REALITY protocol: Add ChaCha20-Poly1305 auth mode (#4)

Co-authored-by: RPRX <[email protected]>
XTLS · Jun 13, 2023 · e07c3b0 · e07c3b0
1 parent 176a943
commit e07c3b0
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/tls.go b/tls.go
@@ -36,6 +36,7 @@ import (
  "time"
 
  "github.com/pires/go-proxyproto"
+ "golang.org/x/crypto/chacha20poly1305"
  "golang.org/x/crypto/curve25519"
  "golang.org/x/crypto/hkdf"
 )
@@ -189,11 +190,16 @@ func Server(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) {
  if _, err = hkdf.New(sha256.New, hs.c.AuthKey, hs.clientHello.random[:20], []byte("REALITY")).Read(hs.c.AuthKey); err != nil {
  break
  }
+ var aead cipher.AEAD
+ if aesgcmPreferred(hs.clientHello.cipherSuites) {
+ block, _ := aes.NewCipher(hs.c.AuthKey)
+ aead, _ = cipher.NewGCM(block)
+ } else {
+ aead, _ = chacha20poly1305.New(hs.c.AuthKey)
+ }
  if config.Show {
- fmt.Printf("REALITY remoteAddr: %v\ths.c.AuthKey[:16]: %v\n", remoteAddr, hs.c.AuthKey[:16])
+ fmt.Printf("REALITY remoteAddr: %v\ths.c.AuthKey[:16]: %v\tAEAD: %T\n", remoteAddr, hs.c.AuthKey[:16], aead)
  }
- block, _ := aes.NewCipher(hs.c.AuthKey)
- aead, _ := cipher.NewGCM(block)
  ciphertext := make([]byte, 32)
  plainText := make([]byte, 32)
  copy(ciphertext, hs.clientHello.sessionId)