VLESS Encryption: Add customizable 1-RTT padding parameters; Decrease memory using; Chores

Completes https://github.com/XTLS/Xray-core/pull/5067 --------- Co-authored-by: wwqgtxx <wwqgtxx@gmail.com>
2026-06-03 19:51:48 +00:00 · 2025-08-31 04:09:28 +00:00
parent fbb0ecfb83
commit e8b02cd664
13 changed files with 228 additions and 116 deletions
@@ -30,21 +30,21 @@ type ServerInstance struct {
 	RelaysLength  int
 	XorMode       uint32
 	Seconds       uint32
+	PaddingLens   [][2]int
+	PaddingGaps   [][2]int

 	RWLock   sync.RWMutex
 	Sessions map[[16]byte]*ServerSession
 	Closed   bool
 }

-func (i *ServerInstance) Init(nfsSKeysBytes [][]byte, xorMode, seconds uint32) (err error) {
+func (i *ServerInstance) Init(nfsSKeysBytes [][]byte, xorMode, seconds uint32, padding string) (err error) {
 	if i.NfsSKeys != nil {
-		err = errors.New("already initialized")
-		return
+		return errors.New("already initialized")
 	}
 	l := len(nfsSKeysBytes)
 	if l == 0 {
-		err = errors.New("empty nfsSKeysBytes")
-		return
+		return errors.New("empty nfsSKeysBytes")
 	}
 	i.NfsSKeys = make([]any, l)
 	i.NfsPKeysBytes = make([][]byte, l)
@@ -88,7 +88,7 @@ func (i *ServerInstance) Init(nfsSKeysBytes [][]byte, xorMode, seconds uint32) (
 			}
 		}()
 	}
-	return
+	return ParsePadding(padding, &i.PaddingLens, &i.PaddingGaps)
 }

 func (i *ServerInstance) Close() (err error) {
@@ -98,7 +98,7 @@ func (i *ServerInstance) Close() (err error) {
 	return
 }

-func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
+func (i *ServerInstance) Handshake(conn net.Conn, fallback *[]byte) (*CommonConn, error) {
 	if i.NfsSKeys == nil {
 		return nil, errors.New("uninitialized")
 	}
@@ -108,6 +108,9 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 	if _, err := io.ReadFull(conn, ivAndRelays); err != nil {
 		return nil, err
 	}
+	if fallback != nil {
+		*fallback = append(*fallback, ivAndRelays...)
+	}
 	iv := ivAndRelays[:16]
 	relays := ivAndRelays[16:]
 	var nfsKey []byte
@@ -157,6 +160,9 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 	if _, err := io.ReadFull(conn, encryptedLength); err != nil {
 		return nil, err
 	}
+	if fallback != nil {
+		*fallback = append(*fallback, encryptedLength...)
+	}
 	decryptedLength := make([]byte, 2)
 	if _, err := nfsAEAD.Open(decryptedLength[:0], nil, encryptedLength, nil); err != nil {
 		c.UseAES = !c.UseAES
@@ -165,6 +171,9 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 			return nil, err
 		}
 	}
+	if fallback != nil {
+		*fallback = nil
+	}
 	length := DecodeLength(decryptedLength)

 	if length == 32 {
@@ -183,7 +192,7 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 		s := i.Sessions[[16]byte(ticket)]
 		i.RWLock.RUnlock()
 		if s == nil {
-			noises := make([]byte, crypto.RandBetween(1268, 2268)) // matches 1-RTT's server hello length for "random", though it is not important, just for example
+			noises := make([]byte, crypto.RandBetween(1279, 2279)) // matches 1-RTT's server hello length for "random", though it is not important, just for example
 			var err error
 			for err == nil {
 				rand.Read(noises)
@@ -237,25 +246,10 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 	c.UnitedKey = append(pfsKey, nfsKey...)
 	c.AEAD = NewAEAD(pfsPublicKey, c.UnitedKey, c.UseAES)
 	c.PeerAEAD = NewAEAD(encryptedPfsPublicKey[:1184+32], c.UnitedKey, c.UseAES)
+
 	ticket := make([]byte, 16)
 	rand.Read(ticket)
 	copy(ticket, EncodeLength(int(i.Seconds*4/5)))
-
-	pfsKeyExchangeLength := 1088 + 32 + 16
-	encryptedTicketLength := 32
-	paddingLength := int(crypto.RandBetween(100, 1000))
-	serverHello := make([]byte, pfsKeyExchangeLength+encryptedTicketLength+paddingLength)
-	nfsAEAD.Seal(serverHello[:0], MaxNonce, pfsPublicKey, nil)
-	c.AEAD.Seal(serverHello[:pfsKeyExchangeLength], nil, ticket, nil)
-	padding := serverHello[pfsKeyExchangeLength+encryptedTicketLength:]
-	c.AEAD.Seal(padding[:0], nil, EncodeLength(paddingLength-18), nil)
-	c.AEAD.Seal(padding[:18], nil, padding[18:paddingLength-16], nil)
-
-	if _, err := conn.Write(serverHello); err != nil {
-		return nil, err
-	}
-	// padding can be sent in a fragmented way, to create variable traffic pattern, before inner VLESS flow takes control
-
 	if i.Seconds > 0 {
 		i.RWLock.Lock()
 		i.Sessions[[16]byte(ticket)] = &ServerSession{
@@ -265,6 +259,29 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 		i.RWLock.Unlock()
 	}

+	pfsKeyExchangeLength := 1088 + 32 + 16
+	encryptedTicketLength := 32
+	paddingLength, paddingLens, paddingGaps := CreatPadding(i.PaddingLens, i.PaddingGaps)
+	serverHello := make([]byte, pfsKeyExchangeLength+encryptedTicketLength+paddingLength)
+	nfsAEAD.Seal(serverHello[:0], MaxNonce, pfsPublicKey, nil)
+	c.AEAD.Seal(serverHello[:pfsKeyExchangeLength], nil, ticket, nil)
+	padding := serverHello[pfsKeyExchangeLength+encryptedTicketLength:]
+	c.AEAD.Seal(padding[:0], nil, EncodeLength(paddingLength-18), nil)
+	c.AEAD.Seal(padding[:18], nil, padding[18:paddingLength-16], nil)
+
+	paddingLens[0] = pfsKeyExchangeLength + encryptedTicketLength + paddingLens[0]
+	for i, l := range paddingLens { // sends padding in a fragmented way, to create variable traffic pattern, before inner VLESS flow takes control
+		if l > 0 {
+			if _, err := conn.Write(serverHello[:l]); err != nil {
+				return nil, err
+			}
+			serverHello = serverHello[l:]
+		}
+		if len(paddingGaps) > i {
+			time.Sleep(paddingGaps[i])
+		}
+	}
+
 	// important: allows client sends padding slowly, eliminating 1-RTT's traffic pattern
 	if _, err := io.ReadFull(conn, encryptedLength); err != nil {
 		return nil, err