Fix obfsBuf being too small on closing frame

2020-10-18 21:37:41 +01:00 · 2020-10-18 21:37:41 +01:00 · e141323c9d
parent 1ec11c175a
commit e141323c9d
2 changed files with 10 additions and 9 deletions
--- a/internal/multiplex/obfs.go
+++ b/internal/multiplex/obfs.go
@ -20,6 +20,7 @@ var putU32 = binary.BigEndian.PutUint32
 var putU64 = binary.BigEndian.PutUint64

 const HEADER_LEN = 14
+const salsa20NonceSize = 8

 const (
 	E_METHOD_PLAIN = iota
@ -54,14 +55,14 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser {
 		}
 		var extraLen int
 		if payloadCipher == nil {
-			extraLen = 8 - payloadLen
+			extraLen = salsa20NonceSize - payloadLen
 			if extraLen < 0 {
 				// if our payload is already greater than 8 bytes
 				extraLen = 0
 			}
 		} else {
 			extraLen = payloadCipher.Overhead()
-			if extraLen < 8 {
+			if extraLen < salsa20NonceSize {
 				return 0, errors.New("AEAD's Overhead cannot be fewer than 8 bytes")
 			}
 		}
@ -89,10 +90,10 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser {
 				common.CryptoRandRead(extra)
 			}
 		} else {
-			payloadCipher.Seal(payload[:0], header[:12], payload, nil)
+			payloadCipher.Seal(payload[:0], header[:payloadCipher.NonceSize()], payload, nil)
 		}

-		nonce := buf[usefulLen-8 : usefulLen]
+		nonce := buf[usefulLen-salsa20NonceSize : usefulLen]
 		salsa20.XORKeyStream(header, header, nonce, &salsaKey)

 		return usefulLen, nil
@ -105,7 +106,7 @@ func MakeObfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Obfser {
 // information and plaintext
 func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser {
 	// stream header length + minimum data size (i.e. nonce size of salsa20)
-	const minInputLen = HEADER_LEN + 8
+	const minInputLen = HEADER_LEN + salsa20NonceSize
 	deobfs := func(in []byte) (*Frame, error) {
 		if len(in) < minInputLen {
 			return nil, fmt.Errorf("input size %v, but it cannot be shorter than %v bytes", len(in), minInputLen)
@ -114,7 +115,7 @@ func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser {
 		header := in[:HEADER_LEN]
 		pldWithOverHead := in[HEADER_LEN:] // payload + potential overhead

-		nonce := in[len(in)-8:]
+		nonce := in[len(in)-salsa20NonceSize:]
 		salsa20.XORKeyStream(header, header, nonce, &salsaKey)

 		streamID := u32(header[0:4])
@ -136,7 +137,7 @@ func MakeDeobfs(salsaKey [32]byte, payloadCipher cipher.AEAD) Deobfser {
 				outputPayload = pldWithOverHead[:usefulPayloadLen]
 			}
 		} else {
-			_, err := payloadCipher.Open(pldWithOverHead[:0], header[:12], pldWithOverHead, nil)
+			_, err := payloadCipher.Open(pldWithOverHead[:0], header[:payloadCipher.NonceSize()], pldWithOverHead, nil)
 			if err != nil {
 				return nil, err
 			}
@ -162,7 +163,7 @@ func MakeObfuscator(encryptionMethod byte, sessionKey [32]byte) (obfuscator Obfu
 	switch encryptionMethod {
 	case E_METHOD_PLAIN:
 		payloadCipher = nil
-		obfuscator.maxOverhead = 0
+		obfuscator.maxOverhead = salsa20NonceSize
 	case E_METHOD_AES_GCM:
 		var c cipher.Block
 		c, err = aes.NewCipher(sessionKey[:])
--- a/internal/multiplex/session.go
+++ b/internal/multiplex/session.go
@ -271,7 +271,7 @@ func (sesh *Session) passiveClose() error {
 func genRandomPadding() []byte {
 	lenB := make([]byte, 1)
 	common.CryptoRandRead(lenB)
-	pad := make([]byte, lenB[0])
+	pad := make([]byte, lenB[0]+1)
 	common.CryptoRandRead(pad)
 	return pad
 }