Remove length limit on short_id for reality TLS config

common/tls/reality_client.go

@@ -42,7 +42,7 @@ var _ ConfigCompat = (*RealityClientConfig)(nil)
 type RealityClientConfig struct {
 	uClient   *UTLSClientConfig
 	publicKey []byte
-	shortID   []byte
+	shortID   [8]byte
 }
 
 func NewRealityClient(router adapter.Router, serverAddress string, options option.OutboundTLSOptions) (*RealityClientConfig, error) {
@@ -62,11 +62,12 @@ func NewRealityClient(router adapter.Router, serverAddress string, options optio
 	if len(publicKey) != 32 {
 		return nil, E.New("invalid public_key")
 	}
-	shortID, err := hex.DecodeString(options.Reality.ShortID)
+	var shortID [8]byte
+	decodedLen, err := hex.Decode(shortID[:], []byte(options.Reality.ShortID))
 	if err != nil {
 		return nil, E.Cause(err, "decode short_id")
 	}
-	if len(shortID) != 8 {
+	if decodedLen > 8 {
 		return nil, E.New("invalid short_id")
 	}
 	return &RealityClientConfig{uClient, publicKey, shortID}, nil
@@ -125,7 +126,7 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 	hello.SessionId[0] = 1
 	hello.SessionId[1] = 7
 	hello.SessionId[2] = 5
-	copy(hello.SessionId[8:], e.shortID)
+	copy(hello.SessionId[8:], e.shortID[:])
 
 	if debug.Enabled {
 		fmt.Printf("REALITY hello.sessionId[:16]: %v\n", hello.SessionId[:16])

common/tls/reality_server.go

@@ -89,16 +89,16 @@ func NewRealityServer(ctx context.Context, router adapter.Router, logger log.Log
 	tlsConfig.MaxTimeDiff = time.Duration(options.Reality.MaxTimeDifference)
 
 	tlsConfig.ShortIds = make(map[[8]byte]bool)
-	for i, shortID := range options.Reality.ShortID {
-		var shortIDBytesArray [8]byte
-		decodedLen, err := hex.Decode(shortIDBytesArray[:], []byte(shortID))
+	for i, shortIDString := range options.Reality.ShortID {
+		var shortID [8]byte
+		decodedLen, err := hex.Decode(shortID[:], []byte(shortIDString))
 		if err != nil {
-			return nil, E.Cause(err, "decode short_id[", i, "]: ", shortID)
+			return nil, E.Cause(err, "decode short_id[", i, "]: ", shortIDString)
 		}
-		if decodedLen != 8 {
-			return nil, E.New("invalid short_id[", i, "]: ", shortID)
+		if decodedLen > 8 {
+			return nil, E.New("invalid short_id[", i, "]: ", shortIDString)
 		}
-		tlsConfig.ShortIds[shortIDBytesArray] = true
+		tlsConfig.ShortIds[shortID] = true
 	}
 
 	handshakeDialer := dialer.New(router, options.Reality.Handshake.DialerOptions)

docs/configuration/shared/tls.md

@@ -333,7 +333,7 @@ Public key, generated by `sing-box generate reality-keypair`.
 
 ==Required==
 
-A 8-bit hex string.
+A hexadecimal string with zero to eight digits.
 
 #### max_time_difference
 

docs/configuration/shared/tls.zh.md

@@ -329,7 +329,7 @@ MAC 密钥。
 
 ==必填==
 
-一个八位十六进制的字符串。
+一个零到八位的十六进制字符串。
 
 #### max_time_difference