diff --git a/common/crypto/auth.go b/common/crypto/auth.go index 39ca8543b..334be21e3 100644 --- a/common/crypto/auth.go +++ b/common/crypto/auth.go @@ -76,20 +76,18 @@ type AuthenticationReader struct { buffer *buf.Buffer reader io.Reader - chunk []byte - aggressive bool + chunk []byte } const ( readerBufferSize = 32 * 1024 ) -func NewAuthenticationReader(auth Authenticator, reader io.Reader, aggressive bool) *AuthenticationReader { +func NewAuthenticationReader(auth Authenticator, reader io.Reader) *AuthenticationReader { return &AuthenticationReader{ - auth: auth, - buffer: buf.NewLocal(readerBufferSize), - reader: reader, - aggressive: aggressive, + auth: auth, + buffer: buf.NewLocal(readerBufferSize), + reader: reader, } } @@ -168,14 +166,7 @@ func (v *AuthenticationReader) Read(b []byte) (int, error) { return 0, err } - totalBytes := v.CopyChunk(b) - for v.aggressive && totalBytes < len(b) { - if err := v.NextChunk(); err != nil { - break - } - totalBytes += v.CopyChunk(b[totalBytes:]) - } - return totalBytes, nil + return v.CopyChunk(b), nil } type AuthenticationWriter struct { diff --git a/common/crypto/auth_test.go b/common/crypto/auth_test.go index 0180abff7..defaa4b85 100644 --- a/common/crypto/auth_test.go +++ b/common/crypto/auth_test.go @@ -51,7 +51,7 @@ func TestAuthenticationReaderWriter(t *testing.T) { Content: iv, }, AdditionalDataGenerator: &NoOpBytesGenerator{}, - }, cache, false) + }, cache) actualPayload := make([]byte, 16*1024) nBytes, err = reader.Read(actualPayload) @@ -102,7 +102,7 @@ func TestAuthenticationReaderWriterPartial(t *testing.T) { Content: iv, }, AdditionalDataGenerator: &NoOpBytesGenerator{}, - }, cache, false) + }, cache) actualPayload := make([]byte, 7*1024) nBytes, err = reader.Read(actualPayload) @@ -118,56 +118,3 @@ func TestAuthenticationReaderWriterPartial(t *testing.T) { _, err = reader.Read(actualPayload) assert.Error(err).Equals(io.EOF) } - -func TestAuthenticationReaderWriterAggressive(t *testing.T) { - assert := assert.On(t) - - key := make([]byte, 16) - rand.Read(key) - block, err := aes.NewCipher(key) - assert.Error(err).IsNil() - - aead, err := cipher.NewGCM(block) - assert.Error(err).IsNil() - - payload := make([]byte, 7*1024) - rand.Read(payload) - - cache := buf.NewLocal(16 * 1024) - iv := make([]byte, 12) - rand.Read(iv) - - writer := NewAuthenticationWriter(&AEADAuthenticator{ - AEAD: aead, - NonceGenerator: &StaticBytesGenerator{ - Content: iv, - }, - AdditionalDataGenerator: &NoOpBytesGenerator{}, - }, cache) - - nBytes, err := writer.Write(payload) - assert.Error(err).IsNil() - assert.Int(nBytes).Equals(len(payload)) - assert.Int(cache.Len()).GreaterThan(0) - _, err = writer.Write(payload) - assert.Error(err).IsNil() - assert.Int(nBytes).Equals(len(payload)) - _, err = writer.Write([]byte{}) - assert.Error(err).IsNil() - - reader := NewAuthenticationReader(&AEADAuthenticator{ - AEAD: aead, - NonceGenerator: &StaticBytesGenerator{ - Content: iv, - }, - AdditionalDataGenerator: &NoOpBytesGenerator{}, - }, cache, true) - - actualPayload := make([]byte, 16*1024) - nBytes, err = reader.Read(actualPayload) - assert.Error(err).IsNil() - assert.Int(nBytes).Equals(len(payload) * 2) - - _, err = reader.Read(actualPayload) - assert.Error(err).Equals(io.EOF) -} diff --git a/proxy/vmess/encoding/client.go b/proxy/vmess/encoding/client.go index 5e2da55e6..f057107cf 100644 --- a/proxy/vmess/encoding/client.go +++ b/proxy/vmess/encoding/client.go @@ -213,7 +213,6 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon } func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader { - aggressive := (request.Command == protocol.RequestCommandTCP) var authReader io.Reader if request.Security.Is(protocol.SecurityType_NONE) { if request.Option.Has(protocol.RequestOptionChunkStream) { @@ -222,7 +221,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read NonceGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, reader) } else { authReader = reader } @@ -233,7 +232,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read NonceGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, v.responseReader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, v.responseReader) } else { authReader = v.responseReader } @@ -249,7 +248,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read }, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, reader) } else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) { aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey)) @@ -261,7 +260,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read }, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, reader) } return buf.NewReader(authReader) diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go index 4d73b24a5..b60172ad3 100644 --- a/proxy/vmess/encoding/server.go +++ b/proxy/vmess/encoding/server.go @@ -150,7 +150,6 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request } func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader { - aggressive := (request.Command == protocol.RequestCommandTCP) var authReader io.Reader if request.Security.Is(protocol.SecurityType_NONE) { if request.Option.Has(protocol.RequestOptionChunkStream) { @@ -159,7 +158,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade NonceGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, reader) } else { authReader = reader } @@ -172,7 +171,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade NonceGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, cryptionReader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, cryptionReader) } else { authReader = cryptionReader } @@ -188,7 +187,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade }, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, reader) } else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) { aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey)) @@ -200,7 +199,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade }, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } - authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) + authReader = crypto.NewAuthenticationReader(auth, reader) } return buf.NewReader(authReader)