Remove iv from the Cipher type.

It is dangerous to have a single `iv` member, because there must be separate IVs for encryption and decryption. Instead, store the IVs implicitly inside the `cipher.Stream` objects. The `GetIv` and `GetKey` functions were unused leftovers from OTA support, added in commit 89460d2.
shadowsocks · Jun 14, 2019 · 1c9f757 · 1c9f757
1 parent c3326cd
commit 1c9f757
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 21 deletions.
diff --git a/shadowsocks/conn.go b/shadowsocks/conn.go
@@ -78,18 +78,6 @@ func Dial(addr, server string, cipher *Cipher) (c *Conn, err error) {
 	return DialWithRawAddr(ra, server, cipher)
 }
 
-func (c *Conn) GetIv() (iv []byte) {
-	iv = make([]byte, len(c.iv))
-	copy(iv, c.iv)
-	return
-}
-
-func (c *Conn) GetKey() (key []byte) {
-	key = make([]byte, len(c.key))
-	copy(key, c.key)
-	return
-}
-
 func (c *Conn) Read(b []byte) (n int, err error) {
 	if c.dec == nil {
 		iv := make([]byte, c.info.ivLen)

diff --git a/shadowsocks/encrypt.go b/shadowsocks/encrypt.go
@@ -188,7 +188,6 @@ type Cipher struct {
 	dec  cipher.Stream
 	key  []byte
 	info *cipherInfo
-	iv   []byte
 }
 
 // NewCipher creates a cipher that can be used in Dial() etc.
@@ -215,14 +214,9 @@ func NewCipher(method, password string) (c *Cipher, err error) {
 
 // Initializes the block cipher with CFB mode, returns IV.
 func (c *Cipher) initEncrypt() (iv []byte, err error) {
-	if c.iv == nil {
-		iv = make([]byte, c.info.ivLen)
-		if _, err := io.ReadFull(rand.Reader, iv); err != nil {
-			return nil, err
-		}
-		c.iv = iv
-	} else {
-		iv = c.iv
+	iv = make([]byte, c.info.ivLen)
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
 	}
 	c.enc, err = c.info.newStream(c.key, iv, Encrypt)
 	return