fix corrupted tls12 aead stream in tls mirror

2026-01-03 15:55:20 -05:00 · 2025-07-03 23:30:11 +01:00
parent 3a513fb0c3
commit c5199a2f6f
5 changed files with 53 additions and 7 deletions
--- a/transport/internet/tlsmirror/mirrorbase/conn.go
+++ b/transport/internet/tlsmirror/mirrorbase/conn.go
@@ -170,7 +170,7 @@ func (c *conn) c2sWorker() {
 			// memory consistency synchronization for value c.tls12ExplicitNonce is required!!!
 			if *c.tls12ExplicitNonce {
 				if record.RecordType == mirrorcommon.TLSRecord_RecordType_application_data {
-					nonce := c.s2cExplicitNonceCounterGenerator()
+					nonce := c.c2sExplicitNonceCounterGenerator()
 					copy(record.Fragment, nonce)
 				}
 			}
@@ -217,7 +217,7 @@ func (c *conn) c2sWorker() {
 				return
 			}

-			c.c2sExplicitNonceCounterGenerator = crypto.GenerateIncreasingNonce([]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00})
+			c.c2sExplicitNonceCounterGenerator = reverseBytesGeneratorByteOrder(crypto.GenerateIncreasingNonce([]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}))
 		}

 		if c.OnC2SMessage != nil {
@@ -291,7 +291,7 @@ func (c *conn) s2cWorker() {
 			// memory consistency synchronization for value c.tls12ExplicitNonce is required!!!
 			if *c.tls12ExplicitNonce {
 				if record.RecordType == mirrorcommon.TLSRecord_RecordType_application_data {
-					nonce := c.c2sExplicitNonceCounterGenerator()
+					nonce := c.s2cExplicitNonceCounterGenerator()
 					copy(record.Fragment, nonce)
 				}
 			}
@@ -329,7 +329,7 @@ func (c *conn) s2cWorker() {
 				c.done()
 				return
 			}
-			c.c2sExplicitNonceCounterGenerator = crypto.GenerateIncreasingNonce([]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00})
+			c.s2cExplicitNonceCounterGenerator = reverseBytesGeneratorByteOrder(crypto.GenerateIncreasingNonce([]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}))
 		}

 		if c.OnS2CMessage != nil {
--- a/transport/internet/tlsmirror/mirrorbase/crypto.go
+++ b/transport/internet/tlsmirror/mirrorbase/crypto.go
@@ -0,0 +1,19 @@
+package mirrorbase
+
+import (
+	"github.com/v2fly/v2ray-core/v5/common/crypto"
+)
+
+func reverseBytesGeneratorByteOrder(generator crypto.BytesGenerator) crypto.BytesGenerator {
+	var reverseResult [8]byte
+	return func() []byte {
+		result := generator()
+		if len(result) != 8 {
+			panic("reverseBytesGeneratorByteOrder requires a generator that returns exactly 8 bytes")
+		}
+		for i := 0; i < 8; i++ {
+			reverseResult[i] = result[7-i]
+		}
+		return reverseResult[:]
+	}
+}
--- a/transport/internet/tlsmirror/mirrorbase/crypto_test.go
+++ b/transport/internet/tlsmirror/mirrorbase/crypto_test.go
@@ -0,0 +1,27 @@
+package mirrorbase
+
+import (
+	"github.com/google/go-cmp/cmp"
+	"testing"
+
+	"github.com/v2fly/v2ray-core/v5/common/crypto"
+)
+
+func TestTLS12ExplicitNonceGeneration(t *testing.T) {
+	generator := reverseBytesGeneratorByteOrder(crypto.GenerateIncreasingNonce([]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}))
+
+	firstValue := generator()
+	if diff := cmp.Diff(firstValue, []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}); diff != "" {
+		t.Errorf("Unexpected first value: %s", diff)
+	}
+
+	secondValue := generator()
+	if diff := cmp.Diff(secondValue, []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}); diff != "" {
+		t.Errorf("Unexpected second value: %s", diff)
+	}
+
+	thirdValue := generator()
+	if diff := cmp.Diff(thirdValue, []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03}); diff != "" {
+		t.Errorf("Unexpected third value: %s", diff)
+	}
+}
--- a/transport/internet/tlsmirror/server/client_conn.go
+++ b/transport/internet/tlsmirror/server/client_conn.go
@@ -158,8 +158,8 @@ func (s *clientConnState) WriteMessage(message []byte) error {
 	if err != nil {
 		return newError("failed to get explicit nonce reserved overhead header length").Base(err)
 	}
-	buffer := make([]byte, 0, explicitNonceReservedOverheadHeaderLength+len(message)+s.encryptor.NonceSize())
-	buffer, err = s.encryptor.Seal(buffer[explicitNonceReservedOverheadHeaderLength:], message)
+	buffer := make([]byte, explicitNonceReservedOverheadHeaderLength, explicitNonceReservedOverheadHeaderLength+len(message)+s.encryptor.NonceSize())
+	buffer, err = s.encryptor.Seal(buffer[:], message)
 	if err != nil {
 		return newError("failed to encrypt message").Base(err)
 	}
--- a/transport/internet/tlsmirror/server/conn.go
+++ b/transport/internet/tlsmirror/server/conn.go
@@ -145,7 +145,7 @@ func (s *connState) WriteMessage(message []byte) error {
 		return newError("failed to get explicit nonce reserved overhead header length").Base(err)
 	}

-	buffer := make([]byte, 0, explicitNonceReservedOverheadHeaderLength+len(message)+s.decryptor.NonceSize())
+	buffer := make([]byte, explicitNonceReservedOverheadHeaderLength, explicitNonceReservedOverheadHeaderLength+len(message)+s.decryptor.NonceSize())
 	buffer, err = s.encryptor.Seal(buffer[:], message)
 	if err != nil {
 		return newError("failed to encrypt message").Base(err)