chore: sync vless encryption code

transport/vless/encryption/client.go

@@ -69,8 +69,8 @@ func (i *ClientInstance) Init(nfsEKeyBytes []byte, xor uint32, minutes time.Dura
 	if err != nil {
 		return
 	}
-	hash256 := sha3.Sum256(nfsEKeyBytes)
+	hash32 := sha3.Sum256(nfsEKeyBytes)
-	copy(i.hash11[:], hash256[:])
+	copy(i.hash11[:], hash32[:])
 	if xor > 0 {
 		xorKey := sha3.Sum256(nfsEKeyBytes)
 		i.xorKey = xorKey[:]
@@ -79,7 +79,7 @@ func (i *ClientInstance) Init(nfsEKeyBytes []byte, xor uint32, minutes time.Dura
 	return
 }
 
-func (i *ClientInstance) Handshake(conn net.Conn) (net.Conn, error) {
+func (i *ClientInstance) Handshake(conn net.Conn) (*ClientConn, error) {
 	if i.nfsEKey == nil {
 		return nil, errors.New("uninitialized")
 	}

transport/vless/encryption/doc.go

@@ -13,4 +13,5 @@
 // https://github.com/XTLS/Xray-core/commit/bfe4820f2f086daf639b1957eb23dc13c843cad1
 // https://github.com/XTLS/Xray-core/commit/d1fb48521271251a8c74bd64fcc2fc8700717a3b
 // https://github.com/XTLS/Xray-core/commit/49580705f6029648399304b816a2737f991582a8
+// https://github.com/XTLS/Xray-core/commit/84835bec7d0d8555d0dd30953ed26a272de814c4
 package encryption

transport/vless/encryption/server.go

@@ -54,8 +54,8 @@ func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Durat
 	if err != nil {
 		return
 	}
-	hash256 := sha3.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
+	hash32 := sha3.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
-	copy(i.hash11[:], hash256[:])
+	copy(i.hash11[:], hash32[:])
 	if xor > 0 {
 		xorKey := sha3.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
 		i.xorKey = xorKey[:]
@@ -91,7 +91,7 @@ func (i *ServerInstance) Close() (err error) {
 	return
 }
 
-func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
+func (i *ServerInstance) Handshake(conn net.Conn) (*ServerConn, error) {
 	if i.nfsDKey == nil {
 		return nil, errors.New("uninitialized")
 	}

transport/vless/encryption/xor.go

@@ -49,6 +49,7 @@ func (c *XorConn) Write(b []byte) (int, error) { // whole one/two records
 			l += 10
 			if t == 0 {
 				c.out_after0 = true
+				c.out_header = make([]byte, 0, 5) // important
 			}
 		}
 		c.ctr.XORKeyStream(b[:l], b[:l]) // caller MUST discard b
@@ -77,7 +78,7 @@ func (c *XorConn) Write(b []byte) (int, error) { // whole one/two records
 			break
 		}
 		_, c.out_skip, _ = DecodeHeader(append(c.out_header, p[:need]...))
-		c.out_header = make([]byte, 0, 5) // DO NOT CHANGE
+		c.out_header = c.out_header[:0]
 		c.ctr.XORKeyStream(p[:need], p[:need])
 		p = p[need:]
 	}
@@ -116,6 +117,7 @@ func (c *XorConn) Read(b []byte) (int, error) { // 5-bytes, data, 5-bytes...
 				c.isHeader = false
 				if t == 0 {
 					c.in_after0 = true
+					c.in_header = make([]byte, 0, 5) // important
 				}
 			}
 		} else {
@@ -139,7 +141,7 @@ func (c *XorConn) Read(b []byte) (int, error) { // 5-bytes, data, 5-bytes...
 		}
 		c.peerCtr.XORKeyStream(p[:need], p[:need])
 		_, c.in_skip, _ = DecodeHeader(append(c.in_header, p[:need]...))
-		c.in_header = make([]byte, 0, 5) // DO NOT CHANGE
+		c.in_header = c.in_header[:0]
 		p = p[need:]
 	}
 	return n, err