v2fly/proxy/vmess/aead/encrypt.go

package aead

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/binary"
	"io"
	"time"

	"github.com/v2fly/v2ray-core/v4/common"
)

func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
	generatedAuthID := CreateAuthID(key[:], time.Now().Unix())

	connectionNonce := make([]byte, 8)
	if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {
		panic(err.Error())
	}

	aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)

	headerPayloadDataLen := uint16(len(data))

	common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))

	aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()
	var payloadHeaderLengthAEADEncrypted []byte

	{
		payloadHeaderLengthAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADKey, string(generatedAuthID[:]), string(connectionNonce))

		payloadHeaderLengthAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]

		payloadHeaderLengthAEADAESBlock, err := aes.NewCipher(payloadHeaderLengthAEADKey)
		if err != nil {
			panic(err.Error())
		}

		payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderLengthAEADAESBlock)
		if err != nil {
			panic(err.Error())
		}

		payloadHeaderLengthAEADEncrypted = payloadHeaderAEAD.Seal(nil, payloadHeaderLengthAEADNonce, aeadPayloadLengthSerializedByte, generatedAuthID[:])
	}

	var payloadHeaderAEADEncrypted []byte

	{
		payloadHeaderAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))

		payloadHeaderAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]

		payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
		if err != nil {
			panic(err.Error())
		}

		payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
		if err != nil {
			panic(err.Error())
		}

		payloadHeaderAEADEncrypted = payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])
	}

	outputBuffer := bytes.NewBuffer(nil)

	common.Must2(outputBuffer.Write(generatedAuthID[:]))               // 16
	common.Must2(outputBuffer.Write(payloadHeaderLengthAEADEncrypted)) // 2+16
	common.Must2(outputBuffer.Write(connectionNonce))                  // 8
	common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))

	return outputBuffer.Bytes()
}

func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, int, error) {
	var payloadHeaderLengthAEADEncrypted [18]byte
	var nonce [8]byte

	var bytesRead int

	authidCheckValueReadBytesCounts, err := io.ReadFull(data, payloadHeaderLengthAEADEncrypted[:])
	bytesRead += authidCheckValueReadBytesCounts
	if err != nil {
		return nil, false, bytesRead, err
	}

	nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])
	bytesRead += nonceReadBytesCounts
	if err != nil {
		return nil, false, bytesRead, err
	}

	// Decrypt Length

	var decryptedAEADHeaderLengthPayloadResult []byte

	{
		payloadHeaderLengthAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADKey, string(authid[:]), string(nonce[:]))

		payloadHeaderLengthAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADIV, string(authid[:]), string(nonce[:]))[:12]

		payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderLengthAEADKey)
		if err != nil {
			panic(err.Error())
		}

		payloadHeaderLengthAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
		if err != nil {
			panic(err.Error())
		}

		decryptedAEADHeaderLengthPayload, erropenAEAD := payloadHeaderLengthAEAD.Open(nil, payloadHeaderLengthAEADNonce, payloadHeaderLengthAEADEncrypted[:], authid[:])

		if erropenAEAD != nil {
			return nil, true, bytesRead, erropenAEAD
		}

		decryptedAEADHeaderLengthPayloadResult = decryptedAEADHeaderLengthPayload
	}

	var length uint16

	common.Must(binary.Read(bytes.NewReader(decryptedAEADHeaderLengthPayloadResult), binary.BigEndian, &length))

	var decryptedAEADHeaderPayloadR []byte

	var payloadHeaderAEADEncryptedReadedBytesCounts int

	{
		payloadHeaderAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))

		payloadHeaderAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]

		// 16 == AEAD Tag size
		payloadHeaderAEADEncrypted := make([]byte, length+16)

		payloadHeaderAEADEncryptedReadedBytesCounts, err = io.ReadFull(data, payloadHeaderAEADEncrypted)
		bytesRead += payloadHeaderAEADEncryptedReadedBytesCounts
		if err != nil {
			return nil, false, bytesRead, err
		}

		payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
		if err != nil {
			panic(err.Error())
		}

		payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
		if err != nil {
			panic(err.Error())
		}

		decryptedAEADHeaderPayload, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])

		if erropenAEAD != nil {
			return nil, true, bytesRead, erropenAEAD
		}

		decryptedAEADHeaderPayloadR = decryptedAEADHeaderPayload
	}

	return decryptedAEADHeaderPayloadR, false, bytesRead, nil
}
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`package aead`

			`import (`
			`"bytes"`
			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/rand"`
			`"encoding/binary"`
			`"io"`
			`"time"`
Fix according to staticcheck result staticcheck repo: https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck 2020-08-30 14:58:00 +00:00
Chore: change module name (#677) 2021-02-16 20:31:50 +00:00			`"github.com/v2fly/v2ray-core/v4/common"`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`)`

			`func SealVMessAEADHeader(key [16]byte, data []byte) []byte {`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`generatedAuthID := CreateAuthID(key[:], time.Now().Unix())`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`connectionNonce := make([]byte, 8)`
			`if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`panic(err.Error())`
			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Fix according to staticcheck result staticcheck repo: https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck 2020-08-30 14:58:00 +00:00			`headerPayloadDataLen := uint16(len(data))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`var payloadHeaderLengthAEADEncrypted []byte`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`{`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderLengthAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADKey, string(generatedAuthID[:]), string(connectionNonce))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderLengthAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderLengthAEADAESBlock, err := aes.NewCipher(payloadHeaderLengthAEADKey)`
			`if err != nil {`
			`panic(err.Error())`
			`}`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderLengthAEADAESBlock)`
			`if err != nil {`
			`panic(err.Error())`
			`}`

			`payloadHeaderLengthAEADEncrypted = payloadHeaderAEAD.Seal(nil, payloadHeaderLengthAEADNonce, aeadPayloadLengthSerializedByte, generatedAuthID[:])`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`var payloadHeaderAEADEncrypted []byte`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`{`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)`
			`if err != nil {`
			`panic(err.Error())`
			`}`

			`payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)`
			`if err != nil {`
			`panic(err.Error())`
			`}`

			`payloadHeaderAEADEncrypted = payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])`
			`}`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Style: format code by gofumpt (#1022) 2021-05-19 21:28:52 +00:00			`outputBuffer := bytes.NewBuffer(nil)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`common.Must2(outputBuffer.Write(generatedAuthID[:])) // 16`
			`common.Must2(outputBuffer.Write(payloadHeaderLengthAEADEncrypted)) // 2+16`
			`common.Must2(outputBuffer.Write(connectionNonce)) // 8`
Apply Coding Style 2020-06-08 05:21:59 +00:00			`common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Apply Coding Style 2020-06-08 05:21:59 +00:00			`return outputBuffer.Bytes()`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, int, error) {`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`var payloadHeaderLengthAEADEncrypted [18]byte`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`var nonce [8]byte`

Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`var bytesRead int`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`authidCheckValueReadBytesCounts, err := io.ReadFull(data, payloadHeaderLengthAEADEncrypted[:])`
			`bytesRead += authidCheckValueReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`return nil, false, bytesRead, err`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Apply Coding Style 2020-06-08 05:21:59 +00:00			`nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`bytesRead += nonceReadBytesCounts`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`if err != nil {`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`return nil, false, bytesRead, err`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`// Decrypt Length`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00
			`var decryptedAEADHeaderLengthPayloadResult []byte`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`{`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderLengthAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADKey, string(authid[:]), string(nonce[:]))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderLengthAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadLengthAEADIV, string(authid[:]), string(nonce[:]))[:12]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderLengthAEADKey)`
			`if err != nil {`
			`panic(err.Error())`
			`}`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderLengthAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)`
			`if err != nil {`
			`panic(err.Error())`
			`}`

			`decryptedAEADHeaderLengthPayload, erropenAEAD := payloadHeaderLengthAEAD.Open(nil, payloadHeaderLengthAEADNonce, payloadHeaderLengthAEADEncrypted[:], authid[:])`

			`if erropenAEAD != nil {`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`return nil, true, bytesRead, erropenAEAD`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`}`

			`decryptedAEADHeaderLengthPayloadResult = decryptedAEADHeaderLengthPayload`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

			`var length uint16`

Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`common.Must(binary.Read(bytes.NewReader(decryptedAEADHeaderLengthPayloadResult), binary.BigEndian, &length))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`var decryptedAEADHeaderPayloadR []byte`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`var payloadHeaderAEADEncryptedReadedBytesCounts int`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`{`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderAEADKey := KDF16(key[:], KDFSaltConstVMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`payloadHeaderAEADNonce := KDF(key[:], KDFSaltConstVMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`// 16 == AEAD Tag size`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEADEncrypted := make([]byte, length+16)`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEADEncryptedReadedBytesCounts, err = io.ReadFull(data, payloadHeaderAEADEncrypted)`
			`bytesRead += payloadHeaderAEADEncryptedReadedBytesCounts`
			`if err != nil {`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`return nil, false, bytesRead, err`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`}`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)`
			`if err != nil {`
			`panic(err.Error())`
			`}`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)`
			`if err != nil {`
			`panic(err.Error())`
			`}`

			`decryptedAEADHeaderPayload, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])`

			`if erropenAEAD != nil {`
Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`return nil, true, bytesRead, erropenAEAD`
Update AEAD design to rely more on AEAD 2020-06-26 12:15:37 +00:00			`}`

			`decryptedAEADHeaderPayloadR = decryptedAEADHeaderPayload`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`

Refine code according to golangci-lint results 2020-10-11 11:22:46 +00:00			`return decryptedAEADHeaderPayloadR, false, bytesRead, nil`
VMess AEAD Experiment 2020-06-06 09:11:30 +00:00			`}`