feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. (#1186)

Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support. --------- Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
2026-05-07 10:14:35 +00:00 · 2025-08-09 18:53:55 +08:00
parent 7de4b33dd1
commit 0087ac3ffc
13 changed files with 720 additions and 31 deletions
@@ -48,9 +48,79 @@ pub fn gen_default_flags() -> Flags {
        disable_quic_input: false,
        foreign_relay_bps_limit: u64::MAX,
        multi_thread_count: 2,
+        encryption_algorithm: "".to_string(), // 空字符串表示使用默认的 AES-GCM
    }
 }

+pub enum EncryptionAlgorithm {
+    AesGcm,
+    Aes256Gcm,
+    Xor,
+    #[cfg(feature = "wireguard")]
+    ChaCha20,
+
+    #[cfg(feature = "openssl-crypto")]
+    OpensslAesGcm,
+    #[cfg(feature = "openssl-crypto")]
+    OpensslChacha20,
+    #[cfg(feature = "openssl-crypto")]
+    OpensslAes256Gcm,
+}
+
+impl std::fmt::Display for EncryptionAlgorithm {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Self::AesGcm => write!(f, "aes-gcm"),
+            Self::Aes256Gcm => write!(f, "aes-256-gcm"),
+            Self::Xor => write!(f, "xor"),
+            #[cfg(feature = "wireguard")]
+            Self::ChaCha20 => write!(f, "chacha20"),
+            #[cfg(feature = "openssl-crypto")]
+            Self::OpensslAesGcm => write!(f, "openssl-aes-gcm"),
+            #[cfg(feature = "openssl-crypto")]
+            Self::OpensslChacha20 => write!(f, "openssl-chacha20"),
+            #[cfg(feature = "openssl-crypto")]
+            Self::OpensslAes256Gcm => write!(f, "openssl-aes-256-gcm"),
+        }
+    }
+}
+
+impl TryFrom<&str> for EncryptionAlgorithm {
+    type Error = anyhow::Error;
+
+    fn try_from(value: &str) -> Result<Self, Self::Error> {
+        match value {
+            "aes-gcm" => Ok(Self::AesGcm),
+            "aes-256-gcm" => Ok(Self::Aes256Gcm),
+            "xor" => Ok(Self::Xor),
+            #[cfg(feature = "wireguard")]
+            "chacha20" => Ok(Self::ChaCha20),
+            #[cfg(feature = "openssl-crypto")]
+            "openssl-aes-gcm" => Ok(Self::OpensslAesGcm),
+            #[cfg(feature = "openssl-crypto")]
+            "openssl-chacha20" => Ok(Self::OpensslChacha20),
+            #[cfg(feature = "openssl-crypto")]
+            "openssl-aes-256-gcm" => Ok(Self::OpensslAes256Gcm),
+            _ => Err(anyhow::anyhow!("invalid encryption algorithm")),
+        }
+    }
+}
+
+pub fn get_avaliable_encrypt_methods() -> Vec<&'static str> {
+    let mut r = vec!["aes-gcm", "aes-256-gcm", "xor"];
+    if cfg!(feature = "wireguard") {
+        r.push("chacha20");
+    }
+    if cfg!(feature = "openssl-crypto") {
+        r.extend(vec![
+            "openssl-aes-gcm",
+            "openssl-chacha20",
+            "openssl-aes-256-gcm",
+        ]);
+    }
+    r
+}
+
 #[auto_impl::auto_impl(Box, &)]
 pub trait ConfigLoader: Send + Sync {
    fn get_id(&self) -> uuid::Uuid;
@@ -296,6 +296,29 @@ impl GlobalCtx {
        key
    }

+    pub fn get_256_key(&self) -> [u8; 32] {
+        let mut key = [0u8; 32];
+        let secret = self
+            .config
+            .get_network_identity()
+            .network_secret
+            .unwrap_or_default();
+        // fill key according to network secret
+        let mut hasher = DefaultHasher::new();
+        hasher.write(secret.as_bytes());
+        hasher.write(b"easytier-256bit-key"); // 添加固定盐值以区分128位和256位密钥
+
+        // 生成32字节密钥
+        for i in 0..4 {
+            let chunk_start = i * 8;
+            let chunk_end = chunk_start + 8;
+            hasher.write(&key[0..chunk_start]);
+            hasher.write(&[i as u8]); // 添加索引以确保每个8字节块都不同
+            key[chunk_start..chunk_end].copy_from_slice(&hasher.finish().to_be_bytes());
+        }
+        key
+    }
+
    pub fn enable_exit_node(&self) -> bool {
        self.enable_exit_node
    }