Chore: make the code more semantic

2018-09-30 12:25:52 +08:00
parent 220e4f0608
commit 2fd59cb31c
40 changed files with 102 additions and 102 deletions
--- a/component/simple-obfs/http.go
+++ b/component/simple-obfs/http.go
@ -0,0 +1,88 @@
+package obfs
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"math/rand"
+	"net"
+	"net/http"
+)
+
+// HTTPObfs is shadowsocks http simple-obfs implementation
+type HTTPObfs struct {
+	net.Conn
+	host          string
+	port          string
+	buf           []byte
+	offset        int
+	firstRequest  bool
+	firstResponse bool
+}
+
+func (ho *HTTPObfs) Read(b []byte) (int, error) {
+	if ho.buf != nil {
+		n := copy(b, ho.buf[ho.offset:])
+		ho.offset += n
+		if ho.offset == len(ho.buf) {
+			ho.buf = nil
+		}
+		return n, nil
+	}
+
+	if ho.firstResponse {
+		buf := bufPool.Get().([]byte)
+		n, err := ho.Conn.Read(buf)
+		if err != nil {
+			bufPool.Put(buf[:cap(buf)])
+			return 0, err
+		}
+		idx := bytes.Index(buf[:n], []byte("\r\n\r\n"))
+		if idx == -1 {
+			bufPool.Put(buf[:cap(buf)])
+			return 0, io.EOF
+		}
+		ho.firstResponse = false
+		length := n - (idx + 4)
+		n = copy(b, buf[idx+4:n])
+		if length > n {
+			ho.buf = buf[:idx+4+length]
+			ho.offset = idx + 4 + n
+		} else {
+			bufPool.Put(buf[:cap(buf)])
+		}
+		return n, nil
+	}
+	return ho.Conn.Read(b)
+}
+
+func (ho *HTTPObfs) Write(b []byte) (int, error) {
+	if ho.firstRequest {
+		randBytes := make([]byte, 16)
+		rand.Read(randBytes)
+		req, _ := http.NewRequest("GET", fmt.Sprintf("http://%s/", ho.host), bytes.NewBuffer(b[:]))
+		req.Header.Set("User-Agent", fmt.Sprintf("curl/7.%d.%d", rand.Int()%54, rand.Int()%2))
+		req.Header.Set("Upgrade", "websocket")
+		req.Header.Set("Connection", "Upgrade")
+		req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port)
+		req.Header.Set("Sec-WebSocket-Key", base64.URLEncoding.EncodeToString(randBytes))
+		req.ContentLength = int64(len(b))
+		err := req.Write(ho.Conn)
+		ho.firstRequest = false
+		return len(b), err
+	}
+
+	return ho.Conn.Write(b)
+}
+
+// NewHTTPObfs return a HTTPObfs
+func NewHTTPObfs(conn net.Conn, host string, port string) net.Conn {
+	return &HTTPObfs{
+		Conn:          conn,
+		firstRequest:  true,
+		firstResponse: true,
+		host:          host,
+		port:          port,
+	}
+}
--- a/component/simple-obfs/tls.go
+++ b/component/simple-obfs/tls.go
@ -0,0 +1,190 @@
+package obfs
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"math/rand"
+	"net"
+	"sync"
+	"time"
+)
+
+func init() {
+	rand.Seed(time.Now().Unix())
+}
+
+var bufPool = sync.Pool{New: func() interface{} { return make([]byte, 2048) }}
+
+// TLSObfs is shadowsocks tls simple-obfs implementation
+type TLSObfs struct {
+	net.Conn
+	server        string
+	remain        int
+	firstRequest  bool
+	firstResponse bool
+}
+
+func (to *TLSObfs) read(b []byte, discardN int) (int, error) {
+	buf := bufPool.Get().([]byte)
+	_, err := io.ReadFull(to.Conn, buf[:discardN])
+	if err != nil {
+		return 0, err
+	}
+	bufPool.Put(buf[:cap(buf)])
+
+	sizeBuf := make([]byte, 2)
+	_, err = io.ReadFull(to.Conn, sizeBuf)
+	if err != nil {
+		return 0, nil
+	}
+
+	length := int(binary.BigEndian.Uint16(sizeBuf))
+	if length > len(b) {
+		n, err := to.Conn.Read(b)
+		if err != nil {
+			return n, err
+		}
+		to.remain = length - n
+		return n, nil
+	}
+
+	return io.ReadFull(to.Conn, b[:length])
+}
+
+func (to *TLSObfs) Read(b []byte) (int, error) {
+	if to.remain > 0 {
+		length := to.remain
+		if length > len(b) {
+			length = len(b)
+		}
+
+		n, err := io.ReadFull(to.Conn, b[:length])
+		to.remain -= n
+		return n, err
+	}
+
+	if to.firstResponse {
+		// type + ver + lensize + 91 = 96
+		// type + ver + lensize + 1 = 6
+		// type + ver = 3
+		to.firstResponse = false
+		return to.read(b, 105)
+	}
+
+	// type + ver = 3
+	return to.read(b, 3)
+}
+
+func (to *TLSObfs) Write(b []byte) (int, error) {
+	if to.firstRequest {
+		helloMsg := makeClientHelloMsg(b, to.server)
+		_, err := to.Conn.Write(helloMsg)
+		to.firstRequest = false
+		return len(b), err
+	}
+
+	size := bufPool.Get().([]byte)
+	binary.BigEndian.PutUint16(size[:2], uint16(len(b)))
+
+	buf := &bytes.Buffer{}
+	buf.Write([]byte{0x17, 0x03, 0x03})
+	buf.Write(size[:2])
+	buf.Write(b)
+	_, err := to.Conn.Write(buf.Bytes())
+	bufPool.Put(size[:cap(size)])
+	return len(b), err
+}
+
+// NewTLSObfs return a SimpleObfs
+func NewTLSObfs(conn net.Conn, server string) net.Conn {
+	return &TLSObfs{
+		Conn:          conn,
+		server:        server,
+		firstRequest:  true,
+		firstResponse: true,
+	}
+}
+
+func makeClientHelloMsg(data []byte, server string) []byte {
+	random := make([]byte, 32)
+	sessionID := make([]byte, 32)
+	size := make([]byte, 2)
+	rand.Read(random)
+	rand.Read(sessionID)
+
+	buf := &bytes.Buffer{}
+
+	// handshake, TLS 1.0 version, length
+	buf.WriteByte(22)
+	buf.Write([]byte{0x03, 0x01})
+	length := uint16(212 + len(data) + len(server))
+	buf.WriteByte(byte(length >> 8))
+	buf.WriteByte(byte(length & 0xff))
+
+	// clientHello, length, TLS 1.2 version
+	buf.WriteByte(1)
+	binary.BigEndian.PutUint16(size, uint16(208+len(data)+len(server)))
+	buf.WriteByte(0)
+	buf.Write(size)
+	buf.Write([]byte{0x03, 0x03})
+
+	// random, sid len, sid
+	buf.Write(random)
+	buf.WriteByte(32)
+	buf.Write(sessionID)
+
+	// cipher suites
+	buf.Write([]byte{0x00, 0x38})
+	buf.Write([]byte{
+		0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x2b, 0xc0, 0x2f,
+		0x00, 0x9e, 0xc0, 0x24, 0xc0, 0x28, 0x00, 0x6b, 0xc0, 0x23, 0xc0, 0x27, 0x00, 0x67, 0xc0, 0x0a,
+		0xc0, 0x14, 0x00, 0x39, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, 0x00, 0x9d, 0x00, 0x9c, 0x00, 0x3d,
+		0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0xff,
+	})
+
+	// compression
+	buf.Write([]byte{0x01, 0x00})
+
+	// extension length
+	binary.BigEndian.PutUint16(size, uint16(79+len(data)+len(server)))
+	buf.Write(size)
+
+	// session ticket
+	buf.Write([]byte{0x00, 0x23})
+	binary.BigEndian.PutUint16(size, uint16(len(data)))
+	buf.Write(size)
+	buf.Write(data)
+
+	// server name
+	buf.Write([]byte{0x00, 0x00})
+	binary.BigEndian.PutUint16(size, uint16(len(server)+5))
+	buf.Write(size)
+	binary.BigEndian.PutUint16(size, uint16(len(server)+3))
+	buf.Write(size)
+	buf.WriteByte(0)
+	binary.BigEndian.PutUint16(size, uint16(len(server)))
+	buf.Write(size)
+	buf.Write([]byte(server))
+
+	// ec_point
+	buf.Write([]byte{0x00, 0x0b, 0x00, 0x04, 0x03, 0x01, 0x00, 0x02})
+
+	// groups
+	buf.Write([]byte{0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x19, 0x00, 0x18})
+
+	// signature
+	buf.Write([]byte{
+		0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x01, 0x06, 0x02, 0x06, 0x03, 0x05,
+		0x01, 0x05, 0x02, 0x05, 0x03, 0x04, 0x01, 0x04, 0x02, 0x04, 0x03, 0x03, 0x01,
+		0x03, 0x02, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
+	})
+
+	// encrypt then mac
+	buf.Write([]byte{0x00, 0x16, 0x00, 0x00})
+
+	// extended master secret
+	buf.Write([]byte{0x00, 0x17, 0x00, 0x00})
+
+	return buf.Bytes()
+}
--- a/component/vmess/aead.go
+++ b/component/vmess/aead.go
@ -0,0 +1,115 @@
+package vmess
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+type aeadWriter struct {
+	io.Writer
+	cipher.AEAD
+	nonce [32]byte
+	count uint16
+	iv    []byte
+}
+
+func newAEADWriter(w io.Writer, aead cipher.AEAD, iv []byte) *aeadWriter {
+	return &aeadWriter{Writer: w, AEAD: aead, iv: iv}
+}
+
+func (w *aeadWriter) Write(b []byte) (n int, err error) {
+	buf := bufPool.Get().([]byte)
+	defer bufPool.Put(buf[:cap(buf)])
+	length := len(b)
+	for {
+		if length == 0 {
+			break
+		}
+		readLen := chunkSize - w.Overhead()
+		if length < readLen {
+			readLen = length
+		}
+		payloadBuf := buf[lenSize : lenSize+chunkSize-w.Overhead()]
+		copy(payloadBuf, b[n:n+readLen])
+
+		binary.BigEndian.PutUint16(buf[:lenSize], uint16(readLen+w.Overhead()))
+		binary.BigEndian.PutUint16(w.nonce[:2], w.count)
+		copy(w.nonce[2:], w.iv[2:12])
+
+		w.Seal(payloadBuf[:0], w.nonce[:w.NonceSize()], payloadBuf[:readLen], nil)
+		w.count++
+
+		_, err = w.Writer.Write(buf[:lenSize+readLen+w.Overhead()])
+		if err != nil {
+			break
+		}
+		n += readLen
+		length -= readLen
+	}
+	return
+}
+
+type aeadReader struct {
+	io.Reader
+	cipher.AEAD
+	nonce   [32]byte
+	buf     []byte
+	offset  int
+	iv      []byte
+	sizeBuf []byte
+	count   uint16
+}
+
+func newAEADReader(r io.Reader, aead cipher.AEAD, iv []byte) *aeadReader {
+	return &aeadReader{Reader: r, AEAD: aead, iv: iv, sizeBuf: make([]byte, lenSize)}
+}
+
+func (r *aeadReader) Read(b []byte) (int, error) {
+	if r.buf != nil {
+		n := copy(b, r.buf[r.offset:])
+		r.offset += n
+		if r.offset == len(r.buf) {
+			bufPool.Put(r.buf[:cap(r.buf)])
+			r.buf = nil
+		}
+		return n, nil
+	}
+
+	_, err := io.ReadFull(r.Reader, r.sizeBuf)
+	if err != nil {
+		return 0, err
+	}
+
+	size := int(binary.BigEndian.Uint16(r.sizeBuf))
+	if size > maxSize {
+		return 0, errors.New("Buffer is larger than standard")
+	}
+
+	buf := bufPool.Get().([]byte)
+	_, err = io.ReadFull(r.Reader, buf[:size])
+	if err != nil {
+		bufPool.Put(buf[:cap(buf)])
+		return 0, err
+	}
+
+	binary.BigEndian.PutUint16(r.nonce[:2], r.count)
+	copy(r.nonce[2:], r.iv[2:12])
+
+	_, err = r.Open(buf[:0], r.nonce[:r.NonceSize()], buf[:size], nil)
+	r.count++
+	if err != nil {
+		return 0, err
+	}
+	realLen := size - r.Overhead()
+	n := copy(b, buf[:realLen])
+	if len(b) >= realLen {
+		bufPool.Put(buf[:cap(buf)])
+		return n, nil
+	}
+
+	r.offset = n
+	r.buf = buf[:realLen]
+	return n, nil
+}
--- a/component/vmess/chunk.go
+++ b/component/vmess/chunk.go
@ -0,0 +1,103 @@
+package vmess
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"sync"
+)
+
+const (
+	lenSize   = 2
+	chunkSize = 1 << 14   // 2 ** 14 == 16 * 1024
+	maxSize   = 17 * 1024 // 2 + chunkSize + aead.Overhead()
+)
+
+var bufPool = sync.Pool{New: func() interface{} { return make([]byte, maxSize) }}
+
+type chunkReader struct {
+	io.Reader
+	buf     []byte
+	sizeBuf []byte
+	offset  int
+}
+
+func newChunkReader(reader io.Reader) *chunkReader {
+	return &chunkReader{Reader: reader, sizeBuf: make([]byte, lenSize)}
+}
+
+func newChunkWriter(writer io.WriteCloser) *chunkWriter {
+	return &chunkWriter{Writer: writer}
+}
+
+func (cr *chunkReader) Read(b []byte) (int, error) {
+	if cr.buf != nil {
+		n := copy(b, cr.buf[cr.offset:])
+		cr.offset += n
+		if cr.offset == len(cr.buf) {
+			bufPool.Put(cr.buf[:cap(cr.buf)])
+			cr.buf = nil
+		}
+		return n, nil
+	}
+
+	_, err := io.ReadFull(cr.Reader, cr.sizeBuf)
+	if err != nil {
+		return 0, err
+	}
+
+	size := int(binary.BigEndian.Uint16(cr.sizeBuf))
+	if size > maxSize {
+		return 0, errors.New("Buffer is larger than standard")
+	}
+
+	if len(b) >= size {
+		_, err := io.ReadFull(cr.Reader, b[:size])
+		if err != nil {
+			return 0, err
+		}
+
+		return size, nil
+	}
+
+	buf := bufPool.Get().([]byte)
+	_, err = io.ReadFull(cr.Reader, buf[:size])
+	if err != nil {
+		bufPool.Put(buf[:cap(buf)])
+		return 0, err
+	}
+	n := copy(b, cr.buf[:])
+	cr.offset = n
+	cr.buf = buf[:size]
+	return n, nil
+}
+
+type chunkWriter struct {
+	io.Writer
+}
+
+func (cw *chunkWriter) Write(b []byte) (n int, err error) {
+	buf := bufPool.Get().([]byte)
+	defer bufPool.Put(buf[:cap(buf)])
+	length := len(b)
+	for {
+		if length == 0 {
+			break
+		}
+		readLen := chunkSize
+		if length < chunkSize {
+			readLen = length
+		}
+		payloadBuf := buf[lenSize : lenSize+chunkSize]
+		copy(payloadBuf, b[n:n+readLen])
+
+		binary.BigEndian.PutUint16(buf[:lenSize], uint16(readLen))
+		_, err = cw.Writer.Write(buf[:lenSize+readLen])
+		if err != nil {
+			break
+		}
+		n += readLen
+		length -= readLen
+	}
+	return
+}
--- a/component/vmess/conn.go
+++ b/component/vmess/conn.go
@ -0,0 +1,213 @@
+package vmess
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/md5"
+	"encoding/binary"
+	"errors"
+	"hash/fnv"
+	"io"
+	"math/rand"
+	"net"
+	"time"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+func init() {
+	rand.Seed(time.Now().UnixNano())
+}
+
+// Conn wrapper a net.Conn with vmess protocol
+type Conn struct {
+	net.Conn
+	reader      io.Reader
+	writer      io.Writer
+	dst         *DstAddr
+	id          *ID
+	reqBodyIV   []byte
+	reqBodyKey  []byte
+	respBodyIV  []byte
+	respBodyKey []byte
+	respV       byte
+	security    byte
+
+	sent     bool
+	received bool
+}
+
+func (vc *Conn) Write(b []byte) (int, error) {
+	if vc.sent {
+		return vc.writer.Write(b)
+	}
+
+	if err := vc.sendRequest(); err != nil {
+		return 0, err
+	}
+
+	vc.sent = true
+	return vc.writer.Write(b)
+}
+
+func (vc *Conn) Read(b []byte) (int, error) {
+	if vc.received {
+		return vc.reader.Read(b)
+	}
+
+	if err := vc.recvResponse(); err != nil {
+		return 0, err
+	}
+	vc.received = true
+	return vc.reader.Read(b)
+}
+
+func (vc *Conn) sendRequest() error {
+	timestamp := make([]byte, 8)
+	binary.BigEndian.PutUint64(timestamp, uint64(time.Now().UTC().Unix()))
+
+	h := hmac.New(md5.New, vc.id.UUID.Bytes())
+	h.Write(timestamp)
+	_, err := vc.Conn.Write(h.Sum(nil))
+	if err != nil {
+		return err
+	}
+
+	buf := &bytes.Buffer{}
+
+	// Ver IV Key V Opt
+	buf.WriteByte(Version)
+	buf.Write(vc.reqBodyIV[:])
+	buf.Write(vc.reqBodyKey[:])
+	buf.WriteByte(vc.respV)
+	buf.WriteByte(OptionChunkStream)
+
+	p := rand.Intn(16)
+	// P Sec Reserve Cmd
+	buf.WriteByte(byte(p<<4) | byte(vc.security))
+	buf.WriteByte(0)
+	buf.WriteByte(CommandTCP)
+
+	// Port AddrType Addr
+	binary.Write(buf, binary.BigEndian, uint16(vc.dst.Port))
+	buf.WriteByte(vc.dst.AddrType)
+	buf.Write(vc.dst.Addr)
+
+	// padding
+	if p > 0 {
+		padding := make([]byte, p)
+		rand.Read(padding)
+		buf.Write(padding)
+	}
+
+	fnv1a := fnv.New32a()
+	fnv1a.Write(buf.Bytes())
+	buf.Write(fnv1a.Sum(nil))
+
+	block, err := aes.NewCipher(vc.id.CmdKey)
+	if err != nil {
+		return err
+	}
+
+	stream := cipher.NewCFBEncrypter(block, hashTimestamp(time.Now().UTC()))
+	stream.XORKeyStream(buf.Bytes(), buf.Bytes())
+	_, err = vc.Conn.Write(buf.Bytes())
+	return err
+}
+
+func (vc *Conn) recvResponse() error {
+	block, err := aes.NewCipher(vc.respBodyKey[:])
+	if err != nil {
+		return err
+	}
+
+	stream := cipher.NewCFBDecrypter(block, vc.respBodyIV[:])
+	buf := make([]byte, 4)
+	_, err = io.ReadFull(vc.Conn, buf)
+	if err != nil {
+		return err
+	}
+	stream.XORKeyStream(buf, buf)
+
+	if buf[0] != vc.respV {
+		return errors.New("unexpected response header")
+	}
+
+	if buf[2] != 0 {
+		return errors.New("dynamic port is not supported now")
+	}
+
+	return nil
+}
+
+func hashTimestamp(t time.Time) []byte {
+	md5hash := md5.New()
+	ts := make([]byte, 8)
+	binary.BigEndian.PutUint64(ts, uint64(t.UTC().Unix()))
+	md5hash.Write(ts)
+	md5hash.Write(ts)
+	md5hash.Write(ts)
+	md5hash.Write(ts)
+	return md5hash.Sum(nil)
+}
+
+// newConn return a Conn instance
+func newConn(conn net.Conn, id *ID, dst *DstAddr, security Security) *Conn {
+	randBytes := make([]byte, 33)
+	rand.Read(randBytes)
+	reqBodyIV := make([]byte, 16)
+	reqBodyKey := make([]byte, 16)
+	copy(reqBodyIV[:], randBytes[:16])
+	copy(reqBodyKey[:], randBytes[16:32])
+	respV := randBytes[32]
+
+	respBodyKey := md5.Sum(reqBodyKey[:])
+	respBodyIV := md5.Sum(reqBodyIV[:])
+
+	var writer io.Writer
+	var reader io.Reader
+	switch security {
+	case SecurityNone:
+		reader = newChunkReader(conn)
+		writer = newChunkWriter(conn)
+	case SecurityAES128GCM:
+		block, _ := aes.NewCipher(reqBodyKey[:])
+		aead, _ := cipher.NewGCM(block)
+		writer = newAEADWriter(conn, aead, reqBodyIV[:])
+
+		block, _ = aes.NewCipher(respBodyKey[:])
+		aead, _ = cipher.NewGCM(block)
+		reader = newAEADReader(conn, aead, respBodyIV[:])
+	case SecurityCHACHA20POLY1305:
+		key := make([]byte, 32)
+		t := md5.Sum(reqBodyKey[:])
+		copy(key, t[:])
+		t = md5.Sum(key[:16])
+		copy(key[16:], t[:])
+		aead, _ := chacha20poly1305.New(key)
+		writer = newAEADWriter(conn, aead, reqBodyIV[:])
+
+		t = md5.Sum(respBodyKey[:])
+		copy(key, t[:])
+		t = md5.Sum(key[:16])
+		copy(key[16:], t[:])
+		aead, _ = chacha20poly1305.New(key)
+		reader = newAEADReader(conn, aead, respBodyIV[:])
+	}
+
+	return &Conn{
+		Conn:        conn,
+		id:          id,
+		dst:         dst,
+		reqBodyIV:   reqBodyIV,
+		reqBodyKey:  reqBodyKey,
+		respV:       respV,
+		respBodyIV:  respBodyIV[:],
+		respBodyKey: respBodyKey[:],
+		reader:      reader,
+		writer:      writer,
+		security:    security,
+	}
+}
--- a/component/vmess/user.go
+++ b/component/vmess/user.go
@ -0,0 +1,54 @@
+package vmess
+
+import (
+	"bytes"
+	"crypto/md5"
+
+	"github.com/gofrs/uuid"
+)
+
+// ID cmdKey length
+const (
+	IDBytesLen = 16
+)
+
+// The ID of en entity, in the form of a UUID.
+type ID struct {
+	UUID   *uuid.UUID
+	CmdKey []byte
+}
+
+// newID returns an ID with given UUID.
+func newID(uuid *uuid.UUID) *ID {
+	id := &ID{UUID: uuid, CmdKey: make([]byte, IDBytesLen)}
+	md5hash := md5.New()
+	md5hash.Write(uuid.Bytes())
+	md5hash.Write([]byte("c48619fe-8f02-49e0-b9e9-edf763e17e21"))
+	md5hash.Sum(id.CmdKey[:0])
+	return id
+}
+
+func nextID(u *uuid.UUID) *uuid.UUID {
+	md5hash := md5.New()
+	md5hash.Write(u.Bytes())
+	md5hash.Write([]byte("16167dc8-16b6-4e6d-b8bb-65dd68113a81"))
+	var newid uuid.UUID
+	for {
+		md5hash.Sum(newid[:0])
+		if !bytes.Equal(newid.Bytes(), u.Bytes()) {
+			return &newid
+		}
+		md5hash.Write([]byte("533eff8a-4113-4b10-b5ce-0f5d76b98cd2"))
+	}
+}
+
+func newAlterIDs(primary *ID, alterIDCount uint16) []*ID {
+	alterIDs := make([]*ID, alterIDCount)
+	prevID := primary.UUID
+	for idx := range alterIDs {
+		newid := nextID(prevID)
+		alterIDs[idx] = &ID{UUID: newid, CmdKey: primary.CmdKey[:]}
+		prevID = newid
+	}
+	return alterIDs
+}
--- a/component/vmess/vmess.go
+++ b/component/vmess/vmess.go
@ -0,0 +1,117 @@
+package vmess
+
+import (
+	"crypto/tls"
+	"fmt"
+	"math/rand"
+	"net"
+	"runtime"
+
+	"github.com/gofrs/uuid"
+)
+
+// Version of vmess
+const Version byte = 1
+
+// Request Options
+const (
+	OptionChunkStream  byte = 1
+	OptionChunkMasking byte = 4
+)
+
+// Security type vmess
+type Security = byte
+
+// Cipher types
+const (
+	SecurityAES128GCM        Security = 3
+	SecurityCHACHA20POLY1305 Security = 4
+	SecurityNone             Security = 5
+)
+
+// CipherMapping return
+var CipherMapping = map[string]byte{
+	"none":              SecurityNone,
+	"aes-128-gcm":       SecurityAES128GCM,
+	"chacha20-poly1305": SecurityCHACHA20POLY1305,
+}
+
+var tlsConfig = &tls.Config{
+	InsecureSkipVerify: true,
+}
+
+// Command types
+const (
+	CommandTCP byte = 1
+	CommandUDP byte = 2
+)
+
+// Addr types
+const (
+	AtypIPv4       byte = 1
+	AtypDomainName byte = 2
+	AtypIPv6       byte = 3
+)
+
+// DstAddr store destination address
+type DstAddr struct {
+	AddrType byte
+	Addr     []byte
+	Port     uint
+}
+
+// Client is vmess connection generator
+type Client struct {
+	user     []*ID
+	uuid     *uuid.UUID
+	security Security
+	tls      bool
+}
+
+// Config of vmess
+type Config struct {
+	UUID     string
+	AlterID  uint16
+	Security string
+	TLS      bool
+}
+
+// New return a Conn with net.Conn and DstAddr
+func (c *Client) New(conn net.Conn, dst *DstAddr) net.Conn {
+	r := rand.Intn(len(c.user))
+	if c.tls {
+		conn = tls.Client(conn, tlsConfig)
+	}
+	return newConn(conn, c.user[r], dst, c.security)
+}
+
+// NewClient return Client instance
+func NewClient(config Config) (*Client, error) {
+	uid, err := uuid.FromString(config.UUID)
+	if err != nil {
+		return nil, err
+	}
+
+	var security Security
+	switch config.Security {
+	case "aes-128-gcm":
+		security = SecurityAES128GCM
+	case "chacha20-poly1305":
+		security = SecurityCHACHA20POLY1305
+	case "none":
+		security = SecurityNone
+	case "auto":
+		security = SecurityCHACHA20POLY1305
+		if runtime.GOARCH == "amd64" || runtime.GOARCH == "s390x" || runtime.GOARCH == "arm64" {
+			security = SecurityAES128GCM
+		}
+	default:
+		return nil, fmt.Errorf("Unknown security type: %s", config.Security)
+	}
+	return &Client{
+		user:     newAlterIDs(newID(&uid), config.AlterID),
+		uuid:     &uid,
+		security: security,
+		tls:      config.TLS,
+	}, nil
+}