From 9ea1bf7c1dfad892aafc8807b56ce398bb2eb819 Mon Sep 17 00:00:00 2001
From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Date: Sat, 18 Dec 2021 23:23:09 -0500
Subject: [PATCH] Fix shadowsocks xchacha cipher nonce size

---
 common/crypto/auth.go          | 4 ----
 proxy/shadowsocks/protocol.go  | 2 +-
 proxy/shadowsocks/validator.go | 6 +++---
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/common/crypto/auth.go b/common/crypto/auth.go
index 13866a4d..8c659ff0 100644
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@@ -39,10 +39,6 @@ func GenerateIncreasingNonce(nonce []byte) BytesGenerator {
 	}
 }
 
-func GenerateInitialAEADNonce() BytesGenerator {
-	return GenerateIncreasingNonce([]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF})
-}
-
 func GenerateAEADNonceWithSize(nonceSize int) BytesGenerator {
 	c := make([]byte, nonceSize)
 	for i := 0; i < nonceSize; i++ {
diff --git a/proxy/shadowsocks/protocol.go b/proxy/shadowsocks/protocol.go
index ee2b62c8..d310b009 100644
--- a/proxy/shadowsocks/protocol.go
+++ b/proxy/shadowsocks/protocol.go
@@ -86,7 +86,7 @@ func ReadTCPSession(validator *Validator, reader io.Reader) (*protocol.RequestHe
 		if aead != nil {
 			auth := &crypto.AEADAuthenticator{
 				AEAD:           aead,
-				NonceGenerator: crypto.GenerateInitialAEADNonce(),
+				NonceGenerator: crypto.GenerateAEADNonceWithSize(aead.NonceSize()),
 			}
 			r = crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
 				Auth: auth,
diff --git a/proxy/shadowsocks/validator.go b/proxy/shadowsocks/validator.go
index b36e9bc8..5be81447 100644
--- a/proxy/shadowsocks/validator.go
+++ b/proxy/shadowsocks/validator.go
@@ -93,11 +93,11 @@ func (v *Validator) Get(bs []byte, command protocol.RequestCommand) (u *protocol
 			var matchErr error
 			switch command {
 			case protocol.RequestCommandTCP:
-				data := make([]byte, 16)
-				ret, matchErr = aead.Open(data[:0], data[4:16], bs[ivLen:ivLen+18], nil)
+				data := make([]byte, 4+aead.NonceSize())
+				ret, matchErr = aead.Open(data[:0], data[4:], bs[ivLen:ivLen+18], nil)
 			case protocol.RequestCommandUDP:
 				data := make([]byte, 8192)
-				ret, matchErr = aead.Open(data[:0], data[8180:8192], bs[ivLen:], nil)
+				ret, matchErr = aead.Open(data[:0], data[8192-aead.NonceSize():8192], bs[ivLen:], nil)
 			}
 
 			if matchErr == nil {