v2ray-core/proxy/vmess/encoding/client.go

package encoding

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/md5"
	"crypto/rand"
	"fmt"
	"hash/fnv"
	"io"

	"golang.org/x/crypto/chacha20poly1305"

	"v2ray.com/core/common/crypto"
	"v2ray.com/core/common/dice"
	v2io "v2ray.com/core/common/io"
	"v2ray.com/core/common/log"
	v2net "v2ray.com/core/common/net"
	"v2ray.com/core/common/protocol"
	"v2ray.com/core/common/serial"
	"v2ray.com/core/proxy/vmess"
)

func hashTimestamp(t protocol.Timestamp) []byte {
	bytes := make([]byte, 0, 32)
	bytes = t.Bytes(bytes)
	bytes = t.Bytes(bytes)
	bytes = t.Bytes(bytes)
	bytes = t.Bytes(bytes)
	return bytes
}

type ClientSession struct {
	requestBodyKey  []byte
	requestBodyIV   []byte
	responseHeader  byte
	responseBodyKey []byte
	responseBodyIV  []byte
	responseReader  io.Reader
	idHash          protocol.IDHash
}

func NewClientSession(idHash protocol.IDHash) *ClientSession {
	randomBytes := make([]byte, 33) // 16 + 16 + 1
	rand.Read(randomBytes)

	session := &ClientSession{}
	session.requestBodyKey = randomBytes[:16]
	session.requestBodyIV = randomBytes[16:32]
	session.responseHeader = randomBytes[32]
	responseBodyKey := md5.Sum(session.requestBodyKey)
	responseBodyIV := md5.Sum(session.requestBodyIV)
	session.responseBodyKey = responseBodyKey[:]
	session.responseBodyIV = responseBodyIV[:]
	session.idHash = idHash

	return session
}

func (v *ClientSession) EncodeRequestHeader(header *protocol.RequestHeader, writer io.Writer) {
	timestamp := protocol.NewTimestampGenerator(protocol.NowTime(), 30)()
	account, err := header.User.GetTypedAccount()
	if err != nil {
		log.Error("VMess: Failed to get user account: ", err)
		return
	}
	idHash := v.idHash(account.(*vmess.InternalAccount).AnyValidID().Bytes())
	idHash.Write(timestamp.Bytes(nil))
	writer.Write(idHash.Sum(nil))

	buffer := make([]byte, 0, 512)
	buffer = append(buffer, Version)
	buffer = append(buffer, v.requestBodyIV...)
	buffer = append(buffer, v.requestBodyKey...)
	buffer = append(buffer, v.responseHeader, byte(header.Option))
	padingLen := dice.Roll(16)
	security := byte(padingLen<<4) | byte(header.Security)
	buffer = append(buffer, security, byte(0), byte(header.Command))
	buffer = header.Port.Bytes(buffer)

	switch header.Address.Family() {
	case v2net.AddressFamilyIPv4:
		buffer = append(buffer, AddrTypeIPv4)
		buffer = append(buffer, header.Address.IP()...)
	case v2net.AddressFamilyIPv6:
		buffer = append(buffer, AddrTypeIPv6)
		buffer = append(buffer, header.Address.IP()...)
	case v2net.AddressFamilyDomain:
		buffer = append(buffer, AddrTypeDomain, byte(len(header.Address.Domain())))
		buffer = append(buffer, header.Address.Domain()...)
	}

	pading := make([]byte, padingLen)
	rand.Read(pading)
	buffer = append(buffer, pading...)

	fnv1a := fnv.New32a()
	fnv1a.Write(buffer)

	buffer = fnv1a.Sum(buffer)

	timestampHash := md5.New()
	timestampHash.Write(hashTimestamp(timestamp))
	iv := timestampHash.Sum(nil)
	aesStream := crypto.NewAesEncryptionStream(account.(*vmess.InternalAccount).ID.CmdKey(), iv)
	aesStream.XORKeyStream(buffer, buffer)
	writer.Write(buffer)

	return
}

func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, writer io.Writer) v2io.Writer {
	var authWriter io.Writer
	if request.Security.Is(protocol.SecurityType_NONE) {
		if request.Option.Has(protocol.RequestOptionChunkStream) {
			auth := &crypto.AEADAuthenticator{
				AEAD:                    new(FnvAuthenticator),
				NonceGenerator:          crypto.NoOpBytesGenerator{},
				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			}
			authWriter = crypto.NewAuthenticationWriter(auth, writer)
		} else {
			authWriter = writer
		}
	} else if request.Security.Is(protocol.SecurityType_LEGACY) {
		aesStream := crypto.NewAesEncryptionStream(v.requestBodyKey, v.requestBodyIV)
		cryptionWriter := crypto.NewCryptionWriter(aesStream, writer)
		if request.Option.Has(protocol.RequestOptionChunkStream) {
			auth := &crypto.AEADAuthenticator{
				AEAD:                    new(FnvAuthenticator),
				NonceGenerator:          crypto.NoOpBytesGenerator{},
				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			}
			authWriter = crypto.NewAuthenticationWriter(auth, cryptionWriter)
		} else {
			authWriter = cryptionWriter
		}
	} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {
		block, _ := aes.NewCipher(v.responseBodyKey)
		aead, _ := cipher.NewGCM(block)

		auth := &crypto.AEADAuthenticator{
			AEAD: aead,
			NonceGenerator: &ChunkNonceGenerator{
				Nonce: append([]byte(nil), v.responseBodyIV...),
				Size:  aead.NonceSize(),
			},
			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
		}
		authWriter = crypto.NewAuthenticationWriter(auth, writer)
	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
		aead, _ := chacha20poly1305.New(v.responseBodyKey)

		auth := &crypto.AEADAuthenticator{
			AEAD: aead,
			NonceGenerator: &ChunkNonceGenerator{
				Nonce: append([]byte(nil), v.responseBodyIV...),
				Size:  aead.NonceSize(),
			},
			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
		}
		authWriter = crypto.NewAuthenticationWriter(auth, writer)
	}

	return v2io.NewAdaptiveWriter(authWriter)

}

func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.ResponseHeader, error) {
	aesStream := crypto.NewAesDecryptionStream(v.responseBodyKey, v.responseBodyIV)
	v.responseReader = crypto.NewCryptionReader(aesStream, reader)

	buffer := make([]byte, 256)

	_, err := io.ReadFull(v.responseReader, buffer[:4])
	if err != nil {
		log.Info("VMess|Client: Failed to read response header: ", err)
		return nil, err
	}

	if buffer[0] != v.responseHeader {
		return nil, fmt.Errorf("VMess|Client: Unexpected response header. Expecting %d but actually %d", v.responseHeader, buffer[0])
	}

	header := &protocol.ResponseHeader{
		Option: protocol.ResponseOption(buffer[1]),
	}

	if buffer[2] != 0 {
		cmdId := buffer[2]
		dataLen := int(buffer[3])
		_, err := io.ReadFull(v.responseReader, buffer[:dataLen])
		if err != nil {
			log.Info("VMess|Client: Failed to read response command: ", err)
			return nil, err
		}
		data := buffer[:dataLen]
		command, err := UnmarshalCommand(cmdId, data)
		if err == nil {
			header.Command = command
		}
	}

	return header, nil
}

func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) v2io.Reader {
	aggressive := (request.Command == protocol.RequestCommandTCP)
	var authReader io.Reader
	if request.Security.Is(protocol.SecurityType_NONE) {
		if request.Option.Has(protocol.RequestOptionChunkStream) {
			auth := &crypto.AEADAuthenticator{
				AEAD:                    new(FnvAuthenticator),
				NonceGenerator:          crypto.NoOpBytesGenerator{},
				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			}
			authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
		} else {
			authReader = reader
		}
	} else if request.Security.Is(protocol.SecurityType_LEGACY) {
		if request.Option.Has(protocol.RequestOptionChunkStream) {
			auth := &crypto.AEADAuthenticator{
				AEAD:                    new(FnvAuthenticator),
				NonceGenerator:          crypto.NoOpBytesGenerator{},
				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
			}
			authReader = crypto.NewAuthenticationReader(auth, v.responseReader, aggressive)
		} else {
			authReader = v.responseReader
		}
	} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {
		block, _ := aes.NewCipher(v.responseBodyKey)
		aead, _ := cipher.NewGCM(block)

		auth := &crypto.AEADAuthenticator{
			AEAD: aead,
			NonceGenerator: &ChunkNonceGenerator{
				Nonce: append([]byte(nil), v.responseBodyIV...),
				Size:  aead.NonceSize(),
			},
			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
		}
		authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
		aead, _ := chacha20poly1305.New(v.responseBodyKey)

		auth := &crypto.AEADAuthenticator{
			AEAD: aead,
			NonceGenerator: &ChunkNonceGenerator{
				Nonce: append([]byte(nil), v.responseBodyIV...),
				Size:  aead.NonceSize(),
			},
			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
		}
		authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
	}

	return v2io.NewAdaptiveReader(authReader)
}

type ChunkNonceGenerator struct {
	Nonce []byte
	Size  int
	count uint16
}

func (v *ChunkNonceGenerator) Next() []byte {
	serial.Uint16ToBytes(v.count, v.Nonce[:2])
	v.count++
	return v.Nonce[:v.Size]
}
move encoding to vmess 2016-07-23 13:17:51 +02:00			`package encoding`
protocol and api 2016-02-25 21:50:38 +01:00
			`import (`
more security types in vmess. 2016-12-07 17:32:40 +01:00			`"crypto/aes"`
			`"crypto/cipher"`
protocol and api 2016-02-25 21:50:38 +01:00			`"crypto/md5"`
			`"crypto/rand"`
refine error message 2016-11-19 14:38:13 +01:00			`"fmt"`
protocol and api 2016-02-25 21:50:38 +01:00			`"hash/fnv"`
			`"io"`
more security types in vmess. 2016-12-07 17:32:40 +01:00
			`"golang.org/x/crypto/chacha20poly1305"`

unified import path 2016-08-20 20:55:45 +02:00			`"v2ray.com/core/common/crypto"`
more security types in vmess. 2016-12-07 17:32:40 +01:00			`"v2ray.com/core/common/dice"`
			`v2io "v2ray.com/core/common/io"`
unified import path 2016-08-20 20:55:45 +02:00			`"v2ray.com/core/common/log"`
			`v2net "v2ray.com/core/common/net"`
			`"v2ray.com/core/common/protocol"`
more security types in vmess. 2016-12-07 17:32:40 +01:00			`"v2ray.com/core/common/serial"`
unified import path 2016-08-20 20:55:45 +02:00			`"v2ray.com/core/proxy/vmess"`
protocol and api 2016-02-25 21:50:38 +01:00			`)`

			`func hashTimestamp(t protocol.Timestamp) []byte {`
			`bytes := make([]byte, 0, 32)`
fix a bug in vmess encoding 2016-07-27 16:36:46 +02:00			`bytes = t.Bytes(bytes)`
			`bytes = t.Bytes(bytes)`
			`bytes = t.Bytes(bytes)`
			`bytes = t.Bytes(bytes)`
protocol and api 2016-02-25 21:50:38 +01:00			`return bytes`
			`}`

			`type ClientSession struct {`
			`requestBodyKey []byte`
			`requestBodyIV []byte`
			`responseHeader byte`
			`responseBodyKey []byte`
			`responseBodyIV []byte`
more protocol implementation 2016-02-27 00:05:53 +01:00			`responseReader io.Reader`
protocol and api 2016-02-25 21:50:38 +01:00			`idHash protocol.IDHash`
			`}`

			`func NewClientSession(idHash protocol.IDHash) *ClientSession {`
			`randomBytes := make([]byte, 33) // 16 + 16 + 1`
			`rand.Read(randomBytes)`

			`session := &ClientSession{}`
			`session.requestBodyKey = randomBytes[:16]`
			`session.requestBodyIV = randomBytes[16:32]`
			`session.responseHeader = randomBytes[32]`
more protocol implementation 2016-02-27 00:05:53 +01:00			`responseBodyKey := md5.Sum(session.requestBodyKey)`
			`responseBodyIV := md5.Sum(session.requestBodyIV)`
			`session.responseBodyKey = responseBodyKey[:]`
			`session.responseBodyIV = responseBodyIV[:]`
protocol and api 2016-02-25 21:50:38 +01:00			`session.idHash = idHash`

			`return session`
			`}`

rename 'this' 2016-11-27 21:39:09 +01:00			`func (v ClientSession) EncodeRequestHeader(header protocol.RequestHeader, writer io.Writer) {`
protocol and api 2016-02-25 21:50:38 +01:00			`timestamp := protocol.NewTimestampGenerator(protocol.NowTime(), 30)()`
remove use of any 2016-10-16 14:22:21 +02:00			`account, err := header.User.GetTypedAccount()`
accounts in protobuf 2016-09-18 00:41:21 +02:00			`if err != nil {`
			`log.Error("VMess: Failed to get user account: ", err)`
			`return`
			`}`
rename 'this' 2016-11-27 21:39:09 +01:00			`idHash := v.idHash(account.(*vmess.InternalAccount).AnyValidID().Bytes())`
refactor bytes functions 2016-06-26 22:34:48 +02:00			`idHash.Write(timestamp.Bytes(nil))`
Migrate VMessOut into protocol 2016-02-27 16:41:21 +01:00			`writer.Write(idHash.Sum(nil))`
protocol and api 2016-02-25 21:50:38 +01:00
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`buffer := make([]byte, 0, 512)`
			`buffer = append(buffer, Version)`
rename 'this' 2016-11-27 21:39:09 +01:00			`buffer = append(buffer, v.requestBodyIV...)`
			`buffer = append(buffer, v.requestBodyKey...)`
more security types in vmess. 2016-12-07 17:32:40 +01:00			`buffer = append(buffer, v.responseHeader, byte(header.Option))`
			`padingLen := dice.Roll(16)`
			`security := byte(padingLen<<4) \| byte(header.Security)`
			`buffer = append(buffer, security, byte(0), byte(header.Command))`
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`buffer = header.Port.Bytes(buffer)`
protocol and api 2016-02-25 21:50:38 +01:00
introduce address family in v2net 2016-08-14 18:14:12 +02:00			`switch header.Address.Family() {`
			`case v2net.AddressFamilyIPv4:`
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`buffer = append(buffer, AddrTypeIPv4)`
			`buffer = append(buffer, header.Address.IP()...)`
introduce address family in v2net 2016-08-14 18:14:12 +02:00			`case v2net.AddressFamilyIPv6:`
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`buffer = append(buffer, AddrTypeIPv6)`
			`buffer = append(buffer, header.Address.IP()...)`
introduce address family in v2net 2016-08-14 18:14:12 +02:00			`case v2net.AddressFamilyDomain:`
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`buffer = append(buffer, AddrTypeDomain, byte(len(header.Address.Domain())))`
			`buffer = append(buffer, header.Address.Domain()...)`
protocol and api 2016-02-25 21:50:38 +01:00			`}`

more security types in vmess. 2016-12-07 17:32:40 +01:00			`pading := make([]byte, padingLen)`
			`rand.Read(pading)`
			`buffer = append(buffer, pading...)`

protocol and api 2016-02-25 21:50:38 +01:00			`fnv1a := fnv.New32a()`
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`fnv1a.Write(buffer)`
protocol and api 2016-02-25 21:50:38 +01:00
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`buffer = fnv1a.Sum(buffer)`
protocol and api 2016-02-25 21:50:38 +01:00
			`timestampHash := md5.New()`
			`timestampHash.Write(hashTimestamp(timestamp))`
			`iv := timestampHash.Sum(nil)`
refactor protos 2016-10-12 18:43:55 +02:00			`aesStream := crypto.NewAesEncryptionStream(account.(*vmess.InternalAccount).ID.CmdKey(), iv)`
remove unnecessary use of buffer 2016-07-15 21:15:41 +02:00			`aesStream.XORKeyStream(buffer, buffer)`
			`writer.Write(buffer)`
protocol and api 2016-02-25 21:50:38 +01:00
			`return`
			`}`

more security types in vmess. 2016-12-07 17:32:40 +01:00			`func (v ClientSession) EncodeRequestBody(request protocol.RequestHeader, writer io.Writer) v2io.Writer {`
			`var authWriter io.Writer`
			`if request.Security.Is(protocol.SecurityType_NONE) {`
			`if request.Option.Has(protocol.RequestOptionChunkStream) {`
			`auth := &crypto.AEADAuthenticator{`
			`AEAD: new(FnvAuthenticator),`
			`NonceGenerator: crypto.NoOpBytesGenerator{},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authWriter = crypto.NewAuthenticationWriter(auth, writer)`
			`} else {`
			`authWriter = writer`
			`}`
			`} else if request.Security.Is(protocol.SecurityType_LEGACY) {`
			`aesStream := crypto.NewAesEncryptionStream(v.requestBodyKey, v.requestBodyIV)`
			`cryptionWriter := crypto.NewCryptionWriter(aesStream, writer)`
			`if request.Option.Has(protocol.RequestOptionChunkStream) {`
			`auth := &crypto.AEADAuthenticator{`
			`AEAD: new(FnvAuthenticator),`
			`NonceGenerator: crypto.NoOpBytesGenerator{},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authWriter = crypto.NewAuthenticationWriter(auth, cryptionWriter)`
			`} else {`
			`authWriter = cryptionWriter`
			`}`
			`} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {`
			`block, _ := aes.NewCipher(v.responseBodyKey)`
			`aead, _ := cipher.NewGCM(block)`

			`auth := &crypto.AEADAuthenticator{`
			`AEAD: aead,`
			`NonceGenerator: &ChunkNonceGenerator{`
			`Nonce: append([]byte(nil), v.responseBodyIV...),`
			`Size: aead.NonceSize(),`
			`},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authWriter = crypto.NewAuthenticationWriter(auth, writer)`
			`} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {`
			`aead, _ := chacha20poly1305.New(v.responseBodyKey)`

			`auth := &crypto.AEADAuthenticator{`
			`AEAD: aead,`
			`NonceGenerator: &ChunkNonceGenerator{`
			`Nonce: append([]byte(nil), v.responseBodyIV...),`
			`Size: aead.NonceSize(),`
			`},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authWriter = crypto.NewAuthenticationWriter(auth, writer)`
			`}`

			`return v2io.NewAdaptiveWriter(authWriter)`

protocol and api 2016-02-25 21:50:38 +01:00			`}`

rename 'this' 2016-11-27 21:39:09 +01:00			`func (v ClientSession) DecodeResponseHeader(reader io.Reader) (protocol.ResponseHeader, error) {`
			`aesStream := crypto.NewAesDecryptionStream(v.responseBodyKey, v.responseBodyIV)`
			`v.responseReader = crypto.NewCryptionReader(aesStream, reader)`
more protocol implementation 2016-02-27 00:05:53 +01:00
remove unnecessary use of buffer 2016-07-16 10:45:32 +02:00			`buffer := make([]byte, 256)`
more protocol implementation 2016-02-27 00:05:53 +01:00
rename 'this' 2016-11-27 21:39:09 +01:00			`_, err := io.ReadFull(v.responseReader, buffer[:4])`
more protocol implementation 2016-02-27 00:05:53 +01:00			`if err != nil {`
more security types in vmess. 2016-12-07 17:32:40 +01:00			`log.Info("VMess\|Client: Failed to read response header: ", err)`
more protocol implementation 2016-02-27 00:05:53 +01:00			`return nil, err`
			`}`

rename 'this' 2016-11-27 21:39:09 +01:00			`if buffer[0] != v.responseHeader {`
			`return nil, fmt.Errorf("VMess\|Client: Unexpected response header. Expecting %d but actually %d", v.responseHeader, buffer[0])`
more protocol implementation 2016-02-27 00:05:53 +01:00			`}`

send reuse option in header 2016-06-02 21:34:25 +02:00			`header := &protocol.ResponseHeader{`
remove unnecessary use of buffer 2016-07-16 10:45:32 +02:00			`Option: protocol.ResponseOption(buffer[1]),`
send reuse option in header 2016-06-02 21:34:25 +02:00			`}`
more protocol implementation 2016-02-27 00:05:53 +01:00
remove unnecessary use of buffer 2016-07-16 10:45:32 +02:00			`if buffer[2] != 0 {`
			`cmdId := buffer[2]`
			`dataLen := int(buffer[3])`
rename 'this' 2016-11-27 21:39:09 +01:00			`_, err := io.ReadFull(v.responseReader, buffer[:dataLen])`
more protocol implementation 2016-02-27 00:05:53 +01:00			`if err != nil {`
more security types in vmess. 2016-12-07 17:32:40 +01:00			`log.Info("VMess\|Client: Failed to read response command: ", err)`
more protocol implementation 2016-02-27 00:05:53 +01:00			`return nil, err`
			`}`
remove unnecessary use of buffer 2016-07-16 10:45:32 +02:00			`data := buffer[:dataLen]`
more protocol implementation 2016-02-27 00:05:53 +01:00			`command, err := UnmarshalCommand(cmdId, data)`
Fix unused variables 2016-04-26 00:46:04 +02:00			`if err == nil {`
			`header.Command = command`
			`}`
more protocol implementation 2016-02-27 00:05:53 +01:00			`}`

			`return header, nil`
			`}`

more security types in vmess. 2016-12-07 17:32:40 +01:00			`func (v ClientSession) DecodeResponseBody(request protocol.RequestHeader, reader io.Reader) v2io.Reader {`
			`aggressive := (request.Command == protocol.RequestCommandTCP)`
			`var authReader io.Reader`
			`if request.Security.Is(protocol.SecurityType_NONE) {`
			`if request.Option.Has(protocol.RequestOptionChunkStream) {`
			`auth := &crypto.AEADAuthenticator{`
			`AEAD: new(FnvAuthenticator),`
			`NonceGenerator: crypto.NoOpBytesGenerator{},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)`
			`} else {`
			`authReader = reader`
			`}`
			`} else if request.Security.Is(protocol.SecurityType_LEGACY) {`
			`if request.Option.Has(protocol.RequestOptionChunkStream) {`
			`auth := &crypto.AEADAuthenticator{`
			`AEAD: new(FnvAuthenticator),`
			`NonceGenerator: crypto.NoOpBytesGenerator{},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authReader = crypto.NewAuthenticationReader(auth, v.responseReader, aggressive)`
			`} else {`
			`authReader = v.responseReader`
			`}`
			`} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {`
			`block, _ := aes.NewCipher(v.responseBodyKey)`
			`aead, _ := cipher.NewGCM(block)`

			`auth := &crypto.AEADAuthenticator{`
			`AEAD: aead,`
			`NonceGenerator: &ChunkNonceGenerator{`
			`Nonce: append([]byte(nil), v.responseBodyIV...),`
			`Size: aead.NonceSize(),`
			`},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)`
			`} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {`
			`aead, _ := chacha20poly1305.New(v.responseBodyKey)`

			`auth := &crypto.AEADAuthenticator{`
			`AEAD: aead,`
			`NonceGenerator: &ChunkNonceGenerator{`
			`Nonce: append([]byte(nil), v.responseBodyIV...),`
			`Size: aead.NonceSize(),`
			`},`
			`AdditionalDataGenerator: crypto.NoOpBytesGenerator{},`
			`}`
			`authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)`
			`}`

			`return v2io.NewAdaptiveReader(authReader)`
			`}`

			`type ChunkNonceGenerator struct {`
			`Nonce []byte`
			`Size int`
			`count uint16`
			`}`

			`func (v *ChunkNonceGenerator) Next() []byte {`
			`serial.Uint16ToBytes(v.count, v.Nonce[:2])`
			`v.count++`
			`return v.Nonce[:v.Size]`
more protocol implementation 2016-02-27 00:05:53 +01:00			`}`