RequestHe if aead != nil { auth := &crypto.AEADAuthenticator{ AEAD: aead, - NonceGenerator: crypto.GenerateInitialAEADNonce(), + NonceGenerator: crypto.GenerateAEADNonceWithSize(aead.NonceSize()), } r = crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{ Auth: auth, diff --git a/proxy/shadowsocks/validator.go b/proxy/shadowsocks/validator.go index b36e9bc8..5be81447 100644 --- a/proxy/shadowsocks/validator.go +++ b/proxy/shadowsocks/validator.go @@ -93,11 +93,11 @@ func (v *Validator) Get(bs []byte, command protocol.RequestCommand) (u *protocol var matchErr error switch command { case protocol.RequestCommandTCP: - data := make([]byte, 16) - ret, matchErr = aead.Open(data[:0], data[4:16], bs[ivLen:ivLen+18], nil) + data := make([]byte, 4+aead.NonceSize()) + ret, matchErr = aead.Open(data[:0], data[4:], bs[ivLen:ivLen+18], nil) case protocol.RequestCommandUDP: data := make([]byte, 8192) - ret, matchErr = aead.Open(data[:0], data[8180:8192], bs[ivLen:], nil) + ret, matchErr = aead.Open(data[:0], data[8192-aead.NonceSize():8192], bs[ivLen:], nil) } if matchErr == nil {