mihomo/transport/vless/encryption/server.go

package encryption

import (
	"bytes"
	"crypto/cipher"
	"crypto/rand"
	"crypto/sha256"
	"errors"
	"fmt"
	"io"
	"net"
	"sync"
	"time"

	"github.com/metacubex/utls/mlkem"
)

type ServerSession struct {
	expire  time.Time
	cipher  byte
	baseKey []byte
	randoms sync.Map
}

type ServerInstance struct {
	sync.RWMutex
	nfsDKey  *mlkem.DecapsulationKey768
	hash11   [11]byte // no more capacity
	xorKey   []byte
	minutes  time.Duration
	sessions map[[32]byte]*ServerSession
	closed   bool
}

type ServerConn struct {
	net.Conn
	cipher     byte
	baseKey    []byte
	ticket     []byte
	peerRandom []byte
	peerAead   cipher.AEAD
	peerNonce  []byte
	input      bytes.Reader // peerCache
	aead       cipher.AEAD
	nonce      []byte
}

func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Duration) (err error) {
	if i.nfsDKey != nil {
		err = errors.New("already initialized")
		return
	}
	i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed)
	if err != nil {
		return
	}
	hash256 := sha256.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
	copy(i.hash11[:], hash256[:])
	if xor > 0 {
		xorKey := sha256.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
		i.xorKey = xorKey[:]
	}
	if minutes > 0 {
		i.minutes = minutes
		i.sessions = make(map[[32]byte]*ServerSession)
		go func() {
			for {
				time.Sleep(time.Minute)
				i.Lock()
				if i.closed {
					i.Unlock()
					return
				}
				now := time.Now()
				for ticket, session := range i.sessions {
					if now.After(session.expire) {
						delete(i.sessions, ticket)
					}
				}
				i.Unlock()
			}
		}()
	}
	return
}

func (i *ServerInstance) Close() (err error) {
	i.Lock()
	i.closed = true
	i.Unlock()
	return
}

func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
	if i.nfsDKey == nil {
		return nil, errors.New("uninitialized")
	}
	if i.xorKey != nil {
		conn = NewXorConn(conn, i.xorKey)
	}
	c := &ServerConn{Conn: conn}

	_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before client/ticket hello
	if err != nil {
		return nil, err
	}

	if t == 0 {
		if i.minutes == 0 {
			return nil, errors.New("0-RTT is not allowed")
		}
		peerTicketHello := make([]byte, 32+32)
		if l != len(peerTicketHello) {
			return nil, fmt.Errorf("unexpected length %v for ticket hello", l)
		}
		if _, err := io.ReadFull(c.Conn, peerTicketHello); err != nil {
			return nil, err
		}
		if !bytes.Equal(peerTicketHello[:11], i.hash11[:]) {
			return nil, fmt.Errorf("unexpected hash11: %v", peerTicketHello[:11])
		}
		i.RLock()
		s := i.sessions[[32]byte(peerTicketHello)]
		i.RUnlock()
		if s == nil {
			noises := make([]byte, randBetween(100, 1000))
			var err error
			for err == nil {
				rand.Read(noises)
				_, _, err = DecodeHeader(noises)
			}
			c.Conn.Write(noises) // make client do new handshake
			return nil, errors.New("expired ticket")
		}
		if _, replay := s.randoms.LoadOrStore([32]byte(peerTicketHello[32:]), true); replay {
			return nil, errors.New("replay detected")
		}
		c.cipher = s.cipher
		c.baseKey = s.baseKey
		c.ticket = peerTicketHello[:32]
		c.peerRandom = peerTicketHello[32:]
		return c, nil
	}

	peerClientHello := make([]byte, 11+1+1184+1088)
	if l != len(peerClientHello) {
		return nil, fmt.Errorf("unexpected length %v for client hello", l)
	}
	if _, err := io.ReadFull(c.Conn, peerClientHello); err != nil {
		return nil, err
	}
	if !bytes.Equal(peerClientHello[:11], i.hash11[:]) {
		return nil, fmt.Errorf("unexpected hash11: %v", peerClientHello[:11])
	}
	c.cipher = peerClientHello[11]
	pfsEKeyBytes := peerClientHello[11+1 : 11+1+1184]
	encapsulatedNfsKey := peerClientHello[11+1+1184:]

	pfsEKey, err := mlkem.NewEncapsulationKey768(pfsEKeyBytes)
	if err != nil {
		return nil, err
	}
	nfsKey, err := i.nfsDKey.Decapsulate(encapsulatedNfsKey)
	if err != nil {
		return nil, err
	}
	pfsKey, encapsulatedPfsKey := pfsEKey.Encapsulate()
	c.baseKey = append(pfsKey, nfsKey...)

	c.ticket = append(i.hash11[:], NewAead(c.cipher, c.baseKey, encapsulatedPfsKey, encapsulatedNfsKey).Seal(nil, peerClientHello[:12], []byte("VLESS"), pfsEKeyBytes)...)

	paddingLen := randBetween(100, 1000)

	serverHello := make([]byte, 5+1088+21+5+paddingLen)
	EncodeHeader(serverHello, 1, 1088+21)
	copy(serverHello[5:], encapsulatedPfsKey)
	copy(serverHello[5+1088:], c.ticket[11:])
	EncodeHeader(serverHello[5+1088+21:], 23, int(paddingLen))
	rand.Read(serverHello[5+1088+21+5:])

	if _, err := c.Conn.Write(serverHello); err != nil {
		return nil, err
	}
	// server can send more paddings / PFS AEAD messages if needed

	if i.minutes > 0 {
		i.Lock()
		i.sessions[[32]byte(c.ticket)] = &ServerSession{
			expire:  time.Now().Add(i.minutes),
			cipher:  c.cipher,
			baseKey: c.baseKey,
		}
		i.Unlock()
	}

	return c, nil
}

func (c *ServerConn) Read(b []byte) (int, error) {
	if len(b) == 0 {
		return 0, nil
	}
	if c.peerAead == nil {
		if c.peerRandom == nil { // 1-RTT's 0-RTT
			_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before ticket hello
			if err != nil {
				return 0, err
			}
			if t != 0 {
				return 0, fmt.Errorf("unexpected type %v, expect ticket hello", t)
			}
			peerTicketHello := make([]byte, 32+32)
			if l != len(peerTicketHello) {
				return 0, fmt.Errorf("unexpected length %v for ticket hello", l)
			}
			if _, err := io.ReadFull(c.Conn, peerTicketHello); err != nil {
				return 0, err
			}
			if !bytes.Equal(peerTicketHello[:32], c.ticket) {
				return 0, errors.New("naughty boy")
			}
			c.peerRandom = peerTicketHello[32:]
		}
		c.peerAead = NewAead(c.cipher, c.baseKey, c.peerRandom, c.ticket)
		c.peerNonce = make([]byte, 12)
	}
	if c.input.Len() > 0 {
		return c.input.Read(b)
	}
	h, t, l, err := ReadAndDecodeHeader(c.Conn) // l: 17~17000
	if err != nil {
		return 0, err
	}
	if t != 23 {
		return 0, fmt.Errorf("unexpected type %v, expect encrypted data", t)
	}
	peerData := make([]byte, l)
	if _, err := io.ReadFull(c.Conn, peerData); err != nil {
		return 0, err
	}
	dst := peerData[:l-16]
	if len(dst) <= len(b) {
		dst = b[:len(dst)] // avoids another copy()
	}
	var peerAead cipher.AEAD
	if bytes.Equal(c.peerNonce, MaxNonce) {
		peerAead = NewAead(c.cipher, c.baseKey, peerData, h)
	}
	_, err = c.peerAead.Open(dst[:0], c.peerNonce, peerData, h)
	if peerAead != nil {
		c.peerAead = peerAead
	}
	IncreaseNonce(c.peerNonce)
	if err != nil {
		return 0, err
	}
	if len(dst) > len(b) {
		c.input.Reset(dst[copy(b, dst):])
		dst = b // for len(dst)
	}
	return len(dst), nil
}

func (c *ServerConn) Write(b []byte) (int, error) {
	if len(b) == 0 {
		return 0, nil
	}
	var data []byte
	for n := 0; n < len(b); {
		b := b[n:]
		if len(b) > 8192 {
			b = b[:8192] // for avoiding another copy() in client's Read()
		}
		n += len(b)
		if c.aead == nil {
			if c.peerRandom == nil {
				return 0, errors.New("empty c.peerRandom")
			}
			data = make([]byte, 5+32+5+len(b)+16)
			EncodeHeader(data, 0, 32)
			rand.Read(data[5 : 5+32])
			c.aead = NewAead(c.cipher, c.baseKey, data[5:5+32], c.peerRandom)
			c.nonce = make([]byte, 12)
			EncodeHeader(data[5+32:], 23, len(b)+16)
			c.aead.Seal(data[:5+32+5], c.nonce, b, data[5+32:5+32+5])
		} else {
			data = make([]byte, 5+len(b)+16)
			EncodeHeader(data, 23, len(b)+16)
			c.aead.Seal(data[:5], c.nonce, b, data[:5])
			if bytes.Equal(c.nonce, MaxNonce) {
				c.aead = NewAead(c.cipher, c.baseKey, data[5:], data[:5])
			}
		}
		IncreaseNonce(c.nonce)
		if _, err := c.Conn.Write(data); err != nil {
			return 0, err
		}
	}
	return len(b), nil
}
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`package encryption`

			`import (`
			`"bytes"`
			`"crypto/cipher"`
			`"crypto/rand"`
chore: sync vless encryption code 2025-08-14 09:57:20 +08:00			`"crypto/sha256"`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`"errors"`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`"fmt"`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`"io"`
			`"net"`
			`"sync"`
			`"time"`

			`"github.com/metacubex/utls/mlkem"`
			`)`

			`type ServerSession struct {`
			`expire time.Time`
			`cipher byte`
			`baseKey []byte`
			`randoms sync.Map`
			`}`

			`type ServerInstance struct {`
			`sync.RWMutex`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`nfsDKey *mlkem.DecapsulationKey768`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`hash11 [11]byte // no more capacity`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`xorKey []byte`
			`minutes time.Duration`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`sessions map[[32]byte]*ServerSession`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`closed bool`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`

			`type ServerConn struct {`
			`net.Conn`
			`cipher byte`
			`baseKey []byte`
chore: sync code https://github.com/XTLS/Xray-core/commit/3e19bf9233bdd9bafc073a71c65b737cc1ffba5e 2025-08-11 09:31:13 +08:00			`ticket []byte`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`peerRandom []byte`
			`peerAead cipher.AEAD`
			`peerNonce []byte`
fix: vision on vless encryption 2025-08-18 09:34:20 +08:00			`input bytes.Reader // peerCache`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`aead cipher.AEAD`
			`nonce []byte`
			`}`

chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Duration) (err error) {`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`if i.nfsDKey != nil {`
			`err = errors.New("already initialized")`
			`return`
			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed)`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`if err != nil {`
			`return`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`hash256 := sha256.Sum256(i.nfsDKey.EncapsulationKey().Bytes())`
			`copy(i.hash11[:], hash256[:])`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`if xor > 0 {`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`xorKey := sha256.Sum256(i.nfsDKey.EncapsulationKey().Bytes())`
			`i.xorKey = xorKey[:]`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`}`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if minutes > 0 {`
			`i.minutes = minutes`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`i.sessions = make(map[[32]byte]*ServerSession)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`go func() {`
			`for {`
			`time.Sleep(time.Minute)`
			`i.Lock()`
chore: sync vless encryption code 2025-08-13 01:14:22 +08:00			`if i.closed {`
			`i.Unlock()`
fix: vless server close 2025-08-10 22:43:31 +08:00			`return`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`now := time.Now()`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`for ticket, session := range i.sessions {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if now.After(session.expire) {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`delete(i.sessions, ticket)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
			`}`
			`i.Unlock()`
			`}`
			`}()`
			`}`
			`return`
			`}`

fix: vless server close 2025-08-10 22:43:31 +08:00			`func (i *ServerInstance) Close() (err error) {`
			`i.Lock()`
chore: sync vless encryption code 2025-08-13 01:14:22 +08:00			`i.closed = true`
			`i.Unlock()`
fix: vless server close 2025-08-10 22:43:31 +08:00			`return`
			`}`

feat: support vless encryption 2025-08-10 22:16:25 +08:00			`func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`if i.nfsDKey == nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, errors.New("uninitialized")`
			`}`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`if i.xorKey != nil {`
			`conn = NewXorConn(conn, i.xorKey)`
feat: support optional aes128xor layer for vless encryption 2025-08-11 20:57:23 +08:00			`}`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`c := &ServerConn{Conn: conn}`

chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before client/ticket hello`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00
			`if t == 0 {`
			`if i.minutes == 0 {`
			`return nil, errors.New("0-RTT is not allowed")`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`peerTicketHello := make([]byte, 32+32)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if l != len(peerTicketHello) {`
			`return nil, fmt.Errorf("unexpected length %v for ticket hello", l)`
			`}`
			`if _, err := io.ReadFull(c.Conn, peerTicketHello); err != nil {`
			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`if !bytes.Equal(peerTicketHello[:11], i.hash11[:]) {`
			`return nil, fmt.Errorf("unexpected hash11: %v", peerTicketHello[:11])`
			`}`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`i.RLock()`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`s := i.sessions[[32]byte(peerTicketHello)]`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`i.RUnlock()`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if s == nil {`
chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`noises := make([]byte, randBetween(100, 1000))`
			`var err error`
			`for err == nil {`
			`rand.Read(noises)`
			`_, _, err = DecodeHeader(noises)`
			`}`
			`c.Conn.Write(noises) // make client do new handshake`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`return nil, errors.New("expired ticket")`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`if _, replay := s.randoms.LoadOrStore([32]byte(peerTicketHello[32:]), true); replay {`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`return nil, errors.New("replay detected")`
			`}`
			`c.cipher = s.cipher`
			`c.baseKey = s.baseKey`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`c.ticket = peerTicketHello[:32]`
			`c.peerRandom = peerTicketHello[32:]`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`return c, nil`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`

chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`peerClientHello := make([]byte, 11+1+1184+1088)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if l != len(peerClientHello) {`
			`return nil, fmt.Errorf("unexpected length %v for client hello", l)`
			`}`
			`if _, err := io.ReadFull(c.Conn, peerClientHello); err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`if !bytes.Equal(peerClientHello[:11], i.hash11[:]) {`
			`return nil, fmt.Errorf("unexpected hash11: %v", peerClientHello[:11])`
			`}`
			`c.cipher = peerClientHello[11]`
			`pfsEKeyBytes := peerClientHello[11+1 : 11+1+1184]`
			`encapsulatedNfsKey := peerClientHello[11+1+1184:]`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`pfsEKey, err := mlkem.NewEncapsulationKey768(pfsEKeyBytes)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`nfsKey, err := i.nfsDKey.Decapsulate(encapsulatedNfsKey)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`pfsKey, encapsulatedPfsKey := pfsEKey.Encapsulate()`
			`c.baseKey = append(pfsKey, nfsKey...)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`c.ticket = append(i.hash11[:], NewAead(c.cipher, c.baseKey, encapsulatedPfsKey, encapsulatedNfsKey).Seal(nil, peerClientHello[:12], []byte("VLESS"), pfsEKeyBytes)...)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`paddingLen := randBetween(100, 1000)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`serverHello := make([]byte, 5+1088+21+5+paddingLen)`
			`EncodeHeader(serverHello, 1, 1088+21)`
			`copy(serverHello[5:], encapsulatedPfsKey)`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`copy(serverHello[5+1088:], c.ticket[11:])`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`EncodeHeader(serverHello[5+1088+21:], 23, int(paddingLen))`
			`rand.Read(serverHello[5+1088+21+5:])`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-13 20:50:46 +08:00			`if _, err := c.Conn.Write(serverHello); err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`// server can send more paddings / PFS AEAD messages if needed`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
			`if i.minutes > 0 {`
			`i.Lock()`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`i.sessions[[32]byte(c.ticket)] = &ServerSession{`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`expire: time.Now().Add(i.minutes),`
			`cipher: c.cipher,`
			`baseKey: c.baseKey,`
			`}`
			`i.Unlock()`
			`}`

			`return c, nil`
			`}`

			`func (c *ServerConn) Read(b []byte) (int, error) {`
			`if len(b) == 0 {`
			`return 0, nil`
			`}`
			`if c.peerAead == nil {`
chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`if c.peerRandom == nil { // 1-RTT's 0-RTT`
			`_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before ticket hello`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`if err != nil {`
			`return 0, err`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if t != 0 {`
			`return 0, fmt.Errorf("unexpected type %v, expect ticket hello", t)`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`peerTicketHello := make([]byte, 32+32)`
chore: sync vless encryption code 2025-08-13 19:50:53 +08:00			`if l != len(peerTicketHello) {`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`return 0, fmt.Errorf("unexpected length %v for ticket hello", l)`
			`}`
chore: sync vless encryption code 2025-08-13 19:50:53 +08:00			`if _, err := io.ReadFull(c.Conn, peerTicketHello); err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return 0, err`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`if !bytes.Equal(peerTicketHello[:32], c.ticket) {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return 0, errors.New("naughty boy")`
			`}`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`c.peerRandom = peerTicketHello[32:]`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`c.peerAead = NewAead(c.cipher, c.baseKey, c.peerRandom, c.ticket)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`c.peerNonce = make([]byte, 12)`
			`}`
fix: vision on vless encryption 2025-08-18 09:34:20 +08:00			`if c.input.Len() > 0 {`
			`return c.input.Read(b)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`h, t, l, err := ReadAndDecodeHeader(c.Conn) // l: 17~17000`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
			`return 0, err`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if t != 23 {`
			`return 0, fmt.Errorf("unexpected type %v, expect encrypted data", t)`
			`}`
			`peerData := make([]byte, l)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if _, err := io.ReadFull(c.Conn, peerData); err != nil {`
			`return 0, err`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`dst := peerData[:l-16]`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if len(dst) <= len(b) {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`dst = b[:len(dst)] // avoids another copy()`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`var peerAead cipher.AEAD`
			`if bytes.Equal(c.peerNonce, MaxNonce) {`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`peerAead = NewAead(c.cipher, c.baseKey, peerData, h)`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`_, err = c.peerAead.Open(dst[:0], c.peerNonce, peerData, h)`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`if peerAead != nil {`
			`c.peerAead = peerAead`
			`}`
			`IncreaseNonce(c.peerNonce)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`return 0, err`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
			`if len(dst) > len(b) {`
fix: vision on vless encryption 2025-08-18 09:34:20 +08:00			`c.input.Reset(dst[copy(b, dst):])`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`dst = b // for len(dst)`
			`}`
			`return len(dst), nil`
			`}`

chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`func (c *ServerConn) Write(b []byte) (int, error) {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if len(b) == 0 {`
			`return 0, nil`
			`}`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`var data []byte`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`for n := 0; n < len(b); {`
			`b := b[n:]`
			`if len(b) > 8192 {`
			`b = b[:8192] // for avoiding another copy() in client's Read()`
			`}`
			`n += len(b)`
			`if c.aead == nil {`
			`if c.peerRandom == nil {`
			`return 0, errors.New("empty c.peerRandom")`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`data = make([]byte, 5+32+5+len(b)+16)`
			`EncodeHeader(data, 0, 32)`
			`rand.Read(data[5 : 5+32])`
			`c.aead = NewAead(c.cipher, c.baseKey, data[5:5+32], c.peerRandom)`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`c.nonce = make([]byte, 12)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`EncodeHeader(data[5+32:], 23, len(b)+16)`
			`c.aead.Seal(data[:5+32+5], c.nonce, b, data[5+32:5+32+5])`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`} else {`
			`data = make([]byte, 5+len(b)+16)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`EncodeHeader(data, 23, len(b)+16)`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`c.aead.Seal(data[:5], c.nonce, b, data[:5])`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`if bytes.Equal(c.nonce, MaxNonce) {`
chore: sync vless encryption code 2025-08-13 01:14:22 +08:00			`c.aead = NewAead(c.cipher, c.baseKey, data[5:], data[:5])`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`}`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`IncreaseNonce(c.nonce)`
chore: sync vless encryption code 2025-08-13 20:50:46 +08:00			`if _, err := c.Conn.Write(data); err != nil {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`return 0, err`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
			`}`
			`return len(b), nil`
			`}`