From 0024c6e028768d8516bdee11be9834b2617ff00c Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangwang@outlook.com>
Date: Mon, 22 Feb 2021 13:20:36 +0000
Subject: [PATCH] Fix incorrect HMac Chaining, further checking needed

---
 proxy/vmess/aead/kdf.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/proxy/vmess/aead/kdf.go b/proxy/vmess/aead/kdf.go
index fdc7a483c..5fc4ac5cc 100644
--- a/proxy/vmess/aead/kdf.go
+++ b/proxy/vmess/aead/kdf.go
@@ -7,16 +7,27 @@ import (
 )
 
 func KDF(key []byte, path ...string) []byte {
-	var hmacf hash.Hash
+	hmacCreator := &hMacCreator{value: []byte(KDFSaltConstVMessAEADKDF)}
 	for _, v := range path {
-		hmacf = hmac.New(func() hash.Hash {
-			return hmac.New(sha256.New, []byte(KDFSaltConstVMessAEADKDF))
-		}, []byte(v))
+		hmacCreator = &hMacCreator{value: []byte(v), parent: hmacCreator}
 	}
+	hmacf := hmacCreator.Create()
 	hmacf.Write(key)
 	return hmacf.Sum(nil)
 }
 
+type hMacCreator struct {
+	parent *hMacCreator
+	value  []byte
+}
+
+func (h *hMacCreator) Create() hash.Hash {
+	if h.parent == nil {
+		return hmac.New(sha256.New, h.value)
+	}
+	return hmac.New(h.parent.Create, h.value)
+}
+
 func KDF16(key []byte, path ...string) []byte {
 	r := KDF(key, path...)
 	return r[:16]