From 0c2583172675ae1ddd4f572ef6f3fc1d076f37be Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Tue, 23 Sep 2025 22:02:52 +0800
Subject: [PATCH] chore: replace HasAESGCMHardwareSupport in vless encryption

---
 go.mod                                    |  2 +-
 go.sum                                    |  4 ++--
 transport/vless/encryption/client.go      | 15 ++-------------
 transport/vless/encryption/client_test.go | 21 +++++++++++++++++++++
 4 files changed, 26 insertions(+), 16 deletions(-)
 create mode 100644 transport/vless/encryption/client_test.go

diff --git a/go.mod b/go.mod
index c162c5c8..d807b732 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	github.com/metacubex/sing-wireguard v0.0.0-20250503063753-2dc62acc626f
 	github.com/metacubex/smux v0.0.0-20250922175018-15c9a6a78719
 	github.com/metacubex/tfo-go v0.0.0-20250921095601-b102db4216c0
-	github.com/metacubex/utls v1.8.1-0.20250923095929-5a5baffa4b76
+	github.com/metacubex/utls v1.8.1-0.20250923145048-0a5bbc90dd3e
 	github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f
 	github.com/miekg/dns v1.1.63 // lastest version compatible with golang1.20
 	github.com/mroth/weightedrand/v2 v2.1.0
diff --git a/go.sum b/go.sum
index d7cb0dc0..5bd6da51 100644
--- a/go.sum
+++ b/go.sum
@@ -145,8 +145,8 @@ github.com/metacubex/smux v0.0.0-20250922175018-15c9a6a78719 h1:T6qCCfolRDAVJKea
 github.com/metacubex/smux v0.0.0-20250922175018-15c9a6a78719/go.mod h1:4bPD8HWx9jPJ9aE4uadgyN7D1/Wz3KmPy+vale8sKLE=
 github.com/metacubex/tfo-go v0.0.0-20250921095601-b102db4216c0 h1:Ui+/2s5Qz0lSnDUBmEL12M5Oi/PzvFxGTNohm8ZcsmE=
 github.com/metacubex/tfo-go v0.0.0-20250921095601-b102db4216c0/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw=
-github.com/metacubex/utls v1.8.1-0.20250923095929-5a5baffa4b76 h1:AVnkXS1hC68RIuMYDg3URfmf/GdOeNIfj0RUwRj9G+Q=
-github.com/metacubex/utls v1.8.1-0.20250923095929-5a5baffa4b76/go.mod h1:67I3skhEY4Sya8f1YxELwWPoeQdXqZCrWNYLvq8gn2U=
+github.com/metacubex/utls v1.8.1-0.20250923145048-0a5bbc90dd3e h1:t9IxEaxSRp3YJ1ewQV4oGkKaJaMeSoUWjOV0boLVQo8=
+github.com/metacubex/utls v1.8.1-0.20250923145048-0a5bbc90dd3e/go.mod h1:kncGGVhFaoGn5M3pFe3SXhZCzsbCJayNOH4UEqTKTko=
 github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f h1:FGBPRb1zUabhPhDrlKEjQ9lgIwQ6cHL4x8M9lrERhbk=
 github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f/go.mod h1:oPGcV994OGJedmmxrcK9+ni7jUEMGhR+uVQAdaduIP4=
 github.com/metacubex/yamux v0.0.0-20250918083631-dd5f17c0be49 h1:lhlqpYHopuTLx9xQt22kSA9HtnyTDmk5XjjQVCGHe2E=
diff --git a/transport/vless/encryption/client.go b/transport/vless/encryption/client.go
index 9c029ed7..bcfce08e 100644
--- a/transport/vless/encryption/client.go
+++ b/transport/vless/encryption/client.go
@@ -7,23 +7,12 @@ import (
 	"errors"
 	"io"
 	"net"
-	"runtime"
 	"sync"
 	"time"
 
 	"github.com/metacubex/blake3"
+	utls "github.com/metacubex/utls"
 	"github.com/metacubex/utls/mlkem"
-	"golang.org/x/sys/cpu"
-)
-
-var (
-	// Keep in sync with crypto/tls/cipher_suites.go.
-	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ && cpu.X86.HasSSE41 && cpu.X86.HasSSSE3
-	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
-	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCTR && cpu.S390X.HasGHASH
-	hasGCMAsmPPC64 = runtime.GOARCH == "ppc64" || runtime.GOARCH == "ppc64le"
-
-	HasAESGCMHardwareSupport = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X || hasGCMAsmPPC64
 )
 
 type ClientInstance struct {
@@ -77,7 +66,7 @@ func (i *ClientInstance) Handshake(conn net.Conn) (*CommonConn, error) {
 	if i.NfsPKeys == nil {
 		return nil, errors.New("uninitialized")
 	}
-	c := NewCommonConn(conn, HasAESGCMHardwareSupport)
+	c := NewCommonConn(conn, utls.HasAESGCMHardwareSupport())
 
 	ivAndRealysLength := 16 + i.RelaysLength
 	pfsKeyExchangeLength := 18 + 1184 + 32 + 16
diff --git a/transport/vless/encryption/client_test.go b/transport/vless/encryption/client_test.go
new file mode 100644
index 00000000..793d0191
--- /dev/null
+++ b/transport/vless/encryption/client_test.go
@@ -0,0 +1,21 @@
+package encryption
+
+import (
+	"fmt"
+	"runtime"
+	"testing"
+
+	utls "github.com/metacubex/utls"
+)
+
+func TestHasAESGCMHardwareSupport(t *testing.T) {
+	fmt.Println("HasAESGCMHardwareSupport:", utls.HasAESGCMHardwareSupport())
+
+	if runtime.GOARCH == "arm64" && runtime.GOOS == "darwin" {
+		// It should be supported starting from Apple Silicon M1
+		// https://github.com/golang/go/blob/go1.25.0/src/internal/cpu/cpu_arm64_darwin.go#L26-L30
+		if !utls.HasAESGCMHardwareSupport() {
+			t.Errorf("For ARM64 Darwin platforms (excluding iOS), AES GCM hardware acceleration should always be available.")
+		}
+	}
+}