diff --git a/Makefile b/Makefile index 3805b59f..d2aa65d9 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ NAME = sing-box COMMIT = $(shell git rev-parse --short HEAD) -TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api -TAGS_GO120 = with_quic,with_ech +TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_reality_server,with_clash_api +TAGS_GO120 = with_quic,with_ech,with_utls TAGS ?= $(TAGS_GO118),$(TAGS_GO120) TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server diff --git a/common/tls/reality_client.go b/common/tls/reality_client.go index afbd3e3e..59ecf860 100644 --- a/common/tls/reality_client.go +++ b/common/tls/reality_client.go @@ -7,6 +7,7 @@ import ( "context" "crypto/aes" "crypto/cipher" + "crypto/ecdh" "crypto/ed25519" "crypto/hmac" "crypto/sha256" @@ -137,12 +138,21 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn hello.SessionId[2] = 1 binary.BigEndian.PutUint32(hello.SessionId[4:], uint32(time.Now().Unix())) copy(hello.SessionId[8:], e.shortID[:]) - if debug.Enabled { fmt.Printf("REALITY hello.sessionId[:16]: %v\n", hello.SessionId[:16]) } - - authKey := uConn.HandshakeState.State13.EcdheParams.SharedKey(e.publicKey) + publicKey, err := ecdh.X25519().NewPublicKey(e.publicKey) + if err != nil { + return nil, err + } + ecdheKey := uConn.HandshakeState.State13.EcdheKey + if ecdheKey == nil { + return nil, E.New("nil ecdhe_key") + } + authKey, err := ecdheKey.ECDH(publicKey) + if err != nil { + return nil, err + } if authKey == nil { return nil, E.New("nil auth_key") } diff --git a/common/tls/utls_client.go b/common/tls/utls_client.go index be81b32c..71ce8a4e 100644 --- a/common/tls/utls_client.go +++ b/common/tls/utls_client.go @@ -219,6 +219,16 @@ func uTLSClientHelloID(name string) (utls.ClientHelloID, error) { switch name { case "chrome", "": return utls.HelloChrome_Auto, nil + case "chrome_psk": + return utls.HelloChrome_100_PSK, nil + case "chrome_psk_shuffle": + return utls.HelloChrome_112_PSK_Shuf, nil + case "chrome_padding_psk_shuffle": + return utls.HelloChrome_114_Padding_PSK_Shuf, nil + case "chrome_pq": + return utls.HelloChrome_115_PQ, nil + case "chrome_pq_psk": + return utls.HelloChrome_115_PQ_PSK, nil case "firefox": return utls.HelloFirefox_Auto, nil case "edge": diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md index bf32466c..a5c7bec4 100644 --- a/docs/configuration/shared/tls.md +++ b/docs/configuration/shared/tls.md @@ -1,3 +1,12 @@ +--- +icon: material/alert-decagram +--- + + +!!! quote "Changes in sing-box 1.8.0" + + :material-alert-decagram: [utls](#utls) + ### Inbound ```json @@ -206,7 +215,20 @@ uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resist Available fingerprint values: +!!! question "Since sing-box 1.8.0" + + :material-plus: chrome_psk + :material-plus: chrome_psk_shuffle + :material-plus: chrome_padding_psk_shuffle + :material-plus: chrome_pq + :material-plus: chrome_pq_psk + * chrome +* chrome_psk +* chrome_psk_shuffle +* chrome_padding_psk_shuffle +* chrome_pq +* chrome_pq_psk * firefox * edge * safari diff --git a/docs/configuration/shared/tls.zh.md b/docs/configuration/shared/tls.zh.md index 49282117..5a75945d 100644 --- a/docs/configuration/shared/tls.zh.md +++ b/docs/configuration/shared/tls.zh.md @@ -1,3 +1,11 @@ +--- +icon: material/alert-decagram +--- + +!!! quote "sing-box 1.8.0 中的更改" + + :material-alert-decagram: [utls](#utls) + ### 入站 ```json @@ -198,7 +206,20 @@ uTLS 是 "crypto/tls" 的一个分支,它提供了 ClientHello 指纹识别阻 可用的指纹值: +!!! question "自 sing-box 1.8.0 起" + + :material-plus: chrome_psk + :material-plus: chrome_psk_shuffle + :material-plus: chrome_padding_psk_shuffle + :material-plus: chrome_pq + :material-plus: chrome_pq_psk + * chrome +* chrome_psk +* chrome_psk_shuffle +* chrome_padding_psk_shuffle +* chrome_pq +* chrome_pq_psk * firefox * edge * safari diff --git a/docs/installation/build-from-source.md b/docs/installation/build-from-source.md index 04e0d029..eece2761 100644 --- a/docs/installation/build-from-source.md +++ b/docs/installation/build-from-source.md @@ -13,7 +13,17 @@ Before sing-box 1.4.0: Since sing-box 1.4.0: * Go 1.18.5 - ~ -* Go 1.20.0 - ~ if `with_quic` tag enabled +* Go 1.20.0 - ~ with tag `with_quic` enabled + +Since sing-box 1.5.0: + +* Go 1.18.5 - ~ +* Go 1.20.0 - ~ with tag `with_quic` or `with_ech` enabled + +Since sing-box 1.8.0: + +* Go 1.18.5 - ~ +* Go 1.20.0 - ~ with tag `with_quic`, `with_ech`, or `with_utls` enabled You can download and install Go from: https://go.dev/doc/install, latest version is recommended. @@ -59,5 +69,4 @@ go build -tags "tag_a tag_b" ./cmd/sing-box | `with_embedded_tor` (CGO required) | ✖️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor/). | | `with_lwip` (CGO required) | ✖️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | - It is not recommended to change the default build tag list unless you really know what you are adding. diff --git a/docs/installation/build-from-source.zh.md b/docs/installation/build-from-source.zh.md index 66eb8c66..f86bf63e 100644 --- a/docs/installation/build-from-source.zh.md +++ b/docs/installation/build-from-source.zh.md @@ -15,6 +15,16 @@ sing-box 1.4.0 前: * Go 1.18.5 - ~ * Go 1.20.0 - ~ 如果启用构建标记 `with_quic` +从 sing-box 1.5.0: + +* Go 1.18.5 - ~ +* Go 1.20.0 - ~ 如果启用构建标记 `with_quic` 或 `with_ech` + +从 sing-box 1.8.0: + +* Go 1.18.5 - ~ +* Go 1.20.0 - ~ 如果启用构建标记 `with_quic`、`with_ech` 或 `with_utls` + 您可以从 https://go.dev/doc/install 下载并安装 Go,推荐使用最新版本。 ## :material-fast-forward: 快速开始 diff --git a/go.mod b/go.mod index 5d16d6b4..608d748e 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/sagernet/sing-vmess v0.1.8 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 github.com/sagernet/tfo-go v0.0.0-20231209031829-7b5343ac1dc6 - github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 + github.com/sagernet/utls v1.5.4 github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 github.com/spf13/cobra v1.8.0 @@ -57,8 +57,9 @@ require ( require ( github.com/ajg/form v1.5.1 // indirect - github.com/andybalholm/brotli v1.0.5 // indirect + github.com/andybalholm/brotli v1.0.6 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/gaukas/godicttls v0.0.4 // indirect github.com/go-ole/go-ole v1.3.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gobwas/httphead v0.1.0 // indirect @@ -69,7 +70,7 @@ require ( github.com/hashicorp/yamux v0.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/native v1.1.0 // indirect - github.com/klauspost/compress v1.15.15 // indirect + github.com/klauspost/compress v1.17.4 // indirect github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/libdns/libdns v0.2.1 // indirect github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect diff --git a/go.sum b/go.sum index 67bfd6e7..13b1fd95 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ berty.tech/go-libtor v1.0.385 h1:RWK94C3hZj6Z2GdvePpHJLnWYobFr3bY/OdUJ5aoEXw= berty.tech/go-libtor v1.0.385/go.mod h1:9swOOQVb+kmvuAlsgWUK/4c52pm69AdbJsxLzk+fJEw= github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU= github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= -github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= -github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= +github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/caddyserver/certmagic v0.20.0 h1:bTw7LcEZAh9ucYCRXyCpIrSAGplplI0vGYJ4BpCQ/Fc= github.com/caddyserver/certmagic v0.20.0/go.mod h1:N4sXgpICQUskEWpj7zVzvWD41p3NYacrNoZYiRM2jTg= github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg= @@ -17,6 +17,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXbk= +github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI= github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA= github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= @@ -53,8 +55,8 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= -github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= -github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= @@ -110,8 +112,6 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU= github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= -github.com/sagernet/sing v0.3.0-rc.1 h1:XcdCC9CcLNfMSlObIQPjxyzenGQT2R1sGLHvdwDmQFU= -github.com/sagernet/sing v0.3.0-rc.1/go.mod h1:Ce5LNojQOgOiWhiD8pPD6E9H7e2KgtOe3Zxx4Ou5u80= github.com/sagernet/sing v0.3.0-rc.4 h1:1Til9jN0AnTPB9iiX/MbFrocbRCOXDsdZ/io1IjVWkg= github.com/sagernet/sing v0.3.0-rc.4/go.mod h1:Ce5LNojQOgOiWhiD8pPD6E9H7e2KgtOe3Zxx4Ou5u80= github.com/sagernet/sing-dns v0.1.12 h1:1HqZ+ln+Rezx/aJMStaS0d7oPeX2EobSV1NT537kyj4= @@ -134,8 +134,8 @@ github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37/go.mod h1:3skNSftZDJWTGVtVaM2jfbce8qHnmH/AGDRe62iNOg0= github.com/sagernet/tfo-go v0.0.0-20231209031829-7b5343ac1dc6 h1:z3SJQhVyU63FT26Wn/UByW6b7q8QKB0ZkPqsyqcz2PI= github.com/sagernet/tfo-go v0.0.0-20231209031829-7b5343ac1dc6/go.mod h1:73xRZuxwkFk4aiLw28hG8W6o9cr2UPrGL9pdY2UTbvY= -github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4= -github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM= +github.com/sagernet/utls v1.5.4 h1:KmsEGbB2dKUtCNC+44NwAdNAqnqQ6GA4pTO0Yik56co= +github.com/sagernet/utls v1.5.4/go.mod h1:CTGxPWExIloRipK3XFpYv0OVyhO8kk3XCGW/ieyTh1s= github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f h1:Kvo8w8Y9lzFGB/7z09MJ3TR99TFtfI/IuY87Ygcycho= github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f/go.mod h1:mySs0abhpc/gLlvhoq7HP1RzOaRmIXVeZGCh++zoApk= github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc=