+++ /dev/null
-From c8e2a99e68109b386c541dcc157f1f64ca8cbd17 Mon Sep 17 00:00:00 2001
-From: xqzr <34030394+xqzr@users.noreply.github.com>
-Date: Fri, 17 Dec 2021 00:25:16 +0800
-Subject: [PATCH] fix unsupported cipher method: xChaCha20-IETF-Poly1305
-
----
- infra/conf/shadowsocks.go | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/infra/conf/shadowsocks.go
-+++ b/infra/conf/shadowsocks.go
-@@ -59,7 +59,7 @@ func (v *ShadowsocksServerConfig) Build(
- return nil, newError("Shadowsocks password is not specified.")
- }
- if account.CipherType < shadowsocks.CipherType_AES_128_GCM ||
-- account.CipherType > shadowsocks.CipherType_CHACHA20_POLY1305 {
-+ account.CipherType > shadowsocks.CipherType_XCHACHA20_POLY1305 {
- return nil, newError("unsupported cipher method: ", user.Cipher)
- }
- config.Users = append(config.Users, &protocol.User{
+++ /dev/null
-From 305e1d716cbd9c6f5c3513dcdad1cd48d525036c Mon Sep 17 00:00:00 2001
-From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
-Date: Sat, 18 Dec 2021 23:23:09 -0500
-Subject: [PATCH] Fix shadowsocks xchacha cipher nonce size
-
----
- common/crypto/auth.go | 4 ----
- proxy/shadowsocks/protocol.go | 2 +-
- proxy/shadowsocks/validator.go | 6 +++---
- 3 files changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/common/crypto/auth.go b/common/crypto/auth.go
-index 13866a4d5..8c659ff06 100644
---- a/common/crypto/auth.go
-+++ b/common/crypto/auth.go
-@@ -39,10 +39,6 @@ func GenerateIncreasingNonce(nonce []byte) BytesGenerator {
- }
- }
-
--func GenerateInitialAEADNonce() BytesGenerator {
-- return GenerateIncreasingNonce([]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF})
--}
--
- func GenerateAEADNonceWithSize(nonceSize int) BytesGenerator {
- c := make([]byte, nonceSize)
- for i := 0; i < nonceSize; i++ {
-diff --git a/proxy/shadowsocks/protocol.go b/proxy/shadowsocks/protocol.go
-index ee2b62c86..d310b009c 100644
---- a/proxy/shadowsocks/protocol.go
-+++ b/proxy/shadowsocks/protocol.go
-@@ -86,7 +86,7 @@ func ReadTCPSession(validator *Validator, reader io.Reader) (*protocol.RequestHe
- if aead != nil {
- auth := &crypto.AEADAuthenticator{
- AEAD: aead,
-- NonceGenerator: crypto.GenerateInitialAEADNonce(),
-+ NonceGenerator: crypto.GenerateAEADNonceWithSize(aead.NonceSize()),
- }
- r = crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
- Auth: auth,
-diff --git a/proxy/shadowsocks/validator.go b/proxy/shadowsocks/validator.go
-index b36e9bc82..5be81447c 100644
---- a/proxy/shadowsocks/validator.go
-+++ b/proxy/shadowsocks/validator.go
-@@ -93,11 +93,11 @@ func (v *Validator) Get(bs []byte, command protocol.RequestCommand) (u *protocol
- var matchErr error
- switch command {
- case protocol.RequestCommandTCP:
-- data := make([]byte, 16)
-- ret, matchErr = aead.Open(data[:0], data[4:16], bs[ivLen:ivLen+18], nil)
-+ data := make([]byte, 4+aead.NonceSize())
-+ ret, matchErr = aead.Open(data[:0], data[4:], bs[ivLen:ivLen+18], nil)
- case protocol.RequestCommandUDP:
- data := make([]byte, 8192)
-- ret, matchErr = aead.Open(data[:0], data[8180:8192], bs[ivLen:], nil)
-+ ret, matchErr = aead.Open(data[:0], data[8192-aead.NonceSize():8192], bs[ivLen:], nil)
- }
-
- if matchErr == nil {