Feat: clarify VLESS encryption auth selection (#4271)
* feat(traffic_writer): enhance traffic writer with concurrency safety and state management * Revert "feat(traffic_writer): enhance traffic writer with concurrency safety and state management" This reverts commit e6760ae39629a592dec293197768f27ff0f5a578. * feat(vless): clarify VLESS encryption auth selection and enhance parsing logic
This commit is contained in:
committed by
GitHub
parent
d86e87ed30
commit
fdaa65ad7e
+26
-6
@@ -1275,7 +1275,13 @@ func (s *ServerService) GetNewVlessEnc() (any, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
lines := strings.Split(out.String(), "\n")
|
||||
return map[string]any{
|
||||
"auths": parseVlessEncAuths(out.String()),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func parseVlessEncAuths(output string) []map[string]string {
|
||||
lines := strings.Split(output, "\n")
|
||||
var auths []map[string]string
|
||||
var current map[string]string
|
||||
|
||||
@@ -1285,14 +1291,18 @@ func (s *ServerService) GetNewVlessEnc() (any, error) {
|
||||
if current != nil {
|
||||
auths = append(auths, current)
|
||||
}
|
||||
label := strings.TrimSpace(strings.TrimPrefix(line, "Authentication:"))
|
||||
current = map[string]string{
|
||||
"label": strings.TrimSpace(strings.TrimPrefix(line, "Authentication:")),
|
||||
"id": vlessEncAuthID(label),
|
||||
"label": label,
|
||||
}
|
||||
} else if strings.HasPrefix(line, `"decryption"`) || strings.HasPrefix(line, `"encryption"`) {
|
||||
parts := strings.SplitN(line, ":", 2)
|
||||
if len(parts) == 2 && current != nil {
|
||||
key := strings.Trim(parts[0], `" `)
|
||||
val := strings.Trim(parts[1], `" `)
|
||||
val := strings.TrimSpace(parts[1])
|
||||
val = strings.TrimSuffix(val, ",")
|
||||
val = strings.Trim(val, `" `)
|
||||
current[key] = val
|
||||
}
|
||||
}
|
||||
@@ -1302,9 +1312,19 @@ func (s *ServerService) GetNewVlessEnc() (any, error) {
|
||||
auths = append(auths, current)
|
||||
}
|
||||
|
||||
return map[string]any{
|
||||
"auths": auths,
|
||||
}, nil
|
||||
return auths
|
||||
}
|
||||
|
||||
func vlessEncAuthID(label string) string {
|
||||
normalized := strings.NewReplacer("-", "", "_", "", " ", "").Replace(strings.ToLower(label))
|
||||
switch {
|
||||
case strings.Contains(normalized, "mlkem768"):
|
||||
return "mlkem768"
|
||||
case strings.Contains(normalized, "x25519"):
|
||||
return "x25519"
|
||||
default:
|
||||
return normalized
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ServerService) GetNewUUID() (map[string]string, error) {
|
||||
|
||||
@@ -0,0 +1,82 @@
|
||||
package service
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestParseVlessEncAuthsAddsStableIDs(t *testing.T) {
|
||||
output := `
|
||||
Authentication: X25519, not Post-Quantum
|
||||
{
|
||||
"decryption": "mlkem768x25519plus.native.600s.server-x25519",
|
||||
"encryption": "mlkem768x25519plus.native.0rtt.client-x25519"
|
||||
}
|
||||
|
||||
Authentication: ML-KEM-768, Post-Quantum
|
||||
{
|
||||
"decryption": "mlkem768x25519plus.native.600s.server-mlkem",
|
||||
"encryption": "mlkem768x25519plus.native.0rtt.client-mlkem"
|
||||
}
|
||||
`
|
||||
|
||||
auths := parseVlessEncAuths(output)
|
||||
if len(auths) != 2 {
|
||||
t.Fatalf("expected 2 auth blocks, got %d", len(auths))
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
index int
|
||||
id string
|
||||
label string
|
||||
decryption string
|
||||
encryption string
|
||||
}{
|
||||
{
|
||||
index: 0,
|
||||
id: "x25519",
|
||||
label: "X25519, not Post-Quantum",
|
||||
decryption: "mlkem768x25519plus.native.600s.server-x25519",
|
||||
encryption: "mlkem768x25519plus.native.0rtt.client-x25519",
|
||||
},
|
||||
{
|
||||
index: 1,
|
||||
id: "mlkem768",
|
||||
label: "ML-KEM-768, Post-Quantum",
|
||||
decryption: "mlkem768x25519plus.native.600s.server-mlkem",
|
||||
encryption: "mlkem768x25519plus.native.0rtt.client-mlkem",
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
auth := auths[test.index]
|
||||
if auth["id"] != test.id {
|
||||
t.Errorf("auth[%d] id = %q, want %q", test.index, auth["id"], test.id)
|
||||
}
|
||||
if auth["label"] != test.label {
|
||||
t.Errorf("auth[%d] label = %q, want %q", test.index, auth["label"], test.label)
|
||||
}
|
||||
if auth["decryption"] != test.decryption {
|
||||
t.Errorf("auth[%d] decryption = %q, want %q", test.index, auth["decryption"], test.decryption)
|
||||
}
|
||||
if auth["encryption"] != test.encryption {
|
||||
t.Errorf("auth[%d] encryption = %q, want %q", test.index, auth["encryption"], test.encryption)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseVlessEncAuthsHandlesMissingTrailingComma(t *testing.T) {
|
||||
output := `
|
||||
Authentication: X25519, not Post-Quantum
|
||||
"decryption": "server"
|
||||
"encryption": "client"
|
||||
`
|
||||
|
||||
auths := parseVlessEncAuths(output)
|
||||
if len(auths) != 1 {
|
||||
t.Fatalf("expected 1 auth block, got %d", len(auths))
|
||||
}
|
||||
if auths[0]["decryption"] != "server" {
|
||||
t.Fatalf("decryption = %q, want server", auths[0]["decryption"])
|
||||
}
|
||||
if auths[0]["encryption"] != "client" {
|
||||
t.Fatalf("encryption = %q, want client", auths[0]["encryption"])
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user