v2fly/proxy/vmess/aead/encrypt.go

package aead

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"crypto/rand"
	"encoding/binary"
	"errors"
	"io"
	"time"
	"v2ray.com/core/common"
)

func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
	generatedAuthID := CreateAuthID(key[:], time.Now().Unix())

	connectionNonce := make([]byte, 8)
	if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {
		panic(err.Error())
	}

	aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)

	var headerPayloadDataLen uint16
	headerPayloadDataLen = uint16(len(data))

	common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))

	authidCheckValue := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(generatedAuthID[:]), string(aeadPayloadLengthSerializeBuffer.Bytes()), string(connectionNonce))

	aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()

	aeadPayloadLengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(generatedAuthID[:]), string(connectionNonce[:]))[:2]

	aeadPayloadLengthSerializedByte[0] = aeadPayloadLengthSerializedByte[0] ^ aeadPayloadLengthMask[0]
	aeadPayloadLengthSerializedByte[1] = aeadPayloadLengthSerializedByte[1] ^ aeadPayloadLengthMask[1]

	payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))

	payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]

	payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
	if err != nil {
		panic(err.Error())
	}

	payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)

	if err != nil {
		panic(err.Error())
	}

	payloadHeaderAEADEncrypted := payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])

	var outputBuffer = bytes.NewBuffer(nil)

	common.Must2(outputBuffer.Write(generatedAuthID[:])) //16

	common.Must2(outputBuffer.Write(authidCheckValue)) //16

	common.Must2(outputBuffer.Write(aeadPayloadLengthSerializedByte)) //2

	common.Must2(outputBuffer.Write(connectionNonce)) //8

	common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))

	return outputBuffer.Bytes()
}

func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) {
	var authidCheckValue [16]byte
	var headerPayloadDataLen [2]byte
	var nonce [8]byte

	authidCheckValueReadBytesCounts, err := io.ReadFull(data, authidCheckValue[:])
	if err != nil {
		return nil, false, err, authidCheckValueReadBytesCounts
	}

	headerPayloadDataLenReadBytesCounts, err := io.ReadFull(data, headerPayloadDataLen[:])
	if err != nil {
		return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts
	}

	nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])
	if err != nil {
		return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
	}

	//Unmask Length

	LengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(authid[:]), string(nonce[:]))[:2]

	headerPayloadDataLen[0] = headerPayloadDataLen[0] ^ LengthMask[0]
	headerPayloadDataLen[1] = headerPayloadDataLen[1] ^ LengthMask[1]

	authidCheckValueReceivedFromNetwork := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(authid[:]), string(headerPayloadDataLen[:]), string(nonce[:]))

	if !hmac.Equal(authidCheckValueReceivedFromNetwork, authidCheckValue[:]) {
		return nil, true, errCheckMismatch, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
	}

	var length uint16

	common.Must(binary.Read(bytes.NewReader(headerPayloadDataLen[:]), binary.BigEndian, &length))

	payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))

	payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]

	//16 == AEAD Tag size
	payloadHeaderAEADEncrypted := make([]byte, length+16)

	payloadHeaderAEADEncryptedReadedBytesCounts, err := io.ReadFull(data, payloadHeaderAEADEncrypted)
	if err != nil {
		return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
	}

	payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
	if err != nil {
		panic(err.Error())
	}

	payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)

	if err != nil {
		panic(err.Error())
	}

	decryptedAEADHeaderPayload, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])

	if erropenAEAD != nil {
		return nil, true, erropenAEAD, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
	}

	return decryptedAEADHeaderPayload, false, nil, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
}

var errCheckMismatch = errors.New("check verify failed")
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`package aead`

			`import (`
			`"bytes"`
			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/hmac"`
			`"crypto/rand"`
			`"encoding/binary"`
			`"errors"`
			`"io"`
			`"time"`
			`"v2ray.com/core/common"`
			`)`

			`func SealVMessAEADHeader(key [16]byte, data []byte) []byte {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`generatedAuthID := CreateAuthID(key[:], time.Now().Unix())`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`connectionNonce := make([]byte, 8)`
			`if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`panic(err.Error())`
			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`var headerPayloadDataLen uint16`
			`headerPayloadDataLen = uint16(len(data))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`authidCheckValue := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(generatedAuthID[:]), string(aeadPayloadLengthSerializeBuffer.Bytes()), string(connectionNonce))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`aeadPayloadLengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(generatedAuthID[:]), string(connectionNonce[:]))[:2]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`aeadPayloadLengthSerializedByte[0] = aeadPayloadLengthSerializedByte[0] ^ aeadPayloadLengthMask[0]`
			`aeadPayloadLengthSerializedByte[1] = aeadPayloadLengthSerializedByte[1] ^ aeadPayloadLengthMask[1]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
			`panic(err.Error())`
			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
			`if err != nil {`
			`panic(err.Error())`
			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADEncrypted := payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`var outputBuffer = bytes.NewBuffer(nil)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must2(outputBuffer.Write(generatedAuthID[:])) //16`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must2(outputBuffer.Write(authidCheckValue)) //16`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must2(outputBuffer.Write(aeadPayloadLengthSerializedByte)) //2`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must2(outputBuffer.Write(connectionNonce)) //8`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return outputBuffer.Bytes()`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

			`func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`var authidCheckValue [16]byte`
			`var headerPayloadDataLen [2]byte`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`var nonce [8]byte`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`authidCheckValueReadBytesCounts, err := io.ReadFull(data, authidCheckValue[:])`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return nil, false, err, authidCheckValueReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`headerPayloadDataLenReadBytesCounts, err := io.ReadFull(data, headerPayloadDataLen[:])`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

			`//Unmask Length`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`LengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(authid[:]), string(nonce[:]))[:2]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`headerPayloadDataLen[0] = headerPayloadDataLen[0] ^ LengthMask[0]`
			`headerPayloadDataLen[1] = headerPayloadDataLen[1] ^ LengthMask[1]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`authidCheckValueReceivedFromNetwork := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(authid[:]), string(headerPayloadDataLen[:]), string(nonce[:]))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`if !hmac.Equal(authidCheckValueReceivedFromNetwork, authidCheckValue[:]) {`
			`return nil, true, errCheckMismatch, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

			`var length uint16`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must(binary.Read(bytes.NewReader(headerPayloadDataLen[:]), binary.BigEndian, &length))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
			`//16 == AEAD Tag size`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADEncrypted := make([]byte, length+16)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADEncryptedReadedBytesCounts, err := io.ReadFull(data, payloadHeaderAEADEncrypted)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
			`panic(err.Error())`
			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
			`if err != nil {`
			`panic(err.Error())`
			`}`

Apply Coding Style 2020-06-08 05:25:33 +00:00			`decryptedAEADHeaderPayload, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
			`if erropenAEAD != nil {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return nil, true, erropenAEAD, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Apply Coding Style 2020-06-08 05:25:33 +00:00			`return decryptedAEADHeaderPayload, false, nil, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

			`var errCheckMismatch = errors.New("check verify failed")`