fix encoding bug in shadowsocks

proxy/shadowsocks/config.go

@@ -216,7 +216,7 @@ func (c *AEADCipher) DecodePacket(key []byte, b *buf.Buffer) error {
 	if err != nil {
 		return err
 	}
-	b.Resize(ivLen, ivLen+int32(len(bbb)))
+	b.Resize(ivLen, int32(len(bbb)))
 	return nil
 }
 

proxy/shadowsocks/config_test.go

@@ -0,0 +1,38 @@
+package shadowsocks_test
+
+import (
+	"crypto/rand"
+	"testing"
+
+	"v2ray.com/core/common"
+	"v2ray.com/core/common/buf"
+	"v2ray.com/core/common/compare"
+	"v2ray.com/core/proxy/shadowsocks"
+)
+
+func TestAEADCipherUDP(t *testing.T) {
+	rawAccount := &shadowsocks.Account{
+		CipherType: shadowsocks.CipherType_AES_128_GCM,
+		Password:   "test",
+	}
+	account, err := rawAccount.AsAccount()
+	common.Must(err)
+
+	cipher := account.(*shadowsocks.MemoryAccount).Cipher
+
+	key := make([]byte, cipher.KeySize())
+	common.Must2(rand.Read(key))
+
+	payload := make([]byte, 1024)
+	common.Must2(rand.Read(payload))
+
+	b1 := buf.New()
+	common.Must2(b1.ReadFullFrom(rand.Reader, cipher.IVSize()))
+	common.Must2(b1.Write(payload))
+	common.Must(cipher.EncodePacket(key, b1))
+
+	common.Must(cipher.DecodePacket(key, b1))
+	if err := compare.BytesEqualWithDetail(b1.Bytes(), payload); err != nil {
+		t.Error(err)
+	}
+}

proxy/shadowsocks/protocol.go

@@ -142,8 +142,9 @@ func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Wri
 		header.SetByte(0, header.Byte(0)|0x10)
 
 		authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
+		authPayload := header.Bytes()
 		authBuffer := header.Extend(AuthSize)
-		authenticator.Authenticate(header.Bytes(), authBuffer)
+		authenticator.Authenticate(authPayload, authBuffer)
 	}
 
 	if err := w.WriteMultiBuffer(buf.NewMultiBufferValue(header)); err != nil {