Remove length limit on short_id for reality TLS config

2023-03-13 13:34:11 +08:00 · 2023-03-13 13:34:11 +08:00 · 70cf681ff2
parent b004b9ec81
commit 70cf681ff2
4 changed files with 14 additions and 13 deletions
--- a/common/tls/reality_client.go
+++ b/common/tls/reality_client.go
@ -42,7 +42,7 @@ var _ ConfigCompat = (*RealityClientConfig)(nil)
 type RealityClientConfig struct {
 	uClient   *UTLSClientConfig
 	publicKey []byte
-	shortID   []byte
+	shortID   [8]byte
 }

 func NewRealityClient(router adapter.Router, serverAddress string, options option.OutboundTLSOptions) (*RealityClientConfig, error) {
@ -62,11 +62,12 @@ func NewRealityClient(router adapter.Router, serverAddress string, options optio
 	if len(publicKey) != 32 {
 		return nil, E.New("invalid public_key")
 	}
-	shortID, err := hex.DecodeString(options.Reality.ShortID)
+	var shortID [8]byte
+	decodedLen, err := hex.Decode(shortID[:], []byte(options.Reality.ShortID))
 	if err != nil {
 		return nil, E.Cause(err, "decode short_id")
 	}
-	if len(shortID) != 8 {
+	if decodedLen > 8 {
 		return nil, E.New("invalid short_id")
 	}
 	return &RealityClientConfig{uClient, publicKey, shortID}, nil
@ -125,7 +126,7 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
 	hello.SessionId[0] = 1
 	hello.SessionId[1] = 7
 	hello.SessionId[2] = 5
-	copy(hello.SessionId[8:], e.shortID)
+	copy(hello.SessionId[8:], e.shortID[:])

 	if debug.Enabled {
 		fmt.Printf("REALITY hello.sessionId[:16]: %v\n", hello.SessionId[:16])
--- a/common/tls/reality_server.go
+++ b/common/tls/reality_server.go
@ -89,16 +89,16 @@ func NewRealityServer(ctx context.Context, router adapter.Router, logger log.Log
 	tlsConfig.MaxTimeDiff = time.Duration(options.Reality.MaxTimeDifference)

 	tlsConfig.ShortIds = make(map[[8]byte]bool)
-	for i, shortID := range options.Reality.ShortID {
-		var shortIDBytesArray [8]byte
-		decodedLen, err := hex.Decode(shortIDBytesArray[:], []byte(shortID))
+	for i, shortIDString := range options.Reality.ShortID {
+		var shortID [8]byte
+		decodedLen, err := hex.Decode(shortID[:], []byte(shortIDString))
 		if err != nil {
-			return nil, E.Cause(err, "decode short_id[", i, "]: ", shortID)
+			return nil, E.Cause(err, "decode short_id[", i, "]: ", shortIDString)
 		}
-		if decodedLen != 8 {
-			return nil, E.New("invalid short_id[", i, "]: ", shortID)
+		if decodedLen > 8 {
+			return nil, E.New("invalid short_id[", i, "]: ", shortIDString)
 		}
-		tlsConfig.ShortIds[shortIDBytesArray] = true
+		tlsConfig.ShortIds[shortID] = true
 	}

 	handshakeDialer := dialer.New(router, options.Reality.Handshake.DialerOptions)
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@ -333,7 +333,7 @@ Public key, generated by `sing-box generate reality-keypair`.

 ==Required==

-A 8-bit hex string.
+A hexadecimal string with zero to eight digits.

 #### max_time_difference

--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@ -329,7 +329,7 @@ MAC 密钥。

 ==必填==

-一个八位十六进制的字符串。
+一个零到八位的十六进制字符串。

 #### max_time_difference