From: Shelikhoo <xiaokangwang@outlook.com>
Date: Mon, 22 Feb 2021 13:20:36 +0000
Subject: Fix incorrect HMac Chaining, further checking needed

(cherry picked from commit 0024c6e028768d8516bdee11be9834b2617ff00c)

Closes: #1009818
---
 proxy/vmess/aead/kdf.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/proxy/vmess/aead/kdf.go b/proxy/vmess/aead/kdf.go
index ebcea0a..5fc4ac5 100644
--- a/proxy/vmess/aead/kdf.go
+++ b/proxy/vmess/aead/kdf.go
@@ -7,17 +7,27 @@ import (
 )
 
 func KDF(key []byte, path ...string) []byte {
-	hmacf := hmac.New(sha256.New, []byte(KDFSaltConstVMessAEADKDF))
-
+	hmacCreator := &hMacCreator{value: []byte(KDFSaltConstVMessAEADKDF)}
 	for _, v := range path {
-		hmacf = hmac.New(func() hash.Hash {
-			return hmacf
-		}, []byte(v))
+		hmacCreator = &hMacCreator{value: []byte(v), parent: hmacCreator}
 	}
+	hmacf := hmacCreator.Create()
 	hmacf.Write(key)
 	return hmacf.Sum(nil)
 }
 
+type hMacCreator struct {
+	parent *hMacCreator
+	value  []byte
+}
+
+func (h *hMacCreator) Create() hash.Hash {
+	if h.parent == nil {
+		return hmac.New(sha256.New, h.value)
+	}
+	return hmac.New(h.parent.Create, h.value)
+}
+
 func KDF16(key []byte, path ...string) []byte {
 	r := KDF(key, path...)
 	return r[:16]