feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. (#1186)

Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support. --------- Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
2026-05-13 17:35:37 +00:00 · 2025-08-09 18:53:55 +08:00
parent 7de4b33dd1
commit 0087ac3ffc
13 changed files with 720 additions and 31 deletions
@@ -1,11 +1,21 @@
-use crate::tunnel::packet_def::ZCPacket;
+use std::sync::Arc;
+
+use crate::{common::config::EncryptionAlgorithm, tunnel::packet_def::ZCPacket};

 #[cfg(feature = "wireguard")]
 pub mod ring_aes_gcm;

+#[cfg(feature = "wireguard")]
+pub mod ring_chacha20;
+
 #[cfg(feature = "aes-gcm")]
 pub mod aes_gcm;

+#[cfg(feature = "openssl-crypto")]
+pub mod openssl_cipher;
+
+pub mod xor_cipher;
+
 #[derive(thiserror::Error, Debug)]
 pub enum Error {
    #[error("packet is too short. len: {0}")]
@@ -39,3 +49,70 @@ impl Encryptor for NullCipher {
        }
    }
 }
+
+/// Create an encryptor based on the algorithm name
+pub fn create_encryptor(
+    algorithm: &str,
+    key_128: [u8; 16],
+    key_256: [u8; 32],
+) -> Arc<dyn Encryptor> {
+    let algorithm = match EncryptionAlgorithm::try_from(algorithm) {
+        Ok(algorithm) => algorithm,
+        Err(_) => {
+            eprintln!(
+                "Unknown encryption algorithm: {}, falling back to default AES-GCM",
+                algorithm
+            );
+            EncryptionAlgorithm::AesGcm
+        }
+    };
+    match algorithm {
+        EncryptionAlgorithm::AesGcm => {
+            #[cfg(feature = "wireguard")]
+            {
+                Arc::new(ring_aes_gcm::AesGcmCipher::new_128(key_128))
+            }
+            #[cfg(all(feature = "aes-gcm", not(feature = "wireguard")))]
+            {
+                Arc::new(aes_gcm::AesGcmCipher::new_128(key_128))
+            }
+            #[cfg(all(not(feature = "wireguard"), not(feature = "aes-gcm")))]
+            {
+                compile_error!(
+                    "wireguard or aes-gcm feature must be enabled for default encryption"
+                );
+            }
+        }
+
+        EncryptionAlgorithm::Aes256Gcm => {
+            #[cfg(feature = "wireguard")]
+            {
+                Arc::new(ring_aes_gcm::AesGcmCipher::new_256(key_256))
+            }
+            #[cfg(all(feature = "aes-gcm", not(feature = "wireguard")))]
+            {
+                Arc::new(aes_gcm::AesGcmCipher::new_256(key_256))
+            }
+        }
+
+        EncryptionAlgorithm::Xor => Arc::new(xor_cipher::XorCipher::new(&key_128)),
+
+        #[cfg(feature = "wireguard")]
+        EncryptionAlgorithm::ChaCha20 => Arc::new(ring_chacha20::RingChaCha20Cipher::new(key_256)),
+
+        #[cfg(feature = "openssl-crypto")]
+        EncryptionAlgorithm::OpensslAesGcm => {
+            Arc::new(openssl_cipher::OpenSslCipher::new_aes128_gcm(key_128))
+        }
+
+        #[cfg(feature = "openssl-crypto")]
+        EncryptionAlgorithm::OpensslAes256Gcm => {
+            Arc::new(openssl_cipher::OpenSslCipher::new_aes256_gcm(key_256))
+        }
+
+        #[cfg(feature = "openssl-crypto")]
+        EncryptionAlgorithm::OpensslChacha20 => {
+            Arc::new(openssl_cipher::OpenSslCipher::new_chacha20(key_256))
+        }
+    }
+}