From 9f48a6d01732bfa6445091bb6efcdf459099f4eb Mon Sep 17 00:00:00 2001 From: Darien Raymond Date: Fri, 2 Nov 2018 09:15:35 +0100 Subject: [PATCH] enable global padding for aead by default --- common/crypto/auth.go | 15 +++++++++++---- proxy/vmess/outbound/outbound.go | 6 +++++- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/common/crypto/auth.go b/common/crypto/auth.go index f5955551d..59509cdeb 100644 --- a/common/crypto/auth.go +++ b/common/crypto/auth.go @@ -2,8 +2,9 @@ package crypto import ( "crypto/cipher" - "crypto/rand" "io" + "math/rand" + "time" "v2ray.com/core/common" "v2ray.com/core/common/buf" @@ -226,16 +227,21 @@ type AuthenticationWriter struct { sizeParser ChunkSizeEncoder transferType protocol.TransferType padding PaddingLengthGenerator + randReader *rand.Rand } func NewAuthenticationWriter(auth Authenticator, sizeParser ChunkSizeEncoder, writer io.Writer, transferType protocol.TransferType, padding PaddingLengthGenerator) *AuthenticationWriter { - return &AuthenticationWriter{ + w := &AuthenticationWriter{ auth: auth, writer: buf.NewWriter(writer), sizeParser: sizeParser, transferType: transferType, - padding: padding, } + if padding != nil { + w.padding = padding + w.randReader = rand.New(rand.NewSource(time.Now().Unix())) + } + return w } func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) { @@ -263,7 +269,8 @@ func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) { return nil, err } if paddingSize > 0 { - common.Must(eb.AppendSupplier(buf.ReadFullFrom(rand.Reader, int32(paddingSize)))) + // With size of the chunk and padding length encrypted, the content of padding doesn't matter much. + common.Must(eb.AppendSupplier(buf.ReadFullFrom(w.randReader, int32(paddingSize)))) } return eb, nil diff --git a/proxy/vmess/outbound/outbound.go b/proxy/vmess/outbound/outbound.go index 7917b5e3f..9c2f2f029 100644 --- a/proxy/vmess/outbound/outbound.go +++ b/proxy/vmess/outbound/outbound.go @@ -103,7 +103,7 @@ func (v *Handler) Process(ctx context.Context, link *vio.Link, dialer internet.D request.Option.Set(protocol.RequestOptionChunkMasking) } - if enablePadding && request.Option.Has(protocol.RequestOptionChunkMasking) { + if shouldEnablePadding(request.Security) && request.Option.Has(protocol.RequestOptionChunkMasking) { request.Option.Set(protocol.RequestOptionGlobalPadding) } @@ -173,6 +173,10 @@ var ( enablePadding = false ) +func shouldEnablePadding(s protocol.SecurityType) bool { + return enablePadding || s == protocol.SecurityType_AES128_GCM || s == protocol.SecurityType_CHACHA20_POLY1305 || s == protocol.SecurityType_AUTO +} + func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return New(ctx, config.(*Config))