11 月之前 · 571777483b
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@@ -456,6 +456,7 @@ type TLSConfig struct {
 
				 	RejectUnknownSNI                     bool             `json:"rejectUnknownSni"`
			
 
				 	PinnedPeerCertificateChainSha256     *[]string        `json:"pinnedPeerCertificateChainSha256"`
			
 
				 	PinnedPeerCertificatePublicKeySha256 *[]string        `json:"pinnedPeerCertificatePublicKeySha256"`
			
 
				+	CurvePreferences                     *StringList      `json:"curvePreferences"`
			
 
				 	MasterKeyLog                         string           `json:"masterKeyLog"`
			
 
				 }
			
 
				 
			
@@ -478,6 +479,9 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 
				 	if c.ALPN != nil && len(*c.ALPN) > 0 {
			
 
				 		config.NextProtocol = []string(*c.ALPN)
			
 
				 	}
			
 
				+	if c.CurvePreferences != nil && len(*c.CurvePreferences) > 0 {
			
 
				+		config.CurvePreferences = []string(*c.CurvePreferences)
			
 
				+	}
			
 
				 	config.EnableSessionResumption = c.EnableSessionResumption
			
 
				 	config.DisableSystemRoot = c.DisableSystemRoot
			
 
				 	config.MinVersion = c.MinVersion
			
--- a/transport/internet/tls/config.go
+++ b/transport/internet/tls/config.go
@@ -344,6 +344,10 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 
				 		config.ServerName = sn
			
 
				 	}
			
 
				 
			
 
				+	if len(c.CurvePreferences) > 0 {
			
 
				+		config.CurvePreferences = ParseCurveName(c.CurvePreferences)
			
 
				+	}
			
 
				+
			
 
				 	if len(config.NextProtos) == 0 {
			
 
				 		config.NextProtos = []string{"h2", "http/1.1"}
			
 
				 	}
			
@@ -429,3 +433,23 @@ func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config {
 
				 	}
			
 
				 	return config
			
 
				 }
			
 
				+
			
 
				+func ParseCurveName(curveNames []string) []tls.CurveID {
			
 
				+	curveMap := map[string]tls.CurveID{
			
 
				+		"curvep256":             tls.CurveP256,
			
 
				+		"curvep384":             tls.CurveP384,
			
 
				+		"curvep521":             tls.CurveP521,
			
 
				+		"x25519":                tls.X25519,
			
 
				+		"x25519kyber768draft00": 0x6399,
			
 
				+	}
			
 
				+
			
 
				+	var curveIDs []tls.CurveID
			
 
				+	for _, name := range curveNames {
			
 
				+		if curveID, ok := curveMap[strings.ToLower(name)]; ok {
			
 
				+			curveIDs = append(curveIDs, curveID)
			
 
				+		} else {
			
 
				+			errors.LogWarning(context.Background(), "unsupported curve name: "+name)
			
 
				+		}
			
 
				+	}
			
 
				+	return curveIDs
			
 
				+}
			
--- a/transport/internet/tls/config.pb.go
+++ b/transport/internet/tls/config.pb.go
@@ -213,6 +213,8 @@ type Config struct {
 
				 	// @Critical
			
 
				 	PinnedPeerCertificatePublicKeySha256 [][]byte `protobuf:"bytes,14,rep,name=pinned_peer_certificate_public_key_sha256,json=pinnedPeerCertificatePublicKeySha256,proto3" json:"pinned_peer_certificate_public_key_sha256,omitempty"`
			
 
				 	MasterKeyLog                         string   `protobuf:"bytes,15,opt,name=master_key_log,json=masterKeyLog,proto3" json:"master_key_log,omitempty"`
			
 
				+	// Lists of string as CurvePreferences values.
			
 
				+	CurvePreferences []string `protobuf:"bytes,16,rep,name=curve_preferences,json=curvePreferences,proto3" json:"curve_preferences,omitempty"`
			
 
				 }
			
 
				 
			
 
				 func (x *Config) Reset() {
			
@@ -343,6 +345,13 @@ func (x *Config) GetMasterKeyLog() string {
 
				 	return ""
			
 
				 }
			
 
				 
			
 
				+func (x *Config) GetCurvePreferences() []string {
			
 
				+	if x != nil {
			
 
				+		return x.CurvePreferences
			
 
				+	}
			
 
				+	return nil
			
 
				+}
			
 
				+
			
 
				 var File_transport_internet_tls_config_proto protoreflect.FileDescriptor
			
 
				 
			
 
				 var file_transport_internet_tls_config_proto_rawDesc = []byte{
			
@@ -374,7 +383,7 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{
 
				 	0x4e, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a,
			
 
				 	0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46,
			
 
				 	0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59,
			
 
				-	0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xb3, 0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e,
			
 
				+	0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xe0, 0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e,
			
 
				 	0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73,
			
 
				 	0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c,
			
 
				 	0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x12, 0x4a, 0x0a, 0x0b, 0x63, 0x65,
			
@@ -417,15 +426,18 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{
 
				 	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b,
			
 
				 	0x65, 0x79, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x73, 0x74,
			
 
				 	0x65, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09,
			
 
				-	0x52, 0x0c, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x4c, 0x6f, 0x67, 0x42, 0x73,
			
 
				-	0x0a, 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73,
			
 
				-	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c,
			
 
				-	0x73, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
			
 
				-	0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74,
			
 
				-	0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
			
 
				-	0x74, 0x2f, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61,
			
 
				-	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e,
			
 
				-	0x54, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
			
 
				+	0x52, 0x0c, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x4c, 0x6f, 0x67, 0x12, 0x2b,
			
 
				+	0x0a, 0x11, 0x63, 0x75, 0x72, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e,
			
 
				+	0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x63, 0x75, 0x72, 0x76, 0x65,
			
 
				+	0x50, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x42, 0x73, 0x0a, 0x1f, 0x63,
			
 
				+	0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72,
			
 
				+	0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c, 0x73, 0x50, 0x01,
			
 
				+	0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c,
			
 
				+	0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e,
			
 
				+	0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x74,
			
 
				+	0x6c, 0x73, 0xaa, 0x02, 0x1b, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70,
			
 
				+	0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x54, 0x6c, 0x73,
			
 
				+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
			
 
				 }
			
 
				 
			
 
				 var (
			
--- a/transport/internet/tls/config.proto
+++ b/transport/internet/tls/config.proto
@@ -84,4 +84,7 @@ message Config {
 
				   repeated bytes pinned_peer_certificate_public_key_sha256 = 14;
			
 
				 
			
 
				   string master_key_log = 15;
			
 
				+
			
 
				+  // Lists of string as CurvePreferences values.
			
 
				+  repeated string curve_preferences = 16;
			
 
				 }