Fix shadowsocks xchacha cipher nonce size

common/crypto/auth.go

@@ -39,10 +39,6 @@ func GenerateIncreasingNonce(nonce []byte) BytesGenerator {
 	}
 }
 
-func GenerateInitialAEADNonce() BytesGenerator {
-	return GenerateIncreasingNonce([]byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF})
-}
-
 func GenerateAEADNonceWithSize(nonceSize int) BytesGenerator {
 	c := make([]byte, nonceSize)
 	for i := 0; i < nonceSize; i++ {

proxy/shadowsocks/protocol.go

@@ -86,7 +86,7 @@ func ReadTCPSession(validator *Validator, reader io.Reader) (*protocol.RequestHe
 		if aead != nil {
 			auth := &crypto.AEADAuthenticator{
 				AEAD:           aead,
-				NonceGenerator: crypto.GenerateInitialAEADNonce(),
+				NonceGenerator: crypto.GenerateAEADNonceWithSize(aead.NonceSize()),
 			}
 			r = crypto.NewAuthenticationReader(auth, &crypto.AEADChunkSizeParser{
 				Auth: auth,

proxy/shadowsocks/validator.go

@@ -93,11 +93,11 @@ func (v *Validator) Get(bs []byte, command protocol.RequestCommand) (u *protocol
 			var matchErr error
 			switch command {
 			case protocol.RequestCommandTCP:
-				data := make([]byte, 16)
-				ret, matchErr = aead.Open(data[:0], data[4:16], bs[ivLen:ivLen+18], nil)
+				data := make([]byte, 4+aead.NonceSize())
+				ret, matchErr = aead.Open(data[:0], data[4:], bs[ivLen:ivLen+18], nil)
 			case protocol.RequestCommandUDP:
 				data := make([]byte, 8192)
-				ret, matchErr = aead.Open(data[:0], data[8180:8192], bs[ivLen:], nil)
+				ret, matchErr = aead.Open(data[:0], data[8192-aead.NonceSize():8192], bs[ivLen:], nil)
 			}
 
 			if matchErr == nil {