From e141323c9d5e66159a6655463d9ec4ffa13da050 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sun, 18 Oct 2020 21:37:41 +0100 Subject: [PATCH] Fix obfsBuf being too small on closing frame --- internal/multiplex/obfs.go | 17 +++++++++-------- internal/multiplex/session.go | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/internal/multiplex/obfs.go b/internal/multiplex/obfs.go index 5711e48..4768453 100644 --- a/internal/multiplex/obfs.go +++ b/internal/multiplex/obfs.go @@ -20,6 +20,7 @@ var putU32 = binary.BigEndian.PutUint32 var putU64 = binary.BigEndian.PutUint64 const HEADER_LEN = 14 +const salsa20NonceSize = 8 const ( E_METHOD_PLAIN = iota @@ -54,14 +55,14 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser { } var extraLen int if payloadCipher == nil { - extraLen = 8 - payloadLen + extraLen = salsa20NonceSize - payloadLen if extraLen < 0 { // if our payload is already greater than 8 bytes extraLen = 0 } } else { extraLen = payloadCipher.Overhead() - if extraLen < 8 { + if extraLen < salsa20NonceSize { return 0, errors.New("AEAD's Overhead cannot be fewer than 8 bytes") } } @@ -89,10 +90,10 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser { common.CryptoRandRead(extra) } } else { - payloadCipher.Seal(payload[:0], header[:12], payload, nil) + payloadCipher.Seal(payload[:0], header[:payloadCipher.NonceSize()], payload, nil) } - nonce := buf[usefulLen-8 : usefulLen] + nonce := buf[usefulLen-salsa20NonceSize : usefulLen] salsa20.XORKeyStream(header, header, nonce, &salsaKey) return usefulLen, nil @@ -105,7 +106,7 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser { // information and plaintext func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser { // stream header length + minimum data size (i.e. nonce size of salsa20) - const minInputLen = HEADER_LEN + 8 + const minInputLen = HEADER_LEN + salsa20NonceSize deobfs := func(in []byte) (*Frame, error) { if len(in) < minInputLen { return nil, fmt.Errorf("input size %v, but it cannot be shorter than %v bytes", len(in), minInputLen) @@ -114,7 +115,7 @@ func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser { header := in[:HEADER_LEN] pldWithOverHead := in[HEADER_LEN:] // payload + potential overhead - nonce := in[len(in)-8:] + nonce := in[len(in)-salsa20NonceSize:] salsa20.XORKeyStream(header, header, nonce, &salsaKey) streamID := u32(header[0:4]) @@ -136,7 +137,7 @@ func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser { outputPayload = pldWithOverHead[:usefulPayloadLen] } } else { - _, err := payloadCipher.Open(pldWithOverHead[:0], header[:12], pldWithOverHead, nil) + _, err := payloadCipher.Open(pldWithOverHead[:0], header[:payloadCipher.NonceSize()], pldWithOverHead, nil) if err != nil { return nil, err } @@ -162,7 +163,7 @@ func MakeObfuscator(encryptionMethod byte, sessionKey [32]byte) (obfuscator Obfu switch encryptionMethod { case E_METHOD_PLAIN: payloadCipher = nil - obfuscator.maxOverhead = 0 + obfuscator.maxOverhead = salsa20NonceSize case E_METHOD_AES_GCM: var c cipher.Block c, err = aes.NewCipher(sessionKey[:]) diff --git a/internal/multiplex/session.go b/internal/multiplex/session.go index b94677b..464ad9d 100644 --- a/internal/multiplex/session.go +++ b/internal/multiplex/session.go @@ -271,7 +271,7 @@ func (sesh *Session) passiveClose() error { func genRandomPadding() []byte { lenB := make([]byte, 1) common.CryptoRandRead(lenB) - pad := make([]byte, lenB[0]) + pad := make([]byte, lenB[0]+1) common.CryptoRandRead(pad) return pad }