From 6007e4cc6f943ca8439916b2ba29f0973ddf1314 Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangwang@outlook.com>
Date: Sat, 6 Jun 2020 18:57:49 +0800
Subject: [PATCH] Detailed AEAD Auth Error

---
 proxy/vmess/aead/authid.go     | 8 ++++----
 proxy/vmess/encoding/server.go | 6 +++---
 proxy/vmess/validator.go       | 6 +++---
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/proxy/vmess/aead/authid.go b/proxy/vmess/aead/authid.go
index d4b3f446e..ff681fea5 100644
--- a/proxy/vmess/aead/authid.go
+++ b/proxy/vmess/aead/authid.go
@@ -90,7 +90,7 @@ func (a *AuthIDDecoderHolder) RemoveUser(key [16]byte) {
 
 func (a *AuthIDDecoderHolder) Match(AuthID [16]byte) (interface{}, error) {
 	if !a.apw.Check(AuthID[:]) {
-		return nil, errReplay
+		return nil, ErrReplay
 	}
 	for _, v := range a.aidhi {
 
@@ -106,9 +106,9 @@ func (a *AuthIDDecoderHolder) Match(AuthID [16]byte) (interface{}, error) {
 		return v.ticket, nil
 
 	}
-	return nil, errNotFound
+	return nil, ErrNotFound
 }
 
-var errNotFound = errors.New("user do not exist")
+var ErrNotFound = errors.New("user do not exist")
 
-var errReplay = errors.New("replayed request")
+var ErrReplay = errors.New("replayed request")
diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go
index 2a6e1dea5..9d0414dd6 100644
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@@ -165,7 +165,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 	var decryptor io.Reader
 	var vmessAccount *vmess.MemoryAccount
 
-	user, foundAEAD := s.userValidator.GetAEAD(buffer.Bytes())
+	user, foundAEAD, errorAEAD := s.userValidator.GetAEAD(buffer.Bytes())
 
 	var fixedSizeAuthID [16]byte
 	copy(fixedSizeAuthID[:], buffer.Bytes())
@@ -185,7 +185,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 		}
 		decryptor = bytes.NewReader(aeadData)
 		s.isAEADRequest = true
-	} else if !s.isAEADForced {
+	} else if !s.isAEADForced && errorAEAD == vmessaead.ErrNotFound {
 		userLegacy, timestamp, valid, userValidationError := s.userValidator.Get(buffer.Bytes())
 		if !valid || userValidationError != nil {
 			return nil, drainConnection(newError("invalid user").Base(userValidationError))
@@ -197,7 +197,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 		aesStream := crypto.NewAesDecryptionStream(vmessAccount.ID.CmdKey(), iv[:])
 		decryptor = crypto.NewCryptionReader(aesStream, reader)
 	} else {
-		return nil, drainConnection(newError("invalid user"))
+		return nil, drainConnection(newError("invalid user").Base(errorAEAD))
 	}
 
 	readSizeRemain -= int(buffer.Len())
diff --git a/proxy/vmess/validator.go b/proxy/vmess/validator.go
index d9956608d..a2f34aede 100644
--- a/proxy/vmess/validator.go
+++ b/proxy/vmess/validator.go
@@ -168,7 +168,7 @@ func (v *TimedUserValidator) Get(userHash []byte) (*protocol.MemoryUser, protoco
 	return nil, 0, false, ErrNotFound
 }
 
-func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, bool) {
+func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, bool, error) {
 	defer v.RUnlock()
 	v.RLock()
 	var userHashFL [16]byte
@@ -176,9 +176,9 @@ func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, boo
 
 	userd, err := v.aeadDecoderHolder.Match(userHashFL)
 	if err != nil {
-		return nil, false
+		return nil, false, err
 	}
-	return userd.(*protocol.MemoryUser), true
+	return userd.(*protocol.MemoryUser), true, err
 }
 
 func (v *TimedUserValidator) Remove(email string) bool {