mihomo/transport/vless/encryption/client.go

package encryption

import (
	"bytes"
	"crypto/cipher"
	"crypto/ecdh"
	"crypto/rand"
	"errors"
	"fmt"
	"io"
	"net"
	"runtime"
	"strings"
	"sync"
	"time"

	"github.com/metacubex/utls/mlkem"
	"golang.org/x/crypto/sha3"
	"golang.org/x/sys/cpu"
)

var (
	// Keep in sync with crypto/tls/cipher_suites.go.
	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ && cpu.X86.HasSSE41 && cpu.X86.HasSSSE3
	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCTR && cpu.S390X.HasGHASH
	hasGCMAsmPPC64 = runtime.GOARCH == "ppc64" || runtime.GOARCH == "ppc64le"

	HasAESGCMHardwareSupport = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X || hasGCMAsmPPC64
)

var ClientCipher byte

func init() {
	if HasAESGCMHardwareSupport {
		ClientCipher = 1
	}
}

type ClientInstance struct {
	sync.RWMutex
	nfsEKey *mlkem.EncapsulationKey768
	hash11  [11]byte // no more capacity
	xorMode uint32
	xorPKey *ecdh.PublicKey
	minutes time.Duration
	expire  time.Time
	baseKey []byte
	ticket  []byte
}

type ClientConn struct {
	net.Conn
	instance  *ClientInstance
	baseKey   []byte
	ticket    []byte
	random    []byte
	aead      cipher.AEAD
	nonce     []byte
	peerAEAD  cipher.AEAD
	peerNonce []byte
	input     bytes.Reader // peerCache
}

func (i *ClientInstance) Init(nfsEKeyBytes, xorPKeyBytes []byte, xorMode, minutes uint32) (err error) {
	if i.nfsEKey != nil {
		err = errors.New("already initialized")
		return
	}
	if i.nfsEKey, err = mlkem.NewEncapsulationKey768(nfsEKeyBytes); err != nil {
		return
	}
	hash32 := sha3.Sum256(nfsEKeyBytes)
	copy(i.hash11[:], hash32[:])
	if xorMode > 0 {
		i.xorMode = xorMode
		if i.xorPKey, err = ecdh.X25519().NewPublicKey(xorPKeyBytes); err != nil {
			return
		}
	}
	i.minutes = time.Duration(minutes) * time.Minute
	return
}

func (i *ClientInstance) Handshake(conn net.Conn) (*ClientConn, error) {
	if i.nfsEKey == nil {
		return nil, errors.New("uninitialized")
	}
	if i.xorMode > 0 {
		conn, _ = NewXorConn(conn, i.xorMode, i.xorPKey, nil)
	}
	c := &ClientConn{Conn: conn}

	if i.minutes > 0 {
		i.RLock()
		if time.Now().Before(i.expire) {
			c.instance = i
			c.baseKey = i.baseKey
			c.ticket = i.ticket
			i.RUnlock()
			return c, nil
		}
		i.RUnlock()
	}

	pfsDKeySeed := make([]byte, 64)
	rand.Read(pfsDKeySeed)
	pfsDKey, _ := mlkem.NewDecapsulationKey768(pfsDKeySeed)
	pfsEKeyBytes := pfsDKey.EncapsulationKey().Bytes()
	nfsKey, encapsulatedNfsKey := i.nfsEKey.Encapsulate()
	nfsAEAD := NewAEAD(ClientCipher, nfsKey, pfsEKeyBytes, encapsulatedNfsKey)

	clientHello := make([]byte, 5+11+1+1184+1088+randBetween(100, 1000))
	EncodeHeader(clientHello, 1, 11+1+1184+1088)
	copy(clientHello[5:], i.hash11[:])
	clientHello[5+11] = ClientCipher
	copy(clientHello[5+11+1:], pfsEKeyBytes)
	copy(clientHello[5+11+1+1184:], encapsulatedNfsKey)
	padding := clientHello[5+11+1+1184+1088:]
	rand.Read(padding) // important
	EncodeHeader(padding, 23, len(padding)-5)
	nfsAEAD.Seal(padding[:5], clientHello[5:5+11+1], padding[5:len(padding)-16], padding[:5])

	if _, err := c.Conn.Write(clientHello); err != nil {
		return nil, err
	}
	// client can send more NFS AEAD paddings / messages if needed

	_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before server hello
	if err != nil {
		return nil, err
	}

	if t != 1 {
		return nil, fmt.Errorf("unexpected type %v, expect server hello", t)
	}
	peerServerHello := make([]byte, 1088+21)
	if l != len(peerServerHello) {
		return nil, fmt.Errorf("unexpected length %v for server hello", l)
	}
	if _, err := io.ReadFull(c.Conn, peerServerHello); err != nil {
		return nil, err
	}
	encapsulatedPfsKey := peerServerHello[:1088]
	c.ticket = append(i.hash11[:], peerServerHello[1088:]...)

	pfsKey, err := pfsDKey.Decapsulate(encapsulatedPfsKey)
	if err != nil {
		return nil, err
	}
	c.baseKey = append(pfsKey, nfsKey...)

	VLESS, _ := NewAEAD(ClientCipher, c.baseKey, encapsulatedPfsKey, encapsulatedNfsKey).Open(nil, append(i.hash11[:], ClientCipher), c.ticket[11:], pfsEKeyBytes)
	if !bytes.Equal(VLESS, []byte("VLESS")) {
		return nil, errors.New("invalid server")
	}

	if i.minutes > 0 {
		i.Lock()
		i.expire = time.Now().Add(i.minutes)
		i.baseKey = c.baseKey
		i.ticket = c.ticket
		i.Unlock()
	}

	return c, nil
}

func (c *ClientConn) Write(b []byte) (int, error) {
	if len(b) == 0 {
		return 0, nil
	}
	var data []byte
	for n := 0; n < len(b); {
		b := b[n:]
		if len(b) > 8192 {
			b = b[:8192] // for avoiding another copy() in server's Read()
		}
		n += len(b)
		if c.aead == nil {
			data = make([]byte, 5+32+32+5+len(b)+16)
			EncodeHeader(data, 0, 32+32)
			copy(data[5:], c.ticket)
			c.random = make([]byte, 32)
			rand.Read(c.random)
			copy(data[5+32:], c.random)
			EncodeHeader(data[5+32+32:], 23, len(b)+16)
			c.aead = NewAEAD(ClientCipher, c.baseKey, c.random, c.ticket)
			c.nonce = make([]byte, 12)
			c.aead.Seal(data[:5+32+32+5], c.nonce, b, data[5+32+32:5+32+32+5])
		} else {
			data = make([]byte, 5+len(b)+16)
			EncodeHeader(data, 23, len(b)+16)
			c.aead.Seal(data[:5], c.nonce, b, data[:5])
			if bytes.Equal(c.nonce, MaxNonce) {
				c.aead = NewAEAD(ClientCipher, c.baseKey, data[5:], data[:5])
			}
		}
		IncreaseNonce(c.nonce)
		if _, err := c.Conn.Write(data); err != nil {
			return 0, err
		}
	}
	return len(b), nil
}

func (c *ClientConn) Read(b []byte) (int, error) {
	if len(b) == 0 {
		return 0, nil
	}
	if c.peerAEAD == nil {
		_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before random hello
		if err != nil {
			if c.instance != nil && strings.HasPrefix(err.Error(), "invalid header: ") { // 0-RTT's 0-RTT
				c.instance.Lock()
				if bytes.Equal(c.ticket, c.instance.ticket) {
					c.instance.expire = time.Now() // expired
				}
				c.instance.Unlock()
				return 0, errors.New("new handshake needed")
			}
			return 0, err
		}
		if t != 0 {
			return 0, fmt.Errorf("unexpected type %v, expect server random", t)
		}
		peerRandomHello := make([]byte, 32)
		if l != len(peerRandomHello) {
			return 0, fmt.Errorf("unexpected length %v for server random", l)
		}
		if _, err := io.ReadFull(c.Conn, peerRandomHello); err != nil {
			return 0, err
		}
		if c.random == nil {
			return 0, errors.New("empty c.random")
		}
		c.peerAEAD = NewAEAD(ClientCipher, c.baseKey, peerRandomHello, c.random)
		c.peerNonce = make([]byte, 12)
	}
	if c.input.Len() > 0 {
		return c.input.Read(b)
	}
	h, t, l, err := ReadAndDecodeHeader(c.Conn) // l: 17~17000
	if err != nil {
		return 0, err
	}
	if t != 23 {
		return 0, fmt.Errorf("unexpected type %v, expect encrypted data", t)
	}
	peerData := make([]byte, l)
	if _, err := io.ReadFull(c.Conn, peerData); err != nil {
		return 0, err
	}
	dst := peerData[:l-16]
	if len(dst) <= len(b) {
		dst = b[:len(dst)] // avoids another copy()
	}
	var peerAEAD cipher.AEAD
	if bytes.Equal(c.peerNonce, MaxNonce) {
		peerAEAD = NewAEAD(ClientCipher, c.baseKey, peerData, h)
	}
	_, err = c.peerAEAD.Open(dst[:0], c.peerNonce, peerData, h)
	if peerAEAD != nil {
		c.peerAEAD = peerAEAD
	}
	IncreaseNonce(c.peerNonce)
	if err != nil {
		return 0, err
	}
	if len(dst) > len(b) {
		c.input.Reset(dst[copy(b, dst):])
		dst = b // for len(dst)
	}
	return len(dst), nil
}
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`package encryption`

			`import (`
			`"bytes"`
			`"crypto/cipher"`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`"crypto/ecdh"`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`"crypto/rand"`
			`"errors"`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`"fmt"`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`"io"`
			`"net"`
			`"runtime"`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`"strings"`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`"sync"`
			`"time"`

			`"github.com/metacubex/utls/mlkem"`
chore: sync vless encryption code 2025-08-18 23:08:30 +08:00			`"golang.org/x/crypto/sha3"`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`"golang.org/x/sys/cpu"`
			`)`

			`var (`
			`// Keep in sync with crypto/tls/cipher_suites.go.`
			`hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ && cpu.X86.HasSSE41 && cpu.X86.HasSSSE3`
			`hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL`
			`hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCTR && cpu.S390X.HasGHASH`
			`hasGCMAsmPPC64 = runtime.GOARCH == "ppc64" \|\| runtime.GOARCH == "ppc64le"`

			`HasAESGCMHardwareSupport = hasGCMAsmAMD64 \|\| hasGCMAsmARM64 \|\| hasGCMAsmS390X \|\| hasGCMAsmPPC64`
			`)`

			`var ClientCipher byte`

			`func init() {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`if HasAESGCMHardwareSupport {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`ClientCipher = 1`
			`}`
			`}`

			`type ClientInstance struct {`
			`sync.RWMutex`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`nfsEKey *mlkem.EncapsulationKey768`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`hash11 [11]byte // no more capacity`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`xorMode uint32`
			`xorPKey *ecdh.PublicKey`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`minutes time.Duration`
			`expire time.Time`
			`baseKey []byte`
			`ticket []byte`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`

			`type ClientConn struct {`
			`net.Conn`
			`instance *ClientInstance`
			`baseKey []byte`
chore: sync code https://github.com/XTLS/Xray-core/commit/3e19bf9233bdd9bafc073a71c65b737cc1ffba5e 2025-08-11 09:31:13 +08:00			`ticket []byte`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`random []byte`
			`aead cipher.AEAD`
			`nonce []byte`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`peerAEAD cipher.AEAD`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`peerNonce []byte`
fix: vision on vless encryption 2025-08-18 09:34:20 +08:00			`input bytes.Reader // peerCache`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`

chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`func (i *ClientInstance) Init(nfsEKeyBytes, xorPKeyBytes []byte, xorMode, minutes uint32) (err error) {`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`if i.nfsEKey != nil {`
			`err = errors.New("already initialized")`
			`return`
			`}`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`if i.nfsEKey, err = mlkem.NewEncapsulationKey768(nfsEKeyBytes); err != nil {`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`return`
			`}`
chore: sync vless encryption code 2025-08-19 21:37:02 +08:00			`hash32 := sha3.Sum256(nfsEKeyBytes)`
			`copy(i.hash11[:], hash32[:])`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`if xorMode > 0 {`
			`i.xorMode = xorMode`
			`if i.xorPKey, err = ecdh.X25519().NewPublicKey(xorPKeyBytes); err != nil {`
			`return`
			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`}`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`i.minutes = time.Duration(minutes) * time.Minute`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return`
			`}`

chore: sync vless encryption code 2025-08-19 21:37:02 +08:00			`func (i ClientInstance) Handshake(conn net.Conn) (ClientConn, error) {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`if i.nfsEKey == nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, errors.New("uninitialized")`
			`}`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`if i.xorMode > 0 {`
			`conn, _ = NewXorConn(conn, i.xorMode, i.xorPKey, nil)`
feat: support optional aes128xor layer for vless encryption 2025-08-11 20:57:23 +08:00			`}`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`c := &ClientConn{Conn: conn}`

			`if i.minutes > 0 {`
			`i.RLock()`
			`if time.Now().Before(i.expire) {`
			`c.instance = i`
			`c.baseKey = i.baseKey`
chore: sync code https://github.com/XTLS/Xray-core/commit/3e19bf9233bdd9bafc073a71c65b737cc1ffba5e 2025-08-11 09:31:13 +08:00			`c.ticket = i.ticket`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`i.RUnlock()`
			`return c, nil`
			`}`
			`i.RUnlock()`
			`}`

chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`pfsDKeySeed := make([]byte, 64)`
			`rand.Read(pfsDKeySeed)`
			`pfsDKey, _ := mlkem.NewDecapsulationKey768(pfsDKeySeed)`
			`pfsEKeyBytes := pfsDKey.EncapsulationKey().Bytes()`
			`nfsKey, encapsulatedNfsKey := i.nfsEKey.Encapsulate()`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`nfsAEAD := NewAEAD(ClientCipher, nfsKey, pfsEKeyBytes, encapsulatedNfsKey)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`clientHello := make([]byte, 5+11+1+1184+1088+randBetween(100, 1000))`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`EncodeHeader(clientHello, 1, 11+1+1184+1088)`
			`copy(clientHello[5:], i.hash11[:])`
			`clientHello[5+11] = ClientCipher`
			`copy(clientHello[5+11+1:], pfsEKeyBytes)`
			`copy(clientHello[5+11+1+1184:], encapsulatedNfsKey)`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`padding := clientHello[5+11+1+1184+1088:]`
			`rand.Read(padding) // important`
			`EncodeHeader(padding, 23, len(padding)-5)`
			`nfsAEAD.Seal(padding[:5], clientHello[5:5+11+1], padding[5:len(padding)-16], padding[:5])`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-13 20:50:46 +08:00			`if _, err := c.Conn.Write(clientHello); err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`// client can send more NFS AEAD paddings / messages if needed`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00
chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before server hello`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if err != nil {`
			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if t != 1 {`
fix: 335d54e4 sync mistake 2025-08-18 08:40:52 +08:00			`return nil, fmt.Errorf("unexpected type %v, expect server hello", t)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`}`
fix: 335d54e4 sync mistake 2025-08-18 08:40:52 +08:00			`peerServerHello := make([]byte, 1088+21)`
			`if l != len(peerServerHello) {`
			`return nil, fmt.Errorf("unexpected length %v for server hello", l)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`}`
fix: 335d54e4 sync mistake 2025-08-18 08:40:52 +08:00			`if _, err := io.ReadFull(c.Conn, peerServerHello); err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, err`
			`}`
fix: 335d54e4 sync mistake 2025-08-18 08:40:52 +08:00			`encapsulatedPfsKey := peerServerHello[:1088]`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`c.ticket = append(i.hash11[:], peerServerHello[1088:]...)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`pfsKey, err := pfsDKey.Decapsulate(encapsulatedPfsKey)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
			`return nil, err`
			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`c.baseKey = append(pfsKey, nfsKey...)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`VLESS, _ := NewAEAD(ClientCipher, c.baseKey, encapsulatedPfsKey, encapsulatedNfsKey).Open(nil, append(i.hash11[:], ClientCipher), c.ticket[11:], pfsEKeyBytes)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if !bytes.Equal(VLESS, []byte("VLESS")) {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return nil, errors.New("invalid server")`
			`}`

			`if i.minutes > 0 {`
			`i.Lock()`
			`i.expire = time.Now().Add(i.minutes)`
			`i.baseKey = c.baseKey`
chore: sync code https://github.com/XTLS/Xray-core/commit/3e19bf9233bdd9bafc073a71c65b737cc1ffba5e 2025-08-11 09:31:13 +08:00			`i.ticket = c.ticket`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`i.Unlock()`
			`}`

			`return c, nil`
			`}`

			`func (c *ClientConn) Write(b []byte) (int, error) {`
			`if len(b) == 0 {`
			`return 0, nil`
			`}`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`var data []byte`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`for n := 0; n < len(b); {`
			`b := b[n:]`
			`if len(b) > 8192 {`
			`b = b[:8192] // for avoiding another copy() in server's Read()`
			`}`
			`n += len(b)`
			`if c.aead == nil {`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`data = make([]byte, 5+32+32+5+len(b)+16)`
			`EncodeHeader(data, 0, 32+32)`
			`copy(data[5:], c.ticket)`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`c.random = make([]byte, 32)`
			`rand.Read(c.random)`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`copy(data[5+32:], c.random)`
			`EncodeHeader(data[5+32+32:], 23, len(b)+16)`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`c.aead = NewAEAD(ClientCipher, c.baseKey, c.random, c.ticket)`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`c.nonce = make([]byte, 12)`
chore: sync vless encryption code 2025-08-18 08:43:17 +08:00			`c.aead.Seal(data[:5+32+32+5], c.nonce, b, data[5+32+32:5+32+32+5])`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`} else {`
			`data = make([]byte, 5+len(b)+16)`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`EncodeHeader(data, 23, len(b)+16)`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`c.aead.Seal(data[:5], c.nonce, b, data[:5])`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`if bytes.Equal(c.nonce, MaxNonce) {`
chore: sync vless encryption code 2025-08-21 08:33:44 +08:00			`c.aead = NewAEAD(ClientCipher, c.baseKey, data[5:], data[:5])`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`}`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`}`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`IncreaseNonce(c.nonce)`
chore: sync vless encryption code 2025-08-13 20:50:46 +08:00			`if _, err := c.Conn.Write(data); err != nil {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`return 0, err`
			`}`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
			`return len(b), nil`
			`}`

chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`func (c *ClientConn) Read(b []byte) (int, error) {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if len(b) == 0 {`
			`return 0, nil`
			`}`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`if c.peerAEAD == nil {`
chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before random hello`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`if err != nil {`
chore: sync vless encryption code 2025-08-14 23:52:05 +08:00			`if c.instance != nil && strings.HasPrefix(err.Error(), "invalid header: ") { // 0-RTT's 0-RTT`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`c.instance.Lock()`
			`if bytes.Equal(c.ticket, c.instance.ticket) {`
			`c.instance.expire = time.Now() // expired`
			`}`
			`c.instance.Unlock()`
			`return 0, errors.New("new handshake needed")`
			`}`
chore: sync vless encryption code 2025-08-14 18:31:56 +08:00			`return 0, err`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`}`
			`if t != 0 {`
			`return 0, fmt.Errorf("unexpected type %v, expect server random", t)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
fix: 335d54e4 sync mistake 2025-08-18 08:40:52 +08:00			`peerRandomHello := make([]byte, 32)`
			`if l != len(peerRandomHello) {`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`return 0, fmt.Errorf("unexpected length %v for server random", l)`
			`}`
fix: 335d54e4 sync mistake 2025-08-18 08:40:52 +08:00			`if _, err := io.ReadFull(c.Conn, peerRandomHello); err != nil {`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`return 0, err`
			`}`
			`if c.random == nil {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`return 0, errors.New("empty c.random")`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`c.peerAEAD = NewAEAD(ClientCipher, c.baseKey, peerRandomHello, c.random)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`c.peerNonce = make([]byte, 12)`
			`}`
fix: vision on vless encryption 2025-08-18 09:34:20 +08:00			`if c.input.Len() > 0 {`
			`return c.input.Read(b)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`h, t, l, err := ReadAndDecodeHeader(c.Conn) // l: 17~17000`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
			`return 0, err`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`if t != 23 {`
			`return 0, fmt.Errorf("unexpected type %v, expect encrypted data", t)`
			`}`
			`peerData := make([]byte, l)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if _, err := io.ReadFull(c.Conn, peerData); err != nil {`
			`return 0, err`
			`}`
chore: sync vless encryption code 2025-08-13 18:51:47 +08:00			`dst := peerData[:l-16]`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if len(dst) <= len(b) {`
chore: sync vless encryption code 2025-08-12 20:06:08 +08:00			`dst = b[:len(dst)] // avoids another copy()`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`}`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`var peerAEAD cipher.AEAD`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`if bytes.Equal(c.peerNonce, MaxNonce) {`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`peerAEAD = NewAEAD(ClientCipher, c.baseKey, peerData, h)`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`}`
chore: sync vless encryption code 2025-08-21 19:42:56 +08:00			`_, err = c.peerAEAD.Open(dst[:0], c.peerNonce, peerData, h)`
			`if peerAEAD != nil {`
			`c.peerAEAD = peerAEAD`
chore: sync vless encryption code 2025-08-12 22:59:25 +08:00			`}`
			`IncreaseNonce(c.peerNonce)`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`if err != nil {`
			`return 0, err`
			`}`
			`if len(dst) > len(b) {`
fix: vision on vless encryption 2025-08-18 09:34:20 +08:00			`c.input.Reset(dst[copy(b, dst):])`
feat: support vless encryption 2025-08-10 22:16:25 +08:00			`dst = b // for len(dst)`
			`}`
			`return len(dst), nil`
			`}`