feat: Add supports for ECH

Closes #373

app/src/main/java/io/nekohasekai/sagernet/Constants.kt

@@ -94,6 +94,7 @@ object Key {
 
     const val SERVER_SECURITY_CATEGORY = "serverSecurityCategory"
     const val SERVER_TLS_CAMOUFLAGE_CATEGORY = "serverTlsCamouflageCategory"
+    const val SERVER_ECH_CATEORY = "serverECHCategory"
     const val SERVER_WS_CATEGORY = "serverWsCategory"
     const val SERVER_SS_CATEGORY = "serverSsCategory"
     const val SERVER_HEADERS = "serverHeaders"

app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/StandardV2RayBean.java

@@ -48,6 +48,16 @@ public abstract class StandardV2RayBean extends AbstractBean {
 
     public String certificates;
 
+    // --------------------------------------- ech
+
+    public Boolean enableECH;
+
+    public Boolean enablePqSignature;
+
+    public Boolean disabledDRS;
+
+    public String echConfig;
+
     // --------------------------------------- //
 
     public Integer packetEncoding; // 1:packet 2:xudp
@@ -84,6 +94,11 @@ public abstract class StandardV2RayBean extends AbstractBean {
 
         if (realityPubKey == null) realityPubKey = "";
         if (realityShortId == null) realityShortId = "";
+
+        if (enableECH == null) enableECH = false;
+        if (JavaUtil.isNullOrBlank(echConfig)) echConfig = "";
+        if (enablePqSignature == null) enablePqSignature = false;
+        if (disabledDRS == null) disabledDRS = false;
     }
 
     @Override

app/src/main/java/io/nekohasekai/sagernet/fmt/v2ray/V2RayFmt.kt

@@ -598,6 +598,12 @@ fun buildSingBoxOutboundTLS(bean: StandardV2RayBean): OutboundTLSOptions? {
                 fingerprint = fp
             }
         }
+        if (bean.enableECH) {
+            ech.enabled = true
+            ech.pq_signature_schemes_enabled = bean.enablePqSignature
+            ech.dynamic_record_sizing_disabled = bean.disabledDRS
+            ech.config = bean.echConfig.lines()
+        }
     }
 }
 

app/src/main/java/io/nekohasekai/sagernet/ui/profile/StandardV2RaySettingsActivity.kt

@@ -44,6 +44,11 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
     private val realityPubKey = pbm.add(PreferenceBinding(Type.Text, "realityPubKey"))
     private val realityShortId = pbm.add(PreferenceBinding(Type.Text, "realityShortId"))
 
+    private val enableECH = pbm.add(PreferenceBinding(Type.Bool, "enableECH"))
+    private val enablePqSignature = pbm.add(PreferenceBinding(Type.Bool, "enablePqSignature"))
+    private val disabledDRS = pbm.add(PreferenceBinding(Type.Bool, "disabledDRS"))
+    private val echConfig = pbm.add(PreferenceBinding(Type.Text, "echConfig"))
+
     override fun StandardV2RayBean.init() {
         if (this is TrojanBean) {
             this@StandardV2RaySettingsActivity.uuid.fieldName = "password"
@@ -58,9 +63,10 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         pbm.fromCacheAll(this)
     }
 
-    lateinit var securityCategory: PreferenceCategory
-    lateinit var tlsCamouflageCategory: PreferenceCategory
-    lateinit var wsCategory: PreferenceCategory
+    private lateinit var securityCategory: PreferenceCategory
+    private lateinit var tlsCamouflageCategory: PreferenceCategory
+    private lateinit var wsCategory: PreferenceCategory
+    private lateinit var echCategory: PreferenceCategory
 
     override fun PreferenceFragmentCompat.createPreferences(
         savedInstanceState: Bundle?,
@@ -70,6 +76,7 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         pbm.setPreferenceFragment(this)
         securityCategory = findPreference(Key.SERVER_SECURITY_CATEGORY)!!
         tlsCamouflageCategory = findPreference(Key.SERVER_TLS_CAMOUFLAGE_CATEGORY)!!
+        echCategory = findPreference(Key.SERVER_ECH_CATEORY)!!
         wsCategory = findPreference(Key.SERVER_WS_CATEGORY)!!
 
 
@@ -127,10 +134,10 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         }
 
         security.preference.apply {
-            updateTle(security.readStringFromCache())
+            updateTls(security.readStringFromCache())
             this as SimpleMenuPreference
             setOnPreferenceChangeListener { _, newValue ->
-                updateTle(newValue as String)
+                updateTls(newValue as String)
                 true
             }
         }
@@ -166,10 +173,11 @@ abstract class StandardV2RaySettingsActivity : ProfileSettingsActivity<StandardV
         }
     }
 
-    fun updateTle(tle: String) {
-        val isTLS = tle == "tls"
+    private fun updateTls(tls: String) {
+        val isTLS = "tls" in tls
         securityCategory.isVisible = isTLS
         tlsCamouflageCategory.isVisible = isTLS
+        echCategory.isVisible = isTLS
     }
 
 }

app/src/main/res/values-zh-rCN/strings.xml

@@ -478,4 +478,11 @@
     <string name="resolve_server">根据 IPv6 策略解析服务器地址</string>
     <string name="auto_select_proxy_apps">自动选择需要代理的应用</string>
     <string name="auto_select_proxy_apps_message">自动选择需要代理的应用，这将清除您当前的选择。</string>
+    <string name="enable_ech">启用 ECH 技术支持</string>
+    <string name="enable_ech_sum">启用 ECH</string>
+    <string name="ech_settings">ECH 设置</string>
+    <string name="pq_signature_schemes_enabled">启用对后量子对等证书签名方案支持</string>
+    <string name="dynamic_record_sizing_disabled">禁用TLS记录的自适应调整大小</string>
+    <string name="dynamic_record_sizing_sum">如果启用，将始终使用最大可能的TLS记录大小。当禁用时，TLS记录的大小可能会进行调整以尝试提高延迟。</string>
+    <string name="ech_config">ECH 配置</string>
 </resources>

app/src/main/res/values/strings.xml

@@ -519,5 +519,12 @@ Anyone can write advanced plugins, which can control NekoBox. please download an
     <string name="resolve_server">Resolve the server address according to the IPv6 policy</string>
     <string name="auto_select_proxy_apps">Auto select proxy apps</string>
     <string name="auto_select_proxy_apps_message">Auto select proxy apps, this will clear your current selection.</string>
+    <string name="enable_ech">Enable ECH</string>
+    <string name="enable_ech_sum">Enable Encrypted Client Hello</string>
+    <string name="ech_settings">ECH Settings</string>
+    <string name="pq_signature_schemes_enabled">Enable post-quantum peer certificate signature supports</string>
+    <string name="dynamic_record_sizing_disabled">Disables adaptive sizing of TLS records</string>
+    <string name="ech_config">ECH Config</string>
+    <string name="dynamic_record_sizing_sum">If enable, the largest possible TLS record size is always used. When disable, the size of TLS records may be adjusted in an attempt to improve latency.</string>
 
 </resources>

app/src/main/res/xml/standard_v2ray_preferences.xml

@@ -118,6 +118,11 @@
             app:key="allowInsecure"
             app:summary="@string/allow_insecure_sum"
             app:title="@string/allow_insecure" />
+        <SwitchPreference
+            app:icon="@drawable/ic_baseline_security_24"
+            app:key="enableECH"
+            app:summary="@string/enable_ech_sum"
+            app:title="@string/enable_ech" />
     </PreferenceCategory>
 
     <PreferenceCategory
@@ -143,4 +148,23 @@
             app:useSimpleSummaryProvider="true" />
     </PreferenceCategory>
 
+    <PreferenceCategory
+        app:key="serverECHCategory"
+        app:title="@string/ech_settings">
+        <SwitchPreference
+            app:icon="@drawable/ic_baseline_security_24"
+            app:key="enablePqSignature"
+            app:title="@string/pq_signature_schemes_enabled" />
+        <SwitchPreference
+            app:icon="@drawable/ic_baseline_security_24"
+            app:key="disabledDRS"
+            app:summary="@string/dynamic_record_sizing_sum"
+            app:title="@string/dynamic_record_sizing_disabled" />
+        <EditTextPreference
+            app:icon="@drawable/ic_baseline_texture_24"
+            app:key="echConfig"
+            app:title="@string/ech_config"
+            app:useSimpleSummaryProvider="true" />
+    </PreferenceCategory>
+
 </PreferenceScreen>